diff options
72 files changed, 1690 insertions, 2227 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 9ee61c6f8..19cf22280 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -1,12 +1,16 @@ { config, pkgs, ... }: - { imports = [ + ./net.nix <stockholm/krebs> <stockholm/krebs/2configs> <stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/hw/x220.nix> + # see documentation in included getty-for-esp.nix: + # brain hosts/puyak/root + <stockholm/krebs/2configs/hw/getty-for-esp.nix> + ## initrd unlocking # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' @@ -20,8 +24,7 @@ #### NEWS #### <stockholm/krebs/2configs/ircd.nix> - #<stockholm/krebs/2configs/news.nix> - #<stockholm/krebs/2configs/news-spam.nix> + <stockholm/krebs/2configs/news.nix> ### shackspace ### @@ -118,7 +121,6 @@ krebs.build.host = config.krebs.hosts.puyak; sound.enable = false; - boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; @@ -163,10 +165,6 @@ services.logind.lidSwitchExternalPower = "ignore"; - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" - SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" - ''; environment.systemPackages = [ pkgs.zsh ]; @@ -179,5 +177,4 @@ isNormalUser = true; shell = "/run/current-system/sw/bin/zsh"; }; - networking.firewall.allowedTCPPorts = [ 5901 ]; } diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix new file mode 100644 index 000000000..4cb8d247c --- /dev/null +++ b/krebs/1systems/puyak/net.nix @@ -0,0 +1,23 @@ +let + ext-if = "enp0s25"; + shack-ip = "10.42.22.184"; + shack-gw = "10.42.20.1"; +in { + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" + SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="et0" + ''; + networking = { + firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 5901 ]; + interfaces."${ext-if}".ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = shack-gw; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} diff --git a/krebs/2configs/go.nix b/krebs/2configs/go.nix index c39b08a8e..ce5db62d4 100644 --- a/krebs/2configs/go.nix +++ b/krebs/2configs/go.nix @@ -2,9 +2,6 @@ with import <stockholm/lib>; { - environment.systemPackages = [ - pkgs.go-shortener - ]; krebs.go = { enable = true; }; diff --git a/krebs/2configs/hw/getty-for-esp.nix b/krebs/2configs/hw/getty-for-esp.nix new file mode 100644 index 000000000..18c912353 --- /dev/null +++ b/krebs/2configs/hw/getty-for-esp.nix @@ -0,0 +1,17 @@ +{ + # 1. Program an esp8266 devboard (esp8266+usb-ttl) with # https://github.com/jeelabs/esp-link + # tested vesion: esp-link v3.2.47-g9c6530d + # Pin Preset: esp-bridge + # tx-enable: false + # uart-pins: normal + # 2. connect directly with usb-cable to device, check that vendorID and ProductID match + # 3. nc <esp-link-ip> 23 + # Info: for puyak the root pw is `brain hosts/puyak/root` + services.udev.extraRules = '' + SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="ilo", MODE="0660" + ''; + systemd.services."serial-getty@ilo".enable = true; + systemd.services."serial-getty@ilo".wantedBy = [ "multi-user.target" ]; + systemd.services."serial-getty@ilo".serviceConfig.Restart = "always"; +} + diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 65972aacc..789fc2f2f 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -11,12 +11,12 @@ hello ''; config = '' + loadmodule "extensions/m_omode"; serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; description = "miep!"; network_name = "irc.r"; - hub = yes; vhost = "0.0.0.0"; vhost6 = "::"; @@ -26,7 +26,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 10000; + default_max_clients = 100000; #nicklen = 30; }; @@ -43,19 +43,31 @@ /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 9999; + sslport = 6697; }; class "users" { ping_time = 2 minutes; number_per_ident = 10; - number_per_ip = 2048; + number_per_ip = 4096; number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; number_per_cidr = 65536; - max_number = 3000; - sendq = 1 megabyte; + max_number = 100000; + sendq = 10 megabyte; + }; + + privset "op" { + privs = oper:admin; + }; + + operator "aids" { + user = "*@*"; + password = "balls"; + flags = ~encrypted; + snomask = "+s"; + privset = "op"; }; exempt { @@ -93,12 +105,13 @@ channel_target_change = yes; disable_local_channels = no; }; + general { #maybe we want ident someday? - default_floodcount = 1000; + default_floodcount = 10000; disable_auth = yes; throttle_duration = 1; - throttle_count = 1000; + throttle_count = 10000; }; ''; }; diff --git a/krebs/2configs/news-spam.nix b/krebs/2configs/news-spam.nix deleted file mode 100644 index a8c658858..000000000 --- a/krebs/2configs/news-spam.nix +++ /dev/null @@ -1,164 +0,0 @@ -{ pkgs, ... }: - -{ - krebs.newsbot-js.news-spam = { - urlShortenerHost = "go.lassul.us"; - feeds = pkgs.writeText "feeds" '' - _aje|http://www.aljazeera.com/Services/Rss/?PostingId=2007731105943979989|#snews - _allafrica|http://allafrica.com/tools/headlines/rdf/latest/headlines.rdf|#snews - _antirez|http://antirez.com/rss|#snews - _archlinux|http://www.archlinux.org/feeds/news/|#snews - _ars|http://feeds.arstechnica.com/arstechnica/index?format=xml|#snews - _augustl|http://augustl.com/atom.xml|#snews - _bbc|http://feeds.bbci.co.uk/news/rss.xml|#snews - _bdt_aktuelle_themen|http://www.bundestag.de/blueprint/servlet/service/de/14154/asFeed/index.rss|#snews - _bdt_drucksachen|http://www.bundestag.de/dip21rss/bundestag_drucksachen.rss|#snews - _bdt_plenarproto|http://www.bundestag.de/rss_feeds/plenarprotokolle.rss|#snews - _bdt_pressemitteilungen|http://www.bundestag.de/blueprint/servlet/service/de/273112/asFeed/index.rss|#snews - _bitcoinpakistan|https://bitcoinspakistan.com/feed/|#snews - _cancer|http://feeds.feedburner.com/ncinewsreleases?format=xml|#snews - _carta|http://feeds2.feedburner.com/carta-standard-rss|#snews - _catholic_news|http://feeds.feedburner.com/catholicnewsagency/dailynews|#snews - _cbc_busi|http://rss.cbc.ca/lineup/business.xml|#snews - _cbc_offbeat|http://www.cbc.ca/cmlink/rss-offbeat|#snews - _cbc_pol|http://rss.cbc.ca/lineup/politics.xml|#snews - _cbc_tech|http://rss.cbc.ca/lineup/technology.xml|#snews - _cbc_top|http://rss.cbc.ca/lineup/topstories.xml|#snews - _ccc|http://www.ccc.de/rss/updates.rdf|#snews - _chan_biz|http://boards.4chan.org/biz/index.rss|#snews - _chan_g|http://boards.4chan.org/g/index.rss|#snews - _chan_int|http://boards.4chan.org/int/index.rss|#snews - _chan_sci|http://boards.4chan.org/sci/index.rss|#snews - _chan_x|http://boards.4chan.org/x/index.rss|#snews - _c|http://www.tempolimit-lichtgeschwindigkeit.de/news.xml|#snews - _cryptogon|http://www.cryptogon.com/?feed=rss2|#snews - _csm|http://rss.csmonitor.com/feeds/csm|#snews - _csm_world|http://rss.csmonitor.com/feeds/world|#snews - _danisch|http://www.danisch.de/blog/feed/|#snews - _dod|http://www.defense.gov/news/afps2.xml|#snews - _dwn|http://deutsche-wirtschafts-nachrichten.de/feed/customfeed/|#snews - _ecat|http://ecat.com/feed|#snews - _eia_press|http://www.eia.gov/rss/press_rss.xml|#snews - _eia_today|http://www.eia.gov/rss/todayinenergy.xml|#snews - _embargowatch|https://embargowatch.wordpress.com/feed/|#snews - _ethereum-comments|http://blog.ethereum.org/comments/feed|#snews - _ethereum|http://blog.ethereum.org/feed|#snews - _europa_ric|http://ec.europa.eu/research/infocentre/rss/infocentre-rss.xml|#snews - _eu_survei|http://www.eurosurveillance.org/public/RSSFeed/RSS.aspx|#snews - _exploitdb|http://www.exploit-db.com/rss.xml|#snews - _fars|http://www.farsnews.com/rss.php|#snews #test - _faz_feui|http://www.faz.net/rss/aktuell/feuilleton/|#snews - _faz_politik|http://www.faz.net/rss/aktuell/politik/|#snews - _faz_wirtschaft|http://www.faz.net/rss/aktuell/wirtschaft/|#snews - _fbi|https://www.fbi.gov/news/rss.xml|#snews - _fedreserve|http://www.federalreserve.gov/feeds/press_all.xml|#snews - _fefe|http://blog.fefe.de/rss.xml|#snews - _forbes|http://www.forbes.com/forbes/feed2/|#snews - _forbes_realtime|http://www.forbes.com/real-time/feed2/|#snews - _fox|http://feeds.foxnews.com/foxnews/latest|#snews - _geheimorganisation|http://geheimorganisation.org/feed/|#snews - _GerForPol|http://www.german-foreign-policy.com/de/news/rss-2.0|#snews - _gmanet|http://www.gmanetwork.com/news/rss/news|#snews - _golem|http://rss.golem.de/rss.php|#snews - _google|http://news.google.com/?output=rss|#snews - _greenpeace|http://feeds.feedburner.com/GreenpeaceNews|#snews - _guardian_uk|http://feeds.theguardian.com/theguardian/uk-news/rss|#snews - _gulli|http://ticker.gulli.com/rss/|#snews - _hackernews|https://news.ycombinator.com/rss|#snews - _handelsblatt|http://www.handelsblatt.com/contentexport/feed/schlagzeilen|#snews - _heise|https://www.heise.de/newsticker/heise-atom.xml|#snews - _hindu_business|http://www.thehindubusinessline.com/?service=rss|#snews - _hindu|http://www.thehindu.com/?service=rss|#snews - _ign|http://feeds.ign.com/ign/all|#snews - _independent|http://www.independent.com/rss/headlines/|#snews - _indymedia|https://de.indymedia.org/rss.xml|#snews - _info_libera|http://www.informationliberation.com/rss.xml|#snews - _klagen-gegen-rundfuckbeitrag|http://klagen-gegen-rundfunkbeitrag.blogspot.com/feeds/posts/default|#snews - _korea_herald|http://www.koreaherald.com/rss_xml.php|#snews - _linuxinsider|http://www.linuxinsider.com/perl/syndication/rssfull.pl|#snews - _lisp|http://planet.lisp.org/rss20.xml|#snews - _liveleak|http://www.liveleak.com/rss|#snews - _lolmythesis|http://lolmythesis.com/rss|#snews - _LtU|http://lambda-the-ultimate.org/rss.xml|#snews - _lukepalmer|http://lukepalmer.wordpress.com/feed/|#snews - _mit|http://web.mit.edu/newsoffice/rss-feeds.feed?type=rss|#snews - _mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#snews - _nds|http://www.nachdenkseiten.de/?feed=atom|#snews - _netzpolitik|https://netzpolitik.org/feed/|#snews - _newsbtc|http://newsbtc.com/feed/|#snews - _nnewsg|http://www.net-news-global.net/rss/rssfeed.xml|#snews - _npr_busi|http://www.npr.org/rss/rss.php?id=1006|#snews - _npr_headlines|http://www.npr.org/rss/rss.php?id=1001|#snews - _npr_pol|http://www.npr.org/rss/rss.php?id=1012|#snews - _npr_world|http://www.npr.org/rss/rss.php?id=1004|#snews - _nsa|https://www.nsa.gov/rss.xml|#snews #bullerei - _nytimes|http://rss.nytimes.com/services/xml/rss/nyt/World.xml|#snews - _painload|https://github.com/krebs/painload/commits/master.atom|#snews - _phys|http://phys.org/rss-feed/|#snews - _piraten|https://www.piratenpartei.de/feed/|#snews - _polizei_berlin|http://www.berlin.de/polizei/presse-fahndung/_rss_presse.xml|#snews - _presse_polizei|http://www.presseportal.de/rss/polizei.rss2|#snews - _presseportal|http://www.presseportal.de/rss/presseportal.rss2|#snews - _prisonplanet|http://prisonplanet.com/feed.rss|#snews - _rawstory|http://www.rawstory.com/rs/feed/|#snews - _reddit_4chan|http://www.reddit.com/r/4chan/new/.rss|#snews - _reddit_anticonsum|http://www.reddit.com/r/Anticonsumption/new/.rss|#snews - _reddit_btc|http://www.reddit.com/r/Bitcoin/new/.rss|#snews - _reddit_consp|http://reddit.com/r/conspiracy/.rss|#snews - _reddit_haskell|http://www.reddit.com/r/haskell/.rss|#snews - _reddit_nix|http://www.reddit.com/r/nixos/.rss|#snews - _reddit_prog|http://www.reddit.com/r/programming/new/.rss|#snews - _reddit_sci|http://www.reddit.com/r/science/.rss|#snews - _reddit_tech|http://www.reddit.com/r/technology/.rss|#snews - _reddit_tpp|http://www.reddit.com/r/twitchplayspokemon/.rss|#snews - _reddit_world|http://www.reddit.com/r/worldnews/.rss|#snews - _r-ethereum|http://www.reddit.com/r/ethereum/.rss|#snews - _reuters|http://feeds.reuters.com/Reuters/worldNews|#snews - _reuters-odd|http://feeds.reuters.com/reuters/oddlyEnoughNews?format=xml|#snews - _rt|http://rt.com/rss/news/|#snews - _schallurauch|http://feeds.feedburner.com/SchallUndRauch|#snews - _sciencemag|http://news.sciencemag.org/rss/current.xml|#snews - _scmp|http://www.scmp.com/rss/91/feed|#snews - _sec-db|http://feeds.security-database.com/SecurityDatabaseToolsWatch|#snews - _shackspace|http://shackspace.de/atom.xml|#snews - _shz_news|http://www.shz.de/nachrichten/newsticker/rss|#snews - _sky_busi|http://feeds.skynews.com/feeds/rss/business.xml|#snews - _sky_pol|http://feeds.skynews.com/feeds/rss/politics.xml|#snews - _sky_strange|http://feeds.skynews.com/feeds/rss/strange.xml|#snews - _sky_tech|http://feeds.skynews.com/feeds/rss/technology.xml|#snews - _sky_world|http://feeds.skynews.com/feeds/rss/world.xml|#snews - _slashdot|http://rss.slashdot.org/Slashdot/slashdot|#snews - _slate|http://feeds.slate.com/slate|#snews - _spiegel_eil|http://www.spiegel.de/schlagzeilen/eilmeldungen/index.rss|#snews - _spiegel_top|http://www.spiegel.de/schlagzeilen/tops/index.rss|#snews - _standardmedia_ke|http://www.standardmedia.co.ke/rss/headlines.php|#snews - _stern|http://www.stern.de/feed/standard/all/|#snews - _stz|http://www.stuttgarter-zeitung.de/rss/topthemen.rss.feed|#snews - _sz_politik|http://rss.sueddeutsche.de/rss/Politik|#snews - _sz_wirtschaft|http://rss.sueddeutsche.de/rss/Wirtschaft|#snews - _sz_wissen|http://rss.sueddeutsche.de/rss/Wissen|#snews - _tagesschau|http://www.tagesschau.de/newsticker.rdf|#snews - _taz|http://taz.de/Themen-des-Tages/!p15;rss/|#snews - _telegraph|http://www.telegraph.co.uk/rss.xml|#snews - _telepolis|http://www.heise.de/tp/rss/news-atom.xml|#snews - _the_insider|http://www.theinsider.org/rss/news/headlines-xml.asp|#snews - _tigsource|http://www.tigsource.com/feed/|#snews - _tinc|http://tinc-vpn.org/news/index.rss|#snews - _torr_bits|http://feeds.feedburner.com/TorrentfreakBits|#snews - _torrentfreak|http://feeds.feedburner.com/Torrentfreak|#snews - _torr_news|http://feed.torrentfreak.com/Torrentfreak/|#snews - _travel_warnings|http://feeds.travel.state.gov/ca/travelwarnings-alerts|#snews - _un_afr|http://www.un.org/apps/news/rss/rss_africa.asp|#snews - _un_am|http://www.un.org/apps/news/rss/rss_americas.asp|#snews - _un_eu|http://www.un.org/apps/news/rss/rss_europe.asp|#snews - _un_me|http://www.un.org/apps/news/rss/rss_mideast.asp|#snews - _un_pac|http://www.un.org/apps/news/rss/rss_asiapac.asp|#snews - _un_top|http://www.un.org/apps/news/rss/rss_top.asp|#snews - _us_math_society|http://www.ams.org/cgi-bin/content/news_items.cgi?rss=1|#snews - _vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#snews - _weechat|http://dev.weechat.org/feed/atom|#snews - _xkcd|https://xkcd.com/rss.xml|#snews - _zdnet|http://www.zdnet.com/news/rss.xml|#snews - ''; - }; -} diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 6c59f4d84..f40997f82 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -1,22 +1,39 @@ { pkgs, ... }: { - krebs.newsbot-js.news = { - feeds = pkgs.writeText "feeds" '' - antirez|http://antirez.com/rss|#news - archlinux|http://www.archlinux.org/feeds/news/|#news - ethereum|http://blog.ethereum.org/feed|#news - LtU|http://lambda-the-ultimate.org/rss.xml|#news - mongrel2_master|https://github.com/zedshaw/mongrel2/commits/master.atom|#news - painload|https://github.com/krebs/painload/commits/master.atom|#news - reddit_haskell|http://www.reddit.com/r/haskell/.rss|#news - reddit_nix|http://www.reddit.com/r/nixos/.rss|#news - shackspace|http://shackspace.de/atom.xml|#news - tinc|http://tinc-vpn.org/news/index.rss|#news - vimperator|https://sites.google.com/a/vimperator.org/www/blog/posts.xml|#news - weechat|http://dev.weechat.org/feed/atom|#news - xkcd|https://xkcd.com/rss.xml|#news - painload|https://github.com/krebs/painload/commits/master.atom|#news - ''; + services.rss-bridge = { + enable = true; + whitelist = [ "*" ]; + }; + services.nginx.virtualHosts = { + rss-bridge = { + serverAliases = [ + "rss.r" + ]; + }; + "brockman.r" = { + locations."/".extraConfig = '' + root /var/lib/brockman; + index brockman.json; + ''; + }; + }; + systemd.tmpfiles.rules = [ + "d /var/lib/brockman 1750 brockman nginx -" + ]; + + systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; + krebs.brockman = { + enable = true; + config = { + irc.host = "localhost"; + channel = "#all"; + shortener = "http://go.r"; + controller = { + nick = "brockman"; + channels = [ "#all" ]; + }; + bots = {}; + }; }; } diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index ecb064579..d525e7987 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -1,5 +1,6 @@ { pkgs,lib, ... }: { + boot.kernel.sysctl."net.ipv4.ip_forward" = true; services.gitlab-runner = { enable = true; services= { @@ -17,6 +18,7 @@ "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro" ]; dockerDisableCache = true; + # TODO: use the channel from <stockholm/krebs/nixpkgs.json> preBuildScript = pkgs.writeScript "setup-container" '' mkdir -p -m 0755 /nix/var/log/nix/drvs mkdir -p -m 0755 /nix/var/nix/gcroots @@ -28,9 +30,9 @@ mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root mkdir -p -m 0700 "$HOME/.nix-defexpr" . ${pkgs.nix}/etc/profile.d/nix.sh - ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} - ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable + ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs ${pkgs.nix}/bin/nix-channel --update nixpkgs + ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])} ''; environmentVariables = { ENV = "/etc/profile"; diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix index 1b380204d..5f61e19f1 100644 --- a/krebs/2configs/shack/glados/automation/hass-restart.nix +++ b/krebs/2configs/shack/glados/automation/hass-restart.nix @@ -1,21 +1,24 @@ # needs: # light.fablab_led -[ - { alias = "State on HA start-up"; - trigger = { - platform = "homeassistant"; - event = "start"; - }; - # trigger good/bad air - action = [ - { service = "light.turn_on"; - data = { - entity_id = "light.fablab_led"; - effect = "Rainbow"; - color_name = "purple"; - }; - } - ]; - } -] +{ + services.home-assistant.config.automation = + [ + { alias = "State on HA start-up"; + trigger = { + platform = "homeassistant"; + event = "start"; + }; + # trigger good/bad air + action = [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "purple"; + }; + } + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/automation/party-time.nix b/krebs/2configs/shack/glados/automation/party-time.nix index dfa42d05c..9e7fe24cd 100644 --- a/krebs/2configs/shack/glados/automation/party-time.nix +++ b/krebs/2configs/shack/glados/automation/party-time.nix @@ -6,24 +6,27 @@ let disko_schalter = "switch.lounge_diskoschalter_relay"; player = "media_player.lounge"; in -[ - { alias = "Party um 21 Uhr"; - trigger = { - platform = "sun"; - event = "sunset"; - }; - action = - ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" ) - ++ - [ - { - service = "homeassistant.turn_on"; - entity_id = disko_schalter; - } - { - service = "media_player.turn_on"; - data.entity_id = player; - } # TODO: also start playlist if nothing is running? - ]; - } -] +{ + services.home-assistant.config.automation = + [ + { alias = "Party um 21 Uhr"; + trigger = { + platform = "sun"; + event = "sunset"; + }; + action = + ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" ) + ++ + [ + { + service = "homeassistant.turn_on"; + entity_id = disko_schalter; + } + { + service = "media_player.turn_on"; + data.entity_id = player; + } # TODO: also start playlist if nothing is running? + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/automation/shack-startup.nix b/krebs/2configs/shack/glados/automation/shack-startup.nix index ac7dd4f1e..471d817a2 100644 --- a/krebs/2configs/shack/glados/automation/shack-startup.nix +++ b/krebs/2configs/shack/glados/automation/shack-startup.nix @@ -13,85 +13,88 @@ let glados = import ../lib; in -[ - { - alias = "Bedanken bei Übernahme von Key"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "sensor.keyholder"; - }; - condition = { - condition = "template"; - value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}"; - }; - action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}"; - } - { - alias = "Keyholder Begrüßen wenn MPD hoch fährt"; - initial_state = true; - trigger = { - platform = "state"; - from = "unavailable"; - entity_id = "media_player.kiosk"; - }; - action = glados.say.kiosk (builtins.readFile ./announcement.j2); - } - { - alias = "Start Music on portal lock on"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.portal_lock"; - to = "on"; - for.seconds = 30; - }; - condition = { - condition = "and"; - conditions = - [ - { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything - condition = "template"; - value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}"; - } - { - condition = "state"; - entity_id = "media_player.lounge"; - state = "idle"; - } - ]; - }; - action = [ - { - service = "media_player.volume_set"; - data = { +{ + services.home-assistant.config.automation = + [ + { + alias = "Bedanken bei Übernahme von Key"; + initial_state = true; + trigger = { + platform = "state"; + entity_id = "sensor.keyholder"; + }; + condition = { + condition = "template"; + value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}"; + }; + action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}"; + } + { + alias = "Keyholder Begrüßen wenn MPD hoch fährt"; + initial_state = true; + trigger = { + platform = "state"; + from = "unavailable"; + entity_id = "media_player.kiosk"; + }; + action = glados.say.kiosk (builtins.readFile ./announcement.j2); + } + { + alias = "Start Music on portal lock on"; + trigger = { + platform = "state"; + entity_id = "binary_sensor.portal_lock"; + to = "on"; + for.seconds = 30; + }; + condition = { + condition = "and"; + conditions = + [ + { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything + condition = "template"; + value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}"; + } + { + condition = "state"; entity_id = "media_player.lounge"; - volume_level = 1.0; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 8.5; } - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 0.6; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "lassulus"; - }; - } - ]; - } -] + state = "idle"; + } + ]; + }; + action = [ + { + service = "media_player.volume_set"; + data = { + entity_id = "media_player.lounge"; + volume_level = 1.0; + }; + } + { + service = "media_player.play_media"; + data = { + entity_id = "media_player.lounge"; + media_content_type = "playlist"; + media_content_id = "ansage"; + }; + } + { delay.seconds = 8.5; } + { + service = "media_player.volume_set"; + data = { + entity_id = "media_player.lounge"; + volume_level = 0.6; + }; + } + { + service = "media_player.play_media"; + data = { + entity_id = "media_player.lounge"; + media_content_type = "playlist"; + media_content_id = "lassulus"; + }; + } + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 04843cb24..d546564c5 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,9 +1,5 @@ { config, pkgs, lib, ... }: let - shackopen = import ./multi/shackopen.nix; - wasser = import ./multi/wasser.nix; - badair = import ./multi/schlechte_luft.nix; - rollos = import ./multi/rollos.nix; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -21,14 +17,28 @@ in { ''; }; }; + imports = [ + ./multi/shackopen.nix + ./multi/wasser.nix + ./multi/schlechte_luft.nix + ./multi/rollos.nix + + ./switch/power.nix + + ./sensors/power.nix + ./sensors/mate.nix + ./sensors/darksky.nix + ./sensors/spaceapi.nix + ./sensors/sensemap.nix + + ./automation/shack-startup.nix + ./automation/party-time.nix + ./automation/hass-restart.nix + + ]; services.home-assistant = { enable = true; - package = pkgs.home-assistant.override { - extraPackages = ps: with ps; [ - python-forecastio jsonrpc-async jsonrpc-websocket mpd2 pkgs.picotts - ]; - }; autoExtraComponents = true; config = { homeassistant = { @@ -85,9 +95,6 @@ in { retain = true; }; }; - switch = - (import ./switch/power.nix) - ; light = []; media_player = [ { platform = "mpd"; @@ -100,34 +107,23 @@ in { } ]; - sensor = - (import ./sensors/power.nix) - ++ (import ./sensors/mate.nix) - ++ (import ./sensors/darksky.nix { inherit lib;}) - ++ shackopen.sensor - ++ wasser.sensor - ; - air_quality = (import ./sensors/sensemap.nix ); - - binary_sensor = - shackopen.binary_sensor - ++ (import ./sensors/spaceapi.nix) - ; - camera = []; - frontend = { }; config = { }; + sun = {}; http = { base_url = "http://hass.shack"; use_x_forwarded_for = true; trusted_proxies = "127.0.0.1"; }; #conversation = {}; - # history = {}; - #logbook = {}; - logger.default = "info"; + + history = {}; + logbook = {}; #recorder = {}; + + logger.default = "info"; + tts = [ { platform = "google_translate"; service_name = "say"; @@ -136,15 +132,6 @@ in { time_memory = 57600; } ]; - sun = {}; - - automation = wasser.automation - ++ badair.automation - ++ rollos.automation - ++ (import ./automation/shack-startup.nix) - ++ (import ./automation/party-time.nix) - ++ (import ./automation/hass-restart.nix); - device_tracker = []; }; }; diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix index 4e6494936..29525ad82 100644 --- a/krebs/2configs/shack/glados/multi/rollos.nix +++ b/krebs/2configs/shack/glados/multi/rollos.nix @@ -11,46 +11,49 @@ let ]; in { - automation = - [ - { alias = "Rollos fahren Runter"; - trigger = [ - { - platform = "numeric_state"; - entity_id = tempsensor; - above = 25; - for = "00:30:00"; - } - ]; - condition = - [ + services.home-assistant.config = + { + automation = + [ + { alias = "Rollos fahren Runter"; + trigger = [ { - condition = "state"; - entity_id = "sun.sun"; - state = "above_horizon"; - } - ]; - action = - [ - { service = "cover.close_cover"; - entity_id = all_covers; + platform = "numeric_state"; + entity_id = tempsensor; + above = 25; + for = "00:30:00"; } ]; - } - { alias = "Rollos fahren Hoch"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - } - ]; - condition = [ ]; - action = - [ - { service = "cover.open_cover"; - entity_id = all_covers; + condition = + [ + { + condition = "state"; + entity_id = "sun.sun"; + state = "above_horizon"; + } + ]; + action = + [ + { service = "cover.close_cover"; + entity_id = all_covers; + } + ]; + } + { alias = "Rollos fahren Hoch"; + trigger = [ + { + platform = "sun"; + event = "sunset"; } ]; - } - ]; + condition = [ ]; + action = + [ + { service = "cover.open_cover"; + entity_id = all_covers; + } + ]; + } + ]; + }; } diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix index 31373d7b9..c1890361b 100644 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -4,103 +4,106 @@ let ledring = "light.fablab_led_ring"; in { - automation = - [ - { alias = "Gute Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - entity_id = feinstaub_sensor; - below = 3; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "green"; - }; + services.home-assistant.config = + { + automation = + [ + { alias = "Gute Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + entity_id = feinstaub_sensor; + below = 3; } ]; - } - { alias = "mäßige Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 3; - below = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "yellow"; - }; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = ledring; + effect = "Twinkle"; + color_name = "green"; + }; + } + ]; + } + { alias = "mäßige Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + above = 3; + below = 10; + entity_id = feinstaub_sensor; } ]; - } - { alias = "schlechte Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Fireworks"; - color_name = "red"; - }; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = ledring; + effect = "Twinkle"; + color_name = "yellow"; + }; + } + ]; + } + { alias = "schlechte Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + above = 10; + entity_id = feinstaub_sensor; } ]; - } - { alias = "Luft Sensor nicht verfügbar"; - trigger = [ - { - platform = "state"; - to = "unavailable"; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "blue"; - }; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = ledring; + effect = "Fireworks"; + color_name = "red"; + }; + } + ]; + } + { alias = "Luft Sensor nicht verfügbar"; + trigger = [ + { + platform = "state"; + to = "unavailable"; + entity_id = feinstaub_sensor; } ]; - } - { alias = "Fablab Licht Reboot"; - trigger = [ - { - platform = "state"; - from = "unavailable"; - entity_id = ledring; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "orange"; - }; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = ledring; + effect = "Rainbow"; + color_name = "blue"; + }; + } + ]; + } + { alias = "Fablab Licht Reboot"; + trigger = [ + { + platform = "state"; + from = "unavailable"; + entity_id = ledring; } ]; - } - ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = ledring; + effect = "Rainbow"; + color_name = "orange"; + }; + } + ]; + } + ]; + }; } diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix index 354405d06..d9be9adfa 100644 --- a/krebs/2configs/shack/glados/multi/shackopen.nix +++ b/krebs/2configs/shack/glados/multi/shackopen.nix @@ -1,23 +1,26 @@ { - binary_sensor = [ - { platform = "mqtt"; - name = "Portal Lock"; - device_class = "door"; - state_topic = "portal/gateway/status"; - availability_topic = "portal/gateway/lwt"; - payload_on = "open"; - payload_off = "closed"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - sensor = [ - { platform = "mqtt"; - name = "Keyholder"; - state_topic = "portal/gateway/keyholder"; - availability_topic = "portal/gateway/lwt"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; + services.home-assistant.config = + { + binary_sensor = [ + { platform = "mqtt"; + name = "Portal Lock"; + device_class = "door"; + state_topic = "portal/gateway/status"; + availability_topic = "portal/gateway/lwt"; + payload_on = "open"; + payload_off = "closed"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + sensor = [ + { platform = "mqtt"; + name = "Keyholder"; + state_topic = "portal/gateway/keyholder"; + availability_topic = "portal/gateway/lwt"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + }; } diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index bd8252e1c..9ca5e4500 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -11,100 +11,103 @@ let }; in { - sensor = map ( entity_id: { - platform = "statistics"; - name = "Statistics for ${entity_id}"; - inherit entity_id; - max_age.minutes = "60"; - sampling_size = 1000; - }) ["sensor.crafting_brotbox_soil_moisture"]; + services.home-assistant.config = + { + sensor = map ( entity_id: { + platform = "statistics"; + name = "Statistics for ${entity_id}"; + inherit entity_id; + max_age.minutes = "60"; + sampling_size = 1000; + }) ["sensor.crafting_brotbox_soil_moisture"]; - automation = - [ - ### Brotbox ##### - #{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour"; - # trigger = - # { # Trigger once every hour at :42 - # platform = "time_pattern"; - # minutes = 42; - # }; - # condition = { - # condition = "numeric_state"; - # entity_id = brotbox.sensor; - # value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}"; - # below = 75; - # }; - # action = - # [ - # { - # service = "homeassistant.turn_on"; - # entity_id = brotbox.pump; - # } - # { delay.minutes = brotbox.minutes; } - # { - # service = "homeassistant.turn_off"; - # entity_id = brotbox.pump ; - # } - # ]; - #} - { alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes"; - trigger = - { - platform = "state"; - entity_id = brotbox.pump; - to = "on"; - for.minutes = brotbox.minutes*2; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = brotbox.pump; - }; - } - - ##### Kaffeemaschine - { alias = "Water the plant for ${toString seconds} seconds"; - trigger = [ - { # trigger at 20:00 no matter what - # TODO: retry or run only if switch.wasser is available - platform = "time"; - at = "20:00:00"; - } - ]; - action = - [ - { - service = "homeassistant.turn_on"; - entity_id = [ - wasser - ]; - } - { delay.seconds = seconds; } - { - service = "homeassistant.turn_off"; - entity_id = [ - wasser - ]; - } - ]; - } - { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; - trigger = [ + automation = + [ + ### Brotbox ##### + #{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour"; + # trigger = + # { # Trigger once every hour at :42 + # platform = "time_pattern"; + # minutes = 42; + # }; + # condition = { + # condition = "numeric_state"; + # entity_id = brotbox.sensor; + # value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}"; + # below = 75; + # }; + # action = + # [ + # { + # service = "homeassistant.turn_on"; + # entity_id = brotbox.pump; + # } + # { delay.minutes = brotbox.minutes; } + # { + # service = "homeassistant.turn_off"; + # entity_id = brotbox.pump ; + # } + # ]; + #} + { alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes"; + trigger = { platform = "state"; - entity_id = wasser; + entity_id = brotbox.pump; to = "on"; - for.seconds = seconds*2; - } - ]; - action = - [ + for.minutes = brotbox.minutes*2; + }; + action = { service = "homeassistant.turn_off"; - entity_id = [ wasser ]; - } - ]; - } - ]; + entity_id = brotbox.pump; + }; + } + + ##### Kaffeemaschine + { alias = "Water the plant for ${toString seconds} seconds"; + trigger = [ + { # trigger at 20:00 no matter what + # TODO: retry or run only if switch.wasser is available + platform = "time"; + at = "20:00:00"; + } + ]; + action = + [ + { + service = "homeassistant.turn_on"; + entity_id = [ + wasser + ]; + } + { delay.seconds = seconds; } + { + service = "homeassistant.turn_off"; + entity_id = [ + wasser + ]; + } + ]; + } + { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; + trigger = [ + { + platform = "state"; + entity_id = wasser; + to = "on"; + for.seconds = seconds*2; + } + ]; + action = + [ + { + service = "homeassistant.turn_off"; + entity_id = [ wasser ]; + } + ]; + } + ]; + }; } diff --git a/krebs/2configs/shack/glados/sensors/darksky.nix b/krebs/2configs/shack/glados/sensors/darksky.nix index c8725b868..12b33804c 100644 --- a/krebs/2configs/shack/glados/sensors/darksky.nix +++ b/krebs/2configs/shack/glados/sensors/darksky.nix @@ -1,21 +1,24 @@ {lib,...}: -[ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:15:00"; - } -] +{ + services.home-assistant.config.sensor = + [ + { platform = "darksky"; + api_key = lib.removeSuffix "\n" + (builtins.readFile <secrets/hass/darksky.apikey>); + language = "de"; + monitored_conditions = [ + "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "apparent_temperature" + "hourly_summary" # next 24 hours text + "humidity" + "pressure" + "uv_index" + ]; + units = "si" ; + scan_interval = "00:15:00"; + } + ]; +} diff --git a/krebs/2configs/shack/glados/sensors/mate.nix b/krebs/2configs/shack/glados/sensors/mate.nix index 1bb0e71eb..751856668 100644 --- a/krebs/2configs/shack/glados/sensors/mate.nix +++ b/krebs/2configs/shack/glados/sensors/mate.nix @@ -6,11 +6,15 @@ let name = "Füllstand ${name}"; value_template = "{{ value_json.fuellstand }}"; }; -in [ - (fuellstand "Wasser" 1) - (fuellstand "Mate Cola" 2) - (fuellstand "Apfelschorle" 3) - (fuellstand "Zitronensprudel" 4) - (fuellstand "Mate 1" 26) - (fuellstand "Mate 2" 27) -] +in +{ + services.home-assistant.config.sensor = + [ + (fuellstand "Wasser" 1) + (fuellstand "Mate Cola" 2) + (fuellstand "Apfelschorle" 3) + (fuellstand "Zitronensprudel" 4) + (fuellstand "Mate 1" 26) + (fuellstand "Mate 2" 27) + ]; +} diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix index b168f2beb..d9b5c7c65 100644 --- a/krebs/2configs/shack/glados/sensors/power.nix +++ b/krebs/2configs/shack/glados/sensors/power.nix @@ -20,7 +20,10 @@ let power_watt = (power_x "Power") ; power_curr = power_x "Current"; in +{ + services.home-assistant.config.sensor = (map power_volt [ "L1" "L2" "L3" ]) ++ (map (x: ((power_watt x) // { device_class = "power"; })) [ "L1" "L2" "L3" ]) ++ (map power_curr [ "L1" "L2" "L3" ]) -++ [ power_consumed ] +++ [ power_consumed ]; +} diff --git a/krebs/2configs/shack/glados/sensors/sensemap.nix b/krebs/2configs/shack/glados/sensors/sensemap.nix index dff29c3c4..c261a28e1 100644 --- a/krebs/2configs/shack/glados/sensors/sensemap.nix +++ b/krebs/2configs/shack/glados/sensors/sensemap.nix @@ -1,6 +1,9 @@ -[ - { - platform = "opensensemap"; - station_id = "56a0de932cb6e1e41040a68b"; - } -] +{ + services.home-assistant.config.air_quality = + [ + { + platform = "opensensemap"; + station_id = "56a0de932cb6e1e41040a68b"; + } + ]; +} diff --git a/krebs/2configs/shack/glados/sensors/spaceapi.nix b/krebs/2configs/shack/glados/sensors/spaceapi.nix index 11cab11c9..ea20ad29d 100644 --- a/krebs/2configs/shack/glados/sensors/spaceapi.nix +++ b/krebs/2configs/shack/glados/sensors/spaceapi.nix @@ -1,52 +1,55 @@ -[ - { - platform = "rest"; - resource = "https://spaceapi.afra-berlin.de/v1/status.json"; - method = "GET"; - name = "Door AFRA Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://club.entropia.de/spaceapi"; - method = "GET"; - name = "Door Entropia"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://www.c-base.org/status.json"; - method = "GET"; - name = "Door C-Base Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "https://status.raumzeitlabor.de/api/full.json"; - method = "GET"; - name = "Door RZL"; - device_class = "door"; - value_template = "{{ value_json.status }}"; - } - { - platform = "rest"; - resource = "https://datenobservatorium.de/"; - method = "GET"; - name = "Door Datenobservatorium"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - { - platform = "rest"; - resource = "https://infuanfu.de/"; - method = "GET"; - name = "Door Infuanfu"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } -] +{ + services.home-assistant.config.binary_sensor = + [ + { + platform = "rest"; + resource = "https://spaceapi.afra-berlin.de/v1/status.json"; + method = "GET"; + name = "Door AFRA Berlin"; + device_class = "door"; + value_template = "{{ value_json.open }}"; + } + { + platform = "rest"; + resource = "http://club.entropia.de/spaceapi"; + method = "GET"; + name = "Door Entropia"; + device_class = "door"; + value_template = "{{ value_json.open }}"; + } + { + platform = "rest"; + resource = "http://www.c-base.org/status.json"; + method = "GET"; + name = "Door C-Base Berlin"; + device_class = "door"; + value_template = "{{ value_json.open }}"; + } + { + platform = "rest"; + resource = "https://status.raumzeitlabor.de/api/full.json"; + method = "GET"; + name = "Door RZL"; + device_class = "door"; + value_template = "{{ value_json.status }}"; + } + { + platform = "rest"; + resource = "https://datenobservatorium.de/"; + method = "GET"; + name = "Door Datenobservatorium"; + device_class = "door"; + value_template = "false"; + scan_interval = 2592000; + } + { + platform = "rest"; + resource = "https://infuanfu.de/"; + method = "GET"; + name = "Door Infuanfu"; + device_class = "door"; + value_template = "false"; + scan_interval = 2592000; + } + ]; +} diff --git a/krebs/2configs/shack/glados/switch/power.nix b/krebs/2configs/shack/glados/switch/power.nix index 4e9a45c28..9ec115faa 100644 --- a/krebs/2configs/shack/glados/switch/power.nix +++ b/krebs/2configs/shack/glados/switch/power.nix @@ -15,18 +15,30 @@ let power = nodelight "power"; light = ident: name: { icon = "mdi:lightbulb";} // nodelight "light" ident name; in -[ - (power 1 "Hauptschalter") - (power 2 "Dusche") - (power 3 "Warmwasser") - (power 4 "Optionsräume") - (power 5 "Küche") - (light 1 "Decke Lounge 1") - (light 2 "Decke Lounge 2") - (light 3 "Decke Lounge 3") - (light 4 "Decke Lounge 4") - (light 5 "Decke Lounge 5") - (light 6 "Decke Lounge 6") - (light 7 "Decke Lounge 7") - (light 8 "Decke Lounge 8") -] +{ + services.home-assistant.config.switch = + [ + # These commands we see with a shutdown: + # power/143/state on + # power/142/state on + # power/141/state on + # power/142/state off + # power/141/state off + # power/10/state off + # power/main/state off + + (power "10" "Hauptschalter") + (power 1 "Dusche") # ??? + (power 2 "Warmwasser") # ??? + (power 3 "Optionsräume") # ??? + (power 4 "Küche") # ??? + (light 1 "Decke Lounge 1") + (light 2 "Decke Lounge 2") + (light 3 "Decke Lounge 3") + (light 4 "Decke Lounge 4") + (light 5 "Decke Lounge 5") + (light 6 "Decke Lounge 6") + (light 7 "Decke Lounge 7") + (light 8 "Decke Lounge 8") + ]; +} diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index 4118e7a72..cc3692e85 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -8,20 +8,25 @@ let pkg = pkgs.python3.pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/powermeter.git"; - rev = "96609f0d632e0732afa768ddd7b3f8841ca37c1b"; - sha256 = "sha256:0wfpm3ik5r081qv2crmpjwylgg2v8ximq347qh0fzq1rwv0dqbnn"; + rev = "438b08f"; + sha256 = "0c5czmrwlw985b7ia6077mfrvbf2fq51iajb481pgqbywgxqis5m"; }) {}; in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; users.users.powermeter.extraGroups = [ "dialout" ]; + # we make sure that usb-ttl has the correct permissions + # creates /dev/powerraw + services.udev.extraRules = '' + SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", SYMLINK+="powerraw", MODE="0660", GROUP="dialout" + ''; systemd.services.powermeter-serial2mqtt = { description = "powerraw Serial -> mqtt"; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "powermeter"; - ExecStart = "${pkg}/bin/powermeter-serial2mqtt"; + ExecStart = "${pkg}/bin/powermeter-serial2mqtt /dev/powerraw"; PrivateTmp = true; Restart = "always"; RestartSec = "15"; @@ -67,7 +72,7 @@ in { }; sensor = "total"; types = [ "Voltage" "Current" "Power" ]; - phases = [ 1 2 3 ]; + phases = [ "1" "2" "3" ]; in [ (genTopic "Power consumed" "/power/${sensor}/consumed" { inherit sensor; }) ] ++ (lib.flatten (map (type: (map (phase: (genTopic "Power" "/power/${sensor}/L${toString phase}/${type}" { inherit sensor phase type; }) ) phases)) types)); diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 1c2d0b1ad..12c691466 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -14,7 +14,7 @@ in { labels.severity = "warning"; annotations.summary = "{{ $labels.alias }} root disk full"; annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).A vast number of shackspace services will stop working. CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; + annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; } { alert = "RootPartitionFull"; @@ -25,14 +25,15 @@ in { annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak"; annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; } + # wolf.shack is not worth supervising anymore { alert = "HostDown"; - expr = ''up{alias="wolf.shack"} == 0''; + expr = ''up{alias="infra01.shack"} == 0''; for = "5m"; labels.severity = "page"; annotations.summary = "Instance {{ $labels.alias }} down for 5 minutes"; annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, try to restart the host via naproxen ( http://naproxen.shack:8006 ). Wolf being down means that CI,glados automation, light management and a couple of other services will not work anymore.''; + annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, as the machine runs one of the DNS servers and the power broadcast proxy which is used to be able to turn off the light via puyak as well as the shutdown listener.''; } ]; } diff --git a/krebs/2configs/shack/worlddomination.nix b/krebs/2configs/shack/worlddomination.nix index b38b9cab4..61b72d9a8 100644 --- a/krebs/2configs/shack/worlddomination.nix +++ b/krebs/2configs/shack/worlddomination.nix @@ -3,11 +3,11 @@ with import <stockholm/lib>; let pkg = pkgs.stdenv.mkDerivation { - name = "worlddomination-2018-04-21"; + name = "worlddomination-2020-12-01"; src = pkgs.fetchgit { - url = "https://github.com/shackspace/worlddomination/"; - rev = "1b32403b9"; - sha256 = "10x7aiil13k3x9wqy95mi1ys999d6fxg5sys3jwv7a1p930gkl1i"; + url = "https://git.shackspace.de/rz/worlddomination.git"; + rev = "c7aedcde7cd1fcb870b5356a6125e1a384b0776c"; + sha256 = "0y6haz5apwa33lz64l7b2x78wrrckbw39j4wzyd1hfk46478xi2y"; }; buildInputs = [ (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [ @@ -17,6 +17,7 @@ let grequests paramiko python + setuptools ])) ]; installPhase = '' diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix new file mode 100644 index 000000000..55e8255b4 --- /dev/null +++ b/krebs/3modules/brockman.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.krebs.brockman; +in { + options.krebs.brockman = { + enable = mkEnableOption "brockman"; + config = mkOption { type = types.attrs; }; # TODO make real config here + }; + + config = mkIf cfg.enable { + users.extraUsers.brockman = { + home = "/var/lib/brockman"; + createHome = true; + isNormalUser = false; + }; + + systemd.services.brockman = { + description = "RSS to IRC broadcaster"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + Restart = "always"; + ExecStart = '' + ${pkgs.brockman}/bin/brockman ${pkgs.writeText "brockman.json" (builtins.toJSON cfg.config)} + ''; + User = config.users.extraUsers.brockman.name; + PrivateTmp = true; + RuntimeDirectory = "brockman"; + WorkingDirectory = "%t/brockman"; + }; + }; + }; +} diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index bd6bab376..8c620a4e2 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -11,6 +11,7 @@ let ./apt-cacher-ng.nix ./backup.nix ./bepasty-server.nix + ./brockman.nix ./buildbot/master.nix ./buildbot/slave.nix ./build.nix @@ -36,7 +37,6 @@ let ./kapacitor.nix ./konsens.nix ./monit.nix - ./newsbot-js.nix ./nixpkgs.nix ./on-failure.nix ./os-release.nix diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 277169e11..efe3ace0f 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -579,6 +579,31 @@ in { }; }; }; + karakalpakstan = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.161.1"; + aliases = [ "karakalpakstan.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEA45kRCvWIaVteKQiz31AOjkEwHwOns/6SGXYzL5IswoEOT/i/8Ihl + l+ydTMTE28zs1nQp8MUBEdsJF02U8aEjPCyyMtZflZ+uaUAeJ0zAWTcb4AwdSjp+ + RKApp+LmVNDyx3W6rIgK7WYLfKhge4nRAlnshpekzaS2j7ccKhZMBIqyntYDJb6K + lE4poAgemMlE0apFV54d3ohWCZurfJ/K6BpsX7h+uwqFPOHi+pD7D/e2dHhSLXtS + 0cuFseQwqDF+xd5MAmApHO8w/BEdKWeU19TZmzkC5TlIO1HcknMq4Y8QkzCc5PXb + 5WeEdi1CyIGePldFv91LoHepsMV3nrIF7n6ZmdTuxj5GH0A0Zg0z4hrWJuXk64JM + bTpe/rDXWOG0IK0HN4z14ySD8yafLTV4gvH9Mg6jUqyqGfLpIK+o/N7ZavOeVKq5 + 3Hf9c246v1vhHjnbat5GyY79PmimEvxR51mOItpRoyJYfdSa3KrvUki0MboCiYAU + GKBmEw2BR3eybnejHqvAFov30MkmkOTz3mV/UPKELqhGCQf6UJAKG0GoxGpK3m8k + epNSAKUpj8B7+JM3Ybgl+CoAm/+qu7Ojp5j4Onn0kgB2yXryHJaNOdgraCXI2yzt + /n/eHElmKWoMCXhkV/mee1Cl2Y74XKivM6ov3lLvIDRxdXl46PvBFVkCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + }; users = { ajs124 = { diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 218ac9221..4df73509c 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -13,52 +13,78 @@ let api = { enable = mkEnableOption "Enable go url shortener"; port = mkOption { - type = types.str; - default = "1337"; + type = types.int; + default = 1337; description = "on which port go should run on"; }; - redisKeyPrefix = mkOption { - type = types.str; - default = "go:"; - description = "change the Redis key prefix which defaults to `go:`"; - }; }; imp = { - services.redis = { - enable = mkDefault true; - bind = mkDefault "127.0.0.1"; - }; + krebs.htgen.go = { + port = cfg.port; + script = ''. ${pkgs.writeDash "go" '' + find_item() { + if test ''${#1} -ge 7; then + set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \ + -regex "$STATEDIR/items/$1[0-9A-Za-z]*$")" + if test -n "$1" && test $(echo "$1" | wc -l) = 1; then + echo "$1" + return 0 + fi + fi + return 1 + } - users.extraUsers.go = rec { - name = "go"; - uid = genid name; - description = "go url shortener user"; - home = "/var/lib/go"; - createHome = true; - }; + STATEDIR=$HOME + mkdir -p "$STATEDIR/items" - systemd.services.go = { - description = "go url shortener"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; + case "$Method $Request_URI" in + "GET /"*) + if item=$(find_item "''${Request_URI#/}"); then + uri=$(cat "$item") + printf 'HTTP/1.1 302 Found\r\n' + printf 'Content-Type: text/plain\r\n' + printf 'Connection: closed\r\n' + printf 'Location: %s\r\n' "$uri" + printf '\r\n' + exit + fi + ;; + "POST /") + uri=$(mktemp -t htgen.$$.content.XXXXXXXX) + trap 'rm $uri >&2' EXIT - path = with pkgs; [ - go-shortener - ]; + head -c "$req_content_length" \ + | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \ + | xargs -0 echo -e \ + | tee /tmp/tee.log \ + | ${pkgs.urix}/bin/urix \ + | head -1 \ + > "$uri" + sha256=$(sha256sum -b "$uri" | cut -d\ -f1) + base32=$(${pkgs.nixStable}/bin/nix-hash --to-base32 --type sha256 "$sha256") + item="$STATEDIR/items/$base32" + ref="http://$req_host/$base32" - environment = { - PORT = cfg.port; - REDIS_KEY_PREFIX = cfg.redisKeyPrefix; - }; + if ! test -e "$item"; then + mkdir -v -p "$STATEDIR/items" >&2 + cp -v "$uri" "$item" >&2 + fi - restartIfChanged = true; + base32short=$(echo "$base32" | cut -b-7) + if item=$(find_item "$base32short"); then + ref="http://$req_host/$base32short" + fi - serviceConfig = { - User = "go"; - Restart = "always"; - ExecStart = "${pkgs.go-shortener}/bin/go"; - }; + printf 'HTTP/1.1 200 OK\r\n' + printf 'Content-Type: text/plain; charset=UTF-8\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + printf '%s\n' "$ref" + exit + ;; + esac + ''}''; }; }; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 5e3ddcb2d..d0648418f 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -128,9 +128,11 @@ in { ip4.addr = "10.243.77.2"; aliases = [ "puyak.r" + "brockman.r" "build.puyak.r" "cgit.puyak.r" "go.r" + "rss.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3466ef8eb..a4586bed4 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -44,6 +44,7 @@ in { matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + streaming 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { @@ -604,6 +605,7 @@ in { }; ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f "; + syncthing.id = "JS4RFIL-MJP2SMJ-EOQXCPQ-MC3NB4V-BQ77GN5-LPKGLWY-GHDP732-G22OJQQ"; }; hilum = { cores = 1; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index e204b4f31..2cb70eec4 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -243,6 +243,8 @@ in { "wiki.makefu.r" "warrior.gum.r" "sick.makefu.r" + "dl.gum.r" + "dl.makefu.r" ]; }; }; diff --git a/krebs/3modules/newsbot-js.nix b/krebs/3modules/newsbot-js.nix deleted file mode 100644 index a3640caa5..000000000 --- a/krebs/3modules/newsbot-js.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - - cfg = config.krebs.newsbot-js; - - enable = cfg != {}; - - out = { - options.krebs.newsbot-js = api; - config = mkIf enable imp; - }; - - api = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - enable = mkEnableOption "Enable krebs newsbot" // { default = true; }; - - channel = mkOption { - type = types.str; - default = "#${config._module.args.name}"; - description = "post the news in this channel"; - }; - feeds = mkOption { - type = types.path; - description = '' - file with feeds to post - format: - $nick|$feedURI - ''; - }; - ircServer = mkOption { - type = types.str; - default = "localhost"; - description = "to which server the bot should connect"; - }; - masterNick = mkOption { - type = types.str; - default = config._module.args.name; - description = "nickname of the master bot"; - }; - package = mkOption { - type = types.package; - default = pkgs.newsbot-js; - description = "newsbot package to use"; - }; - urlShortenerHost = mkOption { - type = types.str; - default = "go.r"; - description = "what server to use for url shortening, host"; - }; - urlShortenerPort = mkOption { - type = types.str; - default = "80"; - description = "what server to use for url shortening, port"; - }; - }; - })); - default = {}; - }; - - imp = { - users.extraUsers.newsbot-js = { - name = "newsbot-js"; - uid = genid "newsbot-js"; - description = "newsbot-js user"; - home = "/var/empty"; - }; - - systemd.services = mapAttrs' (name: newsbot: - nameValuePair "newsbot-${name}" { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - path = with pkgs; [ - newsbot-js - ]; - - environment = { - irc_server = newsbot.ircServer; - master_nick = newsbot.masterNick; - news_channel = newsbot.channel; - feeds_file = newsbot.feeds; - url_shortener_host = newsbot.urlShortenerHost; - url_shortener_port = newsbot.urlShortenerPort; - }; - - restartIfChanged = true; - - serviceConfig = { - User = "newsbot-js"; - Restart = "always"; - ExecStart = "${newsbot.package}/bin/newsbot"; - WatchdogSec = "86400"; - }; - } - ) cfg; - }; - -in out diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index ab25934c8..d18c3e4c8 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -13,6 +13,7 @@ foldl' mergeAttrs {} // { + brockman = self.haskellPackages.brockman; reaktor2 = self.haskellPackages.reaktor2; ReaktorPlugins = self.callPackage ./simple/Reaktor/plugins.nix {}; diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix new file mode 100644 index 000000000..c6d01edc7 --- /dev/null +++ b/krebs/5pkgs/haskell/brockman.nix @@ -0,0 +1,24 @@ +{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring +, conduit, containers, directory, feed, filepath, hslogger +, html-entity, http-client, irc-conduit, lens, network +, optparse-applicative, random, safe, stdenv, text, wreq +, fetchFromGitHub +}: +mkDerivation rec { + pname = "brockman"; + version = "3.0.0"; + src = fetchFromGitHub { + owner = "kmein"; + repo = "brockman"; + rev = version; + sha256 = "08yla9q2mjd7znpasfwsdqzc3dp2vcvg53x9p4vlx4g7jr3dw3yp"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson aeson-pretty base bloomfilter bytestring conduit containers + directory feed filepath hslogger html-entity http-client + irc-conduit lens network optparse-applicative random safe text wreq + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/simple/go-shortener/default.nix b/krebs/5pkgs/simple/go-shortener/default.nix deleted file mode 100644 index 5e734553b..000000000 --- a/krebs/5pkgs/simple/go-shortener/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs-12_x, pkgs }: - -with lib; - -let - nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { - inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs-12_x; - libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; - }; - - node_env = pkgs.buildEnv { - name = "go-node_env"; - paths = attrValues (import ./node-packages.nix { - inherit (pkgs) fetchurl fetchgit; - inherit nodeEnv; - }); - }; - -in stdenv.mkDerivation { - packageName = "go"; - name = "go-shortener"; - version = "0.0.0"; - - src = fetchgit { - url = "http://cgit.lassul.us/go/"; - rev = "05d02740e0adbb36cc461323647f0c1e7f493156"; - sha256 = "6015c9a93317375ae8099c7ab982df0aa93a59ec2b48972e253887bb6ca0004f"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - nodejs-12_x - makeWrapper - ]; - - installPhase = '' - mkdir -p $out/bin - - cp index.js $out/ - cat > $out/go << EOF - ${nodejs-12_x}/bin/node $out/index.js - EOF - chmod +x $out/go - - wrapProgram $out/go \ - --prefix NODE_PATH : ${node_env}/lib/node_modules - - ln -s $out/go /$out/bin/go - ''; - -} diff --git a/krebs/5pkgs/simple/go-shortener/node-packages.nix b/krebs/5pkgs/simple/go-shortener/node-packages.nix deleted file mode 100644 index 613e31ba0..000000000 --- a/krebs/5pkgs/simple/go-shortener/node-packages.nix +++ /dev/null @@ -1,88 +0,0 @@ -# This file has been generated by node2nix 1.7.0. Do not edit! - -{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: - -let - sources = { - "denque-1.4.1" = { - name = "denque"; - packageName = "denque"; - version = "1.4.1"; - src = fetchurl { - url = "https://registry.npmjs.org/denque/-/denque-1.4.1.tgz"; - sha512 = "OfzPuSZKGcgr96rf1oODnfjqBFmr1DVoc/TrItj3Ohe0Ah1C5WX5Baquw/9U9KovnQ88EqmJbD66rKYUQYN1tQ=="; - }; - }; - "redis-commands-1.5.0" = { - name = "redis-commands"; - packageName = "redis-commands"; - version = "1.5.0"; - src = fetchurl { - url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.5.0.tgz"; - sha512 = "6KxamqpZ468MeQC3bkWmCB1fp56XL64D4Kf0zJSwDZbVLLm7KFkoIcHrgRvQ+sk8dnhySs7+yBg94yIkAK7aJg=="; - }; - }; - "redis-errors-1.2.0" = { - name = "redis-errors"; - packageName = "redis-errors"; - version = "1.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz"; - sha1 = "eb62d2adb15e4eaf4610c04afe1529384250abad"; - }; - }; - "redis-parser-3.0.0" = { - name = "redis-parser"; - packageName = "redis-parser"; - version = "3.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz"; - sha1 = "b66d828cdcafe6b4b8a428a7def4c6bcac31c8b4"; - }; - }; - }; -in -{ - formidable = nodeEnv.buildNodePackage { - name = "formidable"; - packageName = "formidable"; - version = "1.2.2"; - src = fetchurl { - url = "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz"; - sha512 = "V8gLm+41I/8kguQ4/o1D3RIHRmhYFG4pnNyonvua+40rqcEmT4+V71yaZ3B457xbbgCsCfjSPi65u/W6vK1U5Q=="; - }; - buildInputs = globalBuildInputs; - meta = { - description = "A node.js module for parsing form data, especially file uploads."; - homepage = https://github.com/node-formidable/formidable; - license = "MIT"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; - redis = nodeEnv.buildNodePackage { - name = "redis"; - packageName = "redis"; - version = "3.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/redis/-/redis-3.0.2.tgz"; - sha512 = "PNhLCrjU6vKVuMOyFu7oSP296mwBkcE6lrAjruBYG5LgdSqtRBoVQIylrMyVZD/lkF24RSNNatzvYag6HRBHjQ=="; - }; - dependencies = [ - sources."denque-1.4.1" - sources."redis-commands-1.5.0" - sources."redis-errors-1.2.0" - sources."redis-parser-3.0.0" - ]; - buildInputs = globalBuildInputs; - meta = { - description = "A high performance Redis client."; - homepage = https://github.com/NodeRedis/node-redis; - license = "MIT"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; -}
\ No newline at end of file diff --git a/krebs/5pkgs/simple/go-shortener/pkgs.json b/krebs/5pkgs/simple/go-shortener/pkgs.json deleted file mode 100644 index f53ce3745..000000000 --- a/krebs/5pkgs/simple/go-shortener/pkgs.json +++ /dev/null @@ -1,4 +0,0 @@ -[ - "formidable", - "redis" -] diff --git a/krebs/5pkgs/simple/go-shortener/update.sh b/krebs/5pkgs/simple/go-shortener/update.sh deleted file mode 100755 index 1a58d0367..000000000 --- a/krebs/5pkgs/simple/go-shortener/update.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash -p nodePackages_10_x.node2nix -node2nix -10 -i pkgs.json -c combine.nix -rm node-env.nix combine.nix diff --git a/krebs/5pkgs/simple/newsbot-js/default.nix b/krebs/5pkgs/simple/newsbot-js/default.nix deleted file mode 100644 index 0ac66f433..000000000 --- a/krebs/5pkgs/simple/newsbot-js/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ stdenv, makeWrapper, lib, buildEnv, fetchgit, nodejs, pkgs, icu }: - -with lib; - -let - nodeEnv = import <nixpkgs/pkgs/development/node-packages/node-env.nix> { - inherit (pkgs) stdenv python2 utillinux runCommand writeTextFile; - nodejs = nodejs; - libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null; - }; - - node_env = pkgs.buildEnv { - name = "go-node_env"; - paths = attrValues (import ./node-packages.nix { - inherit (pkgs) fetchurl fetchgit; - inherit nodeEnv; - globalBuildInputs = [ - icu.dev - ]; - }); - }; - - -in stdenv.mkDerivation { - name = "newsbot-js"; - - src = fetchgit { - url = "http://cgit.prism/newsbot-js/"; - rev = "09e01639be4ea9691cf5b33f7d9057b68ac98079"; - sha256 = "28ffbed66c2efcd194c47823c7d5d5533c80852fc0cf9d9d4ee609c71d50c142"; - }; - - phases = [ - "unpackPhase" - "installPhase" - ]; - - buildInputs = [ - nodejs - makeWrapper - ]; - - installPhase = '' - mkdir -p $out/bin - - cp newsbot.js $out/ - cat > $out/newsbot << EOF - ${nodejs}/bin/node $out/newsbot.js - EOF - chmod +x $out/newsbot - - wrapProgram $out/newsbot \ - --prefix NODE_PATH : ${node_env}/lib/node_modules - - ln -s $out/newsbot /$out/bin/newsbot - ''; - -} diff --git a/krebs/5pkgs/simple/newsbot-js/node-packages.nix b/krebs/5pkgs/simple/newsbot-js/node-packages.nix deleted file mode 100644 index ea45b93f3..000000000 --- a/krebs/5pkgs/simple/newsbot-js/node-packages.nix +++ /dev/null @@ -1,777 +0,0 @@ -# This file has been generated by node2nix 1.7.0. Do not edit! - -{nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: - -let - sources = { - "addressparser-1.0.1" = { - name = "addressparser"; - packageName = "addressparser"; - version = "1.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/addressparser/-/addressparser-1.0.1.tgz"; - sha1 = "47afbe1a2a9262191db6838e4fd1d39b40821746"; - }; - }; - "ajv-6.10.2" = { - name = "ajv"; - packageName = "ajv"; - version = "6.10.2"; - src = fetchurl { - url = "https://registry.npmjs.org/ajv/-/ajv-6.10.2.tgz"; - sha512 = "TXtUUEYHuaTEbLZWIKUr5pmBuhDLy+8KYtPYdcV8qC+pOZL+NKqYwvWSRrVXHn+ZmRRAu8vJTAznH7Oag6RVRw=="; - }; - }; - "array-indexofobject-0.0.1" = { - name = "array-indexofobject"; - packageName = "array-indexofobject"; - version = "0.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/array-indexofobject/-/array-indexofobject-0.0.1.tgz"; - sha1 = "aaa128e62c9b3c358094568c219ff64fe489d42a"; - }; - }; - "asn1-0.2.4" = { - name = "asn1"; - packageName = "asn1"; - version = "0.2.4"; - src = fetchurl { - url = "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz"; - sha512 = "jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg=="; - }; - }; - "assert-plus-1.0.0" = { - name = "assert-plus"; - packageName = "assert-plus"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz"; - sha1 = "f12e0f3c5d77b0b1cdd9146942e4e96c1e4dd525"; - }; - }; - "asynckit-0.4.0" = { - name = "asynckit"; - packageName = "asynckit"; - version = "0.4.0"; - src = fetchurl { - url = "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz"; - sha1 = "c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"; - }; - }; - "aws-sign2-0.7.0" = { - name = "aws-sign2"; - packageName = "aws-sign2"; - version = "0.7.0"; - src = fetchurl { - url = "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz"; - sha1 = "b46e890934a9591f2d2f6f86d7e6a9f1b3fe76a8"; - }; - }; - "aws4-1.8.0" = { - name = "aws4"; - packageName = "aws4"; - version = "1.8.0"; - src = fetchurl { - url = "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz"; - sha512 = "ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ=="; - }; - }; - "bcrypt-pbkdf-1.0.2" = { - name = "bcrypt-pbkdf"; - packageName = "bcrypt-pbkdf"; - version = "1.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz"; - sha1 = "a4301d389b6a43f9b67ff3ca11a3f6637e360e9e"; - }; - }; - "caseless-0.12.0" = { - name = "caseless"; - packageName = "caseless"; - version = "0.12.0"; - src = fetchurl { - url = "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz"; - sha1 = "1b681c21ff84033c826543090689420d187151dc"; - }; - }; - "combined-stream-1.0.8" = { - name = "combined-stream"; - packageName = "combined-stream"; - version = "1.0.8"; - src = fetchurl { - url = "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz"; - sha512 = "FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg=="; - }; - }; - "core-util-is-1.0.2" = { - name = "core-util-is"; - packageName = "core-util-is"; - version = "1.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz"; - sha1 = "b5fd54220aa2bc5ab57aab7140c940754503c1a7"; - }; - }; - "dashdash-1.14.1" = { - name = "dashdash"; - packageName = "dashdash"; - version = "1.14.1"; - src = fetchurl { - url = "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz"; - sha1 = "853cfa0f7cbe2fed5de20326b8dd581035f6e2f0"; - }; - }; - "delayed-stream-1.0.0" = { - name = "delayed-stream"; - packageName = "delayed-stream"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz"; - sha1 = "df3ae199acadfb7d440aaae0b29e2272b24ec619"; - }; - }; - "ecc-jsbn-0.1.2" = { - name = "ecc-jsbn"; - packageName = "ecc-jsbn"; - version = "0.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz"; - sha1 = "3a83a904e54353287874c564b7549386849a98c9"; - }; - }; - "extend-3.0.2" = { - name = "extend"; - packageName = "extend"; - version = "3.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz"; - sha512 = "fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="; - }; - }; - "extsprintf-1.3.0" = { - name = "extsprintf"; - packageName = "extsprintf"; - version = "1.3.0"; - src = fetchurl { - url = "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz"; - sha1 = "96918440e3041a7a414f8c52e3c574eb3c3e1e05"; - }; - }; - "fast-deep-equal-2.0.1" = { - name = "fast-deep-equal"; - packageName = "fast-deep-equal"; - version = "2.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-2.0.1.tgz"; - sha1 = "7b05218ddf9667bf7f370bf7fdb2cb15fdd0aa49"; - }; - }; - "fast-json-stable-stringify-2.0.0" = { - name = "fast-json-stable-stringify"; - packageName = "fast-json-stable-stringify"; - version = "2.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz"; - sha1 = "d5142c0caee6b1189f87d3a76111064f86c8bbf2"; - }; - }; - "forever-agent-0.6.1" = { - name = "forever-agent"; - packageName = "forever-agent"; - version = "0.6.1"; - src = fetchurl { - url = "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz"; - sha1 = "fbc71f0c41adeb37f96c577ad1ed42d8fdacca91"; - }; - }; - "form-data-2.3.3" = { - name = "form-data"; - packageName = "form-data"; - version = "2.3.3"; - src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz"; - sha512 = "1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ=="; - }; - }; - "getpass-0.1.7" = { - name = "getpass"; - packageName = "getpass"; - version = "0.1.7"; - src = fetchurl { - url = "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz"; - sha1 = "5eff8e3e684d569ae4cb2b1282604e8ba62149fa"; - }; - }; - "har-schema-2.0.0" = { - name = "har-schema"; - packageName = "har-schema"; - version = "2.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz"; - sha1 = "a94c2224ebcac04782a0d9035521f24735b7ec92"; - }; - }; - "har-validator-5.1.3" = { - name = "har-validator"; - packageName = "har-validator"; - version = "5.1.3"; - src = fetchurl { - url = "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz"; - sha512 = "sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g=="; - }; - }; - "http-signature-1.2.0" = { - name = "http-signature"; - packageName = "http-signature"; - version = "1.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz"; - sha1 = "9aecd925114772f3d95b65a60abb8f7c18fbace1"; - }; - }; - "iconv-2.2.3" = { - name = "iconv"; - packageName = "iconv"; - version = "2.2.3"; - src = fetchurl { - url = "https://registry.npmjs.org/iconv/-/iconv-2.2.3.tgz"; - sha1 = "e084d60eeb7d73da7f0a9c096e4c8abe090bfaed"; - }; - }; - "inherits-2.0.4" = { - name = "inherits"; - packageName = "inherits"; - version = "2.0.4"; - src = fetchurl { - url = "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz"; - sha512 = "k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="; - }; - }; - "irc-colors-1.5.0" = { - name = "irc-colors"; - packageName = "irc-colors"; - version = "1.5.0"; - src = fetchurl { - url = "https://registry.npmjs.org/irc-colors/-/irc-colors-1.5.0.tgz"; - sha512 = "HtszKchBQTcqw1DC09uD7i7vvMayHGM1OCo6AHt5pkgZEyo99ClhHTMJdf+Ezc9ovuNNxcH89QfyclGthjZJOw=="; - }; - }; - "is-typedarray-1.0.0" = { - name = "is-typedarray"; - packageName = "is-typedarray"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz"; - sha1 = "e479c80858df0c1b11ddda6940f96011fcda4a9a"; - }; - }; - "isarray-1.0.0" = { - name = "isarray"; - packageName = "isarray"; - version = "1.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz"; - sha1 = "bb935d48582cba168c06834957a54a3e07124f11"; - }; - }; - "isstream-0.1.2" = { - name = "isstream"; - packageName = "isstream"; - version = "0.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz"; - sha1 = "47e63f7af55afa6f92e1500e690eb8b8529c099a"; - }; - }; - "jsbn-0.1.1" = { - name = "jsbn"; - packageName = "jsbn"; - version = "0.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz"; - sha1 = "a5e654c2e5a2deb5f201d96cefbca80c0ef2f513"; - }; - }; - "json-schema-0.2.3" = { - name = "json-schema"; - packageName = "json-schema"; - version = "0.2.3"; - src = fetchurl { - url = "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz"; - sha1 = "b480c892e59a2f05954ce727bd3f2a4e882f9e13"; - }; - }; - "json-schema-traverse-0.4.1" = { - name = "json-schema-traverse"; - packageName = "json-schema-traverse"; - version = "0.4.1"; - src = fetchurl { - url = "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz"; - sha512 = "xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="; - }; - }; - "json-stringify-safe-5.0.1" = { - name = "json-stringify-safe"; - packageName = "json-stringify-safe"; - version = "5.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz"; - sha1 = "1296a2d58fd45f19a0f6ce01d65701e2c735b6eb"; - }; - }; - "jsprim-1.4.1" = { - name = "jsprim"; - packageName = "jsprim"; - version = "1.4.1"; - src = fetchurl { - url = "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz"; - sha1 = "313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"; - }; - }; - "lodash.assign-4.2.0" = { - name = "lodash.assign"; - packageName = "lodash.assign"; - version = "4.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz"; - sha1 = "0d99f3ccd7a6d261d19bdaeb9245005d285808e7"; - }; - }; - "lodash.get-4.4.2" = { - name = "lodash.get"; - packageName = "lodash.get"; - version = "4.4.2"; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz"; - sha1 = "2d177f652fa31e939b4438d5341499dfa3825e99"; - }; - }; - "lodash.has-4.5.2" = { - name = "lodash.has"; - packageName = "lodash.has"; - version = "4.5.2"; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.has/-/lodash.has-4.5.2.tgz"; - sha1 = "d19f4dc1095058cccbe2b0cdf4ee0fe4aa37c862"; - }; - }; - "lodash.uniq-4.5.0" = { - name = "lodash.uniq"; - packageName = "lodash.uniq"; - version = "4.5.0"; - src = fetchurl { - url = "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz"; - sha1 = "d0225373aeb652adc1bc82e4945339a842754773"; - }; - }; - "mime-db-1.42.0" = { - name = "mime-db"; - packageName = "mime-db"; - version = "1.42.0"; - src = fetchurl { - url = "https://registry.npmjs.org/mime-db/-/mime-db-1.42.0.tgz"; - sha512 = "UbfJCR4UAVRNgMpfImz05smAXK7+c+ZntjaA26ANtkXLlOe947Aag5zdIcKQULAiF9Cq4WxBi9jUs5zkA84bYQ=="; - }; - }; - "mime-types-2.1.25" = { - name = "mime-types"; - packageName = "mime-types"; - version = "2.1.25"; - src = fetchurl { - url = "https://registry.npmjs.org/mime-types/-/mime-types-2.1.25.tgz"; - sha512 = "5KhStqB5xpTAeGqKBAMgwaYMnQik7teQN4IAzC7npDv6kzeU6prfkR67bc87J1kWMPGkoaZSq1npmexMgkmEVg=="; - }; - }; - "mri-1.1.4" = { - name = "mri"; - packageName = "mri"; - version = "1.1.4"; - src = fetchurl { - url = "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz"; - sha512 = "6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w=="; - }; - }; - "nan-2.14.0" = { - name = "nan"; - packageName = "nan"; - version = "2.14.0"; - src = fetchurl { - url = "https://registry.npmjs.org/nan/-/nan-2.14.0.tgz"; - sha512 = "INOFj37C7k3AfaNTtX8RhsTw7qRy7eLET14cROi9+5HAVbbHuIWUHEauBv5qT4Av2tWasiTY1Jw6puUNqRJXQg=="; - }; - }; - "node-icu-charset-detector-0.2.0" = { - name = "node-icu-charset-detector"; - packageName = "node-icu-charset-detector"; - version = "0.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/node-icu-charset-detector/-/node-icu-charset-detector-0.2.0.tgz"; - sha1 = "c2320da374ddcb671fc54cb4a0e041e156ffd639"; - }; - }; - "oauth-sign-0.9.0" = { - name = "oauth-sign"; - packageName = "oauth-sign"; - version = "0.9.0"; - src = fetchurl { - url = "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz"; - sha512 = "fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="; - }; - }; - "performance-now-2.1.0" = { - name = "performance-now"; - packageName = "performance-now"; - version = "2.1.0"; - src = fetchurl { - url = "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz"; - sha1 = "6309f4e0e5fa913ec1c69307ae364b4b377c9e7b"; - }; - }; - "process-nextick-args-2.0.1" = { - name = "process-nextick-args"; - packageName = "process-nextick-args"; - version = "2.0.1"; - src = fetchurl { - url = "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz"; - sha512 = "3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="; - }; - }; - "psl-1.4.0" = { - name = "psl"; - packageName = "psl"; - version = "1.4.0"; - src = fetchurl { - url = "https://registry.npmjs.org/psl/-/psl-1.4.0.tgz"; - sha512 = "HZzqCGPecFLyoRj5HLfuDSKYTJkAfB5thKBIkRHtGjWwY7p1dAyveIbXIq4tO0KYfDF2tHqPUgY9SDnGm00uFw=="; - }; - }; - "punycode-1.4.1" = { - name = "punycode"; - packageName = "punycode"; - version = "1.4.1"; - src = fetchurl { - url = "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz"; - sha1 = "c0d5a63b2718800ad8e1eb0fa5269c84dd41845e"; - }; - }; - "punycode-2.1.1" = { - name = "punycode"; - packageName = "punycode"; - version = "2.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz"; - sha512 = "XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="; - }; - }; - "qs-6.5.2" = { - name = "qs"; - packageName = "qs"; - version = "6.5.2"; - src = fetchurl { - url = "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz"; - sha512 = "N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="; - }; - }; - "readable-stream-2.3.6" = { - name = "readable-stream"; - packageName = "readable-stream"; - version = "2.3.6"; - src = fetchurl { - url = "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz"; - sha512 = "tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw=="; - }; - }; - "safe-buffer-5.1.2" = { - name = "safe-buffer"; - packageName = "safe-buffer"; - version = "5.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz"; - sha512 = "Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="; - }; - }; - "safe-buffer-5.2.0" = { - name = "safe-buffer"; - packageName = "safe-buffer"; - version = "5.2.0"; - src = fetchurl { - url = "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.0.tgz"; - sha512 = "fZEwUGbVl7kouZs1jCdMLdt95hdIv0ZeHg6L7qPeciMZhZ+/gdesW4wgTARkrFWEpspjEATAzUGPG8N2jJiwbg=="; - }; - }; - "safer-buffer-2.1.2" = { - name = "safer-buffer"; - packageName = "safer-buffer"; - version = "2.1.2"; - src = fetchurl { - url = "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz"; - sha512 = "YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="; - }; - }; - "sax-1.2.4" = { - name = "sax"; - packageName = "sax"; - version = "1.2.4"; - src = fetchurl { - url = "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz"; - sha512 = "NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="; - }; - }; - "sshpk-1.16.1" = { - name = "sshpk"; - packageName = "sshpk"; - version = "1.16.1"; - src = fetchurl { - url = "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz"; - sha512 = "HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg=="; - }; - }; - "string_decoder-1.1.1" = { - name = "string_decoder"; - packageName = "string_decoder"; - version = "1.1.1"; - src = fetchurl { - url = "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz"; - sha512 = "n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg=="; - }; - }; - "tough-cookie-2.4.3" = { - name = "tough-cookie"; - packageName = "tough-cookie"; - version = "2.4.3"; - src = fetchurl { - url = "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz"; - sha512 = "Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ=="; - }; - }; - "tunnel-agent-0.6.0" = { - name = "tunnel-agent"; - packageName = "tunnel-agent"; - version = "0.6.0"; - src = fetchurl { - url = "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz"; - sha1 = "27a5dea06b36b04a0a9966774b290868f0fc40fd"; - }; - }; - "tweetnacl-0.14.5" = { - name = "tweetnacl"; - packageName = "tweetnacl"; - version = "0.14.5"; - src = fetchurl { - url = "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz"; - sha1 = "5ae68177f192d4456269d108afa93ff8743f4f64"; - }; - }; - "uri-js-4.2.2" = { - name = "uri-js"; - packageName = "uri-js"; - version = "4.2.2"; - src = fetchurl { - url = "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz"; - sha512 = "KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ=="; - }; - }; - "util-deprecate-1.0.2" = { - name = "util-deprecate"; - packageName = "util-deprecate"; - version = "1.0.2"; - src = fetchurl { - url = "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz"; - sha1 = "450d4dc9fa70de732762fbd2d4a28981419a0ccf"; - }; - }; - "uuid-3.3.3" = { - name = "uuid"; - packageName = "uuid"; - version = "3.3.3"; - src = fetchurl { - url = "https://registry.npmjs.org/uuid/-/uuid-3.3.3.tgz"; - sha512 = "pW0No1RGHgzlpHJO1nsVrHKpOEIxkGg1xB+v0ZmdNH5OAeAwzAVrCnI2/6Mtx+Uys6iaylxa+D3g4j63IKKjSQ=="; - }; - }; - "verror-1.10.0" = { - name = "verror"; - packageName = "verror"; - version = "1.10.0"; - src = fetchurl { - url = "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz"; - sha1 = "3a105ca17053af55d6e270c1f8288682e18da400"; - }; - }; - }; -in -{ - feedparser = nodeEnv.buildNodePackage { - name = "feedparser"; - packageName = "feedparser"; - version = "2.2.9"; - src = fetchurl { - url = "https://registry.npmjs.org/feedparser/-/feedparser-2.2.9.tgz"; - sha1 = "9138197dafdae05fcadde0036beeaf6066c2c5e9"; - }; - dependencies = [ - sources."addressparser-1.0.1" - sources."array-indexofobject-0.0.1" - sources."core-util-is-1.0.2" - sources."inherits-2.0.4" - sources."isarray-1.0.0" - sources."lodash.assign-4.2.0" - sources."lodash.get-4.4.2" - sources."lodash.has-4.5.2" - sources."lodash.uniq-4.5.0" - sources."mri-1.1.4" - sources."process-nextick-args-2.0.1" - sources."readable-stream-2.3.6" - sources."safe-buffer-5.1.2" - sources."sax-1.2.4" - sources."string_decoder-1.1.1" - sources."util-deprecate-1.0.2" - ]; - buildInputs = globalBuildInputs; - meta = { - description = "Robust RSS Atom and RDF feed parsing using sax js"; - homepage = http://github.com/danmactough/node-feedparser; - license = "MIT"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; - form-data = nodeEnv.buildNodePackage { - name = "form-data"; - packageName = "form-data"; - version = "3.0.0"; - src = fetchurl { - url = "https://registry.npmjs.org/form-data/-/form-data-3.0.0.tgz"; - sha512 = "CKMFDglpbMi6PyN+brwB9Q/GOw0eAnsrEZDgcsH5Krhz5Od/haKHAX0NmQfha2zPPz0JpWzA7GJHGSnvCRLWsg=="; - }; - dependencies = [ - sources."asynckit-0.4.0" - sources."combined-stream-1.0.8" - sources."delayed-stream-1.0.0" - sources."mime-db-1.42.0" - sources."mime-types-2.1.25" - ]; - buildInputs = globalBuildInputs; - meta = { - description = "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications."; - homepage = "https://github.com/form-data/form-data#readme"; - license = "MIT"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; - irc = nodeEnv.buildNodePackage { - name = "irc"; - packageName = "irc"; - version = "0.5.2"; - src = fetchurl { - url = "https://registry.npmjs.org/irc/-/irc-0.5.2.tgz"; - sha1 = "3714f4768365a96d0b2f776bc91166beb2464bbc"; - }; - dependencies = [ - sources."iconv-2.2.3" - sources."irc-colors-1.5.0" - sources."nan-2.14.0" - sources."node-icu-charset-detector-0.2.0" - ]; - buildInputs = globalBuildInputs; - meta = { - description = "An IRC client library for node"; - homepage = "https://github.com/martynsmith/node-irc#readme"; - license = "GPL-3.0"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; - request = nodeEnv.buildNodePackage { - name = "request"; - packageName = "request"; - version = "2.88.0"; - src = fetchurl { - url = "https://registry.npmjs.org/request/-/request-2.88.0.tgz"; - sha512 = "NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg=="; - }; - dependencies = [ - sources."ajv-6.10.2" - sources."asn1-0.2.4" - sources."assert-plus-1.0.0" - sources."asynckit-0.4.0" - sources."aws-sign2-0.7.0" - sources."aws4-1.8.0" - sources."bcrypt-pbkdf-1.0.2" - sources."caseless-0.12.0" - sources."combined-stream-1.0.8" - sources."core-util-is-1.0.2" - sources."dashdash-1.14.1" - sources."delayed-stream-1.0.0" - sources."ecc-jsbn-0.1.2" - sources."extend-3.0.2" - sources."extsprintf-1.3.0" - sources."fast-deep-equal-2.0.1" - sources."fast-json-stable-stringify-2.0.0" - sources."forever-agent-0.6.1" - sources."form-data-2.3.3" - sources."getpass-0.1.7" - sources."har-schema-2.0.0" - sources."har-validator-5.1.3" - sources."http-signature-1.2.0" - sources."is-typedarray-1.0.0" - sources."isstream-0.1.2" - sources."jsbn-0.1.1" - sources."json-schema-0.2.3" - sources."json-schema-traverse-0.4.1" - sources."json-stringify-safe-5.0.1" - sources."jsprim-1.4.1" - sources."mime-db-1.42.0" - sources."mime-types-2.1.25" - sources."oauth-sign-0.9.0" - sources."performance-now-2.1.0" - sources."psl-1.4.0" - sources."punycode-2.1.1" - sources."qs-6.5.2" - sources."safe-buffer-5.2.0" - sources."safer-buffer-2.1.2" - sources."sshpk-1.16.1" - (sources."tough-cookie-2.4.3" // { - dependencies = [ - sources."punycode-1.4.1" - ]; - }) - sources."tunnel-agent-0.6.0" - sources."tweetnacl-0.14.5" - sources."uri-js-4.2.2" - sources."uuid-3.3.3" - sources."verror-1.10.0" - ]; - buildInputs = globalBuildInputs; - meta = { - description = "Simplified HTTP request client."; - homepage = "https://github.com/request/request#readme"; - license = "Apache-2.0"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; - shell-quote = nodeEnv.buildNodePackage { - name = "shell-quote"; - packageName = "shell-quote"; - version = "1.7.2"; - src = fetchurl { - url = "https://registry.npmjs.org/shell-quote/-/shell-quote-1.7.2.tgz"; - sha512 = "mRz/m/JVscCrkMyPqHc/bczi3OQHkLTqXHEFu0zDhK/qfv3UcOA4SVmRCLmos4bhjr9ekVQubj/R7waKapmiQg=="; - }; - buildInputs = globalBuildInputs; - meta = { - description = "quote and parse shell commands"; - homepage = https://github.com/substack/node-shell-quote; - license = "MIT"; - }; - production = true; - bypassCache = true; - reconstructLock = true; - }; -}
\ No newline at end of file diff --git a/krebs/5pkgs/simple/newsbot-js/pkgs.json b/krebs/5pkgs/simple/newsbot-js/pkgs.json deleted file mode 100644 index 95b60854d..000000000 --- a/krebs/5pkgs/simple/newsbot-js/pkgs.json +++ /dev/null @@ -1,7 +0,0 @@ -[ - "feedparser", - "form-data", - "irc", - "request", - "shell-quote" -] diff --git a/krebs/5pkgs/simple/newsbot-js/update.sh b/krebs/5pkgs/simple/newsbot-js/update.sh deleted file mode 100755 index ee7e43f1a..000000000 --- a/krebs/5pkgs/simple/newsbot-js/update.sh +++ /dev/null @@ -1,4 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i bash -p nodePackages.node2nix -node2nix -12 -i pkgs.json -c combine.nix -rm node-env.nix combine.nix diff --git a/krebs/5pkgs/simple/rss-bridge/default.nix b/krebs/5pkgs/simple/rss-bridge/default.nix new file mode 100644 index 000000000..13ad9d69a --- /dev/null +++ b/krebs/5pkgs/simple/rss-bridge/default.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, fetchFromGitHub, stdenv, ... }: + +stdenv.mkDerivation rec { + pname = "rss-bridge"; + version = "2020-11-10"; + + src = fetchFromGitHub { + owner = "RSS-Bridge"; + repo = "rss-bridge"; + rev = version; + sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv"; + }; + + patchPhase = '' + substituteInPlace lib/rssbridge.php \ + --replace "define('PATH_CACHE', PATH_ROOT . 'cache/');" "define('PATH_CACHE', getenv('RSSBRIDGE_DATA') . '/cache/');" \ + --replace "define('FILE_CONFIG', PATH_ROOT . 'config.ini.php');" "define('FILE_CONFIG', getenv('RSSBRIDGE_DATA') . '/config.ini.php');" \ + --replace "define('WHITELIST', PATH_ROOT . 'whitelist.txt');" "define('WHITELIST', getenv('RSSBRIDGE_DATA') . '/whitelist.txt');" + ''; + + installPhase = '' + mkdir $out/ + cp -R ./* $out + ''; + + meta = with lib; { + description = "The RSS feed for websites missing it"; + homepage = "https://github.com/RSS-Bridge/rss-bridge"; + license = licenses.unlicense; + maintainers = with maintainers; [ dawidsowa ]; + platforms = platforms.all; + }; +} diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 4f07b0e88..e478709b8 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4", - "date": "2020-12-09T15:09:49+01:00", - "path": "/nix/store/cx4wf6pi1l2p01sz7png891m65kinfz3-nixpkgs", - "sha256": "0cnmvnvin9ixzl98fmlm3g17l6w95gifqfb3rfxs55c0wj2ddy53", + "rev": "f211631c1cb3e94828c7650b5d12c1e5a89e0e16", + "date": "2021-01-07T19:50:35+02:00", + "path": "/nix/store/2zymxp9iq6xvxy5wjc411iws2kk3c8z4-nixpkgs", + "sha256": "0r085j42991qcbzx4l0hnwlsxw016y4b7r821s4qxvqnvwr9lxar", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 44e373b81..9c450582c 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "3d2d8f281a27d466fa54b469b5993f7dde198375", - "date": "2020-12-20T14:17:36+01:00", - "path": "/nix/store/mqn37480fj6x9xbq3igz4haw3m2lc7fm-nixpkgs", - "sha256": "1hfis53xyzy6hfdivlwkwdy7irbhk7c500a4lf7x43cfkijx5ks1", + "rev": "0cfd08f4881bbfdaa57e68835b923d4290588d98", + "date": "2021-01-08T17:43:56+01:00", + "path": "/nix/store/c3rhsa326ylk4hm146nmfrfmxcpqflyb-nixpkgs", + "sha256": "1srd9p37jmrsxgvrxvlibmscphz5p42244285yc5piacvrz1rdcc", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1b63246c6..f63c6a05a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -121,6 +121,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/jitsi.nix> { # quasi bepasty.nix imports = [ <stockholm/lass/2configs/bepasty.nix> diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 797864b15..b677fe455 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -1,120 +1,10 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; let to = concatStringsSep "," [ - "lass@blue.r" + "lass@green.r" ]; - mails = [ - "postmaster@lassul.us" - "lass@lassul.us" - "lassulus@lassul.us" - "test@lassul.us" - "outlook@lassul.us" - "steuer@aidsballs.de" - "lass@aidsballs.de" - "wordpress@ubikmedia.de" - "finanzamt@lassul.us" - "netzclub@lassul.us" - "nebenan@lassul.us" - "feed@lassul.us" - "art@lassul.us" - "irgendwas@lassul.us" - "polo@lassul.us" - "shack@lassul.us" - "nix@lassul.us" - "c-base@lassul.us" - "paypal@lassul.us" - "patreon@lassul.us" - "steam@lassul.us" - "securityfocus@lassul.us" - "radio@lassul.us" - "btce@lassul.us" - "raf@lassul.us" - "apple@lassul.us" - "coinbase@lassul.us" - "tomtop@lassul.us" - "aliexpress@lassul.us" - "business@lassul.us" - "payeer@lassul.us" - "github@lassul.us" - "bitwala@lassul.us" - "bitstamp@lassul.us" - "bitcoin.de@lassul.us" - "ableton@lassul.us" - "dhl@lassul.us" - "sipgate@lassul.us" - "coinexchange@lassul.us" - "verwaltung@lassul.us" - "gearbest@lassul.us" - "binance@lassul.us" - "bitfinex@lassul.us" - "alternate@lassul.us" - "redacted@lassul.us" - "mytaxi@lassul.us" - "pizza@lassul.us" - "robinhood@lassul.us" - "drivenow@lassul.us" - "aws@lassul.us" - "reddit@lassul.us" - "banggood@lassul.us" - "immoscout@lassul.us" - "gmail@lassul.us" - "amazon@lassul.us" - "humblebundle@lassul.us" - "meetup@lassul.us" - "gebfrei@lassul.us" - "github@lassul.us" - "ovh@lassul.us" - "hetzner@lassul.us" - "allygator@lassul.us" - "immoscout@lassul.us" - "elitedangerous@lassul.us" - "boardgamegeek@lassul.us" - "qwertee@lassul.us" - "zazzle@lassul.us" - "hackbeach@lassul.us" - "transferwise@lassul.us" - "cis@lassul.us" - "afra@lassul.us" - "ksp@lassul.us" - "ccc@lassul.us" - "neocron@lassul.us" - "osmocom@lassul.us" - "lesswrong@lassul.us" - "nordvpn@lassul.us" - "csv-direct@lassul.us" - "nintendo@lassul.us" - "overleaf@lassul.us" - "box@lassul.us" - "paloalto@lassul.us" - "subtitles@lassul.us" - "lobsters@lassul.us" - "fysitech@lassul.us" - "threema@lassul.us" - "ubisoft@lassul.us" - "kottezeller@lassul.us" - "pie@lassul.us" - "vebit@lassul.us" - "vcvrack@lassul.us" - "epic@lassul.us" - "microsoft@lassul.us" - "stickers@lassul.us" - "nextbike@lassul.us" - "mytello@lassul.us" - "camp@lassul.us" - "urlwatch@lassul.us" - "lidl@lassul.us" - "geizhals@lassul.us" - "auschein@lassul.us" - "tleech@lassul.us" - "durstexpress@lassul.us" - "acme@lassul.us" - "antstore@lassul.us" - "openweather@lassul.us" - "lobsters@lassul.us" - "rewe@lassul.us" - "spotify@lassul.us" - ]; + mails = import <secrets/mails.nix>; in { environment.systemPackages = [ pkgs.review-mail-queue ]; diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 000000000..1f17c78c8 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: +{ + imports = [ + <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/syncthing.nix> + ]; + lass.sync-containers.containers.green = { + peers = [ + "icarus" + "shodan" + "skynet" + "mors" + "littleT" + ]; + hostIp = "10.233.2.15"; + localIp = "10.233.2.16"; + format = "ecryptfs"; + }; +} diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix new file mode 100644 index 000000000..1435ccb5c --- /dev/null +++ b/lass/2configs/jitsi.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/tests/dummy-secrets/mails.nix b/lass/2configs/tests/dummy-secrets/mails.nix new file mode 100644 index 000000000..fe51488c7 --- /dev/null +++ b/lass/2configs/tests/dummy-secrets/mails.nix @@ -0,0 +1 @@ +[] diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix index 8e208d5e5..0ca1b340f 100644 --- a/lass/2configs/tv.nix +++ b/lass/2configs/tv.nix @@ -32,7 +32,7 @@ nginxCfg = pkgs.writeText "nginx.conf" '' application/vnd.apple.mpegurl m3u8; video/mp2t ts; } - root /tmp; + root /var/lib/rtmp/tmp; add_header Cache-Control no-cache; # CORS setup @@ -106,6 +106,11 @@ nginxCfg = pkgs.writeText "nginx.conf" '' </html> ''}; } + + location /records { + autoindex on; + root /var/lib/rtmp; + } } } @@ -120,21 +125,128 @@ nginxCfg = pkgs.writeText "nginx.conf" '' live on; hls on; - hls_path /tmp/hls; + hls_path /var/lib/rtmp/tmp/hls; + hls_fragment 1; + hls_playlist_length 10; dash on; - dash_path /tmp/dash; + dash_path /var/lib/rtmp/tmp/dash; } } } ''; in { + + services.nginx = { + enable = true; + virtualHosts."streaming.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/hls".extraConfig = '' + # Serve HLS fragments + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."/dash".extraConfig = '' + # Serve DASH fragments + types { + application/dash+xml mpd; + video/mp4 mp4; + } + root /var/lib/rtmp/tmp; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method != 'OPTIONS') { + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + } + ''; + locations."= /dash.all.min.js".extraConfig = '' + default_type "text/javascript"; + alias ${pkgs.fetchurl { + url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js"; + sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c"; + }}; + ''; + locations."= /player".extraConfig = '' + default_type "text/html"; + alias ${pkgs.writeText "player.html" '' + <!DOCTYPE html> + <html lang="en"> + <head> + <meta charset="utf-8"> + <title>lassulus livestream</title> + </head> + <body> + <div> + <video id="player" controls></video> + </video> + </div> + <script src="/dash.all.min.js"></script> + <script> + (function(){ + var url = "/dash/nixos.mpd"; + var player = dashjs.MediaPlayer().create(); + player.initialize(document.querySelector("#player"), url, true); + })(); + </script> + </body> + </html> + ''}; + ''; + locations."/records".extraConfig = '' + autoindex on; + root /var/lib/rtmp; + ''; + }; + }; + + fileSystems."/var/lib/rtmp/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "nosuid" "nodev" "noatime" ]; + }; + users.users.rtmp = { - home = "/var/lib/rmtp"; + home = "/var/lib/rtmp"; uid = genid_uint31 "rtmp"; isNormalUser = true; createHome = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + mic92.pubkey + palo.pubkey + ]; }; systemd.services.nginx-rtmp = { @@ -149,6 +261,14 @@ in { }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp ''; serviceConfig = { + ExecStartPre = pkgs.writers.writeDash "setup-rtmp" '' + mkdir -p /var/lib/rtmp/tmp/hls + mkdir -p /var/lib/rtmp/tmp/dash + chown rtmp:users /var/lib/rtmp/tmp/hls + chown rtmp:users /var/lib/rtmp/tmp/dash + chmod 755 /var/lib/rtmp/tmp/hls + chmod 755 /var/lib/rtmp/tmp/dash + ''; User = "rtmp"; }; }; diff --git a/lass/3modules/bindfs.nix b/lass/3modules/bindfs.nix new file mode 100644 index 000000000..5c8df8dc5 --- /dev/null +++ b/lass/3modules/bindfs.nix @@ -0,0 +1,51 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: +let + cfg = config.lass.bindfs; +in { + options.lass.bindfs = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + target = mkOption { + description = '' + destination where bindfs mounts to. + second positional argument to bindfs. + ''; + default = config._module.args.name; + type = types.absolute-pathname; + }; + source = mkOption { + description = '' + source folder where the mounted directory is originally. + first positional argument to bindfs. + ''; + type = types.absolute-pathname; + }; + options = mkOption { + description = '' + additional arguments to bindfs + ''; + type = types.listOf types.str; + default = []; + }; + }; + })); + default = {}; + }; + + config = mkIf (cfg != {}) { + systemd.services = mapAttrs' (n: mount: let + name = replaceStrings [ "/" ] [ "_" ] n; + in nameValuePair "bindfs-${name}" { + wantedBy = [ "local-fs.target" ]; + path = [ pkgs.coreutils ]; + serviceConfig = { + ExecStartPre = pkgs.writeDash "bindfs-init-${name}" '' + mkdir -p '${mount.source}' + mkdir -p '${mount.target}' + ''; + ExecStart = "${pkgs.bindfs}/bin/bindfs -f ${concatStringsSep " " mount.options} ${mount.source} ${mount.target}"; + }; + }) cfg; + }; +} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index c3c73bdcb..8bee08caa 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ./bindfs.nix ./dnsmasq.nix ./ejabberd ./folderPerms.nix @@ -12,6 +13,7 @@ _: ./pyload.nix ./restic.nix ./screenlock.nix + ./sync-containers.nix ./usershadow.nix ./xjail.nix ./autowifi.nix diff --git a/lass/3modules/sync-containers.nix b/lass/3modules/sync-containers.nix new file mode 100644 index 000000000..ca81458a9 --- /dev/null +++ b/lass/3modules/sync-containers.nix @@ -0,0 +1,166 @@ +with import <stockholm/lib>; +{ config, pkgs, ... }: let + cfg = config.lass.sync-containers; + paths = cname: { + plain = "/var/lib/containers/${cname}/var/state"; + ecryptfs = "${cfg.dataLocation}/${cname}/ecryptfs"; + securefs = "${cfg.dataLocation}/${cname}/securefs"; + }; + start = cname: { + plain = '' + ''; + ecryptfs = '' + if ! mount | grep -q '${cfg.dataLocation}/${cname}/ecryptfs on /var/lib/containers/${cname}/var/state type ecryptfs'; then + if [ -e ${cfg.dataLocation}/${cname}/ecryptfs/.cfg.json ]; then + ${pkgs.ecrypt}/bin/ecrypt mount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + else + ${pkgs.ecrypt}/bin/ecrypt init ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + fi + fi + ''; + securefs = '' + ## TODO init file systems if it does not exist + # ${pkgs.securefs}/bin/securefs create --format 3 ${cfg.dataLocation}/${cname}/securefs + if ! ${pkgs.mount}/bin/mount | grep -q '^securefs on /var/lib/containers/${cname}/var/state type fuse.securefs'; then + ${pkgs.securefs}/bin/securefs mount ${cfg.dataLocation}/${cname}/securefs /var/lib/containers/${cname}/var/state -b -o allow_other -o default_permissions + fi + ''; + }; + stop = cname: { + plain = '' + ''; + ecryptfs = '' + ${pkgs.ecrypt}/bin/ecrypt unmount ${cfg.dataLocation}/${cname}/ecryptfs /var/lib/containers/${cname}/var/state + ''; + securefs = '' + umount /var/lib/containers/${cname}/var/state + ''; + }; +in { + options.lass.sync-containers = { + dataLocation = mkOption { + description = '' + location where the encrypted sync-container lie around + ''; + default = "/var/lib/sync-containers"; + type = types.absolute-pathname; + }; + containers = mkOption { + type = types.attrsOf (types.submodule ({ config, ... }: { + options = { + name = mkOption { + description = '' + name of the container + ''; + default = config._module.args.name; + type = types.str; + }; + peers = mkOption { + description = '' + syncthing peers to share this container with + ''; + default = []; + type = types.listOf types.str; + }; + hostIp = mkOption { # TODO find this automatically + description = '' + hostAddress of the privateNetwork + ''; + example = "10.233.2.15"; + type = types.str; + }; + localIp = mkOption { # TODO find this automatically + description = '' + localAddress of the privateNetwork + ''; + example = "10.233.2.16"; + type = types.str; + }; + format = mkOption { + description = '' + file system encrption format of the container + ''; + type = types.enum [ "plain" "ecryptfs" "securefs" ]; + }; + }; + })); + default = {}; + }; + }; + + config = mkIf (cfg.containers != {}) { + programs.fuse.userAllowOther = true; + + services.syncthing.declarative.folders = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ + devices = ctr.peers; + ignorePerms = false; + })) cfg.containers); + + krebs.permown = (mapAttrs' (_: ctr: nameValuePair "${(paths ctr.name).${ctr.format}}" ({ + file-mode = "u+rw"; + directory-mode = "u+rwx"; + owner = "syncthing"; + keepGoing = false; + })) cfg.containers); + + systemd.services = mapAttrs' (n: ctr: nameValuePair "containers@${ctr.name}" ({ + reloadIfChanged = mkForce false; + })) cfg.containers; + + containers = mapAttrs' (n: ctr: nameValuePair ctr.name ({ + config = { ... }: { + environment.systemPackages = [ + pkgs.git + ]; + system.activationScripts.fuse = { + text = '' + ${pkgs.coreutils}/bin/mknod /dev/fuse c 10 229 + ''; + deps = []; + }; + }; + allowedDevices = [ + { modifier = "rwm"; node = "/dev/fuse"; } + ]; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = ctr.hostIp; + localAddress = ctr.localIp; + })) cfg.containers; + + environment.systemPackages = flatten (mapAttrsToList (n: ctr: [ + (pkgs.writeDashBin "start-${ctr.name}" '' + set -euf + set -x + + mkdir -p /var/lib/containers/${ctr.name}/var/state + + ${(start ctr.name).${ctr.format}} + + STATE=$(${pkgs.nixos-container}/bin/nixos-container status ${ctr.name}) + if [ "$STATE" = 'down' ]; then + ${pkgs.nixos-container}/bin/nixos-container start ${ctr.name} + fi + + ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- ${pkgs.writeDash "deploy-${ctr.name}" '' + set -x + + mkdir -p /var/state/var_src + ln -sfTr /var/state/var_src /var/src + touch /etc/NIXOS + ''} + + if [ -h /var/lib/containers/${ctr.name}/var/src/nixos-config ] && (! ping -c1 -q -w5 ${ctr.name}.r); then + ${pkgs.nixos-container}/bin/nixos-container run ${ctr.name} -- nixos-rebuild -I /var/src switch + fi + '') + (pkgs.writeDashBin "stop-${ctr.name}" '' + set -euf + + ${pkgs.nixos-container}/bin/nixos-container stop ${ctr.name} + ${(stop ctr.name).${ctr.format}} + '') + ]) cfg.containers); + }; +} diff --git a/makefu/0tests/data/secrets/dl.gum-auth.nix b/makefu/0tests/data/secrets/dl.gum-auth.nix new file mode 100644 index 000000000..2c63c0851 --- /dev/null +++ b/makefu/0tests/data/secrets/dl.gum-auth.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index 4566a1f4f..fbbce1f09 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -41,7 +41,6 @@ in { }; systemd.services = { - redis.serviceConfig.LimitNOFILE=10032; ddclient-nsupdate-uhub = { wantedBy = [ "multi-user.target" ]; after = [ "ip-up.target" ]; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index af6592b2b..571e56277 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -1,216 +1,80 @@ { lib, pkgs, config, ... }: with lib; -# imperative in config.php: -# #local memcache: -# 'memcache.local' => '\\OC\\Memcache\\APCu', -# #local locking: -# 'memcache.locking' => '\\OC\\Memcache\\Redis', -# 'redis' => -# array ( -# 'host' => 'localhost', -# 'port' => 6379, -# ), - +# services.redis.enable = true; +# to enable caching with redis first start up everything, then run: +# nextcloud-occ config:system:set redis 'host' --value 'localhost' --type string +# nextcloud-occ config:system:set redis 'port' --value 6379 --type integer +# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\Redis' --type string +# nextcloud-occ config:system:set memcache.locking --value '\OC\Memcache\Redis' --type string + +# services.memcached.enable = true; +# to enable caching with memcached run: +# nextcloud-occ config:system:set memcached_servers 0 0 --value 127.0.0.1 --type string +# nextcloud-occ config:system:set memcached_servers 0 1 --value 11211 --type integer +# nextcloud-occ config:system:set memcache.local --value '\OC\Memcache\APCu' --type string +# nextcloud-occ config:system:set memcache.distributed --value '\OC\Memcache\Memcached' --type string let - phpPackage = let - base = pkgs.php74; - in - base.buildEnv { - extensions = { enabled, all }: with all; - enabled ++ [ - apcu redis memcached imagick - ]; - }; - - # TODO: copy-paste from lass/2/websites/util.nix - nextcloud = pkgs.nextcloud20; - serveCloud = domains: - let - domain = head domains; - root = "/var/www/${domain}/"; - socket = "/var/run/${domain}-phpfpm.sock"; - in { - system.activationScripts."prepare-nextcloud-${domain}" = '' - if test ! -e ${root} ;then - echo "copying latest ${nextcloud.name} release to ${root}" - mkdir -p $(dirname "${root}") - cp -r ${nextcloud} "${root}" - chown -R nginx:nginx "${root}" - chmod 770 "${root}" - fi - ''; - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - serverAliases = domains; - extraConfig = '' - - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - - # Path to the root of your installation - root ${root}; - # set max upload size - client_max_body_size 10G; - fastcgi_buffers 64 4K; - fastcgi_read_timeout 120; - - # Disable gzip to avoid the removal of the ETag header - gzip off; - - # Uncomment if your server is build with the ngx_pagespeed module - # This module is currently not supported. - #pagespeed off; - - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - rewrite ^/.well-known/carddav /remote.php/carddav/ permanent; - rewrite ^/.well-known/caldav /remote.php/caldav/ permanent; - - # The following 2 rules are only needed for the user_webfinger app. - # Uncomment it if you're planning to use this app. - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - ''; - locations."/robots.txt".extraConfig = '' - allow all; - log_not_found off; - access_log off; - ''; - locations."~ ^/(build|tests|config|lib|3rdparty|templates|data)/".extraConfig = '' - deny all; - ''; - - locations."~ ^/(?:autotest|occ|issue|indie|db_|console)".extraConfig = '' - deny all; - ''; - - locations."/".extraConfig = '' - rewrite ^/remote/(.*) /remote.php last; - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - try_files $uri $uri/ =404; - ''; - - locations."~ \.php(?:$|/)".extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param HTTPS on; - fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice - fastcgi_pass unix:${config.services.phpfpm.pools.${domain}.socket}; - fastcgi_intercept_errors on; - ''; - - # Adding the cache control header for js and css files - # Make sure it is BELOW the location ~ \.php(?:$|/) block - locations."~* \.(?:css|js)$".extraConfig = '' - add_header Cache-Control "public, max-age=7200"; - # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - - # Optional: Don't log access to assets - access_log off; - ''; - # Optional: Don't log access to other assets - locations."~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$".extraConfig = '' - access_log off; - ''; - }; - services.phpfpm.pools."${domain}" = { - user = "nginx"; - group = "nginx"; - phpPackage = phpPackage; - settings = { - "listen.owner" = "nginx"; - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.max_requests" = 500; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 5; - "php_admin_value[error_log]" = "stderr"; - "php_admin_flag[log_errors]" = "on"; - "catch_workers_output" = true; - }; - phpEnv."PATH" = lib.makeBinPath [ phpPackage ]; - }; - services.phpfpm.phpOptions = '' - opcache.enable=1 - opcache.enable_cli=1 - opcache.interned_strings_buffer=8 - opcache.max_accelerated_files=10000 - opcache.memory_consumption=128 - opcache.save_comments=1 - opcache.revalidate_freq=1 - opcache.file_cache = .opcache - zend_extension=${phpPackage}/lib/php/extensions/opcache.so - - display_errors = on - display_startup_errors = on - always_populate_raw_post_data = -1 - error_reporting = E_ALL | E_STRICT - html_errors = On - date.timezone = "Europe/Berlin" - extension=${phpPackage}/lib/php/extensions/memcached.so - extension=${phpPackage}/lib/php/extensions/redis.so - extension=${phpPackage}/lib/php/extensions/apcu.so - ''; - - systemd.services."nextcloud-cron-${domain}" = { - serviceConfig = { - User = "nginx"; - ExecStart = "${phpPackage}/bin/php -f ${root}/cron.php"; - }; - startAt = "*:0/15"; - }; + adminpw = "/run/secret/nextcloud-admin-pw"; + dbpw = "/run/secret/nextcloud-db-pw"; +in { + + krebs.secret.files.nextcloud-db-pw = { + path = dbpw; + owner.name = "nextcloud"; + source-path = toString <secrets> + "/nextcloud-db-pw"; + }; + + krebs.secret.files.nextcloud-admin-pw = { + path = adminpw; + owner.name = "nextcloud"; + source-path = toString <secrets> + "/nextcloud-admin-pw"; + }; + + services.nginx.virtualHosts."o.euer.krebsco.de" = { + forceSSL = true; + enableACME = true; + }; + state = [ "${config.services.nextcloud.home}/config" ]; + services.nextcloud = { + enable = true; + package = pkgs.nextcloud20; + hostName = "o.euer.krebsco.de"; + # Use HTTPS for links + https = true; + # Auto-update Nextcloud Apps + autoUpdateApps.enable = true; + # Set what time makes sense for you + autoUpdateApps.startAt = "05:00:00"; + + caching.redis = true; + # caching.memcached = true; + config = { + # Further forces Nextcloud to use HTTPS + overwriteProtocol = "https"; + + # Nextcloud PostegreSQL database configuration, recommended over using SQLite + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + dbpassFile = dbpw; + adminpassFile = adminpw; + adminuser = "admin"; }; -in { - imports = [ - ( serveCloud [ "o.euer.krebsco.de" ] ) - ]; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; services.redis.enable = true; - - #services.mysql = { - # enable = false; - # package = pkgs.mariadb; - # rootPassword = config.krebs.secret.files.mysql_rootPassword.path; - # initialDatabases = [ - # # Or use writeText instead of literalExample? - # #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; } - # { - # name = "nextcloud"; - # schema = pkgs.writeText "nextcloud.sql" - # '' - # create user if not exists 'nextcloud'@'localhost' identified by 'password'; - # grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password'; - # ''; - # } - # ]; - #}; - - # dataDir is only defined after mysql is enabled - #krebs.secret.files.mysql_rootPassword = { - # path = "${config.services.mysql.dataDir}/mysql_rootPassword"; - # owner.name = "root"; - # source-path = toString <secrets> + "/mysql_rootPassword"; - #}; + systemd.services.redis.serviceConfig.LimitNOFILE=65536; + services.postgresql = { + enable = true; + # Ensure the database, user, and permissions always exist + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ { name = "nextcloud"; ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; } ]; + }; + + systemd.services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; } diff --git a/makefu/2configs/ham/automation/giesskanne.nix b/makefu/2configs/ham/automation/giesskanne.nix new file mode 100644 index 000000000..d89ea595b --- /dev/null +++ b/makefu/2configs/ham/automation/giesskanne.nix @@ -0,0 +1,102 @@ +# uses: +# switch.crafting_giesskanne_relay +let + cam = { + name = "chilicam"; + camera = "camera.espcam_02"; + light = "light.espcam_02_light"; + seconds = 60; # default shutoff to protect the LED from burning out + }; + seconds = 6; + pump = "switch.arbeitszimmer_giesskanne_relay"; + # sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; +in +{ + services.home-assistant.config = + { + #sensor = map ( entity_id: { + # platform = "statistics"; + # name = "Statistics for ${entity_id}"; + # inherit entity_id; + # max_age.minutes = "60"; + # sampling_size = 1000; + # }) [ "sensor.crafting_brotbox_soil_moisture" ]; + + automation = + [ + + ##### brotbox + { alias = "Water the plant for ${toString seconds} seconds"; + trigger = [ + { # trigger at 23:15 no matter what + # TODO: retry or run only if switch.wasser is available + platform = "time"; + at = "23:15:00"; + } + ]; + action = + [ + { # take a snapshot before watering + service = "homeassistant.turn_on"; + entity_id = [ cam.light ]; + } + { # TODO: we could also create a recording with camera.record + service = "camera.snapshot"; + data = { + entity_id = cam.camera; + # TODO: create /var/lib/hass/cam/ - now being done manually + filename = "/var/lib/hass/cam/${cam.name}_{{ now().strftime('%Y%m%d-%H%M%S') }}.jpg"; + }; + } + + { # now turn on the pumping services + # i do not start hte pump and light before the snapshot because i do + # not know how long it takes (do not want to water the plants for too long) + service = "homeassistant.turn_on"; + entity_id = [ pump ]; + } + { delay.seconds = seconds; } + { + service = "homeassistant.turn_off"; + entity_id = [ pump cam.light ]; + } + ]; + } + { alias = "Always turn off the light after ${toString (cam.seconds)}s"; + trigger = [ + { + platform = "state"; + entity_id = cam.light; + to = "on"; + for.seconds = cam.seconds; + } + ]; + action = + [ + { + service = "homeassistant.turn_off"; + entity_id = [ pump cam.light ]; + } + ]; + } + + { alias = "Always turn off water after ${toString (seconds * 2)}s"; + trigger = [ + { + platform = "state"; + entity_id = pump; + to = "on"; + for.seconds = seconds*2; + } + ]; + action = + [ + { + service = "homeassistant.turn_off"; + entity_id = [ pump cam.light ]; + } + ]; + } + ]; + }; +} diff --git a/makefu/2configs/ham/automation/light_buttons.nix b/makefu/2configs/ham/automation/light_buttons.nix new file mode 100644 index 000000000..32d134ecc --- /dev/null +++ b/makefu/2configs/ham/automation/light_buttons.nix @@ -0,0 +1,44 @@ +# light.wohnzimmerbeleuchtung +# light.wohnzimmer_deko +# light.arbeitszimmerbeleuchtung +# light.arbeitszimmer_deko +# light.schlafzimmerbeleuchtung + +let + toggle = light: btn: + { + alias = "Toggle Light ${light} via ${btn}"; + trigger = { + platform = "state"; + entity_id = "sensor.${btn}_click"; + to = "single"; + }; + action = { + service = "light.toggle"; + data.entity_id = light; + data.transition = 0; + }; + }; + turn_off_all = btn: + { + alias = "Turn of all lights via ${btn} double click"; + trigger = { + platform = "state"; + entity_id = "sensor.${btn}_click"; + to = "double"; + }; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + }; +in { + services.home-assistant.config.automation = [ + (toggle "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") + (toggle "light.schlafzimmerbeleuchtung" "schlafzimmer_btn2") + (toggle "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") + (turn_off_all "arbeitszimmer_btn1") + (turn_off_all "schlafzimmer_btn2") + (turn_off_all "wohnzimmer_btn3") + ]; +} diff --git a/makefu/2configs/ham/automation/urlaub.nix b/makefu/2configs/ham/automation/urlaub.nix new file mode 100644 index 000000000..a6b9be96f --- /dev/null +++ b/makefu/2configs/ham/automation/urlaub.nix @@ -0,0 +1,44 @@ +# uses: +# light.wohnzimmer_schrank_osram +# light.wohnzimmer_fernseher_led_strip +# "all" lights + +let + schranklicht = "light.wohnzimmer_schrank_osram"; + fernsehlicht = "light.wohnzimmer_fernseher_led_strip"; + final_off = "01:00"; + + turn_on = entity_id: at: + { alias = "Turn on ${entity_id} at ${at}"; + trigger = [ + { platform = "time"; inherit at; } + ]; + action = + [ + { service = "light.turn_on"; inherit entity_id; } + ]; + }; +in +{ + services.home-assistant.config = + { + automation = + [ + (turn_on schranklicht "17:30") + (turn_on fernsehlicht "19:00") + + { alias = "Always turn off the urlaub lights at ${final_off}"; + trigger = [ + { platform = "time"; at = final_off; } + ]; + action = + [ + { + service = "light.turn_off"; + entity_id = [ schranklicht fernsehlicht ]; + } + ]; + } + ]; + }; +} diff --git a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix new file mode 100644 index 000000000..f06094662 --- /dev/null +++ b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix @@ -0,0 +1,61 @@ +# This module maps the RF433 Remote Control to zigbee and wifi lights +let + rf_turn_off = code: light: + { + alias = "Turn off ${light} via rf code ${code}"; + trigger = { + platform = "event"; + event_type = "esphome.rf_code_received"; + event_data.code = code; + }; + action = { + service = "light.turn_off"; + data.entity_id = light; + }; + }; + rf_turn_on = code: light: + { + alias = "Turn on ${light} via rf code ${code}"; + trigger = { + platform = "event"; + event_type = "esphome.rf_code_received"; + event_data.code = code; + }; + action = { + service = "light.turn_on"; + data.entity_id = light; + }; + }; + rf_toggle = code: light: + { + alias = "Toggle ${light} via rf code ${code}"; + trigger = { + platform = "event"; + event_type = "esphome.rf_code_received"; + event_data.code = code; + }; + action = { + service = "light.toggle"; + data.entity_id = light; + }; + }; + +in +{ + services.home-assistant.config.automation = [ + (rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A + (rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B + (rf_toggle "401451" "light.wohnzimmer_komode_osram") # C + (rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D + + # OFF Lane + (rf_turn_off "400554" "all") # A + (rf_toggle "401154" "light.wohnzimmer_fenster_lichterkette_licht") # B + (rf_toggle "401454" "light.wohnzimmer_fernsehwand_led") # C + # (rf_toggle "401514" "") # D + ]; + # "400554" # A OFF + # "401154" # B OFF + # "401454" # C OFF + # "401514" # D OFF +} diff --git a/makefu/2configs/ham/default.nix b/makefu/2configs/ham/default.nix index 9e3f7f669..d610fa5c1 100644 --- a/makefu/2configs/ham/default.nix +++ b/makefu/2configs/ham/default.nix @@ -17,7 +17,7 @@ in { # ./multi/flurlicht.nix ./multi/kurzzeitwecker.nix ./multi/the_playlist.nix - ./multi/fliegen-couter.nix + # ./multi/fliegen-couter.nix ./device_tracker/openwrt.nix @@ -26,8 +26,14 @@ in { ./calendar/nextcloud.nix ./automation/firetv_restart.nix + ./automation/light_buttons.nix + ./automation/wohnzimmer_rf_fernbedienung.nix + ./automation/giesskanne.nix + ./automation/urlaub.nix - ./light/groups.nix + ./light/arbeitszimmer.nix + ./light/schlafzimmer.nix + ./light/wohnzimmer.nix ]; services.home-assistant = { diff --git a/makefu/2configs/ham/light/arbeitszimmer.nix b/makefu/2configs/ham/light/arbeitszimmer.nix new file mode 100644 index 000000000..bc60678b3 --- /dev/null +++ b/makefu/2configs/ham/light/arbeitszimmer.nix @@ -0,0 +1,24 @@ +let + arbeitszimmer_deko = [ + "light.led_wand" + "light.box_led_status" + "light.arbeitszimmer_led1_led_strip" # LED-Kreis in cube + ]; + arbeitszimmerbeleuchtung = [ + "light.arbeitszimmer_schrank_dimmer" + "light.arbeitszimmer_kerze" # arbeitszimmer_kerze + ]; +in { + services.home-assistant.config.light = [ + { + platform = "group"; + name = "Arbeitszimmerbeleuchtung"; + entities = arbeitszimmerbeleuchtung; + } + { + platform = "group"; + name = "Arbeitszimmer Deko"; + entities = arbeitszimmer_deko; + } + ]; +} diff --git a/makefu/2configs/ham/light/groups.nix b/makefu/2configs/ham/light/groups.nix deleted file mode 100644 index e1812b68a..000000000 --- a/makefu/2configs/ham/light/groups.nix +++ /dev/null @@ -1,41 +0,0 @@ -let - arbeitszimmer_licht = [ - "light.led_wand" - "light.arbeitszimmer_led1_led_strip" # LED-Kreis in cube - "light.arbeitszimmer_flur_osram_light" - "light.arbeitszimmer_schrank_dimmer_light" - "light.arbeitszimmer_schrank_osram_light" - ]; - wohnzimmer_licht = [ - "light.wohnzimmer_fernseher_led_strip" # led um fernseher - "light.wohnzimmer_komode_osram_light" - "light.wohnzimmer_schrank_osram_light" - "light.wohnzimmer_stehlampe_osram_light" - ]; - schlafzimmer_licht = [ - "schlafzimmer_komode_osram_light" - ]; -in { - services.home-assistant.config.light = [ - { - platform = "group"; - name = "Arbeitszimmer Lichter"; - entities = arbeitszimmer_licht; - } - { - platform = "group"; - name = "Wohnzimmer Lichter"; - entities = wohnzimmer_licht; - } - { - platform = "group"; - name = "Schlafzimmer Lichter"; - entities = schlafzimmer_licht; - } - { - platform = "group"; - name = "Alle Lichter"; - entities = arbeitszimmer_licht ++ wohnzimmer_licht ++ schlafzimmer_licht; - } - ]; -} diff --git a/makefu/2configs/ham/light/schlafzimmer.nix b/makefu/2configs/ham/light/schlafzimmer.nix new file mode 100644 index 000000000..e5370e3f8 --- /dev/null +++ b/makefu/2configs/ham/light/schlafzimmer.nix @@ -0,0 +1,14 @@ +let + schlafzimmer_licht = [ + "light.schlafzimmer_komode_osram" + # "light.schlafzimmer_schrank_osram" + ]; +in { + services.home-assistant.config.light = [ + { + platform = "group"; + name = "Schlafzimmerbeleuchtung"; + entities = schlafzimmer_licht; + } + ]; +} diff --git a/makefu/2configs/ham/light/wohnzimmer.nix b/makefu/2configs/ham/light/wohnzimmer.nix new file mode 100644 index 000000000..bc9c2778a --- /dev/null +++ b/makefu/2configs/ham/light/wohnzimmer.nix @@ -0,0 +1,24 @@ +let + wohnzimmerbeleuchtung = [ + "light.wohnzimmer_komode_osram_light" + "light.wohnzimmer_schrank_osram_light" + ]; + wohnzimmer_deko = [ + "light.wohnzimmer_fernseher_led_strip" # led um fernseher + "light.wohnzimmer_lichterkette_led_strip" # led um fernsehwand + "light.kinderzimmer_lichterkette_licht" # led um fenster + ]; +in { + services.home-assistant.config.light = [ + { + platform = "group"; + name = "Wohnzimmerbeleuchtung"; + entities = wohnzimmerbeleuchtung; + } + { + platform = "group"; + name = "Wohnzimmer Deko"; + entities = wohnzimmer_deko; + } + ]; +} diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 862ee5df3..8d6c1f2f0 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -52,6 +52,7 @@ xo = "mimeopen"; nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; }; + # navi package does not come with the navi.plugin.zsh anymore so we use .src initExtra = '' bindkey -e # shift-tab @@ -69,7 +70,7 @@ zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" # navi - source ${pkgs.navi}/share/navi/shell/navi.plugin.zsh + . ${pkgs.navi.src}/shell/navi.plugin.zsh # ctrl-x ctrl-e autoload -U compinit && compinit autoload -U edit-command-line diff --git a/makefu/2configs/nginx/dl.euer.krebsco.de.nix b/makefu/2configs/nginx/dl.euer.krebsco.de.nix index 828a66a74..5380d8437 100644 --- a/makefu/2configs/nginx/dl.euer.krebsco.de.nix +++ b/makefu/2configs/nginx/dl.euer.krebsco.de.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; { services.nginx = { - enable = mkDefault true; + enable = lib.mkDefault true; recommendedGzipSettings = true; recommendedOptimisation = true; virtualHosts."dl.euer.krebsco.de" = { @@ -13,5 +12,11 @@ with import <stockholm/lib>; enableACME = true; basicAuth = import <secrets/dl.euer.krebsco.de-auth.nix>; }; + virtualHosts."dl.gum.r" = { + serverAliases = [ "dl.gum" "dl.makefu.r" "dl.makefu" ]; + root = config.makefu.dl-dir; + extraConfig = "autoindex on;"; + basicAuth = import <secrets/dl.gum-auth.nix>; + }; }; } diff --git a/makefu/2configs/share/anon-sftp.nix b/makefu/2configs/share/anon-sftp.nix new file mode 100644 index 000000000..7cde9317a --- /dev/null +++ b/makefu/2configs/share/anon-sftp.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +{ + services.openssh = { + allowSFTP = true; + sftpFlags = [ "-l VERBOSE" ]; + extraConfig = '' + Match User anonymous + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no + PasswordAuthentication no + ''; + }; + + users.users.anonymous = { + uid = genid "anonymous"; + useDefaultShell = false; + password = "anonymous"; + home = "/media/anon"; + createHome = true; + }; + +} diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix new file mode 100644 index 000000000..c5f1bbed2 --- /dev/null +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -0,0 +1,24 @@ +{ + krebs.brockman = { + enable = true; + config = { + irc = { + host = "irc.freenode.net"; + port = 6667; + }; + bots = { + r-systemdultras-rss = { + feed = "https://www.reddit.com/r/systemdultras/.rss"; + delay = 136; + channels = [ "#systemdultras" ]; + }; + r-systemd-rss = { + feed = "https://www.reddit.com/r/systemd/.rss"; + delay = 172; + channels = [ "#systemdultras" ]; + }; + }; + }; + + }; +} diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix index acbe61f3f..7a4d30137 100644 --- a/makefu/5pkgs/awesomecfg/default.nix +++ b/makefu/5pkgs/awesomecfg/default.nix @@ -6,7 +6,7 @@ , blueman , clipit , flameshot -, chapter-marker +, chapter-marker ? false , modkey ? "Mod4" , locker? "${pkgs.xlock}/bin/xlock -mode blank" , ... }: |