diff options
Diffstat (limited to 'lass/2configs')
29 files changed, 889 insertions, 112 deletions
diff --git a/lass/2configs/antimicrox/default.nix b/lass/2configs/antimicrox/default.nix new file mode 100644 index 000000000..16f546ce6 --- /dev/null +++ b/lass/2configs/antimicrox/default.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +{ + systemd.services.antimicrox = { + wantedBy = [ "multi-user.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + User = config.users.users.mainUser.name; + ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state"); + ExecStart = "${pkgs.antimicrox}/bin/antimicrox --no-tray --hidden --profile ${./mouse.amgp}"; + }; + }; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "gamepad_mouse_disable" '' + echo 1 > /tmp/gamepad.state + ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.amgp} + '') + (pkgs.writers.writeDashBin "gamepad_mouse_enable" '' + echo 0 > /tmp/gamepad.state + ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.amgp} + '') + (pkgs.writers.writeDashBin "gamepad_mouse_toggle" '' + state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state) + if [ "$state" = 1 ]; then + /run/current-system/sw/bin/gamepad_mouse_enable + else + /run/current-system/sw/bin/gamepad_mouse_disable + fi + '') + ]; +} diff --git a/lass/2configs/antimicrox/empty.amgp b/lass/2configs/antimicrox/empty.amgp new file mode 100644 index 000000000..0257bfe71 --- /dev/null +++ b/lass/2configs/antimicrox/empty.amgp @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> +<gamecontroller configversion="19" appversion="3.3.2"> + <!--The SDL name for a joystick is included for informational purposes only.--> + <sdlname>XInput Controller</sdlname> + <!--The Unique ID for a joystick is included for informational purposes only.--> + <uniqueID>030000005e0400008e020000010100001118654</uniqueID> + <stickAxisAssociation index="2" xAxis="3" yAxis="4"/> + <stickAxisAssociation index="1" xAxis="1" yAxis="2"/> + <vdpadButtonAssociations index="1"> + <vdpadButtonAssociation axis="0" button="12" direction="1"/> + <vdpadButtonAssociation axis="0" button="13" direction="4"/> + <vdpadButtonAssociation axis="0" button="14" direction="8"/> + <vdpadButtonAssociation axis="0" button="15" direction="2"/> + </vdpadButtonAssociations> + <names> + <controlstickname index="2">R Stick</controlstickname> + <controlstickname index="1">L Stick</controlstickname> + </names> + <sets/> +</gamecontroller> diff --git a/lass/2configs/antimicrox/mouse.amgp b/lass/2configs/antimicrox/mouse.amgp new file mode 100644 index 000000000..313e598de --- /dev/null +++ b/lass/2configs/antimicrox/mouse.amgp @@ -0,0 +1,272 @@ +<?xml version="1.0" encoding="UTF-8"?> +<gamecontroller configversion="19" appversion="3.3.2"> + <!--The SDL name for a joystick is included for informational purposes only.--> + <sdlname>XInput Controller</sdlname> + <!--The Unique ID for a joystick is included for informational purposes only.--> + <uniqueID>030000005e0400008e020000010100001118654</uniqueID> + <stickAxisAssociation index="2" xAxis="3" yAxis="4"/> + <stickAxisAssociation index="1" xAxis="1" yAxis="2"/> + <vdpadButtonAssociations index="1"> + <vdpadButtonAssociation axis="0" button="12" direction="1"/> + <vdpadButtonAssociation axis="0" button="13" direction="4"/> + <vdpadButtonAssociation axis="0" button="14" direction="8"/> + <vdpadButtonAssociation axis="0" button="15" direction="2"/> + </vdpadButtonAssociations> + <names> + <controlstickname index="2">Stick 2</controlstickname> + <controlstickname index="1">Stick 1</controlstickname> + </names> + <sets> + <set index="1"> + <stick index="2"> + <deadZone>1</deadZone> + <maxZone>29501</maxZone> + <modifierZone>1412</modifierZone> + <diagonalRange>90</diagonalRange> + <stickbutton index="7"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>3</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="6"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + <stickbutton index="5"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>2</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="4"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + <stickbutton index="3"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>4</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="2"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + <stickbutton index="1"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + <accelerationmultiplier>4</accelerationmultiplier> + <startaccelmultiplier>20</startaccelmultiplier> + <minaccelthreshold>3</minaccelthreshold> + <extraaccelerationcurve>easeoutquad</extraaccelerationcurve> + <slots> + <slot> + <code>1</code> + <mode>mousemovement</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="8"> + <mousespeedx>74</mousespeedx> + <mousespeedy>74</mousespeedy> + </stickbutton> + </stick> + <stick index="1"> + <deadZone>2578</deadZone> + <maxZone>30799</maxZone> + <stickbutton index="7"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>6</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="6"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + <stickbutton index="5"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>5</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="4"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + <stickbutton index="3"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>7</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="2"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + <stickbutton index="1"> + <mouseacceleration>linear</mouseacceleration> + <slots> + <slot> + <code>4</code> + <mode>mousebutton</mode> + </slot> + </slots> + </stickbutton> + <stickbutton index="8"> + <mouseacceleration>linear</mouseacceleration> + </stickbutton> + </stick> + <dpad index="1"> + <dpadbutton index="6"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="4"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000017</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + <dpadbutton index="3"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="2"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000011</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + <dpadbutton index="1"> + <wheelspeedx>10</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000016</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + <dpadbutton index="12"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="9"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + </dpadbutton> + <dpadbutton index="8"> + <wheelspeedx>2</wheelspeedx> + <wheelspeedy>10</wheelspeedy> + <slots> + <slot> + <code>0x1000010</code> + <mode>keyboard</mode> + </slot> + </slots> + </dpadbutton> + </dpad> + <trigger index="6"> + <deadZone>2000</deadZone> + <throttle>positivehalf</throttle> + <triggerbutton index="1"> + <mousespeedx>100</mousespeedx> + <mousespeedy>100</mousespeedy> + </triggerbutton> + <triggerbutton index="2"> + <mousespeedx>100</mousespeedx> + <mousespeedy>100</mousespeedy> + <slots> + <slot> + <code>250</code> + <mode>mousespeedmod</mode> + </slot> + </slots> + </triggerbutton> + </trigger> + <trigger index="5"> + <throttle>positivehalf</throttle> + </trigger> + <button index="11"> + <slots> + <slot> + <code>1</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="5"> + <slots> + <slot> + <code>1</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="3"> + <slots> + <slot> + <code>2</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="2"> + <slots> + <slot> + <code>3</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + <button index="1"> + <slots> + <slot> + <code>1</code> + <mode>mousebutton</mode> + </slot> + </slots> + </button> + </set> + </sets> +</gamecontroller> diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 2e28d48b6..79777429a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -95,7 +95,7 @@ in { (pkgs.writeDashBin "screenshot" '' set -efu - ${pkgs.flameshot}/bin/flameshot + ${pkgs.flameshot}/bin/flameshot gui ${pkgs.klem}/bin/klem '') ]; diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 00a5d2db0..ea6fb644b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,12 +1,8 @@ { config, lib, pkgs, ... }: { - lass.browser.config = { - cr = { groups = [ "audio" "video" ]; precedence = 9; }; - }; - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - }; + programs.firefox.nativeMessagingHosts.tridactyl = true; + environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox"; + environment.systemPackages = [ + pkgs.firefox + ]; } diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix deleted file mode 100644 index fa41f6634..000000000 --- a/lass/2configs/jitsi.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - services.jitsi-meet = { - enable = true; - hostName = "jitsi.lassul.us"; - config = { - enableWelcomePage = true; - requireDisplayName = true; - analytics.disabled = true; - }; - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - DISABLE_PRESENCE_STATUS = true; - GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; - }; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } - { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } - ]; -} diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index f5b2e22b7..0adef8f8c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -93,8 +93,6 @@ let tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new ${lib.concatMapStringsSep "\n" (i: '' - '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} - ${lib.concatMapStringsSep "\n" (i: '' mkdir -p "$HOME/Maildir/.${i.name}/cur" for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do if test -e "$mail"; then @@ -186,7 +184,9 @@ let "<enter-command>unset wait_key<enter> \ <shell-escape>${pkgs.writeDash "muchsync" '' set -efu - ${pkgs.muchsync}/bin/muchsync -F lass@green.r + until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do + sleep 1 + done ''}<enter> \ 'run muchsync to green.r' diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix index fe75a96a6..c4cc60dc5 100644 --- a/lass/2configs/mumble-reminder.nix +++ b/lass/2configs/mumble-reminder.nix @@ -23,7 +23,7 @@ Kois Faulaffen Schraubenziegen - Nachtigalle + Nachtigallen Okapis Stachelschweine Kurzschwanzkängurus @@ -49,7 +49,7 @@ pattern = "^nerv nicht$"; activate = "match"; command = { - filename = pkgs.writeDash "add_remind" '' + filename = pkgs.writeDash "del_remind" '' ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users echo "okok, Ich werde $_from nich mehr errinern" ''; @@ -80,7 +80,7 @@ in { }; systemd.services.mumble-reminder-nixos = { description = "weekly reminder for nixos mumble"; - startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + startAt = "Thu *-*-* 17:00:00 Europe/Berlin"; serviceConfig = { ExecStart = pkgs.writers.writeDash "mumble_reminder" '' animals=' diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix deleted file mode 100644 index 42670dfbb..000000000 --- a/lass/2configs/murmur.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.murmur = { - enable = true; - allowHtml = false; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - sslCert = "/var/lib/acme/lassul.us/cert.pem"; - sslKey = "/var/lib/acme/lassul.us/key.pem"; - }; - users.groups.lasscert.members = [ - "murmur" - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - systemd.services.docker-mumble-web.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - virtualisation.oci-containers.containers.mumble-web = { - image = "rankenstein/mumble-web:0.5"; - environment = { - MUMBLE_SERVER = "lassul.us:64738"; - }; - ports = [ - "64739:8080" - ]; - }; - - services.nginx.virtualHosts."mumble.lassul.us" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:64739"; - proxyWebsockets = true; - }; - }; -} diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix index c2b3e8377..5769f9b15 100644 --- a/lass/2configs/print.nix +++ b/lass/2configs/print.nix @@ -6,5 +6,19 @@ pkgs.foomatic-filters pkgs.gutenprint ]; + browsing = true; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + + BrowseProtocols all + ''; + }; + services.avahi = { + enable = true; + openFirewall = true; + nssmdns = true; }; } diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix new file mode 100644 index 000000000..4bc5f744b --- /dev/null +++ b/lass/2configs/services/coms/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./murmur.nix + ]; +} diff --git a/lass/2configs/services/coms/jitsi.nix b/lass/2configs/services/coms/jitsi.nix new file mode 100644 index 000000000..bbcb36166 --- /dev/null +++ b/lass/2configs/services/coms/jitsi.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + analytics.disabled = true; + startAudioOnly = true; + channelLastN = 4; + stunServers = [ + # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ + { urls = "turn:turn.matrix.org:3478?transport=udp"; } + { urls = "turn:turn.matrix.org:3478?transport=tcp"; } + # - services.coturn: + #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } + #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } + ]; + constraints.video.height = { + ideal = 720; + max = 1080; + min = 240; + }; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + DISABLE_PRESENCE_STATUS = true; + GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; + }; + }; + + services.jitsi-videobridge.config = { + org.jitsi.videobridge.TRUST_BWE = false; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix new file mode 100644 index 000000000..40c53da36 --- /dev/null +++ b/lass/2configs/services/coms/murmur.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + # allowHtml = false; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + sslCert = "/var/lib/acme/lassul.us/cert.pem"; + sslKey = "/var/lib/acme/lassul.us/key.pem"; + extraConfig = '' + opusthreshold=0 + # rememberchannelduration=10000 + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + # services.botamusique = { + # enable = true; + # settings = { + # server.host = "lassul.us"; + # bot.auto_check_updates = false; + # bot.max_track_duration = 360; + # webinterface.enabled = true; + # }; + # }; + + services.nginx.virtualHosts."lassul.us" = { + enableACME = true; + }; + security.acme.certs."lassul.us" = { + group = "lasscert"; + }; + users.groups.lasscert.members = [ + "nginx" + "murmur" + ]; + + # services.nginx.virtualHosts."bota.r" = { + # locations."/" = { + # proxyPass = "http://localhost:8181"; + # }; + # }; +} diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix new file mode 100644 index 000000000..57e132151 --- /dev/null +++ b/lass/2configs/services/coms/proxy.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +let + tcpports = [ + 4443 # jitsi + 64738 # murmur + ]; + udpports = [ + 10000 # jitsi + 64738 # murmur + ]; + target = "orange.r"; +in +{ + networking.firewall.allowedTCPPorts = tcpports; + networking.firewall.allowedUDPPorts = udpports; + services.nginx.streamConfig = '' + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port}; + proxy_pass ${target}:${toString port}; + } + '') tcpports} + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port} udp; + proxy_pass ${target}:${toString port}; + } + '') udpports} + ''; + + services.nginx.virtualHosts."jitsi.lassul.us" = { + enableACME = true; + acmeFallbackHost = "${target}"; + addSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://${target}"; + }; + }; +} diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix new file mode 100644 index 000000000..1c5b81128 --- /dev/null +++ b/lass/2configs/services/flix/container-host.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +{ + krebs.sync-containers3.containers.yellow = { + sshKey = "${toString <secrets>}/yellow.sync.key"; + }; + containers.yellow.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/yellow/state"; + isReadOnly = false; + }; + containers.yellow.bindMounts."/var/download" = { + hostPath = "/var/download"; + isReadOnly = false; + }; + # krebs.iptables.tables.filter.FORWARD.rules = [ + # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; } + # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; } + # ]; + # krebs.iptables.tables.nat.PREROUTING.rules = [ + # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; } + # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; } + # ]; + networking.firewall.allowedTCPPorts = [ 8096 8920 ]; + networking.firewall.allowedUDPPorts = [ 1900 7359 ]; + containers.yellow.forwardPorts = [ + { hostPort = 8096; containerPort = 8096; protocol = "tcp"; } + { hostPort = 8920; containerPort = 8920; protocol = "tcp"; } + { hostPort = 1900; containerPort = 1900; protocol = "udp"; } + { hostPort = 7359; containerPort = 7359; protocol = "udp"; } + ]; + + services.nginx.virtualHosts."flix.lassul.us" = { + # forceSSL = true; + # enableACME = true; + locations."/" = { + proxyPass = "http://yellow.r:8096"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; +} diff --git a/lass/2configs/services/flix/default.nix b/lass/2configs/services/flix/default.nix new file mode 100644 index 000000000..e6be394ce --- /dev/null +++ b/lass/2configs/services/flix/default.nix @@ -0,0 +1,316 @@ +{ config, lib, pkgs, ... }: +{ + users.groups.download.members = [ "transmission" ]; + services.transmission = { + enable = true; + home = "/var/state/transmission"; + group = "download"; + downloadDirPermissions = "775"; + settings = { + download-dir = "/var/download/transmission"; + incomplete-dir-enabled = false; + rpc-bind-address = "::"; + message-level = 1; + umask = 18; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL; + services.nginx = { + enable = true; + package = pkgs.nginx.override { + modules = with pkgs.nginxModules; [ + fancyindex + ]; + }; + virtualHosts."yellow.r" = { + default = true; + enableACME = true; + addSSL = true; + locations."/" = { + root = "/var/download"; + extraConfig = '' + fancyindex on; + fancyindex_footer "/fancy.html"; + include ${pkgs.nginx}/conf/mime.types; + include ${pkgs.writeText "extrMime" '' + types { + video/webm mkv; + } + ''}; + create_full_put_path on; + ''; + }; + locations."/chatty" = { + proxyPass = "http://localhost:3000"; + extraConfig = '' + rewrite /chatty/(.*) /$1 break; + proxy_set_header Host $host; + ''; + }; + locations."= /fancy.html".extraConfig = '' + alias ${pkgs.writeText "nginx_footer" '' + <div id="mydiv"> + <!-- Include a header DIV with the same name as the draggable DIV, followed by "header" --> + <div id="mydivheader">Click here to move</div> + <iframe src="/chatty/index.html"></iframe> + </div> + <style> + #mydiv { + position: absolute; + z-index: 9; + background-color: #f1f1f1; + border: 1px solid #d3d3d3; + text-align: center; + } + + #mydivheader { + padding: 10px; + cursor: move; + z-index: 10; + background-color: #2196F3; + color: #fff; + } + </style> + <script> + // Make the DIV element draggable: + dragElement(document.getElementById("mydiv")); + + function dragElement(elmnt) { + var pos1 = 0, pos2 = 0, pos3 = 0, pos4 = 0; + if (document.getElementById(elmnt.id + "header")) { + // if present, the header is where you move the DIV from: + document.getElementById(elmnt.id + "header").onmousedown = dragMouseDown; + } else { + // otherwise, move the DIV from anywhere inside the DIV: + elmnt.onmousedown = dragMouseDown; + } + + function dragMouseDown(e) { + e = e || window.event; + e.preventDefault(); + // get the mouse cursor position at startup: + pos3 = e.clientX; + pos4 = e.clientY; + document.onmouseup = closeDragElement; + // call a function whenever the cursor moves: + document.onmousemove = elementDrag; + } + + function elementDrag(e) { + e = e || window.event; + e.preventDefault(); + // calculate the new cursor position: + pos1 = pos3 - e.clientX; + pos2 = pos4 - e.clientY; + pos3 = e.clientX; + pos4 = e.clientY; + // set the element's new position: + elmnt.style.top = (elmnt.offsetTop - pos2) + "px"; + elmnt.style.left = (elmnt.offsetLeft - pos1) + "px"; + } + + function closeDragElement() { + // stop moving when mouse button is released: + document.onmouseup = null; + document.onmousemove = null; + } + } + </script> + ''}; + ''; + }; + virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:8096/; + proxy_set_header Accept-Encoding ""; + ''; + }; + virtualHosts."transmission.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:9091"; + }; + }; + virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:7878"; + }; + }; + virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:8989"; + }; + }; + }; + + services.samba = { + enable = true; + enableNmbd = false; + extraConfig = '' + workgroup = WORKGROUP + server string = ${config.networking.hostName} + # only allow retiolum addresses + hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16 + + # Use sendfile() for performance gain + use sendfile = true + + # No NetBIOS is needed + disable netbios = true + + # Only mangle non-valid NTFS names, don't care about DOS support + mangled names = illegal + + # Performance optimizations + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 + + # Disable all printing + load printers = false + disable spoolss = true + printcap name = /dev/null + + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/var/download"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + + systemd.services.bruellwuerfel = + let + bruellwuerfelSrc = pkgs.fetchFromGitHub { + owner = "krebs"; + repo = "bruellwuerfel"; + rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015"; + sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd"; + }; + in { + wantedBy = [ "multi-user.target" ]; + environment = { + IRC_CHANNEL = "#flix"; + IRC_NICK = "bruelli"; + IRC_SERVER = "irc.r"; + IRC_HISTORY_FILE = "/tmp/bruelli.history"; + }; + serviceConfig = { + ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts"; + }; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin + { predicate = "-p tcp --dport 8920"; target = "ACCEPT"; } # jellyfin + { predicate = "-p udp --dport 1900"; target = "ACCEPT"; } # jellyfin + { predicate = "-p udp --dport 7359"; target = "ACCEPT"; } # jellyfin + { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr + { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr + { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr + { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr + + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } + ]; + }; + + systemd.services.flix-index = { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.inotify-tools + ]; + serviceConfig = { + Restart = "always"; + ExecStart = pkgs.writers.writeDash "flix-index" '' + set -efu + + DIR=/var/download + cd "$DIR" + while inotifywait -rq -e create -e move -e delete "$DIR"; do + find . -type f > "$DIR"/index.tmp + mv "$DIR"/index.tmp "$DIR"/index + done + ''; + }; + }; + + services.jellyfin = { + enable = true; + group = "download"; + }; + + # movies + services.radarr = { + enable = true; + group = "download"; + }; + + # shows + services.sonarr = { + enable = true; + group = "download"; + }; + + # indexers + services.prowlarr = { + enable = true; + }; + + # subtitles + services.bazarr = { + enable = true; + group = "download"; + }; +} diff --git a/lass/2configs/services/flix/proxy.nix b/lass/2configs/services/flix/proxy.nix new file mode 100644 index 000000000..c16c6def3 --- /dev/null +++ b/lass/2configs/services/flix/proxy.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."flix.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://yellow.r:8096"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; +} diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/services/radio/container-host.nix index de0ea9afe..de0ea9afe 100644 --- a/lass/2configs/radio/container-host.nix +++ b/lass/2configs/services/radio/container-host.nix diff --git a/lass/2configs/radio/controls.html b/lass/2configs/services/radio/controls.html index 858dc3656..858dc3656 100644 --- a/lass/2configs/radio/controls.html +++ b/lass/2configs/services/radio/controls.html diff --git a/lass/2configs/radio/default.nix b/lass/2configs/services/radio/default.nix index a511196fd..a511196fd 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/services/radio/default.nix diff --git a/lass/2configs/radio/news.nix b/lass/2configs/services/radio/news.nix index 0dc711e6c..0dc711e6c 100644 --- a/lass/2configs/radio/news.nix +++ b/lass/2configs/services/radio/news.nix diff --git a/lass/2configs/services/radio/proxy.nix b/lass/2configs/services/radio/proxy.nix new file mode 100644 index 000000000..49f8ade79 --- /dev/null +++ b/lass/2configs/services/radio/proxy.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."radio.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/" = { + # recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://radio.r"; + extraConfig = '' + proxy_set_header Host radio.r; + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; + ''; + }; + }; +} diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/services/radio/radio.liq index 1366287a7..1366287a7 100644 --- a/lass/2configs/radio/radio.liq +++ b/lass/2configs/services/radio/radio.liq diff --git a/lass/2configs/radio/shell.nix b/lass/2configs/services/radio/shell.nix index 9d00e3b06..9d00e3b06 100644 --- a/lass/2configs/radio/shell.nix +++ b/lass/2configs/services/radio/shell.nix diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/services/radio/weather.nix index dca8a7843..dca8a7843 100644 --- a/lass/2configs/radio/weather.nix +++ b/lass/2configs/services/radio/weather.nix diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/services/radio/weather_for_ips.py index 62206a985..62206a985 100644 --- a/lass/2configs/radio/weather_for_ips.py +++ b/lass/2configs/services/radio/weather_for_ips.py diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix index 88ea7ba59..02c551a2b 100644 --- a/lass/2configs/xdg-open.nix +++ b/lass/2configs/xdg-open.nix @@ -1,12 +1,13 @@ { config, pkgs, lib, ... }: with import <stockholm/lib>; let xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' - /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1 ''; - xdg-open = pkgs.writeBash "xdg-open" '' - set -e + xdg-open = pkgs.writeBashBin "xdg-open" '' + set -xe FILE="$1" + PATH=/run/current-system/sw/bin mime= case "$FILE" in @@ -35,15 +36,13 @@ case "$mime" in special/mailaddress) - urxvtc --execute vim "$FILE" ;; - ${optionalString (hasAttr "browser" config.lass) '' + alacritty --execute vim "$FILE" ;; text/html) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + firefox "$FILE" ;; text/xml) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; - ''} + firefox "$FILE" ;; text/*) - urxvtc --execute vim "$FILE" ;; + alacritty --execute vim "$FILE" ;; image/*) sxiv "$FILE" ;; application/x-bittorrent) @@ -51,17 +50,18 @@ application/pdf) zathura "$FILE" ;; inode/directory) - sudo -u lass -i urxvtc --execute mc "$FILE" ;; + alacritty --execute mc "$FILE" ;; *) # open dmenu and ask for program to open with - $(dmenu_path | dmenu) "$FILE";; + runner=$(print -rC1 -- ''${(ko)commands} | dmenu) + exec $runner "$FILE";; esac ''; in { environment.systemPackages = [ xdg-open-wrapper ]; security.sudo.extraConfig = '' - cr ALL=(lass) NOPASSWD: ${xdg-open} * - ff ALL=(lass) NOPASSWD: ${xdg-open} * + cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * + ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * ''; } diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index b506e026d..1789725d1 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -159,14 +159,14 @@ myKeyMap = ${pkgs.clipmenu}/bin/clipmenu ''}") - , ("M4-<F2>", windows copyToAll) - - , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-<Insert>", spawn "${pkgs.writeDash "paste" '' ${pkgs.coreutils}/bin/sleep 0.4 ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - ''}") + , ("M4-<F1>", spawn "/run/current-system/sw/bin/gamepad_mouse_toggle") + , ("M4-<F2>", windows copyToAll) + , ("M4-<F4>", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-<F5>", spawn "${pkgs.acpilight}/bin/xbacklight -set 1") , ("M4-<F6>", spawn "${pkgs.acpilight}/bin/xbacklight -set 10") , ("M4-<F7>", spawn "${pkgs.acpilight}/bin/xbacklight -set 33") diff --git a/lass/2configs/yellow-host.nix b/lass/2configs/yellow-host.nix deleted file mode 100644 index 36027cb5d..000000000 --- a/lass/2configs/yellow-host.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: -{ - krebs.sync-containers3.containers.yellow = { - sshKey = "${toString <secrets>}/yellow.sync.key"; - }; - containers.yellow.bindMounts."/var/lib" = { - hostPath = "/var/lib/sync-containers3/yellow/state"; - isReadOnly = false; - }; - containers.yellow.bindMounts."/var/download" = { - hostPath = "/var/download"; - isReadOnly = false; - }; -} |