From 29041d86c629ec87592a535bbcec3c1f6199f042 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Tue, 31 Jan 2023 15:13:17 +0100 Subject: kartei/palo: update retiolum keys --- kartei/palo/default.nix | 21 ++++++++++++++++++--- kartei/palo/retiolum.pub | 13 ------------- 2 files changed, 18 insertions(+), 16 deletions(-) delete mode 100644 kartei/palo/retiolum.pub diff --git a/kartei/palo/default.nix b/kartei/palo/default.nix index 9d35c3808..6fc9a594f 100644 --- a/kartei/palo/default.nix +++ b/kartei/palo/default.nix @@ -17,13 +17,28 @@ let in { hosts = mapAttrs hostDefaults { - sterni = { + sol = { owner = config.krebs.users.palo; nets = { retiolum = { tinc.port = 720; - aliases = [ "sterni.r" ]; - tinc.pubkey = builtins.readFile ./retiolum.pub; + aliases = [ "sol.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAxrvdMSAcOJXM1TbIIDZ+zPojrcRG3RVMfPC2/0DasRpBFSuS+L60 + mQEs0l0ptAL6Sbr4+9gfaHkdETfYpeKB4Q4lCPahMq88YfTyB1f3tEOqW3vP22nC + Z+Yf+W/sTLWVRoDoS/Eok6wS95R1IQ74vr37YXdbJTD/eeX6sAJkn2I2RV5PD6Bu + lHsMuunAj+PyhAgqb2P393h7FN4exL0xM6UbHbgsd9OSp5qKTjZE3jeOyWmounK1 + 7n+8pyRjI0VE47ontnj/GANwpsxRFFtRGmG/S5KhUBXMv7wZr/vaVETRphAu+KhT + NqdclmGkQlB/YBodzJID7C21Zz4b33kcn12TU3nc6AL5u9j3sU2sEu/22fAZBWLV + yOZ9l/Qe4aJkIbdL70Gvp9G8m7+M4vkdM+e/nA5cZT0N9ArI2D5ltJRd7VLVzxef + Y0t/bS9bVOcNt2Sgd81Ubg0OmF2paHGGboAAMqXhf3afwCMyXcDsP6sgPXOIEu7Q + hjuo5rg6Fu8eK9edAAQ2afl52GiFUawzjHbjGANwVyea1JTQ3uR6eBtxGOEaYpkr + vbl75CxLwE0YA0L3VwhJTNLMVldTrUi2M76QedjzyePkJHMijHT5+0nqTlsmjcNg + uv89Mh9shNKdqulfGjTAFyKjTCuUe/rCprJ5CeZWBaEuQKYkcZuMkJsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "qCJvjlNz5YNOz5IEiwGaoK3InSVCL76uNl+xVBUa/AP"; }; }; }; diff --git a/kartei/palo/retiolum.pub b/kartei/palo/retiolum.pub deleted file mode 100644 index 65284d51d..000000000 --- a/kartei/palo/retiolum.pub +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE -8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4 -oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/ -ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD -ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ -ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu -MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL -rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo -sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1 -EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH -yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ== ------END RSA PUBLIC KEY----- -- cgit v1.2.3 From 4a0e27488e80935719f3dc41a1c337f94068e450 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Feb 2023 19:27:00 +0100 Subject: l mail: remove empty newlines --- lass/2configs/mail.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index f5b2e22b7..85259176b 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -92,8 +92,6 @@ let tag-new-mails = pkgs.writeDashBin "nm-tag-init" '' ${pkgs.notmuch}/bin/notmuch new - ${lib.concatMapStringsSep "\n" (i: '' - '') (lib.mapAttrsToList lib.nameValuePair mailboxes)} ${lib.concatMapStringsSep "\n" (i: '' mkdir -p "$HOME/Maildir/.${i.name}/cur" for mail in $(${pkgs.notmuch}/bin/notmuch search --output=files 'tag:inbox and (${lib.concatMapStringsSep " or " (f: "${f}") i.value})'); do -- cgit v1.2.3 From b3ccfd3a789e59f16d2e1ef616cc23e89bab1598 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 2 Feb 2023 19:27:13 +0100 Subject: l mail: retry muchsync until success --- lass/2configs/mail.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 85259176b..0adef8f8c 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -184,7 +184,9 @@ let "unset wait_key \ ${pkgs.writeDash "muchsync" '' set -efu - ${pkgs.muchsync}/bin/muchsync -F lass@green.r + until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do + sleep 1 + done ''} \ 'run muchsync to green.r' -- cgit v1.2.3 From 2fa9f8601ed3f5c81316b9b780a03d414b4de9b3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 3 Feb 2023 13:25:44 +0100 Subject: l baseX: flameshot-once -> flameshot --- lass/2configs/baseX.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index efd6c8a24..79777429a 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -91,11 +91,11 @@ in { xorg.xhost xsel zathura - flameshot-once + flameshot (pkgs.writeDashBin "screenshot" '' set -efu - ${pkgs.flameshot-once}/bin/flameshot-once + ${pkgs.flameshot}/bin/flameshot gui ${pkgs.klem}/bin/klem '') ]; -- cgit v1.2.3 From b1b4fedb1db2a1adcfb4a686de5a51db86af0df2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Feb 2023 17:51:20 +0100 Subject: news.r: move into sync-containers3 --- krebs/1systems/news/config.nix | 11 +++-------- krebs/2configs/news-host.nix | 9 ++------- krebs/2configs/news.nix | 3 ++- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/krebs/1systems/news/config.nix b/krebs/1systems/news/config.nix index 620e6249e..b27fc3737 100644 --- a/krebs/1systems/news/config.nix +++ b/krebs/1systems/news/config.nix @@ -17,13 +17,8 @@ boot.isContainer = true; networking.useDHCP = lib.mkForce true; - krebs.bindfs = { - "/var/lib/brockman" = { - source = "/var/state/brockman"; - options = [ - "-m ${toString config.users.users.brockman.uid}:${toString config.users.users.nginx.uid}" - ]; - clearTarget = true; - }; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBVZomw68WDQy0HsHhNbWK1KpzaR5aRUG1oioE7IgCv"; }; } diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 07674c86e..71793e518 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -1,10 +1,5 @@ { - krebs.sync-containers.containers.news = { - peers = [ - "shodan" - "mors" - "styx" - ]; - format = "plain"; + krebs.sync-containers3.containers.news = { + sshKey = "${toString }/news.sync.key"; }; } diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index d6c6371da..9d9470727 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -74,7 +74,7 @@ limits.identlen = 100; history.enabled = false; }; - systemd.services.brockman.bindsTo = [ "ergo.service" ]; + systemd.services.brockman.bindsTo = [ "ergochat.service" ]; systemd.services.brockman.serviceConfig.LimitNOFILE = 16384; systemd.services.brockman.environment.BROCKMAN_LOG_LEVEL = "DEBUG"; krebs.brockman = { @@ -87,6 +87,7 @@ nick = "brockman"; extraChannels = [ "#all" ]; }; + statePath = "/var/state/brockman/brockman.json"; bots = {}; }; }; -- cgit v1.2.3 From 55d3bb391f32f1abe27f1e0f58a8baac82b703cc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 4 Feb 2023 18:46:51 +0100 Subject: l jitsi: more configs for bigger groups --- lass/2configs/jitsi.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix index fa41f6634..2c148dcdd 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/jitsi.nix @@ -8,6 +8,16 @@ enableWelcomePage = true; requireDisplayName = true; analytics.disabled = true; + startAudioOnly = true; + channelLastN = 4; + stunServers = [ + # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ + { urls = "turn:turn.matrix.org:3478?transport=udp"; } + { urls = "turn:turn.matrix.org:3478?transport=tcp"; } + # - services.coturn: + #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } + #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } + ]; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; @@ -17,6 +27,10 @@ }; }; + services.jitsi-videobridge.config = { + org.jitsi.videobridge.TRUST_BWE = false; + }; + krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } -- cgit v1.2.3 From 2a7501b66ccb71d30dc65f76a0a8d46daa88efe0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:46:49 +0100 Subject: l aergia.r: connect to c-base vpn --- lass/1systems/aergia/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index ed5bbcf12..af88a0260 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -26,6 +26,7 @@ + ]; system.stateVersion = "22.11"; -- cgit v1.2.3 From 6c982d0487ae438b3766a6cf8a9c96fa2a2398a4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:48:11 +0100 Subject: l print: enable avahi --- lass/2configs/print.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lass/2configs/print.nix b/lass/2configs/print.nix index c2b3e8377..5769f9b15 100644 --- a/lass/2configs/print.nix +++ b/lass/2configs/print.nix @@ -6,5 +6,19 @@ pkgs.foomatic-filters pkgs.gutenprint ]; + browsing = true; + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + + BrowseProtocols all + ''; + }; + services.avahi = { + enable = true; + openFirewall = true; + nssmdns = true; }; } -- cgit v1.2.3 From 278e6c354a7f5b19465641144784c5e22a01c4db Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:49:09 +0100 Subject: l aergia.r: add more power managment stuff --- lass/1systems/aergia/physical.nix | 49 ++++++++++++++++++++++++++++++++++----- 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index de5f7540e..6200bbfc5 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -20,15 +20,37 @@ boot.kernelParams = [ # Enable energy savings during sleep "mem_sleep_default=deep" - "initcall_blacklist=acpi_cpufreq_init" + + "amd_pstate=passive" # for ryzenadj -i "iomem=relaxed" ]; - # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html - # On recent AMD CPUs this can be more energy efficient. - boot.kernelModules = [ "amd-pstate" "kvm-amd" ]; + boot.kernelModules = [ + # Enables the amd cpu scaling https://www.kernel.org/doc/html/latest/admin-guide/pm/amd-pstate.html + # On recent AMD CPUs this can be more energy efficient. + "amd-pstate" + "kvm-amd" + + # needed for zenstates + "msr" + + # zenpower + "zenpower" + ]; + + boot.extraModulePackages = [ + (config.boot.kernelPackages.zenpower.overrideAttrs (old: { + src = pkgs.fetchFromGitea { + domain = "git.exozy.me"; + owner = "a"; + repo = "zenpower3"; + rev = "c176fdb0d5bcba6ba2aba99ea36812e40f47751f"; + hash = "sha256-d2WH8Zv7F0phZmEKcDiaak9On+Mo9bAFhMulT/N5FWI="; + }; + })) + ]; # hardware.cpu.amd.updateMicrocode = true; @@ -36,7 +58,16 @@ "amdgpu" ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "thunderbolt" + "xhci_pci" + "usbhid" + ]; + + boot.initrd.kernelModules = [ + "amdgpu" + ]; environment.systemPackages = [ pkgs.vulkan-tools @@ -54,7 +85,13 @@ hardware.video.hidpi.enable = lib.mkDefault true; # corectrl - programs.corectrl.enable = true; + programs.corectrl = { + enable = true; + gpuOverclock = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; + }; users.users.mainUser.extraGroups = [ "corectrl" ]; # use newer ryzenadj -- cgit v1.2.3 From f4c679dd918e23459a590099bcf6c1847afdfb02 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:50:00 +0100 Subject: l aergia.r: fix xmodmap not running on startup --- lass/1systems/aergia/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 6200bbfc5..93bf2a32e 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -109,7 +109,7 @@ # keyboard quirks services.xserver.displayManager.sessionCommands = '' - xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert + ${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 96 = F12 Insert F12 F12' # rebind shift + F12 to shift + insert ''; services.udev.extraHwdb = /* sh */ '' # disable back buttons -- cgit v1.2.3 From ff76a04ea6b06f79ae33fdbfbd4892b0e89d6106 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:50:33 +0100 Subject: l aergia.r: enable microcode updates --- lass/1systems/aergia/physical.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 93bf2a32e..44bd53c22 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -120,4 +120,7 @@ # ignore power key services.logind.extraConfig = "HandlePowerKey=ignore"; + + # update cpu microcode + hardware.cpu.amd.updateMicrocode = true; } -- cgit v1.2.3 From 7eb5804cf7c6f4ee18da4de5e42d0b0df3b849f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:51:57 +0100 Subject: l green.r: create ~/.config --- lass/1systems/green/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 077f7b3fa..c232be9bd 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -35,6 +35,7 @@ with import ; systemd.tmpfiles.rules = [ "d /home/lass/.local/share 0700 lass users -" "d /home/lass/.local 0700 lass users -" + "d /home/lass/.config 0700 lass users -" "d /var/state/lass_mail 0700 lass users -" "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail" -- cgit v1.2.3 From fd67132ada8f32c8fde5c0342edc2940926d7abd Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:58:32 +0100 Subject: l lasspi.r: fix booting with 22.05 --- lass/1systems/lasspi/config.nix | 5 ++--- lass/1systems/lasspi/physical.nix | 21 ++++++++++++--------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/lass/1systems/lasspi/config.nix b/lass/1systems/lasspi/config.nix index 9f823dfc8..d2207627d 100644 --- a/lass/1systems/lasspi/config.nix +++ b/lass/1systems/lasspi/config.nix @@ -1,4 +1,3 @@ -with import ; { config, lib, pkgs, ... }: let in @@ -18,9 +17,9 @@ in }; environment.systemPackages = with pkgs; [ vim - rxvt_unicode.terminfo + rxvt-unicode-unwrapped.terminfo ]; services.openssh.enable = true; - system.stateVersion = "21.05"; + system.stateVersion = "22.05"; } diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix index 868bafad5..07efb5ca5 100644 --- a/lass/1systems/lasspi/physical.nix +++ b/lass/1systems/lasspi/physical.nix @@ -1,15 +1,14 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: { - # This configuration worked on 09-03-2021 nixos-unstable @ commit 102eb68ceec - # The image used https://hydra.nixos.org/build/134720986 imports = [ + (modulesPath + "/installer/scan/not-detected.nix") ./config.nix ]; boot = { # kernelPackages = pkgs.linuxPackages_rpi4; tmpOnTmpfs = true; - initrd.availableKernelModules = [ "usbhid" "usb_storage" ]; + initrd.availableKernelModules = [ "usbhid" "usb_storage" "xhci_pci" ]; # ttyAMA0 is the serial console broken out to the GPIO kernelParams = [ "8250.nr_uarts=1" @@ -20,19 +19,23 @@ ]; }; - boot.loader.raspberryPi = { - enable = true; - version = 4; - }; + # boot.loader.raspberryPi = { + # enable = true; + # version = 4; + # # uboot.enable = true; + # }; boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; # Required for the Wireless firmware hardware.enableRedistributableFirmware = true; + networking.interfaces.eth0.useDHCP = true; + # Assuming this is installed on top of the disk image. fileSystems = { "/" = { - device = "/dev/disk/by-label/NIXOS_SD"; + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; options = [ "noatime" ]; }; -- cgit v1.2.3 From e3e1ba19dfab0cdcd1f5976a3b980177d7bc23f7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:59:16 +0100 Subject: kartei prism.r: turn cgit into A record this tries to fix a bug where cgit becomes unreachable sometimes --- kartei/lass/prism.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index cfc05b636..9d5762aed 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -21,7 +21,7 @@ rec { 60 IN TXT ( "v=DKIM1; k=rsa; t=s; s=*; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" ) default._domainkey 60 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUv3DMndFellqu208feABEzT/PskOfTSdJCOF/HELBR0PHnbBeRoeHEm9XAcOe/Mz2t/ysgZ6JFXeFxCtoM5fG20brUMRzsVRxb9Ur5cEvOYuuRrbChYcKa+fopu8pYrlrqXD3miHISoy6ErukIYCRpXWUJHi1TlNQhLWFYqAaywIDAQAB" cache 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} - cgit CNAME ${config.krebs.hosts.prism.nets.internet.ip4.addr} + cgit 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} pad 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} codi 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} go 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} -- cgit v1.2.3 From 440814beca4c3be1e9fe0cac4c02178ce699c385 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 12:59:47 +0100 Subject: kartei prism.r: add schrott.lassul.us --- kartei/lass/prism.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index 9d5762aed..d72b167b6 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -38,6 +38,7 @@ rec { mail 60 IN AAAA ${config.krebs.hosts.prism.nets.internet.ip6.addr} flix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} testing 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + schrott 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; }; nets = rec { -- cgit v1.2.3 From 6781e12eae14618b428b0ccfe2942c826beb800c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 6 Feb 2023 13:00:45 +0100 Subject: pkgs.fzfmenu: use alacritty --- krebs/5pkgs/simple/fzfmenu/default.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/krebs/5pkgs/simple/fzfmenu/default.nix b/krebs/5pkgs/simple/fzfmenu/default.nix index 4527ad90b..fe5d5e27a 100644 --- a/krebs/5pkgs/simple/fzfmenu/default.nix +++ b/krebs/5pkgs/simple/fzfmenu/default.nix @@ -48,10 +48,11 @@ pkgs.writeDashBin "fzfmenu" '' exec 4>&1 export FZFMENU_INPUT_FD=3 export FZFMENU_OUTPUT_FD=4 - exec ${pkgs.rxvt-unicode}/bin/urxvt \ - -name ${cfg.appName} \ - -title ${shell.escape cfg.windowTitle} \ - -e "$0" "$@" + exec ${pkgs.alacritty}/bin/alacritty \ + --config-file /var/theme/config/alacritty.yaml \ + --class ${cfg.appName} \ + --title ${shell.escape cfg.windowTitle} \ + --command "$0" "$@" else exec 0<&''${FZFMENU_INPUT_FD-0} exec 1>&''${FZFMENU_OUTPUT_FD-1} -- cgit v1.2.3 From 5b768d2b0050507037584f3b7f4a5cf90d627c57 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 8 Feb 2023 15:01:37 +0100 Subject: l aergia.r: add suspend to disk --- lass/1systems/aergia/physical.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 44bd53c22..0e5a88aa1 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -25,6 +25,9 @@ # for ryzenadj -i "iomem=relaxed" + + # suspend + "resume_offset=178345675" ]; boot.kernelModules = [ @@ -119,8 +122,17 @@ ''; # ignore power key - services.logind.extraConfig = "HandlePowerKey=ignore"; # update cpu microcode hardware.cpu.amd.updateMicrocode = true; + + # suspend to disk + swapDevices = [{ + device = "/swapfile"; + }]; + boot.resumeDevice = "/dev/mapper/aergia1"; + services.logind.lidSwitch = "suspend-then-hibernate"; + services.logind.extraConfig = '' + HandlePowerKey=hibernate + ''; } -- cgit v1.2.3 From be875c52c5dbaa550f2577c18d70ce9d92db75eb Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Feb 2023 09:46:17 +0100 Subject: pkgs.pager: remove hardcoded colors --- krebs/5pkgs/simple/pager.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/krebs/5pkgs/simple/pager.nix b/krebs/5pkgs/simple/pager.nix index 506ef2eb3..952b5ee1e 100644 --- a/krebs/5pkgs/simple/pager.nix +++ b/krebs/5pkgs/simple/pager.nix @@ -33,8 +33,6 @@ pkgs.symlinkJoin { -ti vt340 \ -xrm '*geometry: 32x10' \ -xrm '*internalBorder: 2' \ - -xrm '*background: #050505' \ - -xrm '*foreground: #d0d7d0' \ -e ${pkgs.haskellPackages.pager}/bin/pager "$@" '') pkgs.haskellPackages.pager -- cgit v1.2.3 From 2fd19ed50d8db28d6dff784f608549f902c17387 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Feb 2023 14:24:19 +0100 Subject: hotdog.r: convert to sync-container3 --- krebs/1systems/hotdog/config.nix | 4 ++++ krebs/2configs/hotdog-host.nix | 9 +++++++++ 2 files changed, 13 insertions(+) create mode 100644 krebs/2configs/hotdog-host.nix diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 9849937d5..70307a96b 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -26,4 +26,8 @@ boot.isContainer = true; networking.useDHCP = false; + krebs.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM20tYHHvwIgrJZzR35ATzH9AlTrM1enNKEQJ7IP6lBh"; + }; } diff --git a/krebs/2configs/hotdog-host.nix b/krebs/2configs/hotdog-host.nix new file mode 100644 index 000000000..95d70376b --- /dev/null +++ b/krebs/2configs/hotdog-host.nix @@ -0,0 +1,9 @@ +{ + krebs.sync-containers3.containers.hotdog = { + sshKey = "${toString }/hotdog.sync.key"; + }; + containers.hotdog.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/hotdog/state"; + isReadOnly = false; + }; +} -- cgit v1.2.3 From f62711abe3e627bc4d66a5cc9226ecf87f71feea Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 12 Feb 2023 14:24:43 +0100 Subject: l neoprism.r: add hotdog sync-container --- lass/1systems/neoprism/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 7f6be782e..be80e28da 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -10,6 +10,7 @@ + # other containers -- cgit v1.2.3 From 6820fe02f6666df1d58ef7c94eb5c29e5ff508bf Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2023 13:58:10 +0100 Subject: l mumble-reminder: prism.r -> orange.r --- lass/1systems/orange/config.nix | 1 + lass/1systems/prism/config.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/orange/config.nix b/lass/1systems/orange/config.nix index 3bc20878e..5e975dba8 100644 --- a/lass/1systems/orange/config.nix +++ b/lass/1systems/orange/config.nix @@ -5,6 +5,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.orange; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bcc8c1a08..f23778eba 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -137,7 +137,6 @@ with import ; - { services.tor = { -- cgit v1.2.3 From 9e059195325e61e38a31a7905b1fe08656f49aba Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 16 Feb 2023 13:58:33 +0100 Subject: l mumble-reminder: move to 17:00 --- lass/2configs/mumble-reminder.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix index fe75a96a6..c4cc60dc5 100644 --- a/lass/2configs/mumble-reminder.nix +++ b/lass/2configs/mumble-reminder.nix @@ -23,7 +23,7 @@ Kois Faulaffen Schraubenziegen - Nachtigalle + Nachtigallen Okapis Stachelschweine Kurzschwanzkängurus @@ -49,7 +49,7 @@ pattern = "^nerv nicht$"; activate = "match"; command = { - filename = pkgs.writeDash "add_remind" '' + filename = pkgs.writeDash "del_remind" '' ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users echo "okok, Ich werde $_from nich mehr errinern" ''; @@ -80,7 +80,7 @@ in { }; systemd.services.mumble-reminder-nixos = { description = "weekly reminder for nixos mumble"; - startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + startAt = "Thu *-*-* 17:00:00 Europe/Berlin"; serviceConfig = { ExecStart = pkgs.writers.writeDash "mumble_reminder" '' animals=' -- cgit v1.2.3 From 92cfeace5435e09b203a1e4f91eee28bd5d198ce Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 19 Feb 2023 10:01:55 +0100 Subject: l aergia.r: add antimicrox for gamepad mouse mode --- lass/1systems/aergia/physical.nix | 1 + lass/2configs/antimicrox/default.nix | 33 +++++ lass/2configs/antimicrox/empty.amgp | 20 +++ lass/2configs/antimicrox/mouse.amgp | 272 +++++++++++++++++++++++++++++++++++ lass/2configs/xmonad.nix | 6 +- 5 files changed, 329 insertions(+), 3 deletions(-) create mode 100644 lass/2configs/antimicrox/default.nix create mode 100644 lass/2configs/antimicrox/empty.amgp create mode 100644 lass/2configs/antimicrox/mouse.amgp diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 0e5a88aa1..0786acbe1 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -3,6 +3,7 @@ imports = [ ./config.nix (modulesPath + "/installer/scan/not-detected.nix") + ]; disko.devices = import ./disk.nix; diff --git a/lass/2configs/antimicrox/default.nix b/lass/2configs/antimicrox/default.nix new file mode 100644 index 000000000..16f546ce6 --- /dev/null +++ b/lass/2configs/antimicrox/default.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: +{ + systemd.services.antimicrox = { + wantedBy = [ "multi-user.target" ]; + environment = { + DISPLAY = ":0"; + }; + serviceConfig = { + User = config.users.users.mainUser.name; + ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state"); + ExecStart = "${pkgs.antimicrox}/bin/antimicrox --no-tray --hidden --profile ${./mouse.amgp}"; + }; + }; + + environment.systemPackages = [ + (pkgs.writers.writeDashBin "gamepad_mouse_disable" '' + echo 1 > /tmp/gamepad.state + ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.amgp} + '') + (pkgs.writers.writeDashBin "gamepad_mouse_enable" '' + echo 0 > /tmp/gamepad.state + ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.amgp} + '') + (pkgs.writers.writeDashBin "gamepad_mouse_toggle" '' + state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state) + if [ "$state" = 1 ]; then + /run/current-system/sw/bin/gamepad_mouse_enable + else + /run/current-system/sw/bin/gamepad_mouse_disable + fi + '') + ]; +} diff --git a/lass/2configs/antimicrox/empty.amgp b/lass/2configs/antimicrox/empty.amgp new file mode 100644 index 000000000..0257bfe71 --- /dev/null +++ b/lass/2configs/antimicrox/empty.amgp @@ -0,0 +1,20 @@ + + + + XInput Controller + + 030000005e0400008e020000010100001118654 + + + + + + + + + + R Stick + L Stick + + + diff --git a/lass/2configs/antimicrox/mouse.amgp b/lass/2configs/antimicrox/mouse.amgp new file mode 100644 index 000000000..313e598de --- /dev/null +++ b/lass/2configs/antimicrox/mouse.amgp @@ -0,0 +1,272 @@ + + + + XInput Controller + + 030000005e0400008e020000010100001118654 + + + + + + + + + + Stick 2 + Stick 1 + + + + + 1 + 29501 + 1412 + 90 + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 3 + mousemovement + + + + + 74 + 74 + + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 2 + mousemovement + + + + + 74 + 74 + + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 4 + mousemovement + + + + + 74 + 74 + + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 1 + mousemovement + + + + + 74 + 74 + + + + 2578 + 30799 + + linear + + + 6 + mousebutton + + + + + linear + + + linear + + + 5 + mousebutton + + + + + linear + + + linear + + + 7 + mousebutton + + + + + linear + + + linear + + + 4 + mousebutton + + + + + linear + + + + + 2 + 10 + + + 2 + 10 + + + 0x1000017 + keyboard + + + + + 2 + 10 + + + 2 + 10 + + + 0x1000011 + keyboard + + + + + 10 + 10 + + + 0x1000016 + keyboard + + + + + 2 + 10 + + + 2 + 10 + + + 2 + 10 + + + 0x1000010 + keyboard + + + + + + 2000 + positivehalf + + 100 + 100 + + + 100 + 100 + + + 250 + mousespeedmod + + + + + + positivehalf + + + + + + + + + diff --git a/lass/2configs/xmonad.nix b/lass/2configs/xmonad.nix index b506e026d..1789725d1 100644 --- a/lass/2configs/xmonad.nix +++ b/lass/2configs/xmonad.nix @@ -159,14 +159,14 @@ myKeyMap = ${pkgs.clipmenu}/bin/clipmenu ''}") - , ("M4-", windows copyToAll) - - , ("M4-", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-", spawn "${pkgs.writeDash "paste" '' ${pkgs.coreutils}/bin/sleep 0.4 ${pkgs.xclip}/bin/xclip -o | ${pkgs.xdotool}/bin/xdotool type -f - ''}") + , ("M4-", spawn "/run/current-system/sw/bin/gamepad_mouse_toggle") + , ("M4-", windows copyToAll) + , ("M4-", spawn "${pkgs.nm-dmenu}/bin/nm-dmenu") , ("M4-", spawn "${pkgs.acpilight}/bin/xbacklight -set 1") , ("M4-", spawn "${pkgs.acpilight}/bin/xbacklight -set 10") , ("M4-", spawn "${pkgs.acpilight}/bin/xbacklight -set 33") -- cgit v1.2.3 From 0ea072393307e5cd250b412dd0026bf8f6f1251b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2023 07:35:27 +0100 Subject: l browsers: use firefox directly, RIP xjails --- lass/1systems/aergia/config.nix | 5 -- lass/1systems/coaxmetal/config.nix | 6 -- lass/2configs/browsers.nix | 14 ++- lass/2configs/xdg-open.nix | 26 +++--- lass/3modules/browsers.nix | 94 -------------------- lass/3modules/default.nix | 2 - lass/3modules/xjail.nix | 173 ------------------------------------- 7 files changed, 18 insertions(+), 302 deletions(-) delete mode 100644 lass/3modules/browsers.nix delete mode 100644 lass/3modules/xjail.nix diff --git a/lass/1systems/aergia/config.nix b/lass/1systems/aergia/config.nix index af88a0260..6992db4a5 100644 --- a/lass/1systems/aergia/config.nix +++ b/lass/1systems/aergia/config.nix @@ -48,11 +48,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - qt = { browser = "qutebrowser"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; # nix.extraOptions = '' diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index 2c88b68cc..1df56f591 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -54,12 +54,6 @@ }; hardware.pulseaudio.package = pkgs.pulseaudioFull; - lass.browser.config = { - dc = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - ff = { browser = "firefox"; groups = [ "audio" "video" ]; hidden = true; }; - fy = { browser = "chromium"; groups = [ "audio" "video" ]; hidden = true; }; - }; - nix.trustedUsers = [ "root" "lass" ]; services.tor = { diff --git a/lass/2configs/browsers.nix b/lass/2configs/browsers.nix index 00a5d2db0..ea6fb644b 100644 --- a/lass/2configs/browsers.nix +++ b/lass/2configs/browsers.nix @@ -1,12 +1,8 @@ { config, lib, pkgs, ... }: { - lass.browser.config = { - cr = { groups = [ "audio" "video" ]; precedence = 9; }; - }; - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - }; + programs.firefox.nativeMessagingHosts.tridactyl = true; + environment.variables.BROWSER = "${pkgs.firefox}/bin/firefox"; + environment.systemPackages = [ + pkgs.firefox + ]; } diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix index 88ea7ba59..02c551a2b 100644 --- a/lass/2configs/xdg-open.nix +++ b/lass/2configs/xdg-open.nix @@ -1,12 +1,13 @@ { config, pkgs, lib, ... }: with import ; let xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' - /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + exec ${xdg-open}/bin/xdg-open "$@" >> /tmp/xdg-debug.log 2>&1 ''; - xdg-open = pkgs.writeBash "xdg-open" '' - set -e + xdg-open = pkgs.writeBashBin "xdg-open" '' + set -xe FILE="$1" + PATH=/run/current-system/sw/bin mime= case "$FILE" in @@ -35,15 +36,13 @@ case "$mime" in special/mailaddress) - urxvtc --execute vim "$FILE" ;; - ${optionalString (hasAttr "browser" config.lass) '' + alacritty --execute vim "$FILE" ;; text/html) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + firefox "$FILE" ;; text/xml) - ${config.lass.browser.select}/bin/browser-select "$FILE" ;; - ''} + firefox "$FILE" ;; text/*) - urxvtc --execute vim "$FILE" ;; + alacritty --execute vim "$FILE" ;; image/*) sxiv "$FILE" ;; application/x-bittorrent) @@ -51,17 +50,18 @@ application/pdf) zathura "$FILE" ;; inode/directory) - sudo -u lass -i urxvtc --execute mc "$FILE" ;; + alacritty --execute mc "$FILE" ;; *) # open dmenu and ask for program to open with - $(dmenu_path | dmenu) "$FILE";; + runner=$(print -rC1 -- ''${(ko)commands} | dmenu) + exec $runner "$FILE";; esac ''; in { environment.systemPackages = [ xdg-open-wrapper ]; security.sudo.extraConfig = '' - cr ALL=(lass) NOPASSWD: ${xdg-open} * - ff ALL=(lass) NOPASSWD: ${xdg-open} * + cr ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * + ff ALL=(lass) NOPASSWD: ${xdg-open}/bin/xdg-open * ''; } diff --git a/lass/3modules/browsers.nix b/lass/3modules/browsers.nix deleted file mode 100644 index 4171abdb6..000000000 --- a/lass/3modules/browsers.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ config, lib, pkgs, ... }: -with import ; -let - - cfg = config.lass.browser; - - browserScripts = { - brave = "${pkgs.brave}/bin/brave"; - chrome = "${pkgs.google-chrome}/bin/chrome"; - chromium = "${pkgs.ungoogled-chromium}/bin/chromium"; - firefox = "${pkgs.firefox.override { - extraNativeMessagingHosts = [ pkgs.tridactyl-native ]; - }}/bin/firefox"; - qutebrowser = "${pkgs.qutebrowser}/bin/qutebrowser"; - }; - - browser-select = let - sortedPaths = sort (a: b: a.value.precedence > b.value.precedence) - (filter (x: ! x.value.hidden) - (mapAttrsToList (name: value: { inherit name value; }) - cfg.config)); - in if (lib.length sortedPaths) > 1 then - pkgs.writeScriptBin "browser-select" '' - BROWSER=$(echo -e "${concatStringsSep "\\n" (map (getAttr "name") sortedPaths)}" | ${pkgs.dmenu}/bin/dmenu) - case $BROWSER in - ${concatMapStringsSep "\n" (n: '' - ${n.name}) - export BIN=${config.lass.xjail-bins.${n.name}}/bin/${n.name} - ;; - '') (sortedPaths)} - esac - $BIN "$@" - '' - else - let - name = (lib.head sortedPaths).name; - in pkgs.writeScriptBin "browser-select" '' - ${config.lass.xjail-bins.${name}}/bin/${name} "$@" - '' - ; - -in { - options.lass.browser = { - select = mkOption { - type = types.path; - }; - config = mkOption { - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - hidden = mkOption { - type = types.bool; - default = false; - }; - precedence = mkOption { - type = types.int; - default = 0; - }; - user = mkOption { - type = types.str; - default = config._module.args.name; - }; - browser = mkOption { - type = types.enum (attrNames browserScripts); - default = "brave"; - }; - groups = mkOption { - type = types.listOf types.str; - default = []; - }; - }; - })); - default = {}; - }; - }; - - config = (mkIf (cfg.config != {}) { - lass.xjail = mapAttrs' (name: browser: - nameValuePair name { - script = browserScripts.${browser.browser}; - groups = browser.groups; - } - ) cfg.config; - environment.systemPackages = (map (browser: - config.lass.xjail-bins.${browser.name} - ) (attrValues cfg.config)) ++ [ - browser-select - ]; - lass.browser.select = browser-select; - }); -} diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 3a0b1306c..0e1a794ca 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -12,8 +12,6 @@ _: ./pyload.nix ./screenlock.nix ./usershadow.nix - ./xjail.nix ./autowifi.nix - ./browsers.nix ]; } diff --git a/lass/3modules/xjail.nix b/lass/3modules/xjail.nix deleted file mode 100644 index 08a28b8e3..000000000 --- a/lass/3modules/xjail.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ config, pkgs, lib, ... }: - -with import ; -{ - options.lass.xjail = mkOption { - type = types.attrsOf (types.submodule ({ config, ...}: { - options = { - name = mkOption { - type = types.str; - default = config._module.args.name; - }; - user = mkOption { - type = types.str; - default = config.name; - }; - groups = mkOption { - type = types.listOf types.str; - default = []; - }; - from = mkOption { - type = types.str; - default = "lass"; - }; - display = mkOption { - type = types.str; - default = toString (genid_uint31 config._module.args.name); - }; - dpi = mkOption { - type = types.int; - default = 90; - }; - extraXephyrArgs = mkOption { - type = types.str; - default = ""; - }; - extraVglrunArgs = mkOption { - type = types.str; - default = ""; - }; - script = mkOption { - type = types.path; - default = pkgs.writeScript "echo_lol" "echo lol"; - }; - wm = mkOption { - #TODO find type - type = types.str; - defaultText = "‹script›"; - default = "${pkgs.writeHaskellPackage "xephyrify-xmonad" { - executables.xmonad = { - extra-depends = [ - "containers" - "unix" - "xmonad" - ]; - text = /* haskell */ '' - module Main where - import XMonad - import Data.Monoid - import System.Posix.Process (executeFile) - import qualified Data.Map as Map - - main :: IO () - main = do - xmonad def - { workspaces = [ "1" ] - , layoutHook = myLayoutHook - , keys = myKeys - , normalBorderColor = "#000000" - , focusedBorderColor = "#000000" - , handleEventHook = myEventHook - } - - myEventHook :: Event -> X All - - myEventHook (ConfigureEvent { ev_event_type = 22 }) = do - spawn "${pkgs.xorg.xrandr}/bin/xrandr >/dev/null 2>&1" - return (All True) - - myEventHook _ = do - return (All True) - - myLayoutHook = Full - myKeys _ = Map.fromList [] - ''; - }; - }}/bin/xmonad"; - }; - }; - })); - default = {}; - }; - - options.lass.xjail-bins = mkOption { - type = types.attrsOf types.path; - }; - - # implementation - config = let - scripts = mapAttrs' (name: cfg: - let - newOrExisting = pkgs.writeDash "${cfg.name}-existing" '' - DISPLAY=:${cfg.display} ${pkgs.xorg.xrandr}/bin/xrandr - if test $? -eq 0; then - echo using existing xephyr - ${sudo_} "$@" - else - echo starting new xephyr - ${xephyr_} "$@" - fi - ''; - xephyr_ = pkgs.writeDash "${cfg.name}-xephyr" '' - ${pkgs.xorg.xorgserver}/bin/Xephyr -br -ac -reset -terminate -resizeable -nolisten local -dpi ${toString cfg.dpi} ${cfg.extraXephyrArgs} :${cfg.display} & - XEPHYR_PID=$! - DISPLAY=:${cfg.display} ${cfg.wm} & - WM_PID=$! - ${sudo_} "$@" - ${pkgs.coreutils}/bin/kill $WM_PID - ${pkgs.coreutils}/bin/kill $XEPHYR_PID - ''; - # TODO fix xephyr which doesn't honor resizes anymore - sudo_ = pkgs.writeDash "${cfg.name}-sudo" '' - #/var/run/wrappers/bin/sudo -u ${cfg.name} -i env DISPLAY=:${cfg.display} ${cfg.script} "$@" - ${pkgs.systemd}/bin/machinectl shell -E DISPLAY=:0 --uid=${cfg.name} .host ${cfg.script} "$@" - ''; - in nameValuePair name { - existing = newOrExisting; - xephyr = xephyr_; - sudo = sudo_; - } - ) config.lass.xjail; - in { - - users.users = mapAttrs' (_: cfg: - nameValuePair cfg.name { - uid = genid_uint31 cfg.name; - home = "/home/${cfg.name}"; - useDefaultShell = true; - createHome = true; - extraGroups = cfg.groups; - isNormalUser = true; - } - ) config.lass.xjail; - - users.groups = mapAttrs' (_: cfg: - nameValuePair cfg.name { - members = [ - cfg.name - cfg.from - ]; - } - ) config.lass.xjail; - - security.polkit.extraConfig = (concatStringsSep "\n" (mapAttrsToList (_: cfg: '' - polkit.addRule(function(action, subject) { - if ( - subject.user == "${cfg.from}" && - action.id == "org.freedesktop.machine1.host-shell" && - action.lookup("user") == "${cfg.user}" && - action.lookup("program") == "${cfg.script}" && - true - ) { - return polkit.Result.YES; - } - }); - '') config.lass.xjail)); - - lass.xjail-bins = mapAttrs' (name: cfg: - nameValuePair name (pkgs.writeScriptBin cfg.name '' - ${scripts.${name}.sudo} "$@" - '') - ) config.lass.xjail; - }; -} -- cgit v1.2.3 From cae7c2673f6ca0d22884543a0f23b24842075acd Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2023 07:56:25 +0100 Subject: l aergia.r: use better touchscreen support for firefox --- lass/1systems/aergia/physical.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lass/1systems/aergia/physical.nix b/lass/1systems/aergia/physical.nix index 0786acbe1..023639083 100644 --- a/lass/1systems/aergia/physical.nix +++ b/lass/1systems/aergia/physical.nix @@ -22,6 +22,7 @@ # Enable energy savings during sleep "mem_sleep_default=deep" + # use less power with pstate "amd_pstate=passive" # for ryzenadj -i @@ -136,4 +137,7 @@ services.logind.extraConfig = '' HandlePowerKey=hibernate ''; + + # firefox touchscreen support + environment.sessionVariables.MOZ_USE_XINPUT2 = "1"; } -- cgit v1.2.3 From 4b1402ff613bfbcd19edb1be31d1d53201835c00 Mon Sep 17 00:00:00 2001 From: Pogobanane Date: Sat, 4 Feb 2023 23:29:07 +0100 Subject: kartei: update aendernix.r --- kartei/mic92/default.nix | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 75f5b7fc9..368e1c0c4 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -160,20 +160,21 @@ in { "aendernix.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAt/dCDTvJU5jugP+5pk2CNM8X6cOnFonJv2eS253nsmKI97T9FSUa - QDt417MoqAJNEeZw7o4ve1fmdZmtfKgmXYdDJi2HSJCJoKY6FUgVOKevtzGg4akl - 4mKTy2z59CxyIbA41MHyLq18W3NLabQ41NpWGBRt9jvHQpZfd+wI8t5IIzdvFrKo - JSOFRbzEBL5//Hc3N/443cUg4IMyDBTemS7/jaZ2/Mn+PVZAdoIPLEZjFeWewmTF - Jd8Bsc2thzAREYHYnawhq3PLJSebMJd91pCdkD0NB0i59VKORcQTFady3fzE9+w4 - RSTqAdBTUDuxzU/B8g1dp89/qW+fVPiFuB5Pf7D9t2DgxTDAeSXMiId/4Hwa0B1G - QCnCedz0Qk2UdId16BTS8DSq8Pd9fawU6qCmPY6ahSiw5ZQ6odMvDISb480cKj41 - pslLjhIItTk3WEs8MwnQCzweNABuCK7GzT7CNaYm3f9pznBlOB+KfoZ6mrlzKkEK - u+gFJXTFym0ZF0wheXO7FCJ1jp4LFHqKGS3zWQyT7isjLsbcQzpOe8/FdiFlQvlG - vltL+5JjcahAMHc/ba+pRa5rSy8ebqf68fg4jlkT94Za13bCIHdK5w7eAXR3s/9z - H2wZmhvajUIZAxQSgFUy+7kKWOIkWqFkGPIdmbdwTaHC88OWshvRv8ECAwEAAQ== - -----END RSA PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAvanhJvtvqnTGblOF9Dy7Un3vaLAJHGeu9z8YMARFh6ENe+duILp0 + IDjJMZc7F3J01RbkjkfbzPiXmHN532MBcbKnp0Z5eUld/XmDdNCc3ekTifrYs2em + eJKFrx2Vhsx924PZ8cOOf7P+JuqJNQzMiy7ohATjpMLU9If1tjqSyV+/lGjbjckN + /e88XtG7Z4Cu5LdbD5Ajb4Rzp9gL0ae4aNw+2nX3wMJLYEjOcmBYuMzBcLYzVnZw + YrtgN9RV8md9gdb2B/Fj1PdJGDyjdiuGRE9LnloC3dpMSkmhbNm9DthsThaWMUn1 + DyrtHrJoyNTO8OvyTfWK7EqKqZcZ+0gaTmtec5VCYWSCpb/CWLmHL3ydTyzNhtRA + 9ZFRwPQUdBsYQ/G/xtGrMQf5T/FdqUj3bD5pGlw6vheabBkD8a8Bt7WB52fzWWb0 + MZZlxyWiHoIim83LI8Qa5WHkJ7jZkV8XdrwsA7hkJpVikJIbWsdzwQVWBVvz5WiF + 0z1vi/cb5EYe3MRRshhG5VpTHBJzDRmvkdbKqrWi8dFEzJGkr0NPflmVKYAIBnRI + xLemDSacswrvY1x9cdzCsNI92SkYxCvsVI27DCeeF5cfkApkZ0YcnOJm+3joTgpP + uF8mQiPsyavyuBg4QWWPwGJosDRbycmHEzGDRLoizSkAQX5c+rvCvVECAwEAAQ== + -----END RSA PUBLIC KEY----- ''; + tinc.pubkey_ed25519 = "5ZhQyLQ2RLTkKvFCN38dfmqfjZOnZmm19Vr1eiOVlID"; }; }; aenderpad = { -- cgit v1.2.3 From 08f2d4c5c7dcaf2faea9d91d256b87daeb291c28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 9 Feb 2023 10:13:38 +0100 Subject: kartai: fix indent for aendernix.r --- kartei/mic92/default.nix | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index 368e1c0c4..f0776985f 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -160,19 +160,19 @@ in { "aendernix.r" ]; tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIICCgKCAgEAvanhJvtvqnTGblOF9Dy7Un3vaLAJHGeu9z8YMARFh6ENe+duILp0 - IDjJMZc7F3J01RbkjkfbzPiXmHN532MBcbKnp0Z5eUld/XmDdNCc3ekTifrYs2em - eJKFrx2Vhsx924PZ8cOOf7P+JuqJNQzMiy7ohATjpMLU9If1tjqSyV+/lGjbjckN - /e88XtG7Z4Cu5LdbD5Ajb4Rzp9gL0ae4aNw+2nX3wMJLYEjOcmBYuMzBcLYzVnZw - YrtgN9RV8md9gdb2B/Fj1PdJGDyjdiuGRE9LnloC3dpMSkmhbNm9DthsThaWMUn1 - DyrtHrJoyNTO8OvyTfWK7EqKqZcZ+0gaTmtec5VCYWSCpb/CWLmHL3ydTyzNhtRA - 9ZFRwPQUdBsYQ/G/xtGrMQf5T/FdqUj3bD5pGlw6vheabBkD8a8Bt7WB52fzWWb0 - MZZlxyWiHoIim83LI8Qa5WHkJ7jZkV8XdrwsA7hkJpVikJIbWsdzwQVWBVvz5WiF - 0z1vi/cb5EYe3MRRshhG5VpTHBJzDRmvkdbKqrWi8dFEzJGkr0NPflmVKYAIBnRI - xLemDSacswrvY1x9cdzCsNI92SkYxCvsVI27DCeeF5cfkApkZ0YcnOJm+3joTgpP - uF8mQiPsyavyuBg4QWWPwGJosDRbycmHEzGDRLoizSkAQX5c+rvCvVECAwEAAQ== - -----END RSA PUBLIC KEY----- + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAvanhJvtvqnTGblOF9Dy7Un3vaLAJHGeu9z8YMARFh6ENe+duILp0 + IDjJMZc7F3J01RbkjkfbzPiXmHN532MBcbKnp0Z5eUld/XmDdNCc3ekTifrYs2em + eJKFrx2Vhsx924PZ8cOOf7P+JuqJNQzMiy7ohATjpMLU9If1tjqSyV+/lGjbjckN + /e88XtG7Z4Cu5LdbD5Ajb4Rzp9gL0ae4aNw+2nX3wMJLYEjOcmBYuMzBcLYzVnZw + YrtgN9RV8md9gdb2B/Fj1PdJGDyjdiuGRE9LnloC3dpMSkmhbNm9DthsThaWMUn1 + DyrtHrJoyNTO8OvyTfWK7EqKqZcZ+0gaTmtec5VCYWSCpb/CWLmHL3ydTyzNhtRA + 9ZFRwPQUdBsYQ/G/xtGrMQf5T/FdqUj3bD5pGlw6vheabBkD8a8Bt7WB52fzWWb0 + MZZlxyWiHoIim83LI8Qa5WHkJ7jZkV8XdrwsA7hkJpVikJIbWsdzwQVWBVvz5WiF + 0z1vi/cb5EYe3MRRshhG5VpTHBJzDRmvkdbKqrWi8dFEzJGkr0NPflmVKYAIBnRI + xLemDSacswrvY1x9cdzCsNI92SkYxCvsVI27DCeeF5cfkApkZ0YcnOJm+3joTgpP + uF8mQiPsyavyuBg4QWWPwGJosDRbycmHEzGDRLoizSkAQX5c+rvCvVECAwEAAQ== + -----END RSA PUBLIC KEY----- ''; tinc.pubkey_ed25519 = "5ZhQyLQ2RLTkKvFCN38dfmqfjZOnZmm19Vr1eiOVlID"; }; -- cgit v1.2.3 From defe02c50f2fc0e3566c6c547e91bd13db77a958 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 15 Feb 2023 16:05:17 +0100 Subject: kartei/mic92: drop old hosts --- kartei/mic92/default.nix | 111 ----------------------------------------------- 1 file changed, 111 deletions(-) diff --git a/kartei/mic92/default.nix b/kartei/mic92/default.nix index f0776985f..796f0fd33 100644 --- a/kartei/mic92/default.nix +++ b/kartei/mic92/default.nix @@ -51,24 +51,6 @@ in { }; }; }; - herbert = { - owner = config.krebs.users.mic92; - nets = rec { - retiolum = { - aliases = [ "herbert.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA7ZINr8YxVwHtcOR+ySpc9UjnJWsFXlOyu3CnrJ8IrY+mPA25UmNZ - stXd8QbJuxpad9HyPs294uW8UmXttEZzIwAlikVHasM5IQHVltudTTFvv7s3YFWd - /lgpHbo8zOA2mafx+Sr02Fy/lHjk6BTf8IOzdJIpUHZL/P+FUl9baBwGLmtbEvPh - fbvtf5QryBjJ9nRnb+wsPVpeFE/LncIMK/bYQsyE01T5QDu/muAaeYPbgm6FqaQH - OJ4oEHsarWBvU1qzgz/IRz0BHHeTrbbP3AG/glTwL02Z1mtTXSjME7cfk7ZRM5Cj - jXAqnqu2m1B08Kii+zYp4BPZDmPLT5gq+QIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; rauter = { owner = config.krebs.users.mic92; nets = rec { @@ -295,32 +277,6 @@ in { }; }; }; - sauron = { - owner = config.krebs.users.mic92; - nets = rec { - internet = { - ip4.addr = "129.215.165.75"; - ip6.addr = "2001:630:3c1:164:d65d:64ff:feb0:e8a8"; - aliases = [ "sauron.i" ]; - }; - retiolum = { - via = internet; - ip4.addr = "10.243.29.194"; - aliases = [ "sauron.r" ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxmCryT4ZEhPOvdZhWhYZsRS7sz1njSh2ozh6iwXRXhjRjZ9tYZVQ - GoYc6ADnWCnb9SGpPe1WqwFMblfKofnXCvC4wLQaFsch1GIMPhujosJ4Te84BHi1 - XKqyompotE2F7iWYPE6i6UAdRK2dCapfCbiDBOjMhCnmmhM1oY5Bv/fBtx3/2N7E - W+iN6LG2t9cKibs8qrLzFtJIfWn8uXU9dkdhX3d9guCdplGOn/NT/Aq3ayvA+/Mf - 74oJVJgBT5M1rTH2+u+MU+kC+x2UD+jjXEjS55owFWsEM1jI4rGra+dpsDuzdGdG - 67wl9JlpDBy4Tkf2Bl3CQWZHsWDsR6jCqwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "Z5+fArxMfP8oLqlHpXadkGc9ROOPHBqugAMD2czmNlJ"; - }; - }; - }; bill = { owner = config.krebs.users.mic92; nets = rec { @@ -436,73 +392,6 @@ in { }; }; }; - harsha = { - owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.184"; - aliases = [ - "harsha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEA9VVG+kwSXDmjLuNCT6Mp9xTCj9IdzgjWxkExEH/Jd9kgVNXRa+39 - P8OQuHXi9fC/51363hh7ThggneIxOs2R4fZDyUcWfzv13aik34U0e+tYjhWXig+o - MClkK4/uhLrsk370MQVevpjYW23S5d+pThOm84xIchvjR9nqzp6E3jzjhyeQwHJg - dM48y7XT2+7hLvOkkEQ8xLcd35J228wVSilsSYhye1D2+ThRDbjjEkKXnIeOmU5h - TPNvn+U0lVdwUDYlS+XUhNl3awRdfzTYlPvUhTWv9zwSxS5EQjvgMqC/3/fQod2K - zyYdPwCwEyrksr9JvJF/t+oCw4hf3V4iOwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - }; - - redha = { - owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.188"; - aliases = [ - "redha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O - s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE - a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH - RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e - FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm - mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "oRGc9V9G9GFsY1bZIaJamoDEAZU2kphlpxXOMBxI2GN"; - }; - }; - }; - - grandalf = { - owner = config.krebs.users.mic92; - nets = { - retiolum = { - ip4.addr = "10.243.29.187"; - aliases = [ - "grandalf.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7 - XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC - qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL - 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI - jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/ - /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - tinc.pubkey_ed25519 = "dzjT09UeUGJCbUFrBo+FtbnXrsxFQnmqmJw7tjpJQJL"; - }; - }; - }; doctor = { owner = config.krebs.users.mic92; -- cgit v1.2.3 From 5bab00f73d27a96f6ce319040b69e4d83a81e52a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2023 10:10:53 +0100 Subject: l radio: move to 2/services --- lass/1systems/neoprism/config.nix | 2 +- lass/1systems/radio/config.nix | 2 +- lass/2configs/radio/container-host.nix | 23 -- lass/2configs/radio/controls.html | 83 ------ lass/2configs/radio/default.nix | 328 ------------------------ lass/2configs/radio/news.nix | 106 -------- lass/2configs/radio/radio.liq | 112 -------- lass/2configs/radio/shell.nix | 7 - lass/2configs/radio/weather.nix | 60 ----- lass/2configs/radio/weather_for_ips.py | 48 ---- lass/2configs/services/radio/container-host.nix | 23 ++ lass/2configs/services/radio/controls.html | 83 ++++++ lass/2configs/services/radio/default.nix | 328 ++++++++++++++++++++++++ lass/2configs/services/radio/news.nix | 106 ++++++++ lass/2configs/services/radio/radio.liq | 112 ++++++++ lass/2configs/services/radio/shell.nix | 7 + lass/2configs/services/radio/weather.nix | 60 +++++ lass/2configs/services/radio/weather_for_ips.py | 48 ++++ 18 files changed, 769 insertions(+), 769 deletions(-) delete mode 100644 lass/2configs/radio/container-host.nix delete mode 100644 lass/2configs/radio/controls.html delete mode 100644 lass/2configs/radio/default.nix delete mode 100644 lass/2configs/radio/news.nix delete mode 100644 lass/2configs/radio/radio.liq delete mode 100644 lass/2configs/radio/shell.nix delete mode 100644 lass/2configs/radio/weather.nix delete mode 100644 lass/2configs/radio/weather_for_ips.py create mode 100644 lass/2configs/services/radio/container-host.nix create mode 100644 lass/2configs/services/radio/controls.html create mode 100644 lass/2configs/services/radio/default.nix create mode 100644 lass/2configs/services/radio/news.nix create mode 100644 lass/2configs/services/radio/radio.liq create mode 100644 lass/2configs/services/radio/shell.nix create mode 100644 lass/2configs/services/radio/weather.nix create mode 100644 lass/2configs/services/radio/weather_for_ips.py diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index be80e28da..4c9455356 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -8,7 +8,7 @@ # sync-containers - + diff --git a/lass/1systems/radio/config.nix b/lass/1systems/radio/config.nix index 5e34335d3..00e9bd3fe 100644 --- a/lass/1systems/radio/config.nix +++ b/lass/1systems/radio/config.nix @@ -7,7 +7,7 @@ with import ; - + ]; krebs.build.host = config.krebs.hosts.radio; diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/radio/container-host.nix deleted file mode 100644 index de0ea9afe..000000000 --- a/lass/2configs/radio/container-host.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: -{ - krebs.sync-containers3.containers.radio = { - sshKey = "${toString }/radio.sync.key"; - }; - containers.radio = { - bindMounts."/var/music" = { - hostPath = "/var/music"; - isReadOnly = false; - }; - }; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } - ]; - krebs.htgen.radio-redirect = { - port = 8000; - scriptFile = pkgs.writers.writeDash "redir" '' - printf 'HTTP/1.1 301 Moved Permanently\r\n' - printf "Location: http://radio.lassul.us''${Request_URI}\r\n" - printf '\r\n' - ''; - }; -} diff --git a/lass/2configs/radio/controls.html b/lass/2configs/radio/controls.html deleted file mode 100644 index 858dc3656..000000000 --- a/lass/2configs/radio/controls.html +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - - - The_Playlist Voting! - - - - - -
- - - -
- Currently Running:
- -
-
-
- -
- - - - diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix deleted file mode 100644 index a511196fd..000000000 --- a/lass/2configs/radio/default.nix +++ /dev/null @@ -1,328 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - name = "radio"; - - music_dir = "/var/music"; - - skip_track = pkgs.writers.writeBashBin "skip_track" '' - set -eu - - # TODO come up with new rating, without moving files - # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) - # track_infos=$(${print_current}/bin/print_current) - # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0) - # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then - # skip_count=$((skip_count+1)) - # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track" - # echo skipping: "$track_infos" skip_count: "$skip_count" - # else - # mkdir -p "$music_dir"/the_playlist/.graveyard/ - # mv "$current_track" "$music_dir"/the_playlist/.graveyard/ - # echo killing: "$track_infos" - # fi - ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip | - ${pkgs.jq}/bin/jq -r '.filename' - ''; - - good_track = pkgs.writeBashBin "good_track" '' - set -eu - - current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) - track_infos=$(${print_current}/bin/print_current) - # TODO come up with new rating, without moving files - # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then - # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track" - # else - # mv "$current_track" "$music_dir"/the_playlist/music/ || : - # fi - echo good: "$track_infos" - ''; - - print_current = pkgs.writeDashBin "print_current" '' - file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | - ${pkgs.jq}/bin/jq -r '.filename' | - ${pkgs.gnused}/bin/sed 's,^${music_dir},,' - ) - link=$(${pkgs.curl}/bin/curl http://localhost:8002/current | - ${pkgs.jq}/bin/jq -r '.filename' | - ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@' - ) - echo "$file": "$link" - ''; - - set_irc_topic = pkgs.writeDash "set_irc_topic" '' - ${pkgs.curl}/bin/curl -fsS --unix-socket /home/radio/reaktor.sock http://z/ \ - -H content-type:application/json \ - -d "$(${pkgs.jq}/bin/jq -n \ - --arg text "$1" '{ - command:"TOPIC", - params:["#the_playlist",$text] - }' - )" - ''; - - write_to_irc = pkgs.writeDash "write_to_irc" '' - ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ - -H content-type:application/json \ - -d "$(${pkgs.jq}/bin/jq -n \ - --arg text "$1" '{ - command:"PRIVMSG", - params:["#the_playlist",$text] - }' - )" - ''; - -in { - imports = [ - ./news.nix - ./weather.nix - ]; - - users.users = { - "${name}" = rec { - inherit name; - createHome = lib.mkForce false; - group = name; - uid = pkgs.stockholm.lib.genid_uint31 name; - description = "radio manager"; - home = "/home/${name}"; - useDefaultShell = true; - openssh.authorizedKeys.keys = with config.krebs.users; [ - lass.pubkey - ]; - }; - }; - - users.groups = { - "radio" = {}; - }; - - krebs.per-user.${name}.packages = with pkgs; [ - good_track - skip_track - print_current - ]; - - services.liquidsoap.streams.radio = ./radio.liq; - systemd.services.radio = { - environment = { - RADIO_PORT = "8002"; - HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" '' - set -xefu - LIMIT=1000 #how many tracks to keep in the history - HISTORY_FILE=/var/lib/radio/recent - - listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl | - ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0) - echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE" - echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" - ${set_irc_topic} "playing: $filename listeners: $listeners" - ''; - MUSIC = "${music_dir}/the_playlist"; - ICECAST_HOST = "localhost"; - }; - path = [ - pkgs.yt-dlp - ]; - serviceConfig.User = lib.mkForce "radio"; - }; - - nixpkgs.config.packageOverrides = opkgs: { - icecast = opkgs.icecast.overrideAttrs (old: rec { - version = "2.5-beta3"; - - src = pkgs.fetchurl { - url = "http://downloads.xiph.org/releases/icecast/icecast-${version}.tar.gz"; - sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8="; - }; - - buildInputs = old.buildInputs ++ [ pkgs.pkg-config ]; - }); - }; - services.icecast = { - enable = true; - hostname = "radio.lassul.us"; - admin.password = "hackme"; - extraConf = '' - - hackme - admin - hackme - - - - - - - 3 - - ''; - }; - - krebs.iptables = { - tables = { - filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; } - ]; - }; - }; - - # allow reaktor2 to modify files - systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false; - - krebs.reaktor2.the_playlist = { - hostname = "irc.hackint.org"; - port = "6697"; - useTLS = true; - nick = "the_playlist"; - username = "radio"; - API.listen = "unix:/home/radio/reaktor.sock"; - plugins = [ - { - plugin = "register"; - config = { - channels = [ - "#the_playlist" - "#krebs" - ]; - }; - } - { - plugin = "system"; - config = { - workdir = config.krebs.reaktor2.the_playlist.stateDir; - hooks.PRIVMSG = [ - { - activate = "match"; - pattern = "^(?:.*\\s)?\\s*the_playlist:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; - command = 1; - arguments = [2]; - commands = { - skip.filename = "${skip_track}/bin/skip_track"; - next.filename = "${skip_track}/bin/skip_track"; - bad.filename = "${skip_track}/bin/skip_track"; - - good.filename = "${good_track}/bin/good_track"; - nice.filename = "${good_track}/bin/good_track"; - like.filename = "${good_track}/bin/good_track"; - - current.filename = "${print_current}/bin/print_current"; - wish.filename = pkgs.writeDash "wish" '' - echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null - ''; - wishlist.filename = pkgs.writeDash "wishlist" '' - ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]' - ''; - suggest.filename = pkgs.writeDash "suggest" '' - echo "$@" >> playlist_suggest - ''; - }; - } - ]; - }; - } - ]; - }; - - krebs.htgen.radio = { - port = 8001; - user = { - name = "radio"; - }; - scriptFile = pkgs.writeDash "radio" '' - case "$Method $Request_URI" in - "POST /skip") - printf 'HTTP/1.1 200 OK\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - msg=$(${skip_track}/bin/skip_track) - ${write_to_irc} "$msg" - echo "$msg" - exit - ;; - "POST /good") - printf 'HTTP/1.1 200 OK\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - msg=$(${good_track}/bin/good_track) - ${write_to_irc} "$msg" - echo "$msg" - exit - ;; - esac - ''; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; - services.nginx = { - enable = true; - virtualHosts."radio.r" = { - locations."/".extraConfig = '' - # https://github.com/aswild/icecast-notes#core-nginx-config - proxy_pass http://localhost:8000; - # Disable request size limit, very important for uploading large files - client_max_body_size 0; - - # Enable support `Transfer-Encoding: chunked` - chunked_transfer_encoding on; - - # Disable request and response buffering, minimize latency to/from Icecast - proxy_buffering off; - proxy_request_buffering off; - - # Icecast needs HTTP/1.1, not 1.0 or 2 - proxy_http_version 1.1; - - # Forward all original request headers - proxy_pass_request_headers on; - - # Set some standard reverse proxy headers. Icecast server currently ignores these, - # but may support them in a future version so that access logs are more useful. - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - # get source ip for weather reports - proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; - ''; - locations."= /recent".extraConfig = '' - default_type "text/plain"; - alias /var/lib/radio/recent; - ''; - locations."= /current".extraConfig = '' - proxy_pass http://localhost:8002; - ''; - locations."= /skip".extraConfig = '' - proxy_pass http://localhost:8001; - ''; - locations."= /good".extraConfig = '' - proxy_pass http://localhost:8001; - ''; - locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" '' - #!/bin/sh - trap 'exit 0' EXIT - while sleep 1; do - mpv \ - --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \ - 'http://radio.lassul.us/radio.ogg' - done - ''; - locations."= /controls".extraConfig = '' - default_type "text/html"; - alias ${./controls.html}; - ''; - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - ''; - }; - }; - services.syncthing.declarative.folders."the_playlist" = { - path = "/var/music/the_playlist"; - devices = [ "mors" "phone" "prism" "omo" "radio" ]; - }; - krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true; - krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {}; - krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {}; -} diff --git a/lass/2configs/radio/news.nix b/lass/2configs/radio/news.nix deleted file mode 100644 index 0dc711e6c..000000000 --- a/lass/2configs/radio/news.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ config, lib, pkgs, ... }: -let - - send_to_radio = pkgs.writers.writeDashBin "send_to_radio" '' - ${pkgs.vorbis-tools}/bin/oggenc - | - ${pkgs.cyberlocker-tools}/bin/cput news.ogg - ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow - ''; - - gc_news = pkgs.writers.writeDashBin "gc_news" '' - set -xefu - export TZ=UTC #workaround for jq parsing wrong timestamp - ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp - ${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news - ''; - - get_current_news = pkgs.writers.writeDashBin "get_current_news" '' - set -xefu - export TZ=UTC #workaround for jq parsing wrong timestamp - ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs ' - sort_by(.priority) | - map(select( - ((.to | fromdateiso8601) > now) and - (.from|fromdateiso8601) < now) | - .text - ) | .[]' - ''; - - newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ '' - cat << EOF - hello crabpeople! - $(${pkgs.ddate}/bin/ddate +'Today is %{%A, the %e of %B%}, %Y. %N%nCelebrate %H') - It is $(date --utc +%H) o clock UTC. - todays news: - $(get_current_news) - $(gc_news) - EOF - ''; -in -{ - systemd.services.newsshow = { - path = [ - newsshow - send_to_radio - gc_news - get_current_news - pkgs.curl - pkgs.retry - ]; - script = '' - set -efu - retry -t 5 -d 10 -- newsshow | - retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' | - retry -t 5 -d 10 -- send_to_radio - ''; - startAt = "*:00:00"; - serviceConfig = { - User = "radio-news"; - }; - }; - - services.nginx.virtualHosts."radio-news.r" = { - locations."/" = { - proxyPass = "http://localhost:7999"; - proxyWebsockets = true; - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - ''; - }; - }; - krebs.htgen.news = { - port = 7999; - user = { - name = "radio-news"; - }; - script = ''. ${pkgs.writers.writeDash "htgen-news" '' - set -xefu - case "''${Method:-GET} $Request_URI" in - "GET /") - printf 'HTTP/1.1 200 OK\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - cat "$HOME"/news | jq -sc . - exit - ;; - "POST /") - payload=$(head -c "$req_content_length") - printf '%s' "$payload" | jq 'has("from") and has("to") and has("text")' >&2 - printf '%s' "$payload" | jq -c '{ from: .from, to: .to, text: .text, priority: (.priority // 0)}' >> "$HOME"/news - printf 'HTTP/1.1 200 OK\r\n' - printf 'Connection: close\r\n' - printf '\r\n' - exit - ;; - esac - ''}''; - }; - - ## debug - # environment.systemPackages = [ - # weather_report - # send_to_radio - # newsshow - # ]; -} diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq deleted file mode 100644 index 1366287a7..000000000 --- a/lass/2configs/radio/radio.liq +++ /dev/null @@ -1,112 +0,0 @@ -log.stdout.set(true) - -# use yt-dlp -settings.protocol.youtube_dl.path.set("yt-dlp") - -## functions - -def stringify_attrs(attrs) = - let json.stringify out = (attrs : [(string * string)] as json.object) - out -end - -def filter_music(req) = - filename = request.filename(req) - if string.match(pattern = '.*/\\.graveyard/.*', filename) then - false - else - true - end -end - -def queue_contents(q) = - list.map(fun (req) -> request.uri(req), q) -end -## main - -env = environment() -port = string.to_int(env["RADIO_PORT"], default = 8000) - -all_music = playlist(env["MUSIC"], check_next = filter_music) -wishlist = request.queue() -tracks = fallback(track_sensitive = true, [wishlist, all_music]) -tracks = blank.eat(tracks) - -last_metadata = ref([]) -def on_metadata(m) = - last_metadata := m - print("changing tracks") - out = process.read(env["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0) - print(out) -end -tracks.on_metadata(on_metadata) - -# some nice effects -music = crossfade(tracks) -music = mksafe(music) -music = normalize(music) - -news = request.queue() -radio = smooth_add(normal = music, special = amplify(1.5, news)) - -if string.length(env["ICECAST_HOST"]) > 0 then - output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music) - output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music) - output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music) - - output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio) - output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio) - output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio) -else - output(fallible = true, buffer(radio)) -end - -interactive.harbor(port = port) - -def current(~protocol, ~headers, ~data, uri) = - http.response(content_type = "application/json", data = stringify_attrs( - !last_metadata - )) -end -harbor.http.register("/current", port = port, current) - -def skip(~protocol, ~headers, ~data, uri) = - tracks.skip() - http.response(content_type = "application/json", data = stringify_attrs( - !last_metadata - )) -end -harbor.http.register("/skip", method = "POST", port = port, skip) - -def all_tracks(~protocol, ~headers, ~data, uri) = - http.response(content_type = "application/json", data = json.stringify( - all_music.remaining_files() - )) -end -harbor.http.register("/all_tracks", port = port, all_tracks) - -def wish_track(~protocol, ~headers, ~data, uri) = - # disallow process: - if string.match(pattern = '^process:', data) then - http.response(code = 400) - else - # TODO report errors back - wish = request.create(data) - wishlist.push(wish) - http.response(content_type = "application/json", data = "ok") - end -end -harbor.http.register("/wish", method = "POST", port = port, wish_track) - -def wish_tracklist(~protocol, ~headers, ~data, uri) = - http.response(content_type = "application/json", data = json.stringify( - queue_contents(wishlist.queue()) - )) -end -harbor.http.register("/wish", port = port, wish_tracklist) - -def newsshow(~protocol, ~headers, ~data, uri) = - news.push(request.create("http://c.r/news.ogg")) - http.response(content_type = "application/json", data = "ok") -end -harbor.http.register("/newsshow", method = "POST", port = port, newsshow) diff --git a/lass/2configs/radio/shell.nix b/lass/2configs/radio/shell.nix deleted file mode 100644 index 9d00e3b06..000000000 --- a/lass/2configs/radio/shell.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs ? import {} }: -pkgs.mkShell { - buildInputs = [ - pkgs.liquidsoap - pkgs.yt-dlp - ]; -} diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix deleted file mode 100644 index dca8a7843..000000000 --- a/lass/2configs/radio/weather.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: -let - weather_for_ips = pkgs.writers.writePython3Bin "weather_for_ips" { - libraries = [ pkgs.python3Packages.geoip2 ]; - flakeIgnore = [ "E501" ]; - } ./weather_for_ips.py; - - weather_report = pkgs.writers.writeDashBin "weather_report" '' - set -efux - export PATH="${lib.makeBinPath [ - pkgs.coreutils - pkgs.curl - pkgs.jq - ]}" - curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb - MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB - OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY - ( - curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg' - curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3' - curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus' - ) | jq -rs ' - [ - .[][].source|values|to_entries[].value | - (.listener//[]) [] | - (.useragent | capture("client-ip=(?[a-f0-9.:]+)")).ip // .ip - ] | - unique[] | - select(. != "127.0.0.1") | - select(. != "::1") - ' | - ${weather_for_ips}/bin/weather_for_ips - ''; -in { - systemd.services.weather = { - path = [ - weather_report - pkgs.retry - pkgs.jq - pkgs.curl - ]; - script = '' - set -xefu - retry -t 5 -d 10 -- weather_report | - jq \ - --arg from "$(date -u +'%FT%TZ')" \ - --arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \ - --slurp --raw-input --compact-output --ascii-output \ - '{text: ., from: $from, to: $to, priority: 100}' | - retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r - ''; - startAt = "*:58:00"; - serviceConfig = { - User = "radio-news"; - LoadCredential = [ - "openweather_api:${toString }/openweather_api_key" - ]; - }; - }; -} diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py deleted file mode 100644 index 62206a985..000000000 --- a/lass/2configs/radio/weather_for_ips.py +++ /dev/null @@ -1,48 +0,0 @@ -import geoip2.database -import fileinput -import json -import requests -import os -import random - - -geoip = geoip2.database.Reader(os.environ['MAXMIND_GEOIP_DB']) -seen = {} -output = [] -for ip in fileinput.input(): - if "80.147.140.51" in ip: - output.append( - 'Weather report for c-base, space.' - 'It is empty space outside ' - 'with a temperature of -270 degrees, ' - 'a lightspeed of 299792 kilometers per second ' - 'and a humidity of Not a Number percent. ' - f'The probability of reincarnation is {random.randrange(0, 100)} percent.' - ) - else: - try: - location = geoip.city(ip.strip()) - if location.city.geoname_id not in seen: - seen[location.city.geoname_id] = True - weather_api_key = os.environ['OPENWEATHER_API_KEY'] - url = ( - f'https://api.openweathermap.org/data/2.5/onecall' - f'?lat={location.location.latitude}' - f'&lon={location.location.longitude}' - f'&appid={weather_api_key}' - f'&units=metric' - ) - resp = requests.get(url) - weather = json.loads(resp.text) - output.append( - f'Weather report for {location.city.name}, {location.country.name}. ' - f'It is {weather["current"]["weather"][0]["description"]} outside ' - f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' - f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' - f'and a humidity of {weather["current"]["humidity"]} percent. ' - f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' - ) - except: # noqa E722 - pass - -print('\n'.join(output)) diff --git a/lass/2configs/services/radio/container-host.nix b/lass/2configs/services/radio/container-host.nix new file mode 100644 index 000000000..de0ea9afe --- /dev/null +++ b/lass/2configs/services/radio/container-host.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + krebs.sync-containers3.containers.radio = { + sshKey = "${toString }/radio.sync.key"; + }; + containers.radio = { + bindMounts."/var/music" = { + hostPath = "/var/music"; + isReadOnly = false; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + ]; + krebs.htgen.radio-redirect = { + port = 8000; + scriptFile = pkgs.writers.writeDash "redir" '' + printf 'HTTP/1.1 301 Moved Permanently\r\n' + printf "Location: http://radio.lassul.us''${Request_URI}\r\n" + printf '\r\n' + ''; + }; +} diff --git a/lass/2configs/services/radio/controls.html b/lass/2configs/services/radio/controls.html new file mode 100644 index 000000000..858dc3656 --- /dev/null +++ b/lass/2configs/services/radio/controls.html @@ -0,0 +1,83 @@ + + + + + + + + The_Playlist Voting! + + + + + +
+ + + +
+ Currently Running:
+ +
+
+
+ +
+ + + + diff --git a/lass/2configs/services/radio/default.nix b/lass/2configs/services/radio/default.nix new file mode 100644 index 000000000..a511196fd --- /dev/null +++ b/lass/2configs/services/radio/default.nix @@ -0,0 +1,328 @@ +{ config, pkgs, lib, ... }: + +let + name = "radio"; + + music_dir = "/var/music"; + + skip_track = pkgs.writers.writeBashBin "skip_track" '' + set -eu + + # TODO come up with new rating, without moving files + # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) + # track_infos=$(${print_current}/bin/print_current) + # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0) + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then + # skip_count=$((skip_count+1)) + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track" + # echo skipping: "$track_infos" skip_count: "$skip_count" + # else + # mkdir -p "$music_dir"/the_playlist/.graveyard/ + # mv "$current_track" "$music_dir"/the_playlist/.graveyard/ + # echo killing: "$track_infos" + # fi + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip | + ${pkgs.jq}/bin/jq -r '.filename' + ''; + + good_track = pkgs.writeBashBin "good_track" '' + set -eu + + current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) + track_infos=$(${print_current}/bin/print_current) + # TODO come up with new rating, without moving files + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track" + # else + # mv "$current_track" "$music_dir"/the_playlist/music/ || : + # fi + echo good: "$track_infos" + ''; + + print_current = pkgs.writeDashBin "print_current" '' + file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's,^${music_dir},,' + ) + link=$(${pkgs.curl}/bin/curl http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@' + ) + echo "$file": "$link" + ''; + + set_irc_topic = pkgs.writeDash "set_irc_topic" '' + ${pkgs.curl}/bin/curl -fsS --unix-socket /home/radio/reaktor.sock http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"TOPIC", + params:["#the_playlist",$text] + }' + )" + ''; + + write_to_irc = pkgs.writeDash "write_to_irc" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["#the_playlist",$text] + }' + )" + ''; + +in { + imports = [ + ./news.nix + ./weather.nix + ]; + + users.users = { + "${name}" = rec { + inherit name; + createHome = lib.mkForce false; + group = name; + uid = pkgs.stockholm.lib.genid_uint31 name; + description = "radio manager"; + home = "/home/${name}"; + useDefaultShell = true; + openssh.authorizedKeys.keys = with config.krebs.users; [ + lass.pubkey + ]; + }; + }; + + users.groups = { + "radio" = {}; + }; + + krebs.per-user.${name}.packages = with pkgs; [ + good_track + skip_track + print_current + ]; + + services.liquidsoap.streams.radio = ./radio.liq; + systemd.services.radio = { + environment = { + RADIO_PORT = "8002"; + HOOK_TRACK_CHANGE = pkgs.writers.writeDash "on_change" '' + set -xefu + LIMIT=1000 #how many tracks to keep in the history + HISTORY_FILE=/var/lib/radio/recent + + listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl | + ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0) + echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE" + echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" + ${set_irc_topic} "playing: $filename listeners: $listeners" + ''; + MUSIC = "${music_dir}/the_playlist"; + ICECAST_HOST = "localhost"; + }; + path = [ + pkgs.yt-dlp + ]; + serviceConfig.User = lib.mkForce "radio"; + }; + + nixpkgs.config.packageOverrides = opkgs: { + icecast = opkgs.icecast.overrideAttrs (old: rec { + version = "2.5-beta3"; + + src = pkgs.fetchurl { + url = "http://downloads.xiph.org/releases/icecast/icecast-${version}.tar.gz"; + sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8="; + }; + + buildInputs = old.buildInputs ++ [ pkgs.pkg-config ]; + }); + }; + services.icecast = { + enable = true; + hostname = "radio.lassul.us"; + admin.password = "hackme"; + extraConf = '' + + hackme + admin + hackme + + + - + - + 3 + + ''; + }; + + krebs.iptables = { + tables = { + filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; } + ]; + }; + }; + + # allow reaktor2 to modify files + systemd.services."reaktor2-the_playlist".serviceConfig.DynamicUser = lib.mkForce false; + + krebs.reaktor2.the_playlist = { + hostname = "irc.hackint.org"; + port = "6697"; + useTLS = true; + nick = "the_playlist"; + username = "radio"; + API.listen = "unix:/home/radio/reaktor.sock"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#the_playlist" + "#krebs" + ]; + }; + } + { + plugin = "system"; + config = { + workdir = config.krebs.reaktor2.the_playlist.stateDir; + hooks.PRIVMSG = [ + { + activate = "match"; + pattern = "^(?:.*\\s)?\\s*the_playlist:\\s*([0-9A-Za-z._][0-9A-Za-z._-]*)(?:\\s+(.*\\S))?\\s*$"; + command = 1; + arguments = [2]; + commands = { + skip.filename = "${skip_track}/bin/skip_track"; + next.filename = "${skip_track}/bin/skip_track"; + bad.filename = "${skip_track}/bin/skip_track"; + + good.filename = "${good_track}/bin/good_track"; + nice.filename = "${good_track}/bin/good_track"; + like.filename = "${good_track}/bin/good_track"; + + current.filename = "${print_current}/bin/print_current"; + wish.filename = pkgs.writeDash "wish" '' + echo "youtube-dl:$1" | ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish -d @- > /dev/null + ''; + wishlist.filename = pkgs.writeDash "wishlist" '' + ${pkgs.curl}/bin/curl -fSs http://localhost:8002/wish | ${pkgs.jq}/bin/jq -r '.[]' + ''; + suggest.filename = pkgs.writeDash "suggest" '' + echo "$@" >> playlist_suggest + ''; + }; + } + ]; + }; + } + ]; + }; + + krebs.htgen.radio = { + port = 8001; + user = { + name = "radio"; + }; + scriptFile = pkgs.writeDash "radio" '' + case "$Method $Request_URI" in + "POST /skip") + printf 'HTTP/1.1 200 OK\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + msg=$(${skip_track}/bin/skip_track) + ${write_to_irc} "$msg" + echo "$msg" + exit + ;; + "POST /good") + printf 'HTTP/1.1 200 OK\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + msg=$(${good_track}/bin/good_track) + ${write_to_irc} "$msg" + echo "$msg" + exit + ;; + esac + ''; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + services.nginx = { + enable = true; + virtualHosts."radio.r" = { + locations."/".extraConfig = '' + # https://github.com/aswild/icecast-notes#core-nginx-config + proxy_pass http://localhost:8000; + # Disable request size limit, very important for uploading large files + client_max_body_size 0; + + # Enable support `Transfer-Encoding: chunked` + chunked_transfer_encoding on; + + # Disable request and response buffering, minimize latency to/from Icecast + proxy_buffering off; + proxy_request_buffering off; + + # Icecast needs HTTP/1.1, not 1.0 or 2 + proxy_http_version 1.1; + + # Forward all original request headers + proxy_pass_request_headers on; + + # Set some standard reverse proxy headers. Icecast server currently ignores these, + # but may support them in a future version so that access logs are more useful. + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; + ''; + locations."= /recent".extraConfig = '' + default_type "text/plain"; + alias /var/lib/radio/recent; + ''; + locations."= /current".extraConfig = '' + proxy_pass http://localhost:8002; + ''; + locations."= /skip".extraConfig = '' + proxy_pass http://localhost:8001; + ''; + locations."= /good".extraConfig = '' + proxy_pass http://localhost:8001; + ''; + locations."= /radio.sh".alias = pkgs.writeScript "radio.sh" '' + #!/bin/sh + trap 'exit 0' EXIT + while sleep 1; do + mpv \ + --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \ + 'http://radio.lassul.us/radio.ogg' + done + ''; + locations."= /controls".extraConfig = '' + default_type "text/html"; + alias ${./controls.html}; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; + }; + services.syncthing.declarative.folders."the_playlist" = { + path = "/var/music/the_playlist"; + devices = [ "mors" "phone" "prism" "omo" "radio" ]; + }; + krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true; + krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {}; + krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {}; +} diff --git a/lass/2configs/services/radio/news.nix b/lass/2configs/services/radio/news.nix new file mode 100644 index 000000000..0dc711e6c --- /dev/null +++ b/lass/2configs/services/radio/news.nix @@ -0,0 +1,106 @@ +{ config, lib, pkgs, ... }: +let + + send_to_radio = pkgs.writers.writeDashBin "send_to_radio" '' + ${pkgs.vorbis-tools}/bin/oggenc - | + ${pkgs.cyberlocker-tools}/bin/cput news.ogg + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/newsshow + ''; + + gc_news = pkgs.writers.writeDashBin "gc_news" '' + set -xefu + export TZ=UTC #workaround for jq parsing wrong timestamp + ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp + ${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news + ''; + + get_current_news = pkgs.writers.writeDashBin "get_current_news" '' + set -xefu + export TZ=UTC #workaround for jq parsing wrong timestamp + ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs ' + sort_by(.priority) | + map(select( + ((.to | fromdateiso8601) > now) and + (.from|fromdateiso8601) < now) | + .text + ) | .[]' + ''; + + newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ '' + cat << EOF + hello crabpeople! + $(${pkgs.ddate}/bin/ddate +'Today is %{%A, the %e of %B%}, %Y. %N%nCelebrate %H') + It is $(date --utc +%H) o clock UTC. + todays news: + $(get_current_news) + $(gc_news) + EOF + ''; +in +{ + systemd.services.newsshow = { + path = [ + newsshow + send_to_radio + gc_news + get_current_news + pkgs.curl + pkgs.retry + ]; + script = '' + set -efu + retry -t 5 -d 10 -- newsshow | + retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' | + retry -t 5 -d 10 -- send_to_radio + ''; + startAt = "*:00:00"; + serviceConfig = { + User = "radio-news"; + }; + }; + + services.nginx.virtualHosts."radio-news.r" = { + locations."/" = { + proxyPass = "http://localhost:7999"; + proxyWebsockets = true; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; + }; + krebs.htgen.news = { + port = 7999; + user = { + name = "radio-news"; + }; + script = ''. ${pkgs.writers.writeDash "htgen-news" '' + set -xefu + case "''${Method:-GET} $Request_URI" in + "GET /") + printf 'HTTP/1.1 200 OK\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + cat "$HOME"/news | jq -sc . + exit + ;; + "POST /") + payload=$(head -c "$req_content_length") + printf '%s' "$payload" | jq 'has("from") and has("to") and has("text")' >&2 + printf '%s' "$payload" | jq -c '{ from: .from, to: .to, text: .text, priority: (.priority // 0)}' >> "$HOME"/news + printf 'HTTP/1.1 200 OK\r\n' + printf 'Connection: close\r\n' + printf '\r\n' + exit + ;; + esac + ''}''; + }; + + ## debug + # environment.systemPackages = [ + # weather_report + # send_to_radio + # newsshow + # ]; +} diff --git a/lass/2configs/services/radio/radio.liq b/lass/2configs/services/radio/radio.liq new file mode 100644 index 000000000..1366287a7 --- /dev/null +++ b/lass/2configs/services/radio/radio.liq @@ -0,0 +1,112 @@ +log.stdout.set(true) + +# use yt-dlp +settings.protocol.youtube_dl.path.set("yt-dlp") + +## functions + +def stringify_attrs(attrs) = + let json.stringify out = (attrs : [(string * string)] as json.object) + out +end + +def filter_music(req) = + filename = request.filename(req) + if string.match(pattern = '.*/\\.graveyard/.*', filename) then + false + else + true + end +end + +def queue_contents(q) = + list.map(fun (req) -> request.uri(req), q) +end +## main + +env = environment() +port = string.to_int(env["RADIO_PORT"], default = 8000) + +all_music = playlist(env["MUSIC"], check_next = filter_music) +wishlist = request.queue() +tracks = fallback(track_sensitive = true, [wishlist, all_music]) +tracks = blank.eat(tracks) + +last_metadata = ref([]) +def on_metadata(m) = + last_metadata := m + print("changing tracks") + out = process.read(env["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0) + print(out) +end +tracks.on_metadata(on_metadata) + +# some nice effects +music = crossfade(tracks) +music = mksafe(music) +music = normalize(music) + +news = request.queue() +radio = smooth_add(normal = music, special = amplify(1.5, news)) + +if string.length(env["ICECAST_HOST"]) > 0 then + output.icecast(host = env["ICECAST_HOST"], mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), music) + output.icecast(host = env["ICECAST_HOST"], mount = '/music.mp3', password = 'hackme', %mp3.vbr(), music) + output.icecast(host = env["ICECAST_HOST"], mount = '/music.opus', password = 'hackme', %opus(bitrate = 128), music) + + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), radio) + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), radio) + output.icecast(host = env["ICECAST_HOST"], mount = '/radio.opus', password = 'hackme', %opus(bitrate = 128), radio) +else + output(fallible = true, buffer(radio)) +end + +interactive.harbor(port = port) + +def current(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = stringify_attrs( + !last_metadata + )) +end +harbor.http.register("/current", port = port, current) + +def skip(~protocol, ~headers, ~data, uri) = + tracks.skip() + http.response(content_type = "application/json", data = stringify_attrs( + !last_metadata + )) +end +harbor.http.register("/skip", method = "POST", port = port, skip) + +def all_tracks(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = json.stringify( + all_music.remaining_files() + )) +end +harbor.http.register("/all_tracks", port = port, all_tracks) + +def wish_track(~protocol, ~headers, ~data, uri) = + # disallow process: + if string.match(pattern = '^process:', data) then + http.response(code = 400) + else + # TODO report errors back + wish = request.create(data) + wishlist.push(wish) + http.response(content_type = "application/json", data = "ok") + end +end +harbor.http.register("/wish", method = "POST", port = port, wish_track) + +def wish_tracklist(~protocol, ~headers, ~data, uri) = + http.response(content_type = "application/json", data = json.stringify( + queue_contents(wishlist.queue()) + )) +end +harbor.http.register("/wish", port = port, wish_tracklist) + +def newsshow(~protocol, ~headers, ~data, uri) = + news.push(request.create("http://c.r/news.ogg")) + http.response(content_type = "application/json", data = "ok") +end +harbor.http.register("/newsshow", method = "POST", port = port, newsshow) diff --git a/lass/2configs/services/radio/shell.nix b/lass/2configs/services/radio/shell.nix new file mode 100644 index 000000000..9d00e3b06 --- /dev/null +++ b/lass/2configs/services/radio/shell.nix @@ -0,0 +1,7 @@ +{ pkgs ? import {} }: +pkgs.mkShell { + buildInputs = [ + pkgs.liquidsoap + pkgs.yt-dlp + ]; +} diff --git a/lass/2configs/services/radio/weather.nix b/lass/2configs/services/radio/weather.nix new file mode 100644 index 000000000..dca8a7843 --- /dev/null +++ b/lass/2configs/services/radio/weather.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: +let + weather_for_ips = pkgs.writers.writePython3Bin "weather_for_ips" { + libraries = [ pkgs.python3Packages.geoip2 ]; + flakeIgnore = [ "E501" ]; + } ./weather_for_ips.py; + + weather_report = pkgs.writers.writeDashBin "weather_report" '' + set -efux + export PATH="${lib.makeBinPath [ + pkgs.coreutils + pkgs.curl + pkgs.jq + ]}" + curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb + MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB + OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY + ( + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg' + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3' + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus' + ) | jq -rs ' + [ + .[][].source|values|to_entries[].value | + (.listener//[]) [] | + (.useragent | capture("client-ip=(?[a-f0-9.:]+)")).ip // .ip + ] | + unique[] | + select(. != "127.0.0.1") | + select(. != "::1") + ' | + ${weather_for_ips}/bin/weather_for_ips + ''; +in { + systemd.services.weather = { + path = [ + weather_report + pkgs.retry + pkgs.jq + pkgs.curl + ]; + script = '' + set -xefu + retry -t 5 -d 10 -- weather_report | + jq \ + --arg from "$(date -u +'%FT%TZ')" \ + --arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \ + --slurp --raw-input --compact-output --ascii-output \ + '{text: ., from: $from, to: $to, priority: 100}' | + retry -t 5 -d 10 -- curl -fSs -d@- http://radio-news.r + ''; + startAt = "*:58:00"; + serviceConfig = { + User = "radio-news"; + LoadCredential = [ + "openweather_api:${toString }/openweather_api_key" + ]; + }; + }; +} diff --git a/lass/2configs/services/radio/weather_for_ips.py b/lass/2configs/services/radio/weather_for_ips.py new file mode 100644 index 000000000..62206a985 --- /dev/null +++ b/lass/2configs/services/radio/weather_for_ips.py @@ -0,0 +1,48 @@ +import geoip2.database +import fileinput +import json +import requests +import os +import random + + +geoip = geoip2.database.Reader(os.environ['MAXMIND_GEOIP_DB']) +seen = {} +output = [] +for ip in fileinput.input(): + if "80.147.140.51" in ip: + output.append( + 'Weather report for c-base, space.' + 'It is empty space outside ' + 'with a temperature of -270 degrees, ' + 'a lightspeed of 299792 kilometers per second ' + 'and a humidity of Not a Number percent. ' + f'The probability of reincarnation is {random.randrange(0, 100)} percent.' + ) + else: + try: + location = geoip.city(ip.strip()) + if location.city.geoname_id not in seen: + seen[location.city.geoname_id] = True + weather_api_key = os.environ['OPENWEATHER_API_KEY'] + url = ( + f'https://api.openweathermap.org/data/2.5/onecall' + f'?lat={location.location.latitude}' + f'&lon={location.location.longitude}' + f'&appid={weather_api_key}' + f'&units=metric' + ) + resp = requests.get(url) + weather = json.loads(resp.text) + output.append( + f'Weather report for {location.city.name}, {location.country.name}. ' + f'It is {weather["current"]["weather"][0]["description"]} outside ' + f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' + f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' + f'and a humidity of {weather["current"]["humidity"]} percent. ' + f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' + ) + except: # noqa E722 + pass + +print('\n'.join(output)) -- cgit v1.2.3 From 6624d3aab64adcc4f8e1bf8393859fc4769e5ed2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2023 10:19:00 +0100 Subject: l neoprism.r: serve radio.lassul.us --- lass/1systems/neoprism/config.nix | 3 +++ lass/2configs/services/radio/proxy.nix | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 lass/2configs/services/radio/proxy.nix diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 4c9455356..8af63ee59 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -14,6 +14,9 @@ # other containers + + # proxying of services + ]; krebs.build.host = config.krebs.hosts.neoprism; diff --git a/lass/2configs/services/radio/proxy.nix b/lass/2configs/services/radio/proxy.nix new file mode 100644 index 000000000..49f8ade79 --- /dev/null +++ b/lass/2configs/services/radio/proxy.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."radio.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/" = { + # recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://radio.r"; + extraConfig = '' + proxy_set_header Host radio.r; + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; + ''; + }; + }; +} -- cgit v1.2.3 From 79a7ab4fd8899e7ac197318bb58a3e04affdf459 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 21 Feb 2023 11:15:26 +0100 Subject: l yellow.r: move flix to services --- lass/1systems/neoprism/config.nix | 3 +- lass/1systems/yellow/config.nix | 330 ++----------------------- lass/2configs/services/flix/container-host.nix | 40 +++ lass/2configs/services/flix/default.nix | 316 +++++++++++++++++++++++ lass/2configs/services/flix/proxy.nix | 12 + lass/2configs/yellow-host.nix | 14 -- 6 files changed, 384 insertions(+), 331 deletions(-) create mode 100644 lass/2configs/services/flix/container-host.nix create mode 100644 lass/2configs/services/flix/default.nix create mode 100644 lass/2configs/services/flix/proxy.nix delete mode 100644 lass/2configs/yellow-host.nix diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 8af63ee59..72de0df83 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -7,7 +7,7 @@ # sync-containers - + @@ -17,6 +17,7 @@ # proxying of services + ]; krebs.build.host = config.krebs.hosts.neoprism; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index ff8189e24..fb28fb029 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -5,6 +5,7 @@ in { + ]; krebs.build.host = config.krebs.hosts.yellow; @@ -14,281 +15,8 @@ in { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL"; }; - users.groups.download.members = [ "transmission" ]; - networking.useHostResolvConf = false; networking.useNetworkd = true; - services.transmission = { - enable = true; - home = "/var/state/transmission"; - group = "download"; - downloadDirPermissions = "775"; - settings = { - download-dir = "/var/download/transmission"; - incomplete-dir-enabled = false; - rpc-bind-address = "::"; - message-level = 1; - umask = 18; - rpc-whitelist-enabled = false; - rpc-host-whitelist-enabled = false; - }; - }; - - security.acme.defaults.email = "spam@krebsco.de"; - security.acme.acceptTerms = true; - security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; - security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; - security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; - security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; - security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL; - services.nginx = { - enable = true; - package = pkgs.nginx.override { - modules = with pkgs.nginxModules; [ - fancyindex - ]; - }; - virtualHosts."yellow.r" = { - default = true; - enableACME = true; - addSSL = true; - locations."/" = { - root = "/var/download"; - extraConfig = '' - fancyindex on; - fancyindex_footer "/fancy.html"; - include ${pkgs.nginx}/conf/mime.types; - include ${pkgs.writeText "extrMime" '' - types { - video/webm mkv; - } - ''}; - create_full_put_path on; - ''; - }; - locations."/chatty" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - rewrite /chatty/(.*) /$1 break; - proxy_set_header Host $host; - ''; - }; - locations."= /fancy.html".extraConfig = '' - alias ${pkgs.writeText "nginx_footer" '' -
- -
Click here to move
- -
- - - ''}; - ''; - }; - virtualHosts."jelly.r" = { - enableACME = true; - addSSL = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:8096/; - proxy_set_header Accept-Encoding ""; - ''; - }; - virtualHosts."transmission.r" = { - enableACME = true; - addSSL = true; - locations."/".extraConfig = '' - proxy_pass http://localhost:9091/; - proxy_set_header Accept-Encoding ""; - ''; - }; - virtualHosts."radar.r" = { - enableACME = true; - addSSL = true; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://localhost:7878"; - }; - }; - virtualHosts."sonar.r" = { - enableACME = true; - addSSL = true; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://localhost:8989"; - }; - }; - }; - - services.samba = { - enable = true; - enableNmbd = false; - extraConfig = '' - workgroup = WORKGROUP - server string = ${config.networking.hostName} - # only allow retiolum addresses - hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16 - - # Use sendfile() for performance gain - use sendfile = true - - # No NetBIOS is needed - disable netbios = true - - # Only mangle non-valid NTFS names, don't care about DOS support - mangled names = illegal - - # Performance optimizations - socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 - - # Disable all printing - load printers = false - disable spoolss = true - printcap name = /dev/null - - map to guest = Bad User - max log size = 50 - dns proxy = no - security = user - - [global] - syslog only = yes - ''; - shares.public = { - comment = "Warez"; - path = "/var/download"; - public = "yes"; - "only guest" = "yes"; - "create mask" = "0644"; - "directory mask" = "2777"; - writable = "no"; - printable = "no"; - }; - }; - - systemd.services.bruellwuerfel = - let - bruellwuerfelSrc = pkgs.fetchFromGitHub { - owner = "krebs"; - repo = "bruellwuerfel"; - rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015"; - sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd"; - }; - in { - wantedBy = [ "multi-user.target" ]; - environment = { - IRC_CHANNEL = "#flix"; - IRC_NICK = "bruelli"; - IRC_SERVER = "irc.r"; - IRC_HISTORY_FILE = "/tmp/bruelli.history"; - }; - serviceConfig = { - ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts"; - }; - }; - - krebs.iptables = { - enable = true; - tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir - { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic - { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin - { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr - { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr - { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr - { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr - - # smbd - { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } - { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } - { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } - { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } - ]; - tables.filter.OUTPUT = { - policy = "DROP"; - rules = [ - { predicate = "-o lo"; target = "ACCEPT"; } - { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; } - { predicate = "-o tun0"; target = "ACCEPT"; } - { predicate = "-o retiolum"; target = "ACCEPT"; } - { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; } - { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; } - { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; } - ]; - }; - }; services.openvpn.servers.nordvpn.config = '' client @@ -375,49 +103,19 @@ in { ''; - systemd.services.flix-index = { - wantedBy = [ "multi-user.target" ]; - path = [ - pkgs.coreutils - pkgs.findutils - pkgs.inotify-tools - ]; - serviceConfig = { - Restart = "always"; - ExecStart = pkgs.writers.writeDash "flix-index" '' - set -efu - - DIR=/var/download - cd "$DIR" - while inotifywait -rq -e create -e move -e delete "$DIR"; do - find . -type f > "$DIR"/index.tmp - mv "$DIR"/index.tmp "$DIR"/index - done - ''; - }; - }; - - services.jellyfin = { - enable = true; - group = "download"; - }; - - services.radarr = { - enable = true; - group = "download"; - }; - - services.sonarr = { - enable = true; - group = "download"; - }; - - services.prowlarr = { - enable = true; - }; - - services.bazarr = { + krebs.iptables = { enable = true; - group = "download"; + tables.filter.OUTPUT = { + policy = "DROP"; + rules = [ + { predicate = "-o lo"; target = "ACCEPT"; } + { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; } + { predicate = "-o tun0"; target = "ACCEPT"; } + { predicate = "-o retiolum"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; } + ]; + }; }; } diff --git a/lass/2configs/services/flix/container-host.nix b/lass/2configs/services/flix/container-host.nix new file mode 100644 index 000000000..1c5b81128 --- /dev/null +++ b/lass/2configs/services/flix/container-host.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: +{ + krebs.sync-containers3.containers.yellow = { + sshKey = "${toString }/yellow.sync.key"; + }; + containers.yellow.bindMounts."/var/lib" = { + hostPath = "/var/lib/sync-containers3/yellow/state"; + isReadOnly = false; + }; + containers.yellow.bindMounts."/var/download" = { + hostPath = "/var/download"; + isReadOnly = false; + }; + # krebs.iptables.tables.filter.FORWARD.rules = [ + # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip4.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v6 = false; } + # { predicate = "-d ${config.krebs.hosts.yellow.nets.retiolum.ip6.addr} -p tcp --dport 8000 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; v4 = false; } + # ]; + # krebs.iptables.tables.nat.PREROUTING.rules = [ + # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip4.addr}:8000"; v6 = false; } + # { predicate = "-p tcp --dport 2"; target = "DNAT --to-destination ${config.krebs.hosts.radio.nets.retiolum.ip6.addr}:8000"; v4 = false; } + # ]; + networking.firewall.allowedTCPPorts = [ 8096 8920 ]; + networking.firewall.allowedUDPPorts = [ 1900 7359 ]; + containers.yellow.forwardPorts = [ + { hostPort = 8096; containerPort = 8096; protocol = "tcp"; } + { hostPort = 8920; containerPort = 8920; protocol = "tcp"; } + { hostPort = 1900; containerPort = 1900; protocol = "udp"; } + { hostPort = 7359; containerPort = 7359; protocol = "udp"; } + ]; + + services.nginx.virtualHosts."flix.lassul.us" = { + # forceSSL = true; + # enableACME = true; + locations."/" = { + proxyPass = "http://yellow.r:8096"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; +} diff --git a/lass/2configs/services/flix/default.nix b/lass/2configs/services/flix/default.nix new file mode 100644 index 000000000..e6be394ce --- /dev/null +++ b/lass/2configs/services/flix/default.nix @@ -0,0 +1,316 @@ +{ config, lib, pkgs, ... }: +{ + users.groups.download.members = [ "transmission" ]; + services.transmission = { + enable = true; + home = "/var/state/transmission"; + group = "download"; + downloadDirPermissions = "775"; + settings = { + download-dir = "/var/download/transmission"; + incomplete-dir-enabled = false; + rpc-bind-address = "::"; + message-level = 1; + umask = 18; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."transmission.r".server = config.krebs.ssl.acmeURL; + services.nginx = { + enable = true; + package = pkgs.nginx.override { + modules = with pkgs.nginxModules; [ + fancyindex + ]; + }; + virtualHosts."yellow.r" = { + default = true; + enableACME = true; + addSSL = true; + locations."/" = { + root = "/var/download"; + extraConfig = '' + fancyindex on; + fancyindex_footer "/fancy.html"; + include ${pkgs.nginx}/conf/mime.types; + include ${pkgs.writeText "extrMime" '' + types { + video/webm mkv; + } + ''}; + create_full_put_path on; + ''; + }; + locations."/chatty" = { + proxyPass = "http://localhost:3000"; + extraConfig = '' + rewrite /chatty/(.*) /$1 break; + proxy_set_header Host $host; + ''; + }; + locations."= /fancy.html".extraConfig = '' + alias ${pkgs.writeText "nginx_footer" '' +
+ +
Click here to move
+ +
+ + + ''}; + ''; + }; + virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; + locations."/".extraConfig = '' + proxy_pass http://localhost:8096/; + proxy_set_header Accept-Encoding ""; + ''; + }; + virtualHosts."transmission.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:9091"; + }; + }; + virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:7878"; + }; + }; + virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:8989"; + }; + }; + }; + + services.samba = { + enable = true; + enableNmbd = false; + extraConfig = '' + workgroup = WORKGROUP + server string = ${config.networking.hostName} + # only allow retiolum addresses + hosts allow = 42::/16 10.243.0.0/16 10.244.0.0/16 + + # Use sendfile() for performance gain + use sendfile = true + + # No NetBIOS is needed + disable netbios = true + + # Only mangle non-valid NTFS names, don't care about DOS support + mangled names = illegal + + # Performance optimizations + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 + + # Disable all printing + load printers = false + disable spoolss = true + printcap name = /dev/null + + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/var/download"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + + systemd.services.bruellwuerfel = + let + bruellwuerfelSrc = pkgs.fetchFromGitHub { + owner = "krebs"; + repo = "bruellwuerfel"; + rev = "dc73adf69249fb63a4b024f1f3fbc9e541b27015"; + sha256 = "078jp1gbavdp8lnwa09xa5m6bbbd05fi4x5ldkkgin5z04hwlhmd"; + }; + in { + wantedBy = [ "multi-user.target" ]; + environment = { + IRC_CHANNEL = "#flix"; + IRC_NICK = "bruelli"; + IRC_SERVER = "irc.r"; + IRC_HISTORY_FILE = "/tmp/bruelli.history"; + }; + serviceConfig = { + ExecStart = "${pkgs.deno}/bin/deno run -A ${bruellwuerfelSrc}/src/index.ts"; + }; + }; + + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin + { predicate = "-p tcp --dport 8920"; target = "ACCEPT"; } # jellyfin + { predicate = "-p udp --dport 1900"; target = "ACCEPT"; } # jellyfin + { predicate = "-p udp --dport 7359"; target = "ACCEPT"; } # jellyfin + { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr + { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr + { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr + { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr + + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i retiolum -p udp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 111"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 2049"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 4000:4002"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 4000:4002"; target = "ACCEPT"; } + ]; + }; + + systemd.services.flix-index = { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.coreutils + pkgs.findutils + pkgs.inotify-tools + ]; + serviceConfig = { + Restart = "always"; + ExecStart = pkgs.writers.writeDash "flix-index" '' + set -efu + + DIR=/var/download + cd "$DIR" + while inotifywait -rq -e create -e move -e delete "$DIR"; do + find . -type f > "$DIR"/index.tmp + mv "$DIR"/index.tmp "$DIR"/index + done + ''; + }; + }; + + services.jellyfin = { + enable = true; + group = "download"; + }; + + # movies + services.radarr = { + enable = true; + group = "download"; + }; + + # shows + services.sonarr = { + enable = true; + group = "download"; + }; + + # indexers + services.prowlarr = { + enable = true; + }; + + # subtitles + services.bazarr = { + enable = true; + group = "download"; + }; +} diff --git a/lass/2configs/services/flix/proxy.nix b/lass/2configs/services/flix/proxy.nix new file mode 100644 index 000000000..c16c6def3 --- /dev/null +++ b/lass/2configs/services/flix/proxy.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +{ + services.nginx.virtualHosts."flix.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://yellow.r:8096"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; +} diff --git a/lass/2configs/yellow-host.nix b/lass/2configs/yellow-host.nix deleted file mode 100644 index 36027cb5d..000000000 --- a/lass/2configs/yellow-host.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, ... }: -{ - krebs.sync-containers3.containers.yellow = { - sshKey = "${toString }/yellow.sync.key"; - }; - containers.yellow.bindMounts."/var/lib" = { - hostPath = "/var/lib/sync-containers3/yellow/state"; - isReadOnly = false; - }; - containers.yellow.bindMounts."/var/download" = { - hostPath = "/var/download"; - isReadOnly = false; - }; -} -- cgit v1.2.3 From 222f1e92dbc10aa389f712ae0d345befe4e5423f Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 22 Feb 2023 07:27:10 +0100 Subject: l orange.r: add coms service, proxy via neoprism.r --- lass/1systems/neoprism/config.nix | 2 ++ lass/1systems/prism/config.nix | 4 +-- lass/2configs/jitsi.nix | 38 -------------------------- lass/2configs/murmur.nix | 42 ----------------------------- lass/2configs/services/coms/default.nix | 6 +++++ lass/2configs/services/coms/jitsi.nix | 43 ++++++++++++++++++++++++++++++ lass/2configs/services/coms/murmur.nix | 47 +++++++++++++++++++++++++++++++++ lass/2configs/services/coms/proxy.nix | 41 ++++++++++++++++++++++++++++ 8 files changed, 141 insertions(+), 82 deletions(-) delete mode 100644 lass/2configs/jitsi.nix delete mode 100644 lass/2configs/murmur.nix create mode 100644 lass/2configs/services/coms/default.nix create mode 100644 lass/2configs/services/coms/jitsi.nix create mode 100644 lass/2configs/services/coms/murmur.nix create mode 100644 lass/2configs/services/coms/proxy.nix diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index 72de0df83..cc08070af 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -10,6 +10,7 @@ + # other containers @@ -18,6 +19,7 @@ # proxying of services + ]; krebs.build.host = config.krebs.hosts.neoprism; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f23778eba..2e82fae6f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -134,7 +134,7 @@ with import ; - + @@ -280,7 +280,7 @@ with import ; { predicate = "-p udp --dport 60000:61000"; target = "ACCEPT"; } ]; } - + { systemd.services."container@yellow".reloadIfChanged = mkForce false; diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix deleted file mode 100644 index 2c148dcdd..000000000 --- a/lass/2configs/jitsi.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - services.jitsi-meet = { - enable = true; - hostName = "jitsi.lassul.us"; - config = { - enableWelcomePage = true; - requireDisplayName = true; - analytics.disabled = true; - startAudioOnly = true; - channelLastN = 4; - stunServers = [ - # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ - { urls = "turn:turn.matrix.org:3478?transport=udp"; } - { urls = "turn:turn.matrix.org:3478?transport=tcp"; } - # - services.coturn: - #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } - #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } - ]; - }; - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - DISABLE_PRESENCE_STATUS = true; - GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; - }; - }; - - services.jitsi-videobridge.config = { - org.jitsi.videobridge.TRUST_BWE = false; - }; - - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } - { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } - ]; -} diff --git a/lass/2configs/murmur.nix b/lass/2configs/murmur.nix deleted file mode 100644 index 42670dfbb..000000000 --- a/lass/2configs/murmur.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.murmur = { - enable = true; - allowHtml = false; - bandwidth = 10000000; - registerName = "lassul.us"; - autobanTime = 30; - sslCert = "/var/lib/acme/lassul.us/cert.pem"; - sslKey = "/var/lib/acme/lassul.us/key.pem"; - }; - users.groups.lasscert.members = [ - "murmur" - ]; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} - { predicate = "-p udp --dport 64738"; target = "ACCEPT";} - ]; - - systemd.services.docker-mumble-web.serviceConfig = { - StandardOutput = lib.mkForce "journal"; - StandardError = lib.mkForce "journal"; - }; - virtualisation.oci-containers.containers.mumble-web = { - image = "rankenstein/mumble-web:0.5"; - environment = { - MUMBLE_SERVER = "lassul.us:64738"; - }; - ports = [ - "64739:8080" - ]; - }; - - services.nginx.virtualHosts."mumble.lassul.us" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:64739"; - proxyWebsockets = true; - }; - }; -} diff --git a/lass/2configs/services/coms/default.nix b/lass/2configs/services/coms/default.nix new file mode 100644 index 000000000..4bc5f744b --- /dev/null +++ b/lass/2configs/services/coms/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./murmur.nix + ]; +} diff --git a/lass/2configs/services/coms/jitsi.nix b/lass/2configs/services/coms/jitsi.nix new file mode 100644 index 000000000..bbcb36166 --- /dev/null +++ b/lass/2configs/services/coms/jitsi.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + analytics.disabled = true; + startAudioOnly = true; + channelLastN = 4; + stunServers = [ + # - https://www.kuketz-blog.de/jitsi-meet-server-einstellungen-fuer-einen-datenschutzfreundlichen-betrieb/ + { urls = "turn:turn.matrix.org:3478?transport=udp"; } + { urls = "turn:turn.matrix.org:3478?transport=tcp"; } + # - services.coturn: + #{ urls = "turn:turn.${domainName}:3479?transport=udp"; } + #{ urls = "turn:turn.${domainName}:3479?transport=tcp"; } + ]; + constraints.video.height = { + ideal = 720; + max = 1080; + min = 240; + }; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + DISABLE_PRESENCE_STATUS = true; + GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; + }; + }; + + services.jitsi-videobridge.config = { + org.jitsi.videobridge.TRUST_BWE = false; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/services/coms/murmur.nix b/lass/2configs/services/coms/murmur.nix new file mode 100644 index 000000000..40c53da36 --- /dev/null +++ b/lass/2configs/services/coms/murmur.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: +{ + services.murmur = { + enable = true; + # allowHtml = false; + bandwidth = 10000000; + registerName = "lassul.us"; + autobanTime = 30; + sslCert = "/var/lib/acme/lassul.us/cert.pem"; + sslKey = "/var/lib/acme/lassul.us/key.pem"; + extraConfig = '' + opusthreshold=0 + # rememberchannelduration=10000 + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} + ]; + + # services.botamusique = { + # enable = true; + # settings = { + # server.host = "lassul.us"; + # bot.auto_check_updates = false; + # bot.max_track_duration = 360; + # webinterface.enabled = true; + # }; + # }; + + services.nginx.virtualHosts."lassul.us" = { + enableACME = true; + }; + security.acme.certs."lassul.us" = { + group = "lasscert"; + }; + users.groups.lasscert.members = [ + "nginx" + "murmur" + ]; + + # services.nginx.virtualHosts."bota.r" = { + # locations."/" = { + # proxyPass = "http://localhost:8181"; + # }; + # }; +} diff --git a/lass/2configs/services/coms/proxy.nix b/lass/2configs/services/coms/proxy.nix new file mode 100644 index 000000000..57e132151 --- /dev/null +++ b/lass/2configs/services/coms/proxy.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: +let + tcpports = [ + 4443 # jitsi + 64738 # murmur + ]; + udpports = [ + 10000 # jitsi + 64738 # murmur + ]; + target = "orange.r"; +in +{ + networking.firewall.allowedTCPPorts = tcpports; + networking.firewall.allowedUDPPorts = udpports; + services.nginx.streamConfig = '' + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port}; + proxy_pass ${target}:${toString port}; + } + '') tcpports} + ${lib.concatMapStringsSep "\n" (port: '' + server { + listen ${toString port} udp; + proxy_pass ${target}:${toString port}; + } + '') udpports} + ''; + + services.nginx.virtualHosts."jitsi.lassul.us" = { + enableACME = true; + acmeFallbackHost = "${target}"; + addSSL = true; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://${target}"; + }; + }; +} -- cgit v1.2.3 From 8639d428c2e9f2190ec4e4b5dd931f24a4166f36 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Feb 2023 17:16:14 +0100 Subject: sync-containers3 syncer: use double space for faster (and still safe) sync --- krebs/3modules/sync-containers3.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/krebs/3modules/sync-containers3.nix b/krebs/3modules/sync-containers3.nix index 4a00b23ab..ed147b30e 100644 --- a/krebs/3modules/sync-containers3.nix +++ b/krebs/3modules/sync-containers3.nix @@ -104,7 +104,9 @@ in { consul lock sync_${ctr.name} ${pkgs.writers.writeDash "${ctr.name}-sync" '' set -efux if /run/wrappers/bin/ping -c 1 ${ctr.name}.r; then - nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 container_sync@${ctr.name}.r:disk "$HOME"/disk + nice --adjustment=30 rsync -a -e "ssh -i $CREDENTIALS_DIRECTORY/ssh_key" --timeout=30 --inplace --sparse container_sync@${ctr.name}.r:disk "$HOME"/disk.rsync + touch "$HOME"/incomplete + nice --adjustment=30 rsync --inplace "$HOME"/disk.rsync "$HOME"/disk rm -f "$HOME"/incomplete fi ''} -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/63200000.lock: No such file or directory (2)