Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2021-01-28 18:07:02 +01:00
commit 10a397b299
30 changed files with 744 additions and 145 deletions

View file

@ -197,6 +197,15 @@ in {
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
meet.euer IN A ${nets.internet.ip4.addr}
work.euer IN A ${nets.internet.ip4.addr}
admin.work.euer IN A ${nets.internet.ip4.addr}
push.work.euer IN A ${nets.internet.ip4.addr}
api.work.euer IN A ${nets.internet.ip4.addr}
maps.work.euer IN A ${nets.internet.ip4.addr}
play.work.euer IN A ${nets.internet.ip4.addr}
ul.work.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;

View file

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "a058d005b3cbb370bf171ebce01839dd6ff52222",
"date": "2021-01-23T17:41:51-05:00",
"path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs",
"sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb",
"rev": "85abeab48b5feda4b163e5bb32f50aad1164e415",
"date": "2021-01-27T09:52:47+01:00",
"path": "/nix/store/la9l82nbilyhjjl2x294qpf7ki9lzkc3-nixpkgs",
"sha256": "1nslb5p6cf5z691pf52j8bf880sdgav1fcf7bxjk3rad92bniq5g",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false

View file

@ -83,6 +83,9 @@ in {
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
### systemdUltras ###
<stockholm/makefu/2configs/systemdultras/ircbot.nix>
###### Shack #####
# <stockholm/makefu/2configs/shack/events-publisher>
# <stockholm/makefu/2configs/shack/gitlab-runner>
@ -98,7 +101,7 @@ in {
{ krebs.exim.enable = mkDefault true; }
# sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/sickbeard>
@ -145,7 +148,10 @@ in {
<stockholm/makefu/2configs/deployment/gecloudpad>
<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
<stockholm/makefu/2configs/shiori.nix>
<stockholm/makefu/2configs/workadventure>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
@ -177,12 +183,19 @@ in {
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost/";
locations."/".extraConfig = ''proxy_set_header Host cgit;'';
security.acme.certs."cgit.euer.krebsco.de" = {
email = "letsencrypt@syntax-fehler.de";
webroot = "/var/lib/acme/acme-challenge";
group = "nginx";
};
services.nginx.virtualHosts."cgit" = {
serverAliases = [ "cgit.euer.krebsco.de" ];
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
krebs.build.host = config.krebs.hosts.gum;
@ -190,6 +203,7 @@ in {
# Network
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
allowPing = true;
logRefusedConnections = false;
};

View file

@ -69,7 +69,7 @@ in {
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/var/www/o.euer.krebsco.de" = {
fileSystems."/var/lib/nextcloud/data" = {
device = "/dev/nixos/nextcloud";
fsType = "ext4";
options = [ "nofail" ];

View file

@ -4,7 +4,30 @@
{ config, pkgs, lib, ... }:
{
imports =
[ # base
[
# hardware-dependent
# device
./x13
# ./x230
# Common Hardware Components
# <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/cc2531.nix>
<stockholm/makefu/2configs/hw/droidcam.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
<stockholm/makefu/2configs/hw/upower.nix>
# base
<stockholm/makefu>
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/home-manager>
@ -19,8 +42,37 @@
<stockholm/makefu/2configs/editor/neovim>
<stockholm/makefu/2configs/tools/all.nix>
{ programs.adb.enable = true; }
{
services.openssh.hostKeys = [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";}
];
}
{ systemd.services.docker.wantedBy = lib.mkForce []; }
#{
# users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ];
# services.ympd.enable = true;
# services.mpd = {
# enable = true;
# extraConfig = ''
# log_level "default"
# auto_update "yes"
# audio_output {
# type "httpd"
# name "lassulus radio"
# encoder "vorbis" # optional
# port "8000"
# quality "5.0" # do not define if bitrate is defined
# # bitrate "128" # do not define if quality is defined
# format "44100:16:2"
# always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
# tags "yes" # httpd supports sending tags to listening streams.
# }
# '';
# };
#}
# { systemd.services.docker.wantedBy = lib.mkForce []; }
<stockholm/makefu/2configs/dict.nix>
# <stockholm/makefu/2configs/legacy_only.nix>
#<stockholm/makefu/3modules/netboot_server.nix>
@ -59,10 +111,13 @@
# <stockholm/makefu/2configs/deployment/hound>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
<stockholm/makefu/2configs/bureautomation/office-radio>
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
# <stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/anon-ftp.nix>
# <stockholm/makefu/2configs/share/anon-sftp.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@ -75,7 +130,7 @@
# Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = {
@ -96,26 +151,10 @@
<stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
# <stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/cc2531.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
<stockholm/makefu/2configs/hw/upower.nix>
# Filesystem
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security
<stockholm/makefu/2configs/sshd-totp.nix>
# <stockholm/makefu/2configs/sshd-totp.nix>
# temporary
# { services.redis.enable = true; }
@ -149,7 +188,6 @@
}
];
makefu.server.primary-itf = "wlp3s0";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.oraclejdk.accept_license = true;
@ -158,19 +196,13 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
networking.firewall.allowedUDPPorts = [ 665 26061 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" ];
networking.firewall.allowedUDPPorts = [ 665 26061 1514 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ];
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices.luksroot =
{
device = "/dev/sda2";
allowDiscards = true;
};
environment.systemPackages = [ pkgs.passwdqc-utils ];

View file

@ -0,0 +1,52 @@
{ pkgs, lib, ... }:
# new zfs deployment
{
imports = [
./zfs.nix
./input.nix
<stockholm/makefu/2configs/hw/bluetooth.nix>
<nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
# <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix>
];
boot.zfs.requestEncryptionCredentials = true;
networking.hostId = "f8b8e0a2";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# services.xserver.enable = lib.mkForce false;
services.xserver.videoDrivers = [
"amdgpu"
];
hardware.opengl.extraPackages = [ pkgs.amdvlk ];
# is required for amd graphics support ( xorg wont boot otherwise )
boot.kernelPackages = pkgs.linuxPackages_latest;
environment.variables.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
programs.light.enable = true;
services.actkbd = {
enable = true;
bindings = [
{ keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; }
{ keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; }
{ keys = [ 227 ]; events = [ "key" ]; command = builtins.toString (
pkgs.writers.writeDash "toggle_lcdshadow" ''
proc=/proc/acpi/ibm/lcdshadow
status=$(${pkgs.gawk}/bin/awk '/status:/{print $2}' "$proc")
if [ "$status" -eq 0 ];then
echo 1 > "$proc"
else
echo 0 > "$proc"
fi
'');
}
];
};
users.groups.video = {};
users.users.makefu.extraGroups = [ "video" ];
}

View file

@ -0,0 +1,13 @@
{
# current issues:
# 1. for pressing insert hold shift+fn+Fin
# scroll by holding middle mouse
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1
xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2
xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
# configure timeout of pressing and holding middle button
# xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
'';
}

View file

@ -0,0 +1,8 @@
#!/bin/sh
proc=/proc/acpi/ibm/lcdshadow
status=$(awk '/status:/{print $2}' "$proc")
if [ "$status" -eq 0 ];then
echo 1 > "$proc"
else
echo 0 > "$proc"
fi

View file

@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/20BF-2755";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "zroot/root/home";
fsType = "zfs";
};
swapDevices = [ ];
}

View file

@ -0,0 +1,19 @@
{
imports = [
<stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
<stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix>
# hard dependency because otherwise the device will not be unlocked
{
boot.initrd.luks.devices.luksroot =
{
device = "/dev/sda2";
allowDiscards = true;
};
}
{ makefu.server.primary-itf = "wlp3s0"; }
];
}

View file

@ -0,0 +1,6 @@
{
imports = [
./mpd.nix
./webserver.nix
];
}

View file

@ -0,0 +1,58 @@
{ config, lib, pkgs, ... }:
let
mpds = import ./mpdconfig.nix;
systemd_mpd = name: value: let
path = "/var/lib/mpd-${name}";
num = lib.strings.fixedWidthNumber 2 value;
mpdconf = pkgs.writeText "mpd-config-${name}" ''
music_directory "${path}/music"
playlist_directory "${path}/playlists"
db_file "${path}/tag_cache"
state_file "${path}/state"
sticker_file "${path}/sticker.sql"
bind_to_address "127.0.0.1"
port "66${num}"
log_level "default"
auto_update "yes"
audio_output {
type "httpd"
name "Office Radio ${num} - ${name}"
encoder "vorbis" # optional
port "280${num}"
quality "5.0" # do not define if bitrate is defined
# bitrate "128" # do not define if quality is defined
format "44100:16:2"
always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
tags "yes" # httpd supports sending tags to listening streams.
}
'';
in {
after = [ "network.target" ];
description = "Office Radio MPD ${toString value} - ${name}";
wantedBy = ["multi-user.target"];
serviceConfig = {
#User = "mpd";
DynamicUser = true;
ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}";
LimitRTPRIO = 50;
LimitRTTIME = "infinity";
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
StateDirectory = [ "mpd-${name}" ];
};
};
in
{
systemd.services = lib.attrsets.mapAttrs' (name: value:
lib.attrsets.nameValuePair
("office-radio-" +name) (systemd_mpd name value))
mpds;
}

View file

@ -0,0 +1,6 @@
{
"cybertisch1" = 0;
"cybertisch2" = 1;
"cyberklo" = 2;
"baellebad" = 3;
}

View file

@ -0,0 +1,40 @@
{ pkgs, ... }:
let
mpds = import ./mpdconfig.nix;
pkg = pkgs.office-radio;
in {
systemd.services.office-radio-appsrv = {
after = [ "network.target" ];
description = "Office Radio Appserver";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkg}/bin/office-radio";
DynamicUser = true;
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
};
};
systemd.services.office-radio-stopper = {
after = [ "network.target" ];
description = "Office Radio Script to stop idle streams";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkg}/bin/stop-idle-streams";
DynamicUser = true;
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
};
};
}

View file

@ -1,15 +1,12 @@
{ config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module
with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in {
services.redis = {
enable = true;
};
systemd.services.redis.serviceConfig.LimitNOFILE=10032;
services.redis = { enable = true; };
systemd.services.redis.serviceConfig.LimitNOFILE=65536;
services.uwsgi = {
enable = true;
@ -28,7 +25,7 @@ in {
};
services.nginx = {
enable = mkDefault true;
enable = lib.mkDefault true;
virtualHosts."mybox.connector.one" = {
locations = {
"/".extraConfig = ''

View file

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
let
newsfile = pkgs.writeText "feeds" ''
nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs
'';
in {
environment.systemPackages = [
pkgs.newsbot-js
];
krebs.newsbot-js = {
enable = true;
ircServer = "chat.freenode.net";
feeds = newsfile;
urlShortenerHost = "go";
urlShortenerPort = "80";
};
}

View file

@ -1,19 +0,0 @@
{ config, pkgs, ... }:
let
pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
patches = [ ./wiki-output.patch ];
});
newsfile = pkgs.writeText "feeds" ''
nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
'';
in {
krebs.newsbot-js = {
enable = true;
package = pkg;
ircServer = "chat.freenode.net";
feeds = newsfile;
urlShortenerHost = "go";
urlShortenerPort = "80";
};
}

View file

@ -1,45 +0,0 @@
diff --git a/newsbot.js b/newsbot.js
index 42d0666..a284011 100644
--- a/newsbot.js
+++ b/newsbot.js
@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
}
function broadcast_new_item (item) {
+ console.log('Broadcasting item ',item.link)
return getShortLink(item.link, function (error, shortlink) {
- return broadcast(item.title + ' ' + shortlink)
+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
})
}
@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
if (client.lastItems) {
items.forEach(function (item) {
- if (!client.lastItems.hasOwnProperty(item.title)) {
+
+ if (!client.lastItems.hasOwnProperty(item.guid)) {
broadcast_new_item(item)
+ }else {
+ console.log("Item already seen:",item.guid)
}
})
}
client.lastItems = {}
items.forEach(function (item) {
- client.lastItems[item.title] = true
+ client.lastItems[item.guid] = true
})
return continue_loop()
@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
}
function getShortLink (link, callback) {
+ callback(null,link)
+ return
var form = new FormData()
try {
form.append('uri', link)

View file

@ -7,7 +7,7 @@ let
light = "light.espcam_02_light";
seconds = 60; # default shutoff to protect the LED from burning out
};
seconds = 6;
seconds = 60;
pump = "switch.arbeitszimmer_giesskanne_relay";
# sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture";
in

View file

@ -0,0 +1,41 @@
# uses:
let
wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht";
arbeitszimmer = "light.box_led_status";
final_off = "01:00";
turn_on = entity_id: at:
{ alias = "Turn on ${entity_id} at ${at}";
trigger = [
{ platform = "time"; inherit at; }
];
action =
[
{ service = "light.turn_on"; inherit entity_id; }
];
};
in
{
services.home-assistant.config =
{
automation =
[
(turn_on wohnzimmer "17:30")
(turn_on arbeitszimmer "9:00")
{ alias = "Always turn off the lights at ${final_off}";
trigger = [
{ platform = "time"; at = final_off; }
];
action =
[
{
service = "light.turn_off";
entity_id = [ wohnzimmer arbeitszimmer];
}
];
}
];
};
}

View file

@ -26,6 +26,81 @@ let
data.entity_id = light;
};
};
rf_state = code: light: halfbright:
let
maxbright = 255;
transition = 0.2; # seconds
in
# this function implements a simple state machine based on the state and brightness of the light (light must support brightness
{
alias = "Cycle through states of ${light} via rf code ${code}";
trigger = {
platform = "event";
event_type = "esphome.rf_code_received";
event_data.code = code;
};
action = {
choose = [
{
# state 0: off to half
conditions = {
condition = "template";
value_template = ''{{ states("${light}") == "off" }}'';
};
sequence = [
{
service = "light.turn_on";
data = {
entity_id = light;
brightness = halfbright;
};
}
];
}
{
# state 1: half to full
conditions = {
condition = "template";
value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}'';
};
sequence = [
{
service = "light.turn_on";
data = {
entity_id = light;
brightness = maxbright;
};
}
];
}
{
# state 2: full to off
conditions = {
condition = "template";
# TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere?
value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}'';
};
sequence = [
{
service = "light.turn_off";
data = {
entity_id = light;
};
}
];
}
];
# default: on to off
# this works because state 0 checks for "state == off"
default = [{
service = "light.turn_off";
data = {
entity_id = light;
};
}];
};
}
;
rf_toggle = code: light:
{
alias = "Toggle ${light} via rf code ${code}";
@ -39,14 +114,13 @@ let
data.entity_id = light;
};
};
in
{
services.home-assistant.config.automation = [
(rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A
(rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B
(rf_toggle "401451" "light.wohnzimmer_komode_osram") # C
(rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D
(rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B
(rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C
(rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D
# OFF Lane
(rf_turn_off "400554" "all") # A

View file

@ -8,11 +8,10 @@
};
};
imports = [
{ #direnv
{
home-manager.users.makefu.home.packages = [
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
pkgs.direnv pkgs.nur.repos.kalbasit.nixify ];
# home-manager.users.makefu.home.file.".direnvrc".text = '''';
];
}
{ # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ];
@ -24,8 +23,34 @@
};
}
];
environment.pathsToLink = [ "/share/zsh" ];
environment.pathsToLink = [
"/share/zsh"
];
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
home-manager.users.makefu = {
programs.direnv.enable = true;
programs.direnv.enableNixDirenvIntegration = true;
programs.direnv.enableZshIntegration = true;
home.packages = [ (pkgs.writeDashBin "nixify" ''
test ! -e shell.nix && cat > shell.nix <<EOF
{ pkgs ? import <nixpkgs> {}}:
pkgs.mkShell {
nativeBuildInputs = [ pkgs.hello ];
}
EOF
echo "use nix" >> .envrc
direnv allow
'')
];
#home.packages = [ pkgs.direnv pkgs.nix-direnv ];
programs.fzf.enable = false; # alt-c
programs.zsh = {
enable = true;

View file

@ -4,4 +4,6 @@
boot.extraModulePackages = [
(pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; })
];
boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ];
users.users.makefu.packages = [ pkgs.droidcam ];
}

View file

@ -60,6 +60,12 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
photos = {
path = "/media/cryptX/photos";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypX-games = {
path = "/media/cryptX/games";
"read only" = "yes";

View file

@ -5,12 +5,10 @@
mosh
sshfs
rclone
exfat
(pkgs.callPackage ./secrets.nix {})
opensc pcsctools libu2f-host
];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.supportedFilesystems = [ "exfat" ];
}

View file

@ -0,0 +1,6 @@
{
imports = [
./jitsi.nix
./workadventure.nix
];
}

View file

@ -0,0 +1,59 @@
{
# + +
# | |
# | |
# v v
# 80, 443 TCP 443 TCP, 10000 UDP
# +--------------+ +---------------------+
# | nginx | 5222, 5347 TCP | |
# | jitsi-meet |<-------------------+| jitsi-videobridge |
# | prosody | | | |
# | jicofo | | +---------------------+
# +--------------+ |
# | +---------------------+
# | | |
# +----------+| jitsi-videobridge |
# | | |
# | +---------------------+
# |
# | +---------------------+
# | | |
# +----------+| jitsi-videobridge |
# | |
# +---------------------+
# This is a one server setup
services.jitsi-meet = {
enable = true;
hostName = "meet.euer.krebsco.de";
# JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
# https://github.com/jitsi/jicofo
jicofo.enable = true;
# Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
# Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
# will be used to retrieve a TLS certificate by default. To disable this, set the
# services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
# services.nginx.virtualHosts.<hostName>.forceSSL.
nginx.enable = true;
# https://github.com/jitsi/jitsi-meet/blob/master/config.js
config = {
enableWelcomePage = true;
defaultLang = "en";
};
# https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
};
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 10000 ];
};
}

View file

@ -0,0 +1,161 @@
{ config, pkgs, lib, ... }:
let
# If your Jitsi environment has authentication set up,
# you MUST set JITSI_PRIVATE_MODE to "true" and
# you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
jitsiPrivateMode = "false";
secretJitsiKey = "";
jitsiISS = "";
workadventureSecretKey = "";
jitsiURL = "meet.euer.krebsco.de";
domain = "work.euer.krebsco.de";
# domain will redirect to this map. (not play.${domain})
defaultMap = "npeguin.github.io/office-map/map.json";
apiURL = "api.${domain}";
apiPort = 9002;
frontURL = "play.${domain}";
frontPort = 9004;
pusherURL = "push.${domain}";
pusherPort = 9005;
uploaderURL = "ul.${domain}";
uploaderPort = 9006;
frontImage = "thecodingmachine/workadventure-front:develop";
pusherImage = "thecodingmachine/workadventure-pusher:develop";
apiImage = "thecodingmachine/workadventure-back:develop";
uploaderImage = "thecodingmachine/workadventure-uploader:develop";
in {
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 ];
};
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
systemd.services.workadventure-network = {
enable = true;
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
'';
after = [ "docker" ];
before = [
"docker-workadventure-back.service"
"docker-workadventure-pusher.service"
"docker-workadventure-uploader.service"
"docker-workadventure-website.service"
];
};
virtualisation.oci-containers.backend = "docker";
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
};
};
virtualisation.oci-containers.containers.workadventure-front = {
image = frontImage;
environment = {
API_URL = pusherURL;
JITSI_PRIVATE_MODE = jitsiPrivateMode;
JITSI_URL = jitsiURL;
SECRET_JITSI_KEY = secretJitsiKey;
UPLOADER_URL = uploaderURL;
};
ports = [ "127.0.0.1:${toString frontPort}:80" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${frontURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
};
virtualisation.oci-containers.containers.workadventure-pusher = {
image = pusherImage;
environment = {
API_URL = "workadventure-back:50051";
JITSI_ISS = jitsiISS;
JITSI_URL = jitsiURL;
SECRET_KEY = workadventureSecretKey;
};
ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${pusherURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
proxyWebsockets = true;
};
locations."/room" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
proxyWebsockets = true;
};
};
virtualisation.oci-containers.containers.workadventure-back = {
image = apiImage;
environment = {
#DEBUG = "*";
JITSI_ISS = jitsiISS;
JITSI_URL = jitsiURL;
SECRET_KEY = workadventureSecretKey;
};
ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${apiURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
};
virtualisation.oci-containers.containers.workadventure-uploader = {
image = uploaderImage;
ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${uploaderURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString uploaderPort}";
proxyWebsockets = true;
};
};
systemd.services.docker-workadventure-front.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-uploader.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-pusher.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-back.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
}

View file

@ -1,11 +1,11 @@
{ stdenv, python3, fetchgit }:
python3.pkgs.buildPythonPackage rec {
name = "kalauerbot";
rev = "08d98aa";
rev = "2a1e868";
src = fetchgit {
url = "http://cgit.euer.krebsco.de/kalauerbot";
inherit rev;
sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v";
sha256 = "1vymz3dnpgcxwfgbnrpc0plcdmihxcq7xsvpap755c5jvzvb8a1k";
};
propagatedBuildInputs = with python3.pkgs;[
(callPackage ./python-matrixbot.nix {

View file

@ -0,0 +1,23 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "office-radio-${version}";
version = "0.2.3.4";
propagatedBuildInputs = [
flask
psutil
mpd2
requests
];
src = fetchFromGitHub {
owner = "makefu";
repo = "office-radio";
rev = "601c650";
sha256 = "06zf0sjm4zlnbjlmiajbz1klhz1maj1ww5vah2abcvk1vx0p0hn7";
};
meta = {
homepage = https://github.com/makefu/office-radio;
description = "manage virtual office radio";
license = lib.licenses.asl20;
};
}