Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'lassul.us/master'

Browse Source
This commit is contained in:
makefu 2023-06-03 15:50:01 +02:00
commit 15f4d5f29d
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
28 changed files with 298 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
kartei/mic92/default.nix
View File

@ -809,7 +809,14 @@ in {
blob64 = {
owner = config.krebs.users.mic92;
nets = rec {
internet = {
# of2.dse.cit.tum.de.
ip4.addr = "131.159.38.25";
ip6.addr = "2a09:80c0:38::25";
aliases = [ "blob64.i" ];
};
retiolum = {
via = internet;
aliases = [ "blob64.r" ];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----

4
kartei/tv/hosts/pi.nix Normal file
View File

@ -0,0 +1,4 @@
{
nets.wiregrill.ip4.addr = "10.244.3.102";
syncthing.id = "NLR6FLV-2MJQSZ6-4M5QBBB-X2UM225-YGB6IYW-F2EGFV6-D7ZDCWY-27EQAAM";
}

1
kartei/tv/wiregrill/pi.pub Normal file
View File

@ -0,0 +1 @@
HlKTr86mTywYtRIQNhxs8jeSw5hwVTeKFiSUYglc4T8=

50
krebs/2configs/reaktor2.nix
View File

@ -81,7 +81,8 @@ let
echo "$_from: $(report_error "$response")"
exit 0
fi
printf '%s' "$text" | echo "$_from: $(cat)"
# value seems to be 512 - overhead
echo "$_from: $text" | fold -s -w 426
printf '%s' "$response" |
jq -r '[.item.messages[1].sourceAttributions[].seeMoreUrl] | to_entries[] | "[\(.key + 1)]: \(.value)"'
@ -90,6 +91,52 @@ let
};
};
bing-img = {
pattern = "!bing-img (.*)$";
activate = "match";
arguments = [1];
timeoutSec = 1337;
command = {
filename = pkgs.writeDash "bing-img" ''
set -efu
report_error() {
printf '%s' "$*" |
curl -Ss http://p.r --data-binary @- |
tail -1 |
echo "error $(cat)"
exit 0
}
export PATH=${makeBinPath [
pkgs.dash
pkgs.coreutils
pkgs.curl
pkgs.findutils
pkgs.jq
]}
response=$(printf '%s' "$*" |
curl -SsG http://bing-gpt.r/api/images --data-urlencode 'prompt@-'
)
if [ "$?" -ne 0 ]; then
report_error "$response"
else
if ! text=$(
printf '%s' "$response" |
jq -er '.[].url'
); then
echo "$_from: $(report_error "$response")"
exit 0
fi
echo "$text" |
xargs -I {} dash -c 'curl -Ss {} |
curl -Ss https://p.krebsco.de --data-binary @- |
tail -1' |
tr '\n' ' ' |
echo "$_from: $(cat)"
fi
'';
};
};
confuse = {
pattern = "!confuse (.*)$";
activate = "match";
@ -362,6 +409,7 @@ let
bedger-add
bedger-balance
bing
bing-img
hooks.sed
interrogate
say

12
krebs/2configs/syncthing.nix
View File

@ -1,17 +1,21 @@
{ config, pkgs, ... }: with import <stockholm/lib>; let
{ options, config, pkgs, ... }: with import <stockholm/lib>; let
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)));
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
in {
services.syncthing = {
enable = true;
configDir = "/var/lib/syncthing";
devices = mk_peers used_peers;
key = toString <secrets/syncthing.key>;
cert = toString <secrets/syncthing.cert>;
};
# workaround for infinite recursion on unstable, remove in 23.11
} // (if builtins.hasAttr "settings" options.services.syncthing then
{ settings.devices = mk_peers used_peers; }
else
{ devices = mk_peers used_peers; }
);
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}

7
krebs/3modules/konsens.nix
View File

@ -60,12 +60,17 @@ let
systemd.services = mapAttrs' (name: repo:
nameValuePair "konsens-${name}" {
after = [ "network.target" ];
path = [ pkgs.git ];
path = [
pkgs.git
pkgs.openssh
];
restartIfChanged = false;
serviceConfig = {
Type = "simple";
PermissionsStartOnly = true;
ExecStart = pkgs.writeDash "konsens-${name}" ''
set -efu
git config --global --replace-all safe.directory *
if ! test -e ${name}; then
git clone ${repo.url} ${name}
fi

37
krebs/3modules/tinc.nix
View File

@ -190,35 +190,16 @@ with import <stockholm/lib>;
default = 3;
};
user = mkOption {
type = types.user;
default = {
name = tinc.config.netname;
home = "/var/lib/${tinc.config.user.name}";
};
defaultText = {
name = "netname";
home = "/var/lib/netname";
};
username = mkOption {
type = types.username;
default = tinc.config.netname;
defaultText = literalExample "netname";
};
};
}));
};
config = {
users.users = mapAttrs' (netname: cfg:
nameValuePair "${netname}" {
inherit (cfg.user) home name uid;
createHome = true;
isSystemUser = true;
group = netname;
}
) config.krebs.tinc;
users.groups = mapAttrs' (netname: cfg:
nameValuePair netname {}
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: {
restartIfCredentialsChange = true;
}) config.krebs.tinc;
@ -238,11 +219,11 @@ with import <stockholm/lib>;
)
"rsa_key.priv:${cfg.privkey}"
];
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
set -efu
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
${pkgs.rsync}/bin/rsync -Lacv --delete \
--chown ${cfg.user.name} \
--chown ${cfg.username} \
--chmod u=rwX,g=rX \
--exclude='/*.priv' \
${cfg.confDir}/ /etc/tinc/${netname}/
@ -255,14 +236,16 @@ with import <stockholm/lib>;
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
/etc/tinc/${netname}/
'';
ExecStart = toString [
ExecStart = "+" + toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"
"-U ${cfg.user.name}"
"-U ${cfg.username}"
"-d 0"
"-n ${netname}"
];
SyslogIdentifier = netname;
DynamicUser = true;
User = cfg.username;
};
}) config.krebs.tinc;
};

22
krebs/5pkgs/simple/cunicu.nix Normal file
View File

@ -0,0 +1,22 @@
{ lib, pkgs }:
pkgs.buildGo120Module rec {
pname = "cunicu";
version = "g${lib.substring 0 7 src.rev}";
buildInputs = [
pkgs.libpcap
];
# XXX tries to access https://relay.cunicu.li
doCheck = false;
src = pkgs.fetchFromGitHub {
owner = "stv0g";
repo = "cunicu";
rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
};
vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
}

27
krebs/5pkgs/simple/htgen-paste/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ pkgs, stockholm, stdenv }:
with stockholm.lib;
stdenv.mkDerivation rec {
pname = "htgen-paste";
version = "1.0.0";
src = ./src;
buildPhase = ''
(
exec > htgen-paste
echo PATH=${makeBinPath [
pkgs.nix
pkgs.file
pkgs.coreutils
pkgs.findutils
]}
echo STATEDIR=${shell.escape "\${STATEDIR-$HOME}"}
cat $src/htgen-paste
)
'';
installPhase = ''
install -D htgen-paste $out/bin/htgen-paste
'';
}

68
krebs/5pkgs/simple/htgen-paste/src/htgen-paste Normal file
View File

@ -0,0 +1,68 @@
find_item() {
if test ${#1} -ge 7; then
set -- "$(find "$STATEDIR/items" -mindepth 1 -maxdepth 1 \
-regex "$STATEDIR/items/$1[0-9A-Za-z]*$")"
if test -n "$1" && test $(echo "$1" | wc -l) = 1; then
echo "$1"
return 0
fi
fi
return 1
}
abs_path=${Request_URI%%\?*}
case "$Method $abs_path" in
"GET /"[0-9a-z]*)
if item=$(find_item ${abs_path#/}); then
content_type=$(cat "$item".content_type 2>/dev/null || file -ib "$item")
printf 'HTTP/1.1 200 OK\r\n'
printf 'Content-Type: %s\r\n' "$content_type"
printf 'Server: %s\r\n' "$Server"
printf 'Connection: close\r\n'
printf 'Content-Length: %d\r\n' $(wc -c < $item)
printf '\r\n'
cat $item
exit
fi
;;
"POST /")
content=$(mktemp -t htgen.$$.content.XXXXXXXX)
trap "rm $content >&2" EXIT
case ${req_expect-} in 100-continue)
printf 'HTTP/1.1 100 Continue\r\n\r\n'
esac
head -c $req_content_length > $content
sha256=$(sha256sum -b $content | cut -d\ -f1)
base32=$(nix-hash --to-base32 --type sha256 $sha256)
item=$STATEDIR/items/$base32
ref=http://$req_host/$base32
if ! test -e $item; then
mkdir -v -p $STATEDIR/items >&2
cp -v $content $item >&2
fi
if test -n ${reg_content_type-}; then
echo -n "$req_content_type" > "$item".content_type
fi
base32short=$(echo $base32 | cut -b-7)
if item=$(find_item $base32short); then
ref=$(echo "$ref"; echo "http://$req_host/$base32short")
fi
printf 'HTTP/1.1 200 OK\r\n'
printf 'Content-Type: text/plain; charset=UTF-8\r\n'
printf 'Server: %s\r\n' "$Server"
printf 'Connection: close\r\n'
printf 'Content-Length: %d\r\n' $(expr ${#ref} + 1)
printf '\r\n'
printf '%s\n' "$ref"
exit
;;
esac

3
krebs/5pkgs/simple/kpaste/default.nix
View File

@ -1,6 +1,7 @@
{ curl, gnused, writeDashBin }:
writeDashBin "kpaste" ''
${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" |
${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" \
-H "Content-Type-Override: ''${KPASTE_CONTENT_TYPE-}" |
${gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
''

3
krebs/5pkgs/simple/q-power_supply.nix
View File

@ -63,6 +63,7 @@ writeDashBin "q-power_supply" ''
END {
name = ENVIRON["POWER_SUPPLY_NAME"]
status = ENVIRON["POWER_SUPPLY_STATUS"]
charge_unit = "Ah"
charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6
@ -132,6 +133,8 @@ writeDashBin "q-power_supply" ''
out = out sprintf(" %s", print_hm(charge_now / current_now))
}
out = out " " status
print out
}
'

8
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "645bc49f34fa8eff95479f0345ff57e55b53437e",
"date": "2023-04-19T18:04:47+02:00",
"path": "/nix/store/jh86824939585dinrs1zlkh6cvz8l8l7-nixpkgs",
"sha256": "0kfndc7xdkm89yl0f27wdnwd6gdad3i49jx7gvaib1hz0ifpmxzv",
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
"date": "2023-05-22T13:19:02+02:00",
"path": "/nix/store/zgv3fzg2lywfqdrv4mghd62s9i6zxhrw-nixpkgs",
"sha256": "0nkg8h5ix0sbjqb0gdj5124nbg2gd1nmyl1p14cvlg77fs7afld6",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

8
krebs/nixpkgs.json
View File

@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"date": "2023-04-22T11:27:49+08:00",
"path": "/nix/store/gpfv5hbki6g1b63nqw7md5bjlcpzsz1w-nixpkgs",
"sha256": "1fd7xyfna0klfbv37qq1ms2j4gzjpy14a8vbnw1i8ix6fijkywjf",
"rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059",
"date": "2023-05-23T18:09:00+02:00",
"path": "/nix/store/2n82i65gv1y54xj3dplkvhfyc8rs1j90-nixpkgs",
"sha256": "180ipicp351s99nvn9xvf5nzs5fzxhawfbykaijvaqj63siss13m",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,

4
lass/1systems/aergia/config.nix
View File

@ -65,8 +65,4 @@
];
boot.cleanTmpDir = true;
# vbox
virtualisation.virtualbox.host.enable = true;
users.users.mainUser.extraGroups = [ "vboxusers" ];
}

6
lass/1systems/radio/source.nix Normal file
View File

@ -0,0 +1,6 @@
{ lib, pkgs, test, ... }: let
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
in if test then {} else {
nixpkgs.git.ref = lib.mkForce npkgs.rev;
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
}

12
lass/2configs/mail.nix
View File

@ -124,15 +124,6 @@ let
'';
muttrc = pkgs.writeText "muttrc" ''
# gpg
source ${pkgs.neomutt}/share/doc/neomutt/samples/gpg.rc
set pgp_use_gpg_agent = yes
set pgp_sign_as = 0xDC2A43EF4F11E854B44D599A89E82952976A7E4D
set crypt_autosign = no
set crypt_replyencrypt = yes
set crypt_verify_sig = yes
set pgp_verify_command = "gpg --no-verbose --batch --output - --verify %s %f"
# read html mails
auto_view text/html
@ -187,8 +178,7 @@ let
until ${pkgs.muchsync}/bin/muchsync -F lass@green.r; do
sleep 1
done
''}<enter> \
'run muchsync to green.r'
''}<enter>
#killed
bind index d noop

11
lass/2configs/paste.nix
View File

@ -82,14 +82,9 @@ with import <stockholm/lib>;
krebs.htgen.paste = {
port = 9081;
script = toString [
"PATH=${makeBinPath [
pkgs.nix
pkgs.file
]}:$PATH"
"STATEDIR=$HOME"
". ${pkgs.htgen}/examples/paste"
];
script = /* sh */ ''
(. ${pkgs.htgen-paste}/bin/htgen-paste)
'';
};
systemd.services.paste-gc = {

19
lass/2configs/pipewire.nix
View File

@ -22,15 +22,14 @@
pulse.enable = true;
jack.enable = true;
};
systemd.services.wireplumber = {
environment = {
HOME = "/var/lib/wireplumber";
DISPLAY = ":0";
};
path = [
pkgs.dbus
];
serviceConfig.StateDirectory = "wireplumber";
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
}

2
lass/2configs/services/radio/default.nix
View File

@ -82,7 +82,7 @@ in {
users.users = {
"${name}" = rec {
inherit name;
createHome = lib.mkForce false;
createHome = true;
group = name;
uid = pkgs.stockholm.lib.genid_uint31 name;
description = "radio manager";

29
lass/2configs/services/radio/news.nix
View File

@ -1,6 +1,31 @@
{ config, lib, pkgs, ... }:
let
tts = pkgs.writers.writeBashBin "tts" ''
set -efu
offset=0
OUTPUT=$(mktemp -d)
trap 'rm -rf "$OUTPUT"' EXIT
SPEAKER=$[ $RANDOM % 900 ]
while read line; do
echo "$line" |
${pkgs.larynx}/bin/larynx \
--model ${pkgs.fetchzip {
url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-libritts-high.tar.gz";
hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
stripRoot = false;
}}/en-us-libritts-high.onnx \
-s "$SPEAKER" \
-f "$OUTPUT"/"$offset".wav
((offset+=1))
done
${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
cat "$OUTPUT"/all.wav
'';
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
${pkgs.vorbis-tools}/bin/oggenc - |
${pkgs.cyberlocker-tools}/bin/cput news.ogg
@ -41,16 +66,16 @@ in
systemd.services.newsshow = {
path = [
newsshow
tts
send_to_radio
gc_news
get_current_news
pkgs.curl
pkgs.retry
];
script = ''
set -efu
retry -t 5 -d 10 -- newsshow |
retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
retry -t 5 -d 10 -- tts |
retry -t 5 -d 10 -- send_to_radio
'';
startAt = "*:00:00";

20
lass/2configs/weron/client.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
systemd.services.weron = {
wantedBy = [ "multi-user.target" ];
environment = {
WERON_RADDR = "ws://lassul.us:23420/";
};
serviceConfig = {
ExecStart = pkgs.writers.writeDash "weron" ''
${pkgs.weron}/bin/weron vpn ip \
--community krebs \
--password aidsballs \
--key aidsballs \
--ips 10.249.1.0/24 \
--verbose 7 \
--dev weron
'';
};
};
}

13
lass/2configs/weron/signaler.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
{
systemd.services.weron-signaler = {
wantedBy = [ "multi-user.target" ];
environment = {
};
serviceConfig = {
ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
};
};
networking.firewall.allowedTCPPorts = [ 23420 ];
}

1
tv/1systems/querel/config.nix
View File

@ -3,7 +3,6 @@ with import ./lib;
imports = [
<stockholm/tv>
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/xp-332.nix>
];
krebs.build.host = config.krebs.hosts.querel;

1
tv/1systems/xu/config.nix
View File

@ -17,7 +17,6 @@ with import ./lib;
<stockholm/tv/2configs/retiolum.nix>
<stockholm/tv/2configs/binary-cache>
<stockholm/tv/2configs/br.nix>
<stockholm/tv/2configs/xp-332.nix>
<stockholm/tv/2configs/xserver>
<stockholm/tv/2configs/xsessions>
<stockholm/tv/2configs/xserver/xkiller.nix>

3
tv/2configs/gitrepos.nix
View File

@ -96,6 +96,9 @@ with import ./lib;
nix-writers = {
cgit.desc = "collection of package builders";
};
nixpkgs = {
cgit.desc = "Nix Packages collection";
};
pager = {
};
populate = {

42
tv/2configs/xp-332.nix
View File

@ -1,42 +0,0 @@
with import ./lib;
{ config, pkgs, ... }: {
environment.etc."utsushi.conf".text = ''
[devices]
dev1.udi = esci:networkscan://ep.hkw:1865
dev1.model = XP-332
dev1.vendor = EPSON
'';
hardware.sane = {
enable = true;
extraBackends = [
pkgs.utsushi-customized
];
};
krebs.nixpkgs.allowUnfreePredicate = pkg:
packageName pkg == "imagescan-plugin-networkscan";
nixpkgs.overlays = singleton (self: super: {
utsushi-customized = self.utsushi.overrideAttrs (old: {
postInstall = ''
${old.postInstall or ""}
ln -s /etc/utsushi.conf $out/etc/utsushi/utsushi.conf
ln -s ${pkgs.imagescan-plugin-networkscan}/lib/utsushi/networkscan \
$out/libexec/utsushi/
'';
});
});
services = {
printing = {
drivers = [
pkgs.epson-escpr
];
enable = true;
};
saned.enable = true;
};
}

55
tv/5pkgs/simple/imagescan-plugin-networkscan.nix
View File

@ -1,55 +0,0 @@
{ fetchurl, lib, pkgs, stdenv }:
stdenv.mkDerivation rec {
pname = "imagescan-plugin-networkscan";
version = "1.1.3";
src =
if stdenv.system == "x86_64-linux" then
fetchurl {
urls = [
"https://download2.ebz.epson.net/imagescanv3/debian/latest1/deb/x64/imagescan-bundle-debian-10-3.63.0.x64.deb.tar.gz"
"http://ni.r/~tv/mirrors/epson/imagescan-bundle-debian-10-3.63.0.x64.deb.tar.gz"
];
hash = "sha256:1rbz6mjfinag7c2vnyl7lls3gpn8n91sv0p18ilnbw0vaddssn4j";
}
else throw "${pname} is not supported on ${stdenv.system}; supported systems: x86_64-linux";
dontBuild = true;
nativeBuildInputs = [
pkgs.dpkg
];
installPhase = ''
# Wildcard * stand for either i386 or amd64
dpkg -x \
plugins/imagescan-plugin-networkscan_${version}-1epson4debian10_*.deb \
tmp
mv tmp/usr $out
'';
preFixup = ''
patchelf --set-interpreter \
${pkgs.pkgsi686Linux.glibc}/lib/ld-linux-x86-64.so.2 \
$out/lib/utsushi/networkscan
# libstdc++.so.6
patchelf --set-rpath \
${stdenv.cc.cc.lib}/lib \
$out/lib/utsushi/networkscan
'';
meta = {
description = "Epson Image Scan v3 networkscan plugin";
longDescription = ''
This package provides the unfree networkscan plugin from the Epson
Image Scan v3 scanner driver bundle, which can be used by Utsushi.
'';
homepage = "http://support.epson.net/linux/en/imagescanv3.php?version=${version}";
license = lib.licenses.eapl;
maintainers = [ lib.maintainers.tv ];
platforms = lib.platforms.linux;
};
}