Merge remote-tracking branch 'lass/master' into 22.05
This commit is contained in:
commit
9c1799914a
|
@ -8,7 +8,7 @@ jobs:
|
|||
if: github.repository_owner == 'Mic92'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: repo-sync
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
networking.nat.enable = true;
|
||||
networking.nat.internalInterfaces = ["ve-+"];
|
||||
networking.nat.internalInterfaces = ["ve-+" "ctr+" ];
|
||||
networking.nat.externalInterface = lib.mkDefault "et0";
|
||||
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
|
||||
}
|
||||
|
|
|
@ -19,11 +19,6 @@
|
|||
inherit Nick;
|
||||
};
|
||||
};
|
||||
mumble.lassulus = {
|
||||
Server = "lassul.us:64738";
|
||||
Nick = "krebs_bridge";
|
||||
SkipTLSVerify = true;
|
||||
};
|
||||
gateway = [
|
||||
{
|
||||
name = "krebs-bridge";
|
||||
|
@ -37,10 +32,6 @@
|
|||
account = "telegram.krebs";
|
||||
channel = "-330372458";
|
||||
}
|
||||
{
|
||||
account = "mumble.lassulus";
|
||||
channel = 6; # "nixos"
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
|
|
@ -164,7 +164,7 @@
|
|||
if [ ''${#youtube_url} -eq 24 ]; then
|
||||
youtube_id=$youtube_url
|
||||
else
|
||||
youtube_id=$(${pkgs.youtube-dl}/bin/youtube-dl --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
|
||||
youtube_id=$(${pkgs.yt-dlp}/bin/yt-dlp --max-downloads 1 -j "$youtube_url" | ${pkgs.jq}/bin/jq -r '.channel_id')
|
||||
fi
|
||||
echo "brockman: add yt_$youtube_nick http://rss.r/?action=display&bridge=Youtube&context=By+channel+id&c=$youtube_id&duration_min=&duration_max=&format=Mrss"
|
||||
'';
|
||||
|
|
|
@ -148,6 +148,7 @@ in {
|
|||
|
||||
services.nginx = {
|
||||
virtualHosts."agenda.r" = {
|
||||
serverAliases = [ "kri.r" ];
|
||||
locations."= /index.html".extraConfig = ''
|
||||
alias ${pkgs.writeText "agenda.html" ''
|
||||
<!DOCTYPE html>
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
# https://github.com/Lassulus/CVE-2021-4034
|
||||
security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, pkgs, ... }: let
|
||||
parents = dir:
|
||||
if dir == "/" then
|
||||
[ dir ]
|
||||
[]
|
||||
else
|
||||
[ dir ] ++ parents (builtins.dirOf dir)
|
||||
;
|
||||
|
@ -40,13 +40,16 @@ in {
|
|||
pkgs.coreutils
|
||||
];
|
||||
serviceConfig = {
|
||||
ExecStart = pkgs.writers.writeDash "acl" (lib.concatStrings (
|
||||
lib.mapAttrsToList (_: rule: ''
|
||||
setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
|
||||
${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
|
||||
${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents path))}
|
||||
'') rules
|
||||
));
|
||||
ExecStart = pkgs.writers.writeDash "acl" ''
|
||||
mkdir -p "${path}"
|
||||
${lib.concatStrings (
|
||||
lib.mapAttrsToList (_: rule: ''
|
||||
setfacl -${lib.optionalString rule.recursive "R"}m ${rule.rule} ${path}
|
||||
${lib.optionalString rule.default "setfacl -${lib.optionalString rule.recursive "R"}dm ${rule.rule} ${path}"}
|
||||
${lib.optionalString rule.parents (lib.concatMapStringsSep "\n" (folder: "setfacl -m ${rule.rule} ${folder}") (parents (builtins.dirOf path)))}
|
||||
'') rules
|
||||
)}
|
||||
'';
|
||||
RemainAfterExit = true;
|
||||
Type = "simple";
|
||||
};
|
||||
|
|
|
@ -74,6 +74,7 @@ in {
|
|||
aliases = [
|
||||
"hotdog.r"
|
||||
"agenda.r"
|
||||
"kri.r"
|
||||
"build.r"
|
||||
"build.hotdog.r"
|
||||
"ca.r"
|
||||
|
|
|
@ -7,19 +7,19 @@
|
|||
}:
|
||||
mkDerivation rec {
|
||||
pname = "brockman";
|
||||
version = "4.0.3";
|
||||
version = "4.0.4";
|
||||
src = fetchFromGitHub {
|
||||
owner = "kmein";
|
||||
repo = "brockman";
|
||||
rev = version;
|
||||
sha256 = "sha256-rjwroSG9ys0FV2JM70kzmCutMVpUTx8cQ+jQq8Hw1kw=";
|
||||
sha256 = "sha256-GOEEUjehFgMMf6cNpi0AP/Rz74sTDEcpKRbLD+6YEz0=";
|
||||
};
|
||||
isLibrary = false;
|
||||
isExecutable = true;
|
||||
executableHaskellDepends = [
|
||||
aeson aeson-pretty base bytestring case-insensitive conduit
|
||||
containers directory feed filepath hashable hslogger html-entity
|
||||
http-client irc-conduit lens lrucache lrucaching network
|
||||
http-client irc-conduit lens lrucache network
|
||||
optparse-applicative random safe text time timerep wreq
|
||||
];
|
||||
license = lib.licenses.mit;
|
||||
|
|
|
@ -8,11 +8,11 @@
|
|||
}:
|
||||
mkDerivation rec {
|
||||
pname = "reaktor2";
|
||||
version = "0.4.0";
|
||||
version = "0.4.0a";
|
||||
src = fetchgit {
|
||||
url = "https://cgit.krebsco.de/reaktor2";
|
||||
sha256 = "0bnn23hjl57y0a5rf3h8kq078dziby7il7fandz5wh6s4i3psicp";
|
||||
rev = "v${version}";
|
||||
url = "https://cgit.lassul.us/reaktor2";
|
||||
sha256 = "sha256-x1i2TWcycYVFij6832xaBiQa1RQ1VmSfu5Qt1QrUtds=";
|
||||
rev = "6d3eb6de5e770ee26874bb7449934f0c55bd1efa";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
isLibrary = false;
|
||||
|
|
|
@ -122,7 +122,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" ''
|
|||
'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') &
|
||||
|
||||
# regular fetches
|
||||
fetch marker.json.tmp "$marker_url"
|
||||
fetch marker.json.tmp "$marker_url" || :
|
||||
if [ -s marker.json.tmp ]; then
|
||||
mv marker.json.tmp marker.json
|
||||
fi
|
||||
|
|
|
@ -109,45 +109,60 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
setFile = pkgs.writeText "weechat.set" (
|
||||
lib.optionalString (cfg.settings != {})
|
||||
(lib.concatStringsSep "\n" (
|
||||
lib.optionals
|
||||
(cfg.settings.irc or {} != {})
|
||||
(lib.mapAttrsToList
|
||||
(name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}")
|
||||
cfg.settings.irc.server)
|
||||
++
|
||||
lib.optionals
|
||||
(cfg.settings.matrix or {} != {})
|
||||
(lib.mapAttrsToList
|
||||
(name: server: "/matrix server add ${name} ${server.address}")
|
||||
cfg.settings.matrix.server)
|
||||
++
|
||||
lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
|
||||
++
|
||||
lib.optionals
|
||||
(cfg.settings.filters or {} != {})
|
||||
(lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
|
||||
++
|
||||
lib.singleton cfg.extraCommands
|
||||
))
|
||||
);
|
||||
|
||||
weechat = pkgs.weechat.override {
|
||||
configure = _: {
|
||||
init = lib.optionalString (cfg.settings != {})
|
||||
(lib.concatStringsSep "\n" (
|
||||
lib.optionals
|
||||
(cfg.settings.irc or {} != {})
|
||||
(lib.mapAttrsToList
|
||||
(name: server: "/server add ${name} ${server.address}")
|
||||
cfg.settings.irc.server)
|
||||
++
|
||||
lib.optionals
|
||||
(cfg.settings.matrix or {} != {})
|
||||
(lib.mapAttrsToList
|
||||
(name: server: "/matrix server add ${name} ${server.address}")
|
||||
cfg.settings.matrix.server)
|
||||
++
|
||||
lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
|
||||
++
|
||||
lib.optionals
|
||||
(cfg.settings.filters or {} != {})
|
||||
(lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
|
||||
++
|
||||
lib.singleton cfg.extraCommands
|
||||
));
|
||||
init = "/exec -oc cat ${setFile}";
|
||||
|
||||
scripts = cfg.scripts;
|
||||
};
|
||||
};
|
||||
|
||||
in pkgs.writers.writeDashBin "weechat" ''
|
||||
CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
|
||||
${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
|
||||
${lib.concatStringsSep "\n"
|
||||
(lib.mapAttrsToList
|
||||
(name: target: /* sh */ ''
|
||||
${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
|
||||
'')
|
||||
cfg.files
|
||||
)
|
||||
}
|
||||
exec ${weechat}/bin/weechat "$@"
|
||||
''
|
||||
wrapper = pkgs.writers.writeDashBin "weechat" ''
|
||||
CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
|
||||
${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
|
||||
${lib.concatStringsSep "\n"
|
||||
(lib.mapAttrsToList
|
||||
(name: target: /* sh */ ''
|
||||
${pkgs.coreutils}/bin/ln -s ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
|
||||
'')
|
||||
cfg.files
|
||||
)
|
||||
}
|
||||
exec ${weechat}/bin/weechat "$@"
|
||||
'';
|
||||
|
||||
in pkgs.symlinkJoin {
|
||||
name = "weechat-configured";
|
||||
paths = [
|
||||
wrapper
|
||||
pkgs.weechat
|
||||
];
|
||||
postBuild = ''
|
||||
ln -s ${setFile} $out/weechat.set
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "2a3aac479caeba0a65b2ad755fe5f284f1fde74d",
|
||||
"date": "2022-05-09T07:45:23+00:00",
|
||||
"path": "/nix/store/56hy8l0ky71qdx5zibjzzg0q8ivkk7vc-nixpkgs",
|
||||
"sha256": "0px2fk64s56qxd8ir8xg8bsj5yz1w399ps4xfkyx29n2ywp9ar7c",
|
||||
"rev": "5ce6597eca7d7b518c03ecda57d45f9404b5e060",
|
||||
"date": "2022-05-24T17:55:48+02:00",
|
||||
"path": "/nix/store/glvcj0zmqq9z5wf6bppnppbpf8w85iwf-nixpkgs",
|
||||
"sha256": "1hs1lnnbp1dky3nfp7xlricpp5c63sr46jyrnvykci8bl8jnxnl3",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "fd3e33d696b81e76b30160dfad2efb7ac1f19879",
|
||||
"date": "2022-04-30T11:27:15+02:00",
|
||||
"path": "/nix/store/4n9dqxd8j90h0j99n8pyim6n5q1zviwg-nixpkgs",
|
||||
"sha256": "1liw3glyv1cx0bxgxnq2yjp0ismg0np2ycg72rqghv75qb73zf9h",
|
||||
"rev": "d1086907f56c5a6c33c0c2e8dc9f42ef6988294f",
|
||||
"date": "2022-05-28T12:29:49+02:00",
|
||||
"path": "/nix/store/56gsa390lyiik6jdapnj98a2ww8af8ig-nixpkgs",
|
||||
"sha256": "009dc0njvdn5pzcyd8bp4sc9byf70w4msdkv6q2zfdlnh36im1jl",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
|
|
@ -3,7 +3,7 @@ dir=$(dirname $0)
|
|||
oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||
nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \
|
||||
--url https://github.com/NixOS/nixpkgs \
|
||||
--rev refs/heads/nixos-21.11' \
|
||||
--rev refs/heads/nixos-22.05' \
|
||||
> $dir/nixpkgs.json
|
||||
newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/')
|
||||
git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev"
|
||||
|
|
|
@ -43,7 +43,7 @@ with import <stockholm/lib>;
|
|||
libreoffice
|
||||
audacity
|
||||
zathura
|
||||
skype
|
||||
skypeforlinux
|
||||
wine
|
||||
geeqie
|
||||
vlc
|
||||
|
@ -56,22 +56,32 @@ with import <stockholm/lib>;
|
|||
services.xserver.layout = "de";
|
||||
}
|
||||
{
|
||||
krebs.per-user.bitcoin.packages = [
|
||||
pkgs.electrum
|
||||
pkgs.electron-cash
|
||||
pkgs.litecoin
|
||||
];
|
||||
users.extraUsers = {
|
||||
bitcoin = {
|
||||
name = "bitcoin";
|
||||
description = "user for bitcoin stuff";
|
||||
home = "/home/bitcoin";
|
||||
isNormalUser = true;
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
extraGroups = [ "audio" ];
|
||||
users = {
|
||||
groups.plugdev = {};
|
||||
users = {
|
||||
bitcoin = {
|
||||
name = "bitcoin";
|
||||
description = "user for bitcoin stuff";
|
||||
home = "/home/bitcoin";
|
||||
isNormalUser = true;
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"networkmanager"
|
||||
"plugdev"
|
||||
];
|
||||
packages = let
|
||||
unstable = import <nixpkgs-unstable> { config.allowUnfree = true; };
|
||||
in [
|
||||
pkgs.electrum
|
||||
pkgs.electron-cash
|
||||
unstable.ledger-live-desktop
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
hardware.ledger.enable = true;
|
||||
security.sudo.extraConfig = ''
|
||||
bubsy ALL=(bitcoin) NOPASSWD: ALL
|
||||
'';
|
||||
|
|
|
@ -25,7 +25,6 @@
|
|||
version = 4;
|
||||
};
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
# Required for the Wireless firmware
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
|
|
@ -124,6 +124,7 @@ with import <stockholm/lib>;
|
|||
<stockholm/lass/2configs/container-networking.nix>
|
||||
<stockholm/lass/2configs/jitsi.nix>
|
||||
<stockholm/lass/2configs/fysiirc.nix>
|
||||
<stockholm/lass/2configs/bgt-bot>
|
||||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
|
|
|
@ -47,7 +47,7 @@
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
script = ''
|
||||
${pkgs.xboxdrv.overrideAttrs(o: {
|
||||
patches = [ (pkgs.fetchurl {
|
||||
patches = o.patches ++ [ (pkgs.fetchurl {
|
||||
url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch";
|
||||
sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5";
|
||||
}) ];
|
||||
|
|
|
@ -1,38 +1,23 @@
|
|||
with (import <stockholm/lib>);
|
||||
{ config, lib, pkgs, ... }: let
|
||||
weechat = pkgs.weechat.override {
|
||||
configure = { availablePlugins, ... }: with pkgs.weechatScripts; {
|
||||
plugins = lib.attrValues (availablePlugins // {
|
||||
python = availablePlugins.python.withPackages (_: [ weechat-matrix ]);
|
||||
});
|
||||
scripts = [ weechat-matrix ];
|
||||
configure = { availablePlugins, ... }: {
|
||||
scripts = with pkgs.weechatScripts; [
|
||||
weechat-matrix
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
tmux = pkgs.writeDashBin "tmux" ''
|
||||
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||
set-option -g prefix `
|
||||
unbind-key C-b
|
||||
bind ` send-prefix
|
||||
|
||||
set-option -g status off
|
||||
set-option -g default-terminal screen-256color
|
||||
|
||||
#use session instead of windows
|
||||
bind-key c new-session
|
||||
bind-key p switch-client -p
|
||||
bind-key n switch-client -n
|
||||
bind-key C-s switch-client -l
|
||||
''} "$@"
|
||||
'';
|
||||
tmux = "/run/current-system/sw/bin/tmux";
|
||||
|
||||
in {
|
||||
imports = [
|
||||
./bitlbee.nix
|
||||
];
|
||||
environment.systemPackages = [ tmux weechat ];
|
||||
environment.systemPackages = [ weechat ];
|
||||
systemd.services.chat = {
|
||||
description = "chat environment setup";
|
||||
environment.WEECHAT_HOME = "\$HOME/.weechat";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
|
@ -46,8 +31,8 @@ in {
|
|||
User = "lass";
|
||||
RemainAfterExit = true;
|
||||
Type = "oneshot";
|
||||
ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${weechat}/bin/weechat";
|
||||
ExecStop = "${tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat
|
||||
ExecStart = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
|
||||
ExecStop = "${tmux} kill-session -t IM"; # TODO run save in weechat
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -89,9 +89,40 @@ in {
|
|||
};
|
||||
};
|
||||
"themes/dark/alacritty.yaml".text = alacritty-cfg {
|
||||
colors.primary = {
|
||||
background = "#000000";
|
||||
foreground = "#ffffff";
|
||||
colors = {
|
||||
# Default colors
|
||||
primary = {
|
||||
background = "0x000000";
|
||||
foreground = "0xffffff";
|
||||
};
|
||||
cursor = {
|
||||
text = "0xF81CE5";
|
||||
cursor = "0xffffff";
|
||||
};
|
||||
|
||||
# Normal colors
|
||||
normal = {
|
||||
black = "0x000000";
|
||||
red = "0xfe0100";
|
||||
green = "0x33ff00";
|
||||
yellow = "0xfeff00";
|
||||
blue = "0x0066ff";
|
||||
magenta = "0xcc00ff";
|
||||
cyan = "0x00ffff";
|
||||
white = "0xd0d0d0";
|
||||
};
|
||||
|
||||
# Bright colors
|
||||
bright = {
|
||||
black = "0x808080";
|
||||
red = "0xfe0100";
|
||||
green = "0x33ff00";
|
||||
yellow = "0xfeff00";
|
||||
blue = "0x0066ff";
|
||||
magenta = "0xcc00ff";
|
||||
cyan = "0x00ffff";
|
||||
white = "0xFFFFFF";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -16,7 +16,7 @@ in {
|
|||
./xmonad.nix
|
||||
./themes.nix
|
||||
{
|
||||
krebs.per-user.lass.packages = [
|
||||
users.users.mainUser.packages = [
|
||||
pkgs.sshuttle
|
||||
];
|
||||
security.sudo.extraConfig = ''
|
||||
|
@ -46,7 +46,7 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
users.users.mainUser.extraGroups = [ "audio" "video" ];
|
||||
users.users.mainUser.extraGroups = [ "audio" "pipewire" "video" ];
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
|
@ -64,7 +64,7 @@ in {
|
|||
font-size
|
||||
fzfmenu
|
||||
gimp
|
||||
gitAndTools.hub
|
||||
gitAndTools.gh
|
||||
git-crypt
|
||||
git-preview
|
||||
dconf
|
||||
|
@ -79,11 +79,13 @@ in {
|
|||
ponymix
|
||||
powertop
|
||||
rxvt_unicode-with-plugins
|
||||
sshvnc
|
||||
sxiv
|
||||
taskwarrior
|
||||
termite
|
||||
transgui
|
||||
wirelesstools
|
||||
x11vnc
|
||||
xclip
|
||||
xephyrify
|
||||
xorg.xhost
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
#!/bin/sh
|
||||
# needs in path:
|
||||
# curl gnugrep jq
|
||||
# creates and manages $PWD/state
|
||||
set -xeuf
|
||||
|
||||
send_reaktor(){
|
||||
# usage: send_reaktor "text"
|
||||
echo "send_reaktor: $1"
|
||||
curl -fsS "http://localhost:$REAKTOR_PORT" \
|
||||
-H content-type:application/json \
|
||||
-d "$(jq -n \
|
||||
--arg text "$1" \
|
||||
--arg channel "$IRC_CHANNEL" \
|
||||
'{
|
||||
command:"PRIVMSG",
|
||||
params:[$channel,$text]
|
||||
}'
|
||||
)"
|
||||
}
|
||||
|
||||
live=$(shuf -n1 <<EOF
|
||||
Binärgewitter Liveshow hat begonnen! http://stream.radiotux.de:8000/binaergewitter.mp3
|
||||
EOF
|
||||
)
|
||||
|
||||
offline=$(shuf -n1 <<EOF
|
||||
Live stream vorbei
|
||||
EOF
|
||||
)
|
||||
error=$(shuf -n1 <<EOF
|
||||
something went wrong
|
||||
EOF
|
||||
)
|
||||
|
||||
if curl -Ss http://stream.radiotux.de:8000 | grep -q 'Mount Point /binaergewitter'; then
|
||||
state='live'
|
||||
else
|
||||
state='offline'
|
||||
fi
|
||||
prevstate=$(cat state ||:)
|
||||
|
||||
if test "$state" == "$(cat state)";then
|
||||
#echo "current and last state is the same ($state), doing nothing"
|
||||
:
|
||||
else
|
||||
echo "API state and last state differ ( '$state' != '$prevstate')"
|
||||
if test "$state" == 'live';then
|
||||
send_reaktor "$live"
|
||||
elif test "$state" == 'offline';then
|
||||
send_reaktor "$offline"
|
||||
else
|
||||
send_reaktor "$error"
|
||||
fi
|
||||
echo 'updating state'
|
||||
printf "%s" "$state" > state
|
||||
fi
|
|
@ -0,0 +1,44 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
|
||||
bot_port = "7654";
|
||||
irc_channel = "#binaergewitter";
|
||||
in
|
||||
{
|
||||
krebs.reaktor2.bgt-announce = {
|
||||
hostname = "irc.libera.chat";
|
||||
port = "6697";
|
||||
nick = "bgt-announce";
|
||||
API.listen = "inet://127.0.0.1:${bot_port}";
|
||||
plugins = [
|
||||
{
|
||||
plugin = "register";
|
||||
config = {
|
||||
channels = [
|
||||
irc_channel
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
systemd.services.check_bgt_show = {
|
||||
startAt = "*:0/5";
|
||||
environment = {
|
||||
IRC_CHANNEL = irc_channel;
|
||||
REAKTOR_PORT = bot_port;
|
||||
};
|
||||
path = with pkgs; [
|
||||
curl
|
||||
gnugrep
|
||||
jq
|
||||
];
|
||||
script = builtins.readFile ./bgt-check.sh;
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
StateDirectory = "bgt-announce";
|
||||
WorkingDirectory = "/var/lib/bgt-announce";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -28,7 +28,6 @@ in {
|
|||
};
|
||||
};
|
||||
security.sudo.extraConfig = ''
|
||||
${mainUser.name} ALL=(bch) ALL
|
||||
${mainUser.name} ALL=(bitcoin) ALL
|
||||
${mainUser.name} ALL=(monero) ALL
|
||||
'';
|
||||
|
|
|
@ -11,7 +11,7 @@ with (import <stockholm/lib>);
|
|||
pkgs.bitlbee-discord
|
||||
];
|
||||
libpurple_plugins = [
|
||||
pkgs.telegram-purple
|
||||
# pkgs.telegram-purple
|
||||
# pkgs.tdlib-purple
|
||||
# pkgs.purple-gowhatsapp
|
||||
];
|
||||
|
|
|
@ -8,7 +8,6 @@ with (import <stockholm/lib>);
|
|||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ag
|
||||
dic
|
||||
nmap
|
||||
git-preview
|
||||
|
|
|
@ -46,4 +46,6 @@ with import <stockholm/lib>;
|
|||
];
|
||||
};
|
||||
|
||||
users.users.mainUser.extraGroups = [ "scanner" "lp" ];
|
||||
|
||||
}
|
||||
|
|
|
@ -28,6 +28,10 @@ in {
|
|||
params.hedgedoc = {};
|
||||
};
|
||||
|
||||
systemd.services.hedgedoc.environment = {
|
||||
CMD_COOKIE_POLICY = "none";
|
||||
CMD_CSP_ALLOW_FRAMING = "true";
|
||||
};
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration.allowOrigin = [ domain ];
|
||||
|
@ -47,6 +51,7 @@ in {
|
|||
sslCertPath = "/var/lib/acme/${domain}/cert.pem";
|
||||
sslKeyPath = "/var/lib/acme/${domain}/key.pem";
|
||||
dhParamPath = config.security.dhparams.params.hedgedoc.path;
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,6 +10,8 @@ with import <stockholm/lib>;
|
|||
./htop.nix
|
||||
<stockholm/krebs/2configs/security-workarounds.nix>
|
||||
./wiregrill.nix
|
||||
./tmux.nix
|
||||
./tor-ssh.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
|
@ -122,6 +124,9 @@ with import <stockholm/lib>;
|
|||
q
|
||||
rs
|
||||
untilport
|
||||
(pkgs.writeDashBin "urgent" ''
|
||||
printf '\a'
|
||||
'')
|
||||
usbutils
|
||||
logify
|
||||
goify
|
||||
|
|
|
@ -61,7 +61,7 @@ in {
|
|||
name = "games";
|
||||
description = "user playing games";
|
||||
home = "/home/games";
|
||||
extraGroups = [ "audio" "video" "input" "loot" ];
|
||||
extraGroups = [ "audio" "video" "input" "loot" "pipewire" ];
|
||||
createHome = true;
|
||||
useDefaultShell = true;
|
||||
packages = with pkgs; [
|
||||
|
|
|
@ -28,7 +28,7 @@ let
|
|||
|
||||
|
||||
# TODO: get the list of all krebsministers
|
||||
krebsminister = with config.krebs.users; [ makefu tv ];
|
||||
krebsminister = with config.krebs.users; [ makefu tv kmein ];
|
||||
krebs-rules = repo:
|
||||
set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister;
|
||||
|
||||
|
|
|
@ -122,12 +122,6 @@ let
|
|||
cgit.section = "configuration";
|
||||
};
|
||||
} // mapAttrs make-public-repo-silent {
|
||||
nixos-aws = {
|
||||
collaborators = [ {
|
||||
name = "fabio";
|
||||
pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada";
|
||||
} ];
|
||||
};
|
||||
};
|
||||
|
||||
restricted-repos = mapAttrs make-restricted-repo (
|
||||
|
|
|
@ -4,10 +4,10 @@ with import <stockholm/lib>;
|
|||
users.users.media = {
|
||||
isNormalUser = true;
|
||||
uid = genid_uint31 "media";
|
||||
extraGroups = [ "video" "audio" ];
|
||||
extraGroups = [ "video" "audio" "pipewire" ];
|
||||
};
|
||||
|
||||
services.xserver.displayManager.lightdm.autoLogin = {
|
||||
services.xserver.displayManager.autoLogin = {
|
||||
enable = true;
|
||||
user = "media";
|
||||
};
|
||||
|
|
|
@ -7,10 +7,13 @@
|
|||
config = {
|
||||
enableWelcomePage = true;
|
||||
requireDisplayName = true;
|
||||
analytics.disabled = true;
|
||||
};
|
||||
interfaceConfig = {
|
||||
SHOW_JITSI_WATERMARK = false;
|
||||
SHOW_WATERMARK_FOR_GUESTS = false;
|
||||
DISABLE_PRESENCE_STATUS = true;
|
||||
GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -144,15 +144,7 @@ let
|
|||
|
||||
set sort=threads
|
||||
|
||||
set index_format="${pkgs.writeDash "mutt-index" ''
|
||||
# http://www.mutt.org/doc/manual/#formatstrings
|
||||
recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')"
|
||||
# output to mutt
|
||||
# V
|
||||
echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%"
|
||||
# args to mutt-index dash script
|
||||
# V
|
||||
''} %r |"
|
||||
set index_format="%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> %r %g"
|
||||
|
||||
virtual-mailboxes "Unread" "notmuch://?query=tag:unread"
|
||||
virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox"
|
||||
|
|
|
@ -11,6 +11,5 @@ in {
|
|||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p tcp --dport 25565"; target = "ACCEPT"; }
|
||||
{ predicate = "-p udp --dport 25565"; target = "ACCEPT"; }
|
||||
{ predicate = "-p tcp --dport 8123"; target = "ACCEPT"; }
|
||||
];
|
||||
}
|
||||
|
|
|
@ -76,15 +76,43 @@ let
|
|||
mp.add_key_binding('S', "download_subs", download)
|
||||
'';
|
||||
|
||||
mpvInput = pkgs.writeText "mpv.input" ''
|
||||
: script-binding console/enable
|
||||
'';
|
||||
|
||||
mpvConfig = pkgs.writeText "mpv.conf" ''
|
||||
osd-font-size=20
|
||||
'';
|
||||
|
||||
mpv = pkgs.symlinkJoin {
|
||||
name = "mpv";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "mpv" ''
|
||||
exec ${pkgs.mpv}/bin/mpv \
|
||||
set -efu
|
||||
if [ -n "''${DISPLAY+x}" ]; then
|
||||
Y_RES=$(${pkgs.xorg.xrandr}/bin/xrandr |
|
||||
${pkgs.jc}/bin/jc --xrandr |
|
||||
${pkgs.jq}/bin/jq '.screens[0].current_width'
|
||||
)
|
||||
else
|
||||
Y_RES=1000
|
||||
fi
|
||||
# we need to disable sponsorblock local database because of
|
||||
# https://github.com/po5/mpv_sponsorblock/issues/31
|
||||
exec ${pkgs.mpv.override {
|
||||
scripts = with pkgs.mpvScripts; [
|
||||
sponsorblock
|
||||
youtube-quality
|
||||
];
|
||||
}}/bin/mpv \
|
||||
-vo=gpu \
|
||||
--no-config \
|
||||
--input-conf=${mpvInput} \
|
||||
--include=${mpvConfig} \
|
||||
--script=${autosub} \
|
||||
--ytdl-format="best[height<$Y_RES]" \
|
||||
--script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \
|
||||
--script-opts-append=sponsorblock-local_database=no \
|
||||
"$@"
|
||||
'')
|
||||
pkgs.mpv
|
||||
|
|
|
@ -57,10 +57,8 @@ with import <stockholm/lib>;
|
|||
addSSL = true;
|
||||
serverAliases = [ "p.krebsco.de" ];
|
||||
locations."/".extraConfig = ''
|
||||
if ($request_method != GET) {
|
||||
return 403;
|
||||
}
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port};
|
||||
'';
|
||||
locations."/image".extraConfig = ''
|
||||
|
|
|
@ -4,9 +4,11 @@
|
|||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
aria2
|
||||
generate-secrets
|
||||
gnupg1compat
|
||||
htop
|
||||
i3lock
|
||||
l-gen-secrets
|
||||
mosh
|
||||
pass
|
||||
pavucontrol
|
||||
|
@ -18,18 +20,41 @@
|
|||
transmission
|
||||
wget
|
||||
xsel
|
||||
youtube-dl
|
||||
yt-dlp
|
||||
(pkgs.writeDashBin "youtube-dl" ''
|
||||
exec ${pkgs.yt-dlp}/bin/yt-dlp "$@"
|
||||
'')
|
||||
(pkgs.writeDashBin "tether-on" ''
|
||||
adb shell svc usb setFunctions rndis
|
||||
'')
|
||||
(pkgs.writeDashBin "tether-off" ''
|
||||
adb shell svc usb setFunctions
|
||||
'')
|
||||
(pkgs.writeDashBin "dl-movie" ''
|
||||
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@"
|
||||
(pkgs.writeDashBin "deploy" ''
|
||||
set -eu
|
||||
export SYSTEM="$1"
|
||||
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
|
||||
'')
|
||||
(pkgs.writeDashBin "dl-series" ''
|
||||
${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/series -a "$@"
|
||||
(pkgs.writeDashBin "krebsco.de" ''
|
||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||
${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json
|
||||
OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import
|
||||
${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
|
||||
'')
|
||||
(pkgs.writeDashBin "lassul.us" ''
|
||||
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
|
||||
${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json
|
||||
OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us
|
||||
${pkgs.coreutils}/bin/rm -rf "$TMPDIR"
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-coinbase" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.coinbase.com/v2/prices/spot?currency=EUR' | ${pkgs.jq}/bin/jq '.data.amount'
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-wex" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://wex.nz/api/3/ticker/btc_eur' | ${pkgs.jq}/bin/jq '.btc_eur.avg'
|
||||
'')
|
||||
(pkgs.writeDashBin "btc-kraken" ''
|
||||
${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]'
|
||||
'')
|
||||
];
|
||||
}
|
||||
|
|
|
@ -107,6 +107,7 @@ let
|
|||
in {
|
||||
imports = [
|
||||
./news.nix
|
||||
./weather.nix
|
||||
];
|
||||
|
||||
users.users = {
|
||||
|
@ -165,14 +166,14 @@ in {
|
|||
|
||||
output.icecast(mount = '/music.ogg', password = 'hackme', %vorbis(quality = 1), source)
|
||||
output.icecast(mount = '/music.mp3', password = 'hackme', %mp3.vbr(), source)
|
||||
output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 64), source)
|
||||
output.icecast(mount = '/music.opus', password = 'hackme', %opus(bitrate = 96), source)
|
||||
|
||||
extra_input = audio_to_stereo(input.harbor("live", port=1338))
|
||||
|
||||
o = smooth_add(normal = source, special = extra_input)
|
||||
output.icecast(mount = '/radio.ogg', password = 'hackme', %vorbis(quality = 1), o)
|
||||
output.icecast(mount = '/radio.mp3', password = 'hackme', %mp3.vbr(), o)
|
||||
output.icecast(mount = '/radio.opus', password = 'hackme', %opus(bitrate = 64), o)
|
||||
output.icecast(mount = '/radio.opus', password = 'hackme', %opus(bitrate = 96), o)
|
||||
'';
|
||||
services.icecast = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,45 +1,28 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
weather_for_ips = pkgs.writers.writePython3Bin "weather_for_ips" {
|
||||
libraries = [ pkgs.python3Packages.geoip2 ];
|
||||
} ./weather_for_ips.py;
|
||||
|
||||
weather_report = pkgs.writers.writeDashBin "weather_report" ''
|
||||
set -efu
|
||||
export PATH="${lib.makeBinPath [
|
||||
pkgs.coreutils
|
||||
pkgs.curl
|
||||
pkgs.iproute2
|
||||
pkgs.jc
|
||||
pkgs.jq
|
||||
]}"
|
||||
curl -z /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
|
||||
MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
|
||||
OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
|
||||
ss -no 'sport = :8000' |
|
||||
jc --ss | jq -r '.[] |
|
||||
select(
|
||||
.local_address != "[::ffff:127.0.0.1]"
|
||||
and .local_address != "[::1]"
|
||||
) | .peer_address | gsub("[\\[\\]]"; "")
|
||||
' |
|
||||
${weather_for_ips}/bin/weather_for_ips
|
||||
'';
|
||||
|
||||
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
|
||||
${pkgs.vorbisTools}/bin/oggenc - |
|
||||
${pkgs.vorbis-tools}/bin/oggenc - |
|
||||
${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live
|
||||
'';
|
||||
|
||||
gc_news = pkgs.writers.writeDashBin "gc_news" ''
|
||||
set -xefu
|
||||
export TZ=UTC #workaround for jq parsing wrong timestamp
|
||||
${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp
|
||||
${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news
|
||||
'';
|
||||
|
||||
get_current_news = pkgs.writers.writeDashBin "get_current_news" ''
|
||||
set -xefu
|
||||
${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs 'map(select(((.to | fromdateiso8601) > now) and (.from|fromdateiso8601) < now) | .text) | .[]'
|
||||
export TZ=UTC #workaround for jq parsing wrong timestamp
|
||||
${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs '
|
||||
sort_by(.priority) |
|
||||
map(select(
|
||||
((.to | fromdateiso8601) > now) and
|
||||
(.from|fromdateiso8601) < now) |
|
||||
.text
|
||||
) | .[]'
|
||||
'';
|
||||
|
||||
newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ ''
|
||||
|
@ -50,7 +33,6 @@ let
|
|||
todays news:
|
||||
$(get_current_news)
|
||||
$(gc_news)
|
||||
$(weather_report)
|
||||
EOF
|
||||
'';
|
||||
in
|
||||
|
@ -61,7 +43,6 @@ in
|
|||
send_to_radio
|
||||
gc_news
|
||||
get_current_news
|
||||
weather_report
|
||||
pkgs.curl
|
||||
pkgs.retry
|
||||
];
|
||||
|
@ -74,9 +55,6 @@ in
|
|||
startAt = "*:00:00";
|
||||
serviceConfig = {
|
||||
User = "radio-news";
|
||||
LoadCredential = [
|
||||
"openweather_api:${toString <secrets>}/openweather_api_key"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -107,8 +85,8 @@ in
|
|||
;;
|
||||
"POST /")
|
||||
payload=$(head -c "$req_content_length")
|
||||
echo "$payload" | jq 'has("from") and has("to") and has("text")' >&2
|
||||
echo "$payload" | jq -c '{ from: (.from | fromdate | todate), to: (.to | fromdate | todate), text: .text }' >> "$HOME"/news
|
||||
printf '%s' "$payload" | jq 'has("from") and has("to") and has("text")' >&2
|
||||
printf '%s' "$payload" | jq -c '{ from: .from, to: .to, text: .text, priority: (.priority // 0)}' >> "$HOME"/news
|
||||
printf 'HTTP/1.1 200 OK\r\n'
|
||||
printf 'Connection: close\r\n'
|
||||
printf '\r\n'
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
weather_for_ips = pkgs.writers.writePython3Bin "weather_for_ips" {
|
||||
libraries = [ pkgs.python3Packages.geoip2 ];
|
||||
flakeIgnore = [ "E501" ];
|
||||
} ./weather_for_ips.py;
|
||||
|
||||
weather_report = pkgs.writers.writeDashBin "weather_report" ''
|
||||
set -efu
|
||||
export PATH="${lib.makeBinPath [
|
||||
pkgs.coreutils
|
||||
pkgs.curl
|
||||
pkgs.iproute2
|
||||
pkgs.jc
|
||||
pkgs.jq
|
||||
]}"
|
||||
curl -z /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
|
||||
MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
|
||||
OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
|
||||
ss -no 'sport = :8000' |
|
||||
jc --ss | jq -r '.[] |
|
||||
select(
|
||||
.local_address != "[::ffff:127.0.0.1]"
|
||||
and .local_address != "[::1]"
|
||||
) | .peer_address | gsub("[\\[\\]]"; "")
|
||||
' |
|
||||
${weather_for_ips}/bin/weather_for_ips
|
||||
'';
|
||||
in {
|
||||
systemd.services.weather = {
|
||||
path = [
|
||||
weather_report
|
||||
pkgs.retry
|
||||
pkgs.jq
|
||||
pkgs.curl
|
||||
];
|
||||
script = ''
|
||||
set -xefu
|
||||
retry -t 5 -d 10 -- weather_report |
|
||||
jq \
|
||||
--arg from "$(date -u +'%FT%TZ')" \
|
||||
--arg to "$(date -u +'%FT%TZ' -d '+1 hours')" \
|
||||
--slurp --raw-input --compact-output --ascii-output \
|
||||
'{text: ., from: $from, to: $to, priority: 100}' |
|
||||
retry -t 5 -d 10 -- curl -v -d@- http://radio-news.r
|
||||
'';
|
||||
startAt = "*:58:00";
|
||||
serviceConfig = {
|
||||
User = "radio-news";
|
||||
LoadCredential = [
|
||||
"openweather_api:${toString <secrets>}/openweather_api_key"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -21,13 +21,13 @@ for ip in fileinput.input():
|
|||
f'&units=metric'
|
||||
)
|
||||
resp = requests.get(url)
|
||||
weather = json.loads(resp.text)['current']
|
||||
weather = json.loads(resp.text)
|
||||
output.append(
|
||||
f'Weather report for {location.city.name}'
|
||||
f', {location.country.name}. '
|
||||
f'Currently it is {weather["weather"][0]["description"]} outside '
|
||||
f'with a temperature of {weather["temp"]} degrees '
|
||||
f'and a windspeed of {weather["wind_speed"]} meter per second. '
|
||||
f'Weather report for {location.city.name}, {location.country.name}. '
|
||||
f'Currently it is {weather["current"]["weather"][0]["description"]} outside '
|
||||
f'with a temperature of {weather["current"]["temp"]} degrees, '
|
||||
f'and a wind speed of {weather["current"]["wind_speed"]} meters per second. '
|
||||
f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100} percent. '
|
||||
)
|
||||
|
||||
print('\n'.join(output))
|
||||
|
|
|
@ -22,6 +22,10 @@ in {
|
|||
hostname
|
||||
"${hostname}.r"
|
||||
];
|
||||
locations."/realwallpaper/".extraConfig = ''
|
||||
index on;
|
||||
root /var/realwallpaper";
|
||||
'';
|
||||
locations."/realwallpaper.png".extraConfig = ''
|
||||
root /var/realwallpaper/;
|
||||
'';
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
"eve"
|
||||
];
|
||||
extraConfig = ''
|
||||
AutoConnect = no
|
||||
StrictSubnets = yes
|
||||
${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
|
||||
LocalDiscovery = no
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = with config.krebs.users; [
|
||||
config.krebs.users.lass-mors.pubkey
|
||||
config.krebs.users.lass.pubkey
|
||||
config.krebs.users.lass-blue.pubkey
|
||||
];
|
||||
};
|
||||
|
|
|
@ -3,9 +3,8 @@
|
|||
path = "/home/lass/decsync";
|
||||
devices = [ "mors" "blue" "green" "phone" ];
|
||||
};
|
||||
krebs.permown."/home/lass/decsync" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
|
||||
krebs.acl."/home/lass/decsync"."u:syncthing:X".parents = true;
|
||||
krebs.acl."/home/lass/decsync"."u:syncthing:rwX" = {};
|
||||
krebs.acl."/home/lass/decsync"."u:lass:rwX" = {};
|
||||
}
|
||||
|
|
|
@ -2,12 +2,7 @@
|
|||
services.syncthing.folders."/home/lass/sync" = {
|
||||
devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ];
|
||||
};
|
||||
krebs.permown."/home/lass/sync" = {
|
||||
file-mode = "u+rw,g+rw";
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0002";
|
||||
keepGoing = true;
|
||||
};
|
||||
krebs.acl."/home/lass/sync"."u:syncthing:X".parents = true;
|
||||
krebs.acl."/home/lass/sync"."u:syncthing:rwX" = {};
|
||||
krebs.acl."/home/lass/sync"."u:lass:rwX" = {};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,6 @@
|
|||
{
|
||||
services.syncthing.folders."/home/lass/.weechat".devices = [ "green" "mors" ];
|
||||
krebs.permown."/home/lass/.weechat" = {
|
||||
owner = "lass";
|
||||
group = "syncthing";
|
||||
umask = "0007";
|
||||
};
|
||||
krebs.acl."/home/lass/.weechat"."u:syncthing:X".parents = true;
|
||||
krebs.acl."/home/lass/.weechat"."u:syncthing:rwX" = {};
|
||||
krebs.acl."/home/lass/.weechat"."u:lass:rwX" = {};
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
${placeholder "out"}/bin/switch-theme dark
|
||||
fi
|
||||
elif test -e "/etc/themes/$1"; then
|
||||
${pkgs.coreutils}/bin/mkdir -p /var/theme/config
|
||||
${pkgs.rsync}/bin/rsync --chown=lass:users -a --delete "/etc/themes/$1/" /var/theme/config/
|
||||
echo "$1" > /var/theme/current_theme
|
||||
${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
|
||||
|
|
|
@ -2,25 +2,26 @@ with import <stockholm/lib>;
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.etc."tmux.conf".text = ''
|
||||
#prefix key to `
|
||||
set-option -g prefix2 `
|
||||
|
||||
bind-key r source-file /etc/tmux.conf \; display-message "/etc/tmux.conf reloaded"
|
||||
|
||||
set-option -g default-terminal screen-256color
|
||||
|
||||
#use session instead of windows
|
||||
bind-key c new-session
|
||||
bind-key p switch-client -p
|
||||
bind-key n switch-client -n
|
||||
bind-key C-s switch-client -l
|
||||
'';
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
tmux = pkgs.symlinkJoin {
|
||||
name = "tmux";
|
||||
paths = [
|
||||
(pkgs.writeDashBin "tmux" ''
|
||||
exec ${super.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
|
||||
#change prefix key to `
|
||||
set-option -g prefix `
|
||||
unbind-key C-b
|
||||
bind ` send-prefix
|
||||
|
||||
set-option -g default-terminal screen-256color
|
||||
|
||||
#use session instead of windows
|
||||
bind-key c new-session
|
||||
bind-key p switch-client -p
|
||||
bind-key n switch-client -n
|
||||
bind-key C-s switch-client -l
|
||||
''} "$@"
|
||||
exec ${super.tmux}/bin/tmux -f /etc/tmux.conf "$@"
|
||||
'')
|
||||
super.tmux
|
||||
];
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
services.tor = {
|
||||
enable = true;
|
||||
relay.onionServices.ssh = {
|
||||
version = 3;
|
||||
map = [{
|
||||
port = 22;
|
||||
target.port = 22;
|
||||
}];
|
||||
secretKey = <secrets/ssh-tor.priv>;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -21,6 +21,7 @@ let
|
|||
set backup
|
||||
set backupdir=${dirs.backupdir}/
|
||||
set directory=${dirs.swapdir}//
|
||||
set list listchars=tab:⇥\ ,extends:❯,precedes:❮,nbsp:␣,trail:· showbreak=¬
|
||||
set hlsearch
|
||||
set incsearch
|
||||
set ttymouse=sgr
|
||||
|
@ -51,7 +52,7 @@ let
|
|||
filetype plugin indent on
|
||||
|
||||
set t_Co=256
|
||||
colorscheme hack
|
||||
colorscheme dim
|
||||
syntax on
|
||||
|
||||
au Syntax * syn match Garbage containedin=ALL /\s\+$/
|
||||
|
@ -114,10 +115,17 @@ let
|
|||
|
||||
" copy/paste from/to xclipboard
|
||||
set clipboard=unnamedplus
|
||||
|
||||
" use fzf to switch files
|
||||
nnoremap <C-p> :FZF<CR>
|
||||
nnoremap <C-l> :Rg<CR>
|
||||
let g:fzf_layout = { 'down': '~15%' }
|
||||
'';
|
||||
|
||||
extra-runtimepath = concatMapStringsSep "," (pkg: "${pkg.rtp}") [
|
||||
pkgs.vimPlugins.undotree
|
||||
pkgs.vimPlugins.fzf-vim
|
||||
pkgs.vimPlugins.fzfWrapper
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "file-line-1.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
|
@ -127,49 +135,15 @@ let
|
|||
sha256 = "0z47zq9rqh06ny0q8lpcdsraf3lyzn9xvb59nywnarf3nxrk6hx0";
|
||||
};
|
||||
})
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "hack";
|
||||
in {
|
||||
name = "vim-color-${name}-1.0.2";
|
||||
destination = "/colors/${name}.vim";
|
||||
text = /* vim */ ''
|
||||
set background=dark
|
||||
hi clear
|
||||
if exists("syntax_on")
|
||||
syntax clear
|
||||
endif
|
||||
|
||||
let colors_name = ${toJSON name}
|
||||
|
||||
hi Normal ctermbg=016
|
||||
hi Comment ctermfg=255
|
||||
hi Constant ctermfg=229
|
||||
hi Identifier ctermfg=123
|
||||
hi Function ctermfg=041
|
||||
hi Statement ctermfg=167
|
||||
hi PreProc ctermfg=167
|
||||
hi Type ctermfg=046
|
||||
hi Delimiter ctermfg=251
|
||||
hi Special ctermfg=146
|
||||
|
||||
hi Garbage ctermbg=124
|
||||
hi TabStop ctermbg=020
|
||||
hi NBSP ctermbg=056
|
||||
hi NarrowNBSP ctermbg=097
|
||||
hi Todo ctermfg=174 ctermbg=NONE
|
||||
|
||||
hi NixCode ctermfg=190
|
||||
hi NixData ctermfg=149
|
||||
hi NixQuote ctermfg=119
|
||||
|
||||
hi diffNewFile ctermfg=207
|
||||
hi diffFile ctermfg=207
|
||||
hi diffLine ctermfg=207
|
||||
hi diffSubname ctermfg=207
|
||||
hi diffAdded ctermfg=010
|
||||
hi diffRemoved ctermfg=009
|
||||
'';
|
||||
})))
|
||||
(pkgs.vimUtils.buildVimPlugin {
|
||||
name = "vim-dim-1.1.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "jeffkreeftmeijer";
|
||||
repo = "vim-dim";
|
||||
rev = "1.1.0";
|
||||
sha256 = "sha256-lyTZUgqUEEJRrzGo1FD8/t8KBioPrtB3MmGvPeEVI/g=";
|
||||
};
|
||||
})
|
||||
((rtp: rtp // { inherit rtp; }) (pkgs.writeTextFile (let
|
||||
name = "vim";
|
||||
in {
|
||||
|
|
|
@ -29,6 +29,8 @@ in {
|
|||
(servePage [ "apanowicz.de" "www.apanowicz.de" ])
|
||||
(servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ])
|
||||
(servePage [ "illustra.de" "www.illustra.de" ])
|
||||
(servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ])
|
||||
(servePage [ "familienrat-hamburg.de" "www.familienrat-hamburg.de" ])
|
||||
(servePage [
|
||||
"freemonkey.art"
|
||||
"www.freemonkey.art"
|
||||
|
@ -36,20 +38,20 @@ in {
|
|||
(serveOwncloud [ "o.ubikmedia.de" ])
|
||||
(serveWordpress [
|
||||
"ubikmedia.de"
|
||||
"nirwanabluete.de"
|
||||
"ubikmedia.eu"
|
||||
"youthtube.xyz"
|
||||
"joemisch.com"
|
||||
"weirdwednesday.de"
|
||||
"jarugadesign.de"
|
||||
"beesmooth.ch"
|
||||
|
||||
"www.nirwanabluete.de"
|
||||
"www.ubikmedia.eu"
|
||||
"www.youthtube.xyz"
|
||||
"www.ubikmedia.de"
|
||||
"www.joemisch.com"
|
||||
"www.weirdwednesday.de"
|
||||
"www.jarugadesign.de"
|
||||
"www.beesmooth.ch"
|
||||
|
||||
"aldona2.ubikmedia.de"
|
||||
"cinevita.ubikmedia.de"
|
||||
|
@ -64,9 +66,13 @@ in {
|
|||
"jarugadesign.ubikmedia.de"
|
||||
"crypto4art.ubikmedia.de"
|
||||
"jarugadesign.ubikmedia.de"
|
||||
"beesmooth.ubikmedia.de"
|
||||
])
|
||||
];
|
||||
|
||||
# https://github.com/nextcloud/server/issues/25436
|
||||
services.mysql.settings.mysqld.innodb_read_only_compressed = 0;
|
||||
|
||||
services.mysql.ensureDatabases = [ "ubikmedia_de" "o_ubikmedia_de" ];
|
||||
services.mysql.ensureUsers = [
|
||||
{ ensurePermissions = { "ubikmedia_de.*" = "ALL"; }; name = "nginx"; }
|
||||
|
@ -98,7 +104,7 @@ in {
|
|||
services.nextcloud = {
|
||||
enable = true;
|
||||
hostName = "o.xanf.org";
|
||||
package = pkgs.nextcloud21;
|
||||
package = pkgs.nextcloud23;
|
||||
config = {
|
||||
adminpassFile = "/run/nextcloud.pw";
|
||||
overwriteProtocol = "https";
|
||||
|
@ -159,6 +165,7 @@ in {
|
|||
{ from = "ubik@ubikmedia.eu"; to = "domsen, jms, ms"; }
|
||||
{ from = "kontakt@alewis.de"; to ="klabusterbeere"; }
|
||||
{ from = "hallo@jarugadesign.de"; to ="kasia"; }
|
||||
{ from = "noreply@beeshmooth.ch"; to ="besmooth@gmx.ch"; }
|
||||
|
||||
{ from = "testuser@lassul.us"; to = "testuser"; }
|
||||
{ from = "testuser@ubikmedia.eu"; to = "testuser"; }
|
||||
|
@ -170,10 +177,12 @@ in {
|
|||
"apanowicz.de"
|
||||
"alewis.de"
|
||||
"jarugadesign.de"
|
||||
"beesmooth.ch"
|
||||
];
|
||||
dkim = [
|
||||
{ domain = "ubikmedia.eu"; }
|
||||
{ domain = "apanowicz.de"; }
|
||||
{ domain = "beesmooth.ch"; }
|
||||
];
|
||||
ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem";
|
||||
ssl_key = "/var/lib/acme/lassul.us/key.pem";
|
||||
|
@ -332,6 +341,27 @@ in {
|
|||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.avada = {
|
||||
uid = genid_uint31 "avada";
|
||||
home = "/home/avada";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
users.users.familienrat = {
|
||||
uid = genid_uint31 "familienrat";
|
||||
home = "/home/familienrat";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isNormalUser = true;
|
||||
};
|
||||
krebs.acl."/srv/http/familienrat-hamburg.de"."u:familienrat:rwX" = {};
|
||||
krebs.acl."/srv/http"."u:familienrat:X" = {
|
||||
default = false;
|
||||
recursive = false;
|
||||
};
|
||||
|
||||
users.groups.xanf = {};
|
||||
|
||||
krebs.on-failure.plans.restic-backups-domsen = {
|
||||
|
@ -372,18 +402,14 @@ in {
|
|||
${pkgs.coreutils}/bin/chmod 750 /backups
|
||||
'';
|
||||
|
||||
krebs.permown = {
|
||||
"/srv/http" = {
|
||||
group = "syncthing";
|
||||
owner = "nginx";
|
||||
umask = "0007";
|
||||
};
|
||||
"/home/xanf/XANF_TEAM" = {
|
||||
owner = "XANF_TEAM";
|
||||
group = "xanf";
|
||||
umask = "0007";
|
||||
};
|
||||
# takes too long!!
|
||||
# krebs.acl."/srv/http"."u:syncthing:rwX" = {};
|
||||
# krebs.acl."/srv/http"."u:nginx:rwX" = {};
|
||||
# krebs.acl."/srv/http/ubikmedia.de"."u:avada:rwX" = {};
|
||||
krebs.acl."/home/xanf/XANF_TEAM"."g:xanf:rwX" = {};
|
||||
krebs.acl."/home/xanf"."g:xanf:X" = {
|
||||
default = false;
|
||||
recursive = false;
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ in {
|
|||
imports = [
|
||||
./default.nix
|
||||
../git.nix
|
||||
./ref.ptkk.de
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
|
@ -20,11 +21,8 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
krebs.tinc_graphs.enable = true;
|
||||
|
||||
users.groups.lasscert.members = [
|
||||
"dovecot2"
|
||||
"ejabberd"
|
||||
"exim"
|
||||
"nginx"
|
||||
];
|
||||
|
@ -48,10 +46,6 @@ in {
|
|||
locations."= /wireguard-key".extraConfig = ''
|
||||
alias ${pkgs.writeText "prism.wg" config.krebs.hosts.prism.nets.wiregrill.wireguard.pubkey};
|
||||
'';
|
||||
locations."/tinc/".extraConfig = ''
|
||||
index index.html;
|
||||
alias ${config.krebs.tinc_graphs.workingDir}/external/;
|
||||
'';
|
||||
locations."= /krebspage".extraConfig = ''
|
||||
default_type "text/html";
|
||||
alias ${pkgs.krebspage}/index.html;
|
||||
|
@ -64,14 +58,14 @@ in {
|
|||
alias ${initscript}/bin/init;
|
||||
'';
|
||||
locations."= /blue.pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass-blue.pubkey};
|
||||
'';
|
||||
locations."= /mors.pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass-mors.pubkey};
|
||||
'';
|
||||
locations."= /yubi.pub".extraConfig = ''
|
||||
locations."= /ssh.pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pubkey};
|
||||
'';
|
||||
locations."= /gpg.pub".extraConfig = ''
|
||||
alias ${pkgs.writeText "pub" config.krebs.users.lass-yubikey.pgp.pubkeys.default};
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme.certs."cgit.lassul.us" = {
|
||||
|
@ -90,19 +84,5 @@ in {
|
|||
root /var/lib/acme/acme-challenge;
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.blog = {
|
||||
uid = genid_uint31 "blog";
|
||||
group = "nginx";
|
||||
description = "lassul.us blog deployment";
|
||||
home = "/srv/http/lassul.us";
|
||||
useDefaultShell = true;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
openssh.authorizedKeys.keys = with config.krebs.users; [
|
||||
lass.pubkey
|
||||
lass-mors.pubkey
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,89 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."ref.ptkk.de" = {
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:4626";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_cache_bypass $http_upgrade;
|
||||
'';
|
||||
};
|
||||
locations."/static/" = {
|
||||
alias = "/var/lib/ref.ptkk.de/static/";
|
||||
};
|
||||
forceSSL = true;
|
||||
};
|
||||
systemd.services."ref.ptkk.de" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
PRODUCTION = "yip";
|
||||
DATA_DIR = "/var/lib/ref.ptkk.de/data";
|
||||
PORT = "4626";
|
||||
STATIC_ROOT = "/var/lib/ref.ptkk.de/static";
|
||||
};
|
||||
path = with pkgs; [
|
||||
git
|
||||
gnutar
|
||||
gzip
|
||||
nix
|
||||
];
|
||||
serviceConfig = {
|
||||
ExecStartPre = [
|
||||
"${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/data"
|
||||
"${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/code"
|
||||
"${pkgs.coreutils}/bin/mkdir -p /var/lib/ref.ptkk.de/static"
|
||||
];
|
||||
ExecStart = pkgs.writers.writeDash "nixify" ''
|
||||
cd code
|
||||
if test -e shell.nix; then
|
||||
${pkgs.nix}/bin/nix-shell -I /var/src --run serve
|
||||
else
|
||||
echo 'no shell.nix, bailing out'
|
||||
exit 0
|
||||
fi
|
||||
'';
|
||||
LoadCredential = [
|
||||
"django-secret.key:${toString <secrets>}/ref.ptkk.de-django.key"
|
||||
];
|
||||
User = "ref.ptkk.de";
|
||||
WorkingDirectory = "/var/lib/ref.ptkk.de";
|
||||
StateDirectory = "ref.ptkk.de";
|
||||
Restart = "always";
|
||||
RestartSec = "100s";
|
||||
};
|
||||
};
|
||||
systemd.services."ref.ptkk.de-restarter" = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.systemd}/bin/systemctl restart ref.ptkk.de.service";
|
||||
};
|
||||
};
|
||||
systemd.paths."ref.ptkk.de-restarter" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
pathConfig.PathChanged = [
|
||||
"/var/lib/ref.ptkk.de/code"
|
||||
"/var/src/nixpkgs"
|
||||
];
|
||||
};
|
||||
|
||||
users.users."ref.ptkk.de" = {
|
||||
isSystemUser = true;
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "ref.ptkk.de";
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6fu6LtyRdk++qIBpP0BdZQHSTqzNNlvp7ML2Dv0IxD CI@github.com"
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
group = "nginx";
|
||||
home = "/var/lib/ref.ptkk.de";
|
||||
useDefaultShell = true;
|
||||
};
|
||||
}
|
|
@ -174,6 +174,7 @@ rec {
|
|||
services.phpfpm.pools."${domain}" = {
|
||||
user = "nginx";
|
||||
group = "nginx";
|
||||
phpPackage = pkgs.php74;
|
||||
extraConfig = ''
|
||||
listen = /srv/http/${domain}/phpfpm.pool
|
||||
pm = dynamic
|
||||
|
|
|
@ -18,6 +18,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
|
|||
];
|
||||
krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
|
||||
{ precedence = 1000; predicate = "-i wiregrill -o wiregrill"; target = "ACCEPT"; }
|
||||
{ precedence = 1000; predicate = "-i wiregrill -o retiolum"; target = "ACCEPT"; }
|
||||
{ precedence = 1000; predicate = "-i retiolum -o wiregrill"; target = "ACCEPT"; }
|
||||
{ precedence = 1000; predicate = "-i wiregrill -o eth0"; target = "ACCEPT"; }
|
||||
{ precedence = 1000; predicate = "-o wiregrill -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
networking.wireguard.interfaces.wiregrill = {
|
||||
|
|
|
@ -38,7 +38,7 @@
|
|||
}
|
||||
});
|
||||
polkit.addRule(function(action, subject) {
|
||||
polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
|
||||
polkit.log("subject: " + subject + " action: " + action);
|
||||
});
|
||||
'';
|
||||
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
{ pkgs }:
|
||||
pkgs.writers.writeBashBin "sshvnc" ''
|
||||
set -xm
|
||||
|
||||
RANDOM_HIGH_PORT=$(shuf -i 20000-65000 -n 1)
|
||||
ssh "$@" -f -L $RANDOM_HIGH_PORT:localhost:$RANDOM_HIGH_PORT -- x11vnc -noxdamage -noxfixes -noxrecord -display :0 -localhost -rfbport $RANDOM_HIGH_PORT
|
||||
|
||||
sleep 3
|
||||
|
||||
_JAVA_AWT_WM_NONREPARENTING=1 ${pkgs.turbovnc}/bin/vncviewer localhost:$RANDOM_HIGH_PORT
|
||||
''
|
Loading…
Reference in New Issue