diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 789fc2f2f..0de07a027 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -5,6 +5,8 @@ 6667 6669 ]; + systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384; + krebs.charybdis = { enable = true; motd = '' @@ -15,7 +17,7 @@ serverinfo { name = "${config.krebs.build.host.name}.irc.r"; sid = "1as"; - description = "miep!"; + description = "irc!"; network_name = "irc.r"; vhost = "0.0.0.0"; @@ -26,7 +28,7 @@ #ssl_dh_params = "etc/dh.pem"; #ssld_count = 1; - default_max_clients = 100000; + default_max_clients = 2048; #nicklen = 30; }; @@ -38,12 +40,12 @@ */ host = "0.0.0.0"; port = 6667; - sslport = 6697; + #sslport = 6697; /* Listen on IPv6 (if you used host= above). */ host = "::"; port = 6667; - sslport = 6697; + #sslport = 6697; }; class "users" { @@ -53,9 +55,9 @@ number_per_ip_global = 4096; cidr_ipv4_bitlen = 24; cidr_ipv6_bitlen = 64; - number_per_cidr = 65536; - max_number = 100000; - sendq = 10 megabyte; + number_per_cidr = 65535; + max_number = 65535; + sendq = 1000 megabyte; }; privset "op" { @@ -91,7 +93,7 @@ use_knock = yes; knock_delay = 5 minutes; knock_delay_channel = 1 minute; - max_chans_per_user = 15; + max_chans_per_user = 150; max_bans = 100; max_bans_large = 500; default_split_user_count = 0; diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 3bf991433..ce4e83408 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -39,10 +39,12 @@ }; }; - krebs.reaktor2.news = { + krebs.reaktor2.news = let + name = "candyman"; + in { hostname = "localhost"; port = "6667"; - nick = "brockman-helper"; + nick = name; plugins = [ { plugin = "register"; @@ -60,23 +62,23 @@ hooks.PRIVMSG = [ { activate = "match"; - pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; + pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; command = 1; arguments = [2]; commands = { add-reddit.filename = pkgs.writeDash "add-reddit" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: add-reddit $reddit_channel' + echo 'usage: ${name}: add-reddit $reddit_channel' exit 1 fi reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') - echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss" + echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom" ''; add-telegram.filename = pkgs.writeDash "add-telegram" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: add-telegram $telegram_user' + echo 'usage: ${name}: add-telegram $telegram_user' exit 1 fi telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') @@ -85,7 +87,7 @@ add-youtube.filename = pkgs.writeDash "add-youtube" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: add-youtube $nick $channelid' + echo 'usage: ${name}: add-youtube $nick $channelid' exit 1 fi youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') @@ -95,7 +97,7 @@ search.filename = pkgs.writeDash "search" '' set -euf if [ "$#" -ne 1 ]; then - echo 'usage: brockman-helper: search $searchterm' + echo 'usage: ${name}: search $searchterm' exit 1 fi searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d546564c5..53d6e6f4a 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,5 +1,11 @@ { config, pkgs, lib, ... }: let + unstable = import (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; + }) {}; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -40,6 +46,9 @@ in { { enable = true; autoExtraComponents = true; + package = unstable.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + }); config = { homeassistant = { name = "Glados"; diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 32aa3489b..9b2ed4a71 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -29,6 +29,7 @@ in { PrivateTmp = true; RuntimeDirectory = "brockman"; WorkingDirectory = "%t/brockman"; + RestartSec = 5; }; }; }; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 29d0b27fa..306ab34eb 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -97,6 +97,27 @@ in { }; }; }; + dimitriosxps = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.189"; + aliases = [ + "dimitriosxps.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAz9aKIhzk8+ZNBQmU054yc1yTdMyaw1aqWXYyQZoCmFaBIlMvF8I0 + dd+56cGjK8O7KkEhheDL/ijj9cCcxbqHSTktXz47ScyTaN63h13+MBUIUzDwSO4E + 9fRUUn3lbZenhGoON7hlaHb/qAR0yLxip0Tw77bcq4hvKleD74NnAJILPoP1KRDY + O5vs8C8wpdJUtnlsfkAa058wDI+7GNPb0cs0/pBQVR2GUGb1xqVJ5obO/lFKOJ/e + DKemnlg736cEaIF6v9M+w4VmL8mNudDy6RxA6/xIErP5Ru2aK5lH5UBHVCwdLLCy + 8y3It9Tgji3G9nOFbhaeKDjeIAJ8sG+WjQIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; donna = { owner = config.krebs.users.mic92; nets = rec { @@ -453,6 +474,51 @@ in { }; }; }; + + redha = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.188"; + aliases = [ + "redha.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O + s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE + a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH + RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e + FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm + mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + + grandalf = { + owner = config.krebs.users.mic92; + nets = { + retiolum = { + ip4.addr = "10.243.29.187"; + aliases = [ + "grandalf.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7 + XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC + qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL + 2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI + jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/ + /btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + eva = { owner = config.krebs.users.mic92; nets = rec { diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index c5cf5cb15..6978c0b4e 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -125,7 +125,6 @@ in { ip6.addr = r6 "1e1"; aliases = [ "uriel.r" - "cgit.uriel.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -151,7 +150,6 @@ in { ip6.addr = r6 "dea7"; aliases = [ "mors.r" - "cgit.mors.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -185,7 +183,6 @@ in { ip6.addr = r6 "50da"; aliases = [ "shodan.r" - "cgit.shodan.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -220,7 +217,6 @@ in { ip6.addr = r6 "1205"; aliases = [ "icarus.r" - "cgit.icarus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -254,7 +250,6 @@ in { ip6.addr = r6 "daed"; aliases = [ "daedalus.r" - "cgit.daedalus.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -286,7 +281,6 @@ in { ip6.addr = r6 "5ce7"; aliases = [ "skynet.r" - "cgit.skynet.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- @@ -688,11 +682,53 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; }; + + coaxmetal = { + cores = 16; + nets = { + retiolum = { + ip4.addr = "10.243.0.17"; + ip6.addr = r6 "17"; + aliases = [ + "coaxmetal.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA + xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK + gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU + WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek + ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32 + G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F + G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO + IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX + K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE + 7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly + bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo + l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "17"; + aliases = [ + "coaxmetal.w" + ]; + wireguard.pubkey = '' + lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38= + ''; + }; + }; + ssh.privkey.path = ; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET "; + syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ"; + }; + }; users = rec { - lass = lass-blue; + lass = lass-yubikey; lass-yubikey = { - mail = lass.mail; + mail = "lass@lassul.us"; pubkey = builtins.readFile ./ssh/yubikey.rsa; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; }; diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index 2cb70eec4..c8e1e0386 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -197,6 +197,15 @@ in { wg.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr} + + meet.euer IN A ${nets.internet.ip4.addr} + work.euer IN A ${nets.internet.ip4.addr} + admin.work.euer IN A ${nets.internet.ip4.addr} + push.work.euer IN A ${nets.internet.ip4.addr} + api.work.euer IN A ${nets.internet.ip4.addr} + maps.work.euer IN A ${nets.internet.ip4.addr} + play.work.euer IN A ${nets.internet.ip4.addr} + ul.work.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; diff --git a/krebs/5pkgs/haskell/brockman.nix b/krebs/5pkgs/haskell/brockman.nix deleted file mode 100644 index 5f1166a25..000000000 --- a/krebs/5pkgs/haskell/brockman.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring -, case-insensitive, conduit, containers, directory, feed, filepath -, hslogger, html-entity, http-client, irc-conduit, lens, network -, optparse-applicative, random, safe, stdenv, text, time, timerep -, wreq -, fetchFromGitHub -}: -mkDerivation rec { - pname = "brockman"; - version = "3.2.3"; - src = fetchFromGitHub { - owner = "kmein"; - repo = "brockman"; - rev = version; - sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427"; - }; - isLibrary = false; - isExecutable = true; - executableHaskellDepends = [ - aeson aeson-pretty base bloomfilter bytestring case-insensitive - conduit containers directory feed filepath hslogger html-entity - http-client irc-conduit lens network optparse-applicative random - safe text time timerep wreq - ]; - license = stdenv.lib.licenses.mit; -} diff --git a/krebs/5pkgs/haskell/brockman/default.nix b/krebs/5pkgs/haskell/brockman/default.nix new file mode 100644 index 000000000..92051a025 --- /dev/null +++ b/krebs/5pkgs/haskell/brockman/default.nix @@ -0,0 +1,26 @@ +{ mkDerivation, aeson, aeson-pretty, base, bytestring +, case-insensitive, conduit, containers, directory, feed, filepath +, hashable, hslogger, html-entity, http-client, irc-conduit, lens +, lrucache, lrucaching, network, optparse-applicative, random, safe +, stdenv, text, time, timerep, wreq +, fetchFromGitHub +}: +mkDerivation rec { + pname = "brockman"; + version = "3.4.0"; + src = fetchFromGitHub { + owner = "kmein"; + repo = "brockman"; + rev = version; + sha256 = "02nval6a9xcddj6znzxvcb8g6klzjydj1lb4ych64i9mr4a8jvic"; + }; + isLibrary = false; + isExecutable = true; + executableHaskellDepends = [ + aeson aeson-pretty base bytestring case-insensitive conduit + containers directory feed filepath hashable hslogger html-entity + http-client irc-conduit lens lrucache lrucaching network + optparse-applicative random safe text time timerep wreq + ]; + license = stdenv.lib.licenses.mit; +} diff --git a/krebs/5pkgs/simple/rss-bridge/default.nix b/krebs/5pkgs/simple/rss-bridge/default.nix index 13ad9d69a..bbe5c1bdb 100644 --- a/krebs/5pkgs/simple/rss-bridge/default.nix +++ b/krebs/5pkgs/simple/rss-bridge/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "rss-bridge"; - version = "2020-11-10"; + version = "unstable-2021-01-10"; src = fetchFromGitHub { owner = "RSS-Bridge"; repo = "rss-bridge"; - rev = version; - sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv"; + rev = "98352845a14b9f2eb8925ad7a04a5f6cc6a5af06"; + sha256 = "1nv1f6f17cn057k9mydd3a0bmj2xa5k410fdq7nhw5b7msyxy2qv"; }; patchPhase = '' diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 321fafac6..57d30799b 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f217c0ea7c148ddc0103347051555c7c252dcafb", - "date": "2021-01-21T09:50:34+01:00", - "path": "/nix/store/8srlzkkvbvlg4g585g9iyzd3ryiilm8a-nixpkgs", - "sha256": "0cyksxg2lnzxd0pss09rmmk2c2axz0lf9wvgvfng59nwf8dpq2kf", + "rev": "8c8731330b53ba0061686f36f10f101e662a4717", + "date": "2021-02-08T20:46:59+01:00", + "path": "/nix/store/agilvsqqdsqx36wf4zkq5gnhnab47qpd-nixpkgs", + "sha256": "0ak4d254myq6cl3d7jkq6n0apxabvwjz62zdw9habnrqg8asl8gk", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 97afb10f8..8670999e0 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,9 +1,9 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "a058d005b3cbb370bf171ebce01839dd6ff52222", - "date": "2021-01-23T17:41:51-05:00", - "path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs", - "sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb", + "rev": "2394284537b89471c87065b040d3dedd8b5907fe", + "date": "2021-02-10T23:24:22+01:00", + "path": "/nix/store/rqgraycidchn5wc5mki5sqj8bl5cpx78-nixpkgs", + "sha256": "1j7vp735is5d32mbrgavpxi3fbnsm6d99a01ap8gn30n5ysd14sl", "fetchSubmodules": false, "deepClone": false, "leaveDotGit": false diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix new file mode 100644 index 000000000..3e0b1674a --- /dev/null +++ b/lass/1systems/coaxmetal/config.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + + + + + + + + + + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.coaxmetal; + + environment.shellAliases = { + deploy = pkgs.writeDash "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + ''; + usb-tether-on = pkgs.writeDash "usb-tether-on" '' + adb shell su -c service call connectivity 33 i32 1 s16 text + ''; + usb-tether-off = pkgs.writeDash "usb-tether-off" '' + adb shell su -c service call connectivity 33 i32 0 s16 text + ''; + }; + + programs.adb.enable = true; + + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + # config.General.Disable = "Headset"; + extraConfig = '' + [General] + Disable = Headset + ''; + }; + hardware.pulseaudio.package = pkgs.pulseaudioFull; +} diff --git a/lass/1systems/coaxmetal/physical.nix b/lass/1systems/coaxmetal/physical.nix new file mode 100644 index 000000000..c94740c54 --- /dev/null +++ b/lass/1systems/coaxmetal/physical.nix @@ -0,0 +1,52 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + imports = [ + ./config.nix + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + networking.hostId = "e0c335ea"; + boot.zfs.requestEncryptionCredentials = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; + # device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040"; + device = "nodev"; + efiSupport = true; + # efiInstallAsRemovable = true; + }; + + services.xserver.videoDrivers = [ + "amdgpu" + ]; + + hardware.opengl.extraPackages = [ pkgs.amdvlk ]; + # is required for amd graphics support ( xorg wont boot otherwise ) + boot.kernelPackages = pkgs.linuxPackages_latest; + environment.variables.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-amd" ]; + + fileSystems."/" = { + device = "zpool/root/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "zpool/root/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/50A7-1889"; + fsType = "vfat"; + }; + + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; + boot.extraModprobeConfig = '' + options psmouse proto=imps + ''; +} diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 1afad003c..178a5adf1 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -152,10 +152,11 @@ with import ; krebs.iptables = { enable = true; tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } - { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web + { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic + { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin ]; }; @@ -265,4 +266,9 @@ with import ; ''; }; }; + + services.jellyfin = { + enable = true; + group = "download"; + }; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 3cd6e0ebf..7765db84e 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -1,7 +1,29 @@ { config, lib, pkgs, ... }: with import ./lib.nix { inherit lib; }; +let + unstable = import (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).sha256; + }) {}; + dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec { + pname = "dwdwfsapi"; + version = "1.0.3"; -{ + src = pkgs.python3Packages.fetchPypi { + inherit pname version; + sha256 = "0fcv79xiq0qr4kivhd68iqpgrsjc7djxqs2h543pyr0sdgb5nz9x"; + }; + + buildInputs = with pkgs.python3Packages; [ + requests ciso8601 + ]; + + # LC_ALL = "en_US.UTF-8"; + }; + +in { imports = [ ./zigbee.nix ./rooms/bett.nix @@ -21,78 +43,80 @@ with import ./lib.nix { inherit lib; }; services.home-assistant = { enable = true; - package = pkgs.home-assistant.override { - # extraComponents = [ "hue" ]; + package = (unstable.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + })).override { + extraPackages = _: [ dwdwfsapi ]; }; configWritable = true; lovelaceConfigWritable = true; - }; - - services.home-assistant.config = let - tasmota_s20 = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "stat/${topic}/POWER"; - command_topic = "cmnd/${topic}/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - }; - in { - homeassistant = { - name = "Home"; - time_zone = "Europe/Berlin"; - latitude = "52.46187"; - longitude = "13.41489"; - elevation = 90; - unit_system = "metric"; - customize = friendly_names; - }; - config = {}; - sun.elevation = 66; - shopping_list = {}; - discovery = {}; - frontend = {}; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "gg23"; - password = "gg23-mqtt"; - keepalive = 60; - protocol = 3.1; - - discovery = true; - birth_message = { - topic = "/hass/status"; - payload = "online"; + config = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; }; - will_message = { - topic = "/hass/status"; - payload = "offline"; + in { + homeassistant = { + name = "Home"; + time_zone = "Europe/Berlin"; + latitude = "52.46187"; + longitude = "13.41489"; + elevation = 90; + unit_system = "metric"; + customize = friendly_names; }; + config = {}; + sun.elevation = 66; + shopping_list = {}; + discovery = {}; + frontend = {}; + http = {}; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + + discovery = true; + birth_message = { + topic = "/hass/status"; + payload = "online"; + }; + will_message = { + topic = "/hass/status"; + payload = "offline"; + }; + }; + sensor = [ + { + platform = "dwd_weather_warnings"; + region_name = "Berlin"; + } + ]; + switch = [ + (tasmota_s20 "TV" "tv") + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Waschmaschine" "wasch") + (tasmota_s20 "Stereo Anlage" "stereo") + ]; + mobile_app = {}; + weather = [ + { + platform = "openweathermap"; + api_key = "xxx"; # TODO put into secrets + } + ]; + system_health = {}; + history = {}; + shopping_list = {}; }; - sensor = [ - { - platform = "dwd_weather_warnings"; - region_name = "Berlin"; - } - ]; - switch = [ - (tasmota_s20 "TV" "tv") - (tasmota_s20 "Drucker Strom" "drucker") - (tasmota_s20 "Waschmaschine" "wasch") - (tasmota_s20 "Stereo Anlage" "stereo") - ]; - mobile_app = {}; - weather = [ - { - platform = "openweathermap"; - api_key = "xxx"; # TODO put into secrets - } - ]; - system_health = {}; - history = {}; - shopping_list = {}; }; services.mosquitto = { diff --git a/lass/5pkgs/custom/xmonad-lass/default.nix b/lass/5pkgs/custom/xmonad-lass/default.nix index 5a741353d..3b45552b3 100644 --- a/lass/5pkgs/custom/xmonad-lass/default.nix +++ b/lass/5pkgs/custom/xmonad-lass/default.nix @@ -35,6 +35,7 @@ import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>)) import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) +import XMonad.Layout.BoringWindows (boringWindows, focusDown, focusUp) import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.Grid (Grid(..)) import XMonad.Layout.Minimize (minimize) @@ -93,7 +94,7 @@ main' = do myLayoutHook = defLayout where - defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) + defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) floatHooks = composeAll [ className =? "Pinentry" --> doCenterFloat @@ -123,6 +124,11 @@ myKeyMap = , ("", gridselectWorkspace gridConfig W.view) , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") + , ("M4-", focusDown) + , ("M4-S-", focusUp) + , ("M4-j", focusDown) + , ("M4-k", focusUp) + , ("M4-a", focusUrgent) , ("M4-S-r", renameWorkspace myXPConfig) , ("M4-S-a", addWorkspacePrompt myXPConfig) diff --git a/lass/5pkgs/tdlib-purple/default.nix b/lass/5pkgs/tdlib-purple/default.nix index 445839a4b..54841588e 100644 --- a/lass/5pkgs/tdlib-purple/default.nix +++ b/lass/5pkgs/tdlib-purple/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "tdlib-purple"; - version = "0.7.6"; + version = "0.7.8"; src = fetchFromGitHub { owner = "ars3niy"; repo = pname; rev = "v${version}"; - sha256 = "1inamfzbrz0sy4y431jgwjfg6lz14a7c71khrg02481raxchhzzf"; + sha256 = "17g54mcxsidcx37l6m4p8i06ln1hvq3347dhdl9xkkn7pqpwvv1c"; }; cmakeFlags = [ diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index f65c6672b..2fd99122a 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -65,7 +65,7 @@ in { }; networking.firewall = { allowedTCPPorts = - [ + [ 53 655 21031 @@ -83,6 +83,9 @@ in { # + ### systemdUltras ### + + ###### Shack ##### # # @@ -98,7 +101,7 @@ in { { krebs.exim.enable = mkDefault true; } # sharing - + # samba sahre @@ -145,7 +148,10 @@ in { + # + + @@ -177,12 +183,19 @@ in { { bits = 4096; path = (toString ); type = "rsa"; } { path = (toString ); type = "ed25519"; } ]; ###### stable - - services.nginx.virtualHosts."cgit.euer.krebsco.de" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost/"; - locations."/".extraConfig = ''proxy_set_header Host cgit;''; + security.acme.certs."cgit.euer.krebsco.de" = { + email = "letsencrypt@syntax-fehler.de"; + webroot = "/var/lib/acme/acme-challenge"; + group = "nginx"; + }; + services.nginx.virtualHosts."cgit" = { + serverAliases = [ "cgit.euer.krebsco.de" ]; + addSSL = true; + sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem"; + locations."/.well-known/acme-challenge".extraConfig = '' + root /var/lib/acme/acme-challenge; + ''; }; krebs.build.host = config.krebs.hosts.gum; @@ -190,6 +203,7 @@ in { # Network networking = { firewall = { + allowedTCPPorts = [ 80 443 ]; allowPing = true; logRefusedConnections = false; }; diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix index 2d7efe9cf..1881329ce 100644 --- a/makefu/1systems/gum/hardware-config.nix +++ b/makefu/1systems/gum/hardware-config.nix @@ -69,7 +69,7 @@ in { fsType = "ext4"; options = [ "nofail" ]; }; - fileSystems."/var/www/o.euer.krebsco.de" = { + fileSystems."/var/lib/nextcloud/data" = { device = "/dev/nixos/nextcloud"; fsType = "ext4"; options = [ "nofail" ]; diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 4781af357..6c0388e59 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -4,7 +4,30 @@ { config, pkgs, lib, ... }: { imports = - [ # base + [ + # hardware-dependent + # device + + + ./x13 + # ./x230 + + # Common Hardware Components + + # + # + + # + # + # + + # + + + + + + # base @@ -19,8 +42,37 @@ { programs.adb.enable = true; } + { + services.openssh.hostKeys = [ + { bits = 4096; path = (toString ); type = "rsa";} + ]; + } - { systemd.services.docker.wantedBy = lib.mkForce []; } + #{ + # users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ]; + # services.ympd.enable = true; + # services.mpd = { + # enable = true; + # extraConfig = '' + # log_level "default" + # auto_update "yes" + + # audio_output { + # type "httpd" + # name "lassulus radio" + # encoder "vorbis" # optional + # port "8000" + # quality "5.0" # do not define if bitrate is defined + # # bitrate "128" # do not define if quality is defined + # format "44100:16:2" + # always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + # tags "yes" # httpd supports sending tags to listening streams. + # } + # ''; + # }; + #} + + # { systemd.services.docker.wantedBy = lib.mkForce []; } # # @@ -59,10 +111,13 @@ # # # + # Krebs - # + # + # + # @@ -75,7 +130,7 @@ # Virtualization # - + # #{ # networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.nat = { @@ -96,26 +151,10 @@ - # Hardware - # + bluetooth - # - - # - - # - # - # - - # - - - - # Filesystem - # Security - + # # temporary # { services.redis.enable = true; } @@ -149,7 +188,6 @@ } ]; - makefu.server.primary-itf = "wlp3s0"; nixpkgs.config.allowUnfree = true; nixpkgs.config.oraclejdk.accept_license = true; @@ -158,19 +196,13 @@ # configure pulseAudio to provide a HDMI sink as well networking.firewall.enable = true; - networking.firewall.allowedUDPPorts = [ 665 26061 ]; - networking.firewall.trustedInterfaces = [ "vboxnet0" ]; + networking.firewall.allowedUDPPorts = [ 665 26061 1514 ]; + networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ]; krebs.build.host = config.krebs.hosts.x; krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ]; - # hard dependency because otherwise the device will not be unlocked - boot.initrd.luks.devices.luksroot = - { - device = "/dev/sda2"; - allowDiscards = true; - }; environment.systemPackages = [ pkgs.passwdqc-utils ]; diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix new file mode 100644 index 000000000..b0400232e --- /dev/null +++ b/makefu/1systems/x/x13/default.nix @@ -0,0 +1,52 @@ +{ pkgs, lib, ... }: +# new zfs deployment +{ + imports = [ + ./zfs.nix + ./input.nix + + # close enough + # + + ]; + boot.zfs.requestEncryptionCredentials = true; + networking.hostId = "f8b8e0a2"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # services.xserver.enable = lib.mkForce false; + + services.xserver.videoDrivers = [ + "amdgpu" + ]; + hardware.opengl.extraPackages = [ pkgs.amdvlk ]; + # is required for amd graphics support ( xorg wont boot otherwise ) + boot.kernelPackages = pkgs.linuxPackages_latest; + environment.variables.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json"; + + + programs.light.enable = true; + services.actkbd = { + enable = true; + bindings = [ + { keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; } + { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; } + { keys = [ 227 ]; events = [ "key" ]; command = builtins.toString ( + pkgs.writers.writeDash "toggle_lcdshadow" '' + proc=/proc/acpi/ibm/lcdshadow + status=$(${pkgs.gawk}/bin/awk '/status:/{print $2}' "$proc") + if [ "$status" -eq 0 ];then + echo 1 > "$proc" + else + echo 0 > "$proc" + fi + ''); + } + ]; + }; + + users.groups.video = {}; + users.users.makefu.extraGroups = [ "video" ]; +} + diff --git a/makefu/1systems/x/x13/input.nix b/makefu/1systems/x/x13/input.nix new file mode 100644 index 000000000..68b855d8e --- /dev/null +++ b/makefu/1systems/x/x13/input.nix @@ -0,0 +1,13 @@ +{ + # current issues: + # 1. for pressing insert hold shift+fn+Fin + + # scroll by holding middle mouse + services.xserver.displayManager.sessionCommands ='' + xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1 + xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2 + xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5 + # configure timeout of pressing and holding middle button + # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200 + ''; +} diff --git a/makefu/1systems/x/x13/toggle_brightness b/makefu/1systems/x/x13/toggle_brightness new file mode 100644 index 000000000..dc1436cb6 --- /dev/null +++ b/makefu/1systems/x/x13/toggle_brightness @@ -0,0 +1,8 @@ +#!/bin/sh +proc=/proc/acpi/ibm/lcdshadow +status=$(awk '/status:/{print $2}' "$proc") +if [ "$status" -eq 0 ];then + echo 1 > "$proc" +else + echo 0 > "$proc" +fi diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix new file mode 100644 index 000000000..adfebbf96 --- /dev/null +++ b/makefu/1systems/x/x13/zfs.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "zroot/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/20BF-2755"; + fsType = "vfat"; + }; + + fileSystems."/home" = + { device = "zroot/root/home"; + fsType = "zfs"; + }; + + swapDevices = [ ]; +} diff --git a/makefu/1systems/x/x230/default.nix b/makefu/1systems/x/x230/default.nix new file mode 100644 index 000000000..c2a635ca7 --- /dev/null +++ b/makefu/1systems/x/x230/default.nix @@ -0,0 +1,19 @@ +{ + imports = [ + # + bluetooth + + + + + + # hard dependency because otherwise the device will not be unlocked + { + boot.initrd.luks.devices.luksroot = + { + device = "/dev/sda2"; + allowDiscards = true; + }; + } + { makefu.server.primary-itf = "wlp3s0"; } + ]; +} diff --git a/makefu/2configs/bureautomation/office-radio/default.nix b/makefu/2configs/bureautomation/office-radio/default.nix new file mode 100644 index 000000000..d1c0f4730 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./mpd.nix + ./webserver.nix + ]; +} diff --git a/makefu/2configs/bureautomation/office-radio/mpd.nix b/makefu/2configs/bureautomation/office-radio/mpd.nix new file mode 100644 index 000000000..4fc31fff9 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/mpd.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + mpds = import ./mpdconfig.nix; + systemd_mpd = name: value: let + path = "/var/lib/mpd-${name}"; + num = lib.strings.fixedWidthNumber 2 value; + mpdconf = pkgs.writeText "mpd-config-${name}" '' + music_directory "${path}/music" + playlist_directory "${path}/playlists" + db_file "${path}/tag_cache" + state_file "${path}/state" + sticker_file "${path}/sticker.sql" + + bind_to_address "127.0.0.1" + port "66${num}" + log_level "default" + auto_update "yes" + audio_output { + type "httpd" + name "Office Radio ${num} - ${name}" + encoder "vorbis" # optional + port "280${num}" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. + } + ''; +in { + after = [ "network.target" ]; + description = "Office Radio MPD ${toString value} - ${name}"; + wantedBy = ["multi-user.target"]; + serviceConfig = { + #User = "mpd"; + DynamicUser = true; + ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}"; + LimitRTPRIO = 50; + LimitRTTIME = "infinity"; + ProtectSystem = true; + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + Restart = "always"; + StateDirectory = [ "mpd-${name}" ]; + }; + }; +in + { + systemd.services = lib.attrsets.mapAttrs' (name: value: + lib.attrsets.nameValuePair + ("office-radio-" +name) (systemd_mpd name value)) + mpds; + } diff --git a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix new file mode 100644 index 000000000..b48ceb629 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix @@ -0,0 +1,6 @@ +{ + "cybertisch1" = 0; + "cybertisch2" = 1; + "cyberklo" = 2; + "baellebad" = 3; +} diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix new file mode 100644 index 000000000..e2fc6d9e8 --- /dev/null +++ b/makefu/2configs/bureautomation/office-radio/webserver.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +let + mpds = import ./mpdconfig.nix; + pkg = pkgs.office-radio; +in { + systemd.services.office-radio-appsrv = { + after = [ "network.target" ]; + description = "Office Radio Appserver"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkg}/bin/office-radio"; + DynamicUser = true; + ProtectSystem = true; + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + Restart = "always"; + }; + }; + systemd.services.office-radio-stopper = { + after = [ "network.target" ]; + description = "Office Radio Script to stop idle streams"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkg}/bin/stop-idle-streams"; + DynamicUser = true; + ProtectSystem = true; + NoNewPrivileges = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK"; + RestrictNamespaces = true; + Restart = "always"; + }; + }; +} diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix index 379176f78..aa9ff514c 100644 --- a/makefu/2configs/deployment/mycube.connector.one.nix +++ b/makefu/2configs/deployment/mycube.connector.one.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: # more than just nginx config but not enough to become a module -with import ; let hostname = config.krebs.build.host.name; external-ip = config.krebs.build.host.nets.internet.ip4.addr; wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; in { - services.redis = { - enable = true; - }; - systemd.services.redis.serviceConfig.LimitNOFILE=10032; + services.redis = { enable = true; }; + systemd.services.redis.serviceConfig.LimitNOFILE=65536; services.uwsgi = { enable = true; @@ -28,7 +25,7 @@ in { }; services.nginx = { - enable = mkDefault true; + enable = lib.mkDefault true; virtualHosts."mybox.connector.one" = { locations = { "/".extraConfig = '' diff --git a/makefu/2configs/deployment/newsbot.nix b/makefu/2configs/deployment/newsbot.nix deleted file mode 100644 index 748803447..000000000 --- a/makefu/2configs/deployment/newsbot.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, ... }: - -let - newsfile = pkgs.writeText "feeds" '' - nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs - ''; -in { - environment.systemPackages = [ - pkgs.newsbot-js - ]; - krebs.newsbot-js = { - enable = true; - ircServer = "chat.freenode.net"; - feeds = newsfile; - urlShortenerHost = "go"; - urlShortenerPort = "80"; - }; -} diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix deleted file mode 100644 index 12686efba..000000000 --- a/makefu/2configs/deployment/wiki-irc-bot/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, pkgs, ... }: - -let - pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: { - patches = [ ./wiki-output.patch ]; - }); - newsfile = pkgs.writeText "feeds" '' - nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs - ''; -in { - krebs.newsbot-js = { - enable = true; - package = pkg; - ircServer = "chat.freenode.net"; - feeds = newsfile; - urlShortenerHost = "go"; - urlShortenerPort = "80"; - }; -} diff --git a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch b/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch deleted file mode 100644 index 6e1e27853..000000000 --- a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/newsbot.js b/newsbot.js -index 42d0666..a284011 100644 ---- a/newsbot.js -+++ b/newsbot.js -@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) { - } - - function broadcast_new_item (item) { -+ console.log('Broadcasting item ',item.link) - return getShortLink(item.link, function (error, shortlink) { -- return broadcast(item.title + ' ' + shortlink) -+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink) - }) - } - -@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) { - - if (client.lastItems) { - items.forEach(function (item) { -- if (!client.lastItems.hasOwnProperty(item.title)) { -+ -+ if (!client.lastItems.hasOwnProperty(item.guid)) { - broadcast_new_item(item) -+ }else { -+ console.log("Item already seen:",item.guid) - } - }) - } - - client.lastItems = {} - items.forEach(function (item) { -- client.lastItems[item.title] = true -+ client.lastItems[item.guid] = true - }) - - return continue_loop() -@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) { - } - - function getShortLink (link, callback) { -+ callback(null,link) -+ return - var form = new FormData() - try { - form.append('uri', link) diff --git a/makefu/2configs/ham/automation/giesskanne.nix b/makefu/2configs/ham/automation/giesskanne.nix index d89ea595b..4b0fb61dd 100644 --- a/makefu/2configs/ham/automation/giesskanne.nix +++ b/makefu/2configs/ham/automation/giesskanne.nix @@ -7,7 +7,7 @@ let light = "light.espcam_02_light"; seconds = 60; # default shutoff to protect the LED from burning out }; - seconds = 6; + seconds = 60; pump = "switch.arbeitszimmer_giesskanne_relay"; # sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; in diff --git a/makefu/2configs/ham/automation/moodlight.nix b/makefu/2configs/ham/automation/moodlight.nix new file mode 100644 index 000000000..df229f16b --- /dev/null +++ b/makefu/2configs/ham/automation/moodlight.nix @@ -0,0 +1,41 @@ +# uses: + +let + wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht"; + arbeitszimmer = "light.box_led_status"; + final_off = "01:00"; + + turn_on = entity_id: at: + { alias = "Turn on ${entity_id} at ${at}"; + trigger = [ + { platform = "time"; inherit at; } + ]; + action = + [ + { service = "light.turn_on"; inherit entity_id; } + ]; + }; +in +{ + services.home-assistant.config = + { + automation = + [ + (turn_on wohnzimmer "17:30") + (turn_on arbeitszimmer "9:00") + + { alias = "Always turn off the lights at ${final_off}"; + trigger = [ + { platform = "time"; at = final_off; } + ]; + action = + [ + { + service = "light.turn_off"; + entity_id = [ wohnzimmer arbeitszimmer]; + } + ]; + } + ]; + }; +} diff --git a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix index f06094662..4303cdfa5 100644 --- a/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix +++ b/makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix @@ -26,6 +26,81 @@ let data.entity_id = light; }; }; + rf_state = code: light: halfbright: + let + maxbright = 255; + transition = 0.2; # seconds + in + # this function implements a simple state machine based on the state and brightness of the light (light must support brightness + { + alias = "Cycle through states of ${light} via rf code ${code}"; + trigger = { + platform = "event"; + event_type = "esphome.rf_code_received"; + event_data.code = code; + }; + action = { + choose = [ + { + # state 0: off to half + conditions = { + condition = "template"; + value_template = ''{{ states("${light}") == "off" }}''; + }; + sequence = [ + { + service = "light.turn_on"; + data = { + entity_id = light; + brightness = halfbright; + }; + } + ]; + } + { + # state 1: half to full + conditions = { + condition = "template"; + value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}''; + }; + sequence = [ + { + service = "light.turn_on"; + data = { + entity_id = light; + brightness = maxbright; + }; + } + ]; + } + { + # state 2: full to off + conditions = { + condition = "template"; + # TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere? + value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}''; + }; + sequence = [ + { + service = "light.turn_off"; + data = { + entity_id = light; + }; + } + ]; + } + ]; + # default: on to off + # this works because state 0 checks for "state == off" + default = [{ + service = "light.turn_off"; + data = { + entity_id = light; + }; + }]; + }; + } +; rf_toggle = code: light: { alias = "Toggle ${light} via rf code ${code}"; @@ -39,14 +114,13 @@ let data.entity_id = light; }; }; - in { services.home-assistant.config.automation = [ (rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A - (rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B - (rf_toggle "401451" "light.wohnzimmer_komode_osram") # C - (rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D + (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B + (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C + (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D # OFF Lane (rf_turn_off "400554" "all") # A diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 8d6c1f2f0..cf6f1d334 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -8,11 +8,10 @@ }; }; imports = [ - { #direnv + { home-manager.users.makefu.home.packages = [ (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox") - pkgs.direnv pkgs.nur.repos.kalbasit.nixify ]; - # home-manager.users.makefu.home.file.".direnvrc".text = ''''; + ]; } { # bat home-manager.users.makefu.home.packages = [ pkgs.bat ]; @@ -24,8 +23,34 @@ }; } ]; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = [ + "/share/zsh" + ]; + + nix.extraOptions = '' + keep-outputs = true + keep-derivations = true + ''; + home-manager.users.makefu = { + + programs.direnv.enable = true; + programs.direnv.enableNixDirenvIntegration = true; + programs.direnv.enableZshIntegration = true; + home.packages = [ (pkgs.writeDashBin "nixify" '' +test ! -e shell.nix && cat > shell.nix < {}}: + +pkgs.mkShell { + nativeBuildInputs = [ pkgs.hello ]; +} +EOF +echo "use nix" >> .envrc +direnv allow +'') + ]; + #home.packages = [ pkgs.direnv pkgs.nix-direnv ]; + programs.fzf.enable = false; # alt-c programs.zsh = { enable = true; diff --git a/makefu/2configs/hw/droidcam.nix b/makefu/2configs/hw/droidcam.nix index c638123bb..adc0aa379 100644 --- a/makefu/2configs/hw/droidcam.nix +++ b/makefu/2configs/hw/droidcam.nix @@ -1,7 +1,9 @@ -{ pkgs, config, ... }: +{ pkgs, config, ... }: { boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480"; boot.extraModulePackages = [ (pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; }) ]; + boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ]; + users.users.makefu.packages = [ pkgs.droidcam ]; } diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 1a488e69c..d9e22ad71 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -60,6 +60,12 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + photos = { + path = "/media/cryptX/photos"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; crypX-games = { path = "/media/cryptX/games"; "read only" = "yes"; diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 0cf218d46..98bc748dd 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -5,12 +5,10 @@ mosh sshfs rclone - exfat (pkgs.callPackage ./secrets.nix {}) opensc pcsctools libu2f-host ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; boot.supportedFilesystems = [ "exfat" ]; } diff --git a/makefu/2configs/workadventure/default.nix b/makefu/2configs/workadventure/default.nix new file mode 100644 index 000000000..3c68fca8d --- /dev/null +++ b/makefu/2configs/workadventure/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jitsi.nix + ./workadventure.nix + ]; +} diff --git a/makefu/2configs/workadventure/jitsi.nix b/makefu/2configs/workadventure/jitsi.nix new file mode 100644 index 000000000..d5c590746 --- /dev/null +++ b/makefu/2configs/workadventure/jitsi.nix @@ -0,0 +1,59 @@ +{ + # + + + # | | + # | | + # v v + # 80, 443 TCP 443 TCP, 10000 UDP + # +--------------+ +---------------------+ + # | nginx | 5222, 5347 TCP | | + # | jitsi-meet |<-------------------+| jitsi-videobridge | + # | prosody | | | | + # | jicofo | | +---------------------+ + # +--------------+ | + # | +---------------------+ + # | | | + # +----------+| jitsi-videobridge | + # | | | + # | +---------------------+ + # | + # | +---------------------+ + # | | | + # +----------+| jitsi-videobridge | + # | | + # +---------------------+ + + # This is a one server setup + services.jitsi-meet = { + enable = true; + hostName = "meet.euer.krebsco.de"; + + # JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences. + # https://github.com/jitsi/jicofo + jicofo.enable = true; + + # Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server. + # Further nginx configuration can be done by adapting services.nginx.virtualHosts.. When this is enabled, ACME + # will be used to retrieve a TLS certificate by default. To disable this, set the + # services.nginx.virtualHosts..enableACME to false and if appropriate do the same for + # services.nginx.virtualHosts..forceSSL. + nginx.enable = true; + + # https://github.com/jitsi/jitsi-meet/blob/master/config.js + config = { + enableWelcomePage = true; + defaultLang = "en"; + }; + + # https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 10000 ]; + }; + +} diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix new file mode 100644 index 000000000..2b7eca250 --- /dev/null +++ b/makefu/2configs/workadventure/workadventure.nix @@ -0,0 +1,161 @@ +{ config, pkgs, lib, ... }: +let + # If your Jitsi environment has authentication set up, + # you MUST set JITSI_PRIVATE_MODE to "true" and + # you MUST pass a SECRET_JITSI_KEY to generate the JWT secret + jitsiPrivateMode = "false"; + + secretJitsiKey = ""; + + jitsiISS = ""; + + workadventureSecretKey = ""; + + jitsiURL = "meet.euer.krebsco.de"; + + domain = "work.euer.krebsco.de"; + # domain will redirect to this map. (not play.${domain}) + defaultMap = "npeguin.github.io/office-map/map.json"; + + apiURL = "api.${domain}"; + apiPort = 9002; + + frontURL = "play.${domain}"; + frontPort = 9004; + + pusherURL = "push.${domain}"; + pusherPort = 9005; + + uploaderURL = "ul.${domain}"; + uploaderPort = 9006; + + frontImage = "thecodingmachine/workadventure-front:develop"; + pusherImage = "thecodingmachine/workadventure-pusher:develop"; + apiImage = "thecodingmachine/workadventure-back:develop"; + uploaderImage = "thecodingmachine/workadventure-uploader:develop"; + +in { + + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; + }; + + services.nginx.enable = true; + services.nginx.recommendedProxySettings = true; + + systemd.services.workadventure-network = { + enable = true; + wantedBy = [ "multi-user.target" ]; + script = '' + ${pkgs.docker}/bin/docker network create --driver bridge workadventure ||: + ''; + after = [ "docker" ]; + before = [ + "docker-workadventure-back.service" + "docker-workadventure-pusher.service" + "docker-workadventure-uploader.service" + "docker-workadventure-website.service" + ]; + }; + + virtualisation.oci-containers.backend = "docker"; + + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + return = "301 $scheme://play.${domain}/_/global/${defaultMap}"; + }; + }; + + virtualisation.oci-containers.containers.workadventure-front = { + image = frontImage; + environment = { + API_URL = pusherURL; + JITSI_PRIVATE_MODE = jitsiPrivateMode; + JITSI_URL = jitsiURL; + SECRET_JITSI_KEY = secretJitsiKey; + UPLOADER_URL = uploaderURL; + }; + ports = [ "127.0.0.1:${toString frontPort}:80" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${frontURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-pusher = { + image = pusherImage; + environment = { + API_URL = "workadventure-back:50051"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString pusherPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${pusherURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + locations."/room" = { + proxyPass = "http://127.0.0.1:${toString pusherPort}"; + proxyWebsockets = true; + }; + }; + + virtualisation.oci-containers.containers.workadventure-back = { + image = apiImage; + environment = { + #DEBUG = "*"; + JITSI_ISS = jitsiISS; + JITSI_URL = jitsiURL; + SECRET_KEY = workadventureSecretKey; + }; + ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${apiURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; + }; + + virtualisation.oci-containers.containers.workadventure-uploader = { + image = uploaderImage; + ports = [ "127.0.0.1:${toString uploaderPort}:8080" ]; + extraOptions = [ "--network=workadventure" ]; + }; + services.nginx.virtualHosts."${uploaderURL}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString uploaderPort}"; + proxyWebsockets = true; + }; + }; + + systemd.services.docker-workadventure-front.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-uploader.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-pusher.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; + systemd.services.docker-workadventure-back.serviceConfig = { + StandardOutput = lib.mkForce "journal"; + StandardError = lib.mkForce "journal"; + }; +} diff --git a/makefu/5pkgs/kalauerbot/default.nix b/makefu/5pkgs/kalauerbot/default.nix index ee90fdeec..b78b2fcd6 100644 --- a/makefu/5pkgs/kalauerbot/default.nix +++ b/makefu/5pkgs/kalauerbot/default.nix @@ -1,11 +1,11 @@ { stdenv, python3, fetchgit }: python3.pkgs.buildPythonPackage rec { name = "kalauerbot"; -rev = "08d98aa"; +rev = "2a1e868"; src = fetchgit { url = "http://cgit.euer.krebsco.de/kalauerbot"; inherit rev; - sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v"; + sha256 = "1vymz3dnpgcxwfgbnrpc0plcdmihxcq7xsvpap755c5jvzvb8a1k"; }; propagatedBuildInputs = with python3.pkgs;[ (callPackage ./python-matrixbot.nix { diff --git a/makefu/5pkgs/office-radio/default.nix b/makefu/5pkgs/office-radio/default.nix new file mode 100644 index 000000000..2eacb9e23 --- /dev/null +++ b/makefu/5pkgs/office-radio/default.nix @@ -0,0 +1,23 @@ +{ lib, pkgs, fetchFromGitHub, ... }: + +with pkgs.python3Packages;buildPythonPackage rec { + name = "office-radio-${version}"; + version = "0.2.3.4"; + propagatedBuildInputs = [ + flask + psutil + mpd2 + requests + ]; + src = fetchFromGitHub { + owner = "makefu"; + repo = "office-radio"; + rev = "601c650"; + sha256 = "06zf0sjm4zlnbjlmiajbz1klhz1maj1ww5vah2abcvk1vx0p0hn7"; + }; + meta = { + homepage = https://github.com/makefu/office-radio; + description = "manage virtual office radio"; + license = lib.licenses.asl20; + }; +}