Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'prism/master'

Browse Source
This commit is contained in:
tv 2021-02-18 20:25:47 +01:00
commit f9bc618fad
46 changed files with 1132 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
krebs/2configs/ircd.nix
View File

@ -5,6 +5,8 @@
6667 6669 6667 6669
]; ];
systemd.services.charybdis.serviceConfig.LimitNOFILE = 16384;
krebs.charybdis = { krebs.charybdis = {
enable = true; enable = true;
motd = '' motd = ''
@ -15,7 +17,7 @@
serverinfo { serverinfo {
name = "${config.krebs.build.host.name}.irc.r"; name = "${config.krebs.build.host.name}.irc.r";
sid = "1as"; sid = "1as";
description = "miep!"; description = "irc!";
network_name = "irc.r"; network_name = "irc.r";
vhost = "0.0.0.0"; vhost = "0.0.0.0";
@ -26,7 +28,7 @@
#ssl_dh_params = "etc/dh.pem"; #ssl_dh_params = "etc/dh.pem";
#ssld_count = 1; #ssld_count = 1;
default_max_clients = 100000; default_max_clients = 2048;
#nicklen = 30; #nicklen = 30;
}; };
@ -38,12 +40,12 @@
*/ */
host = "0.0.0.0"; host = "0.0.0.0";
port = 6667; port = 6667;
sslport = 6697; #sslport = 6697;
/* Listen on IPv6 (if you used host= above). */ /* Listen on IPv6 (if you used host= above). */
host = "::"; host = "::";
port = 6667; port = 6667;
sslport = 6697; #sslport = 6697;
}; };
class "users" { class "users" {
@ -53,9 +55,9 @@
number_per_ip_global = 4096; number_per_ip_global = 4096;
cidr_ipv4_bitlen = 24; cidr_ipv4_bitlen = 24;
cidr_ipv6_bitlen = 64; cidr_ipv6_bitlen = 64;
number_per_cidr = 65536; number_per_cidr = 65535;
max_number = 100000; max_number = 65535;
sendq = 10 megabyte; sendq = 1000 megabyte;
}; };
privset "op" { privset "op" {
@ -91,7 +93,7 @@
use_knock = yes; use_knock = yes;
knock_delay = 5 minutes; knock_delay = 5 minutes;
knock_delay_channel = 1 minute; knock_delay_channel = 1 minute;
max_chans_per_user = 15; max_chans_per_user = 150;
max_bans = 100; max_bans = 100;
max_bans_large = 500; max_bans_large = 500;
default_split_user_count = 0; default_split_user_count = 0;

18
krebs/2configs/news.nix
View File

@ -39,10 +39,12 @@
}; };
}; };
krebs.reaktor2.news = { krebs.reaktor2.news = let
name = "candyman";
in {
hostname = "localhost"; hostname = "localhost";
port = "6667"; port = "6667";
nick = "brockman-helper"; nick = name;
plugins = [ plugins = [
{ {
plugin = "register"; plugin = "register";
@ -60,23 +62,23 @@
hooks.PRIVMSG = [ hooks.PRIVMSG = [
{ {
activate = "match"; activate = "match";
pattern = "^brockman-helper:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$"; pattern = "^${name}:\\s*(\\S*)(?:\\s+(.*\\S))?\\s*$";
command = 1; command = 1;
arguments = [2]; arguments = [2];
commands = { commands = {
add-reddit.filename = pkgs.writeDash "add-reddit" '' add-reddit.filename = pkgs.writeDash "add-reddit" ''
set -euf set -euf
if [ "$#" -ne 1 ]; then if [ "$#" -ne 1 ]; then
echo 'usage: brockman-helper: add-reddit $reddit_channel' echo 'usage: ${name}: add-reddit $reddit_channel'
exit 1 exit 1
fi fi
reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') reddit_channel=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Telegram&username=$reddit_channel&format=Mrss" echo "brockman: add r_$reddit_channel http://rss.r/?action=display&bridge=Reddit&context=single&r=$reddit_channel&format=Atom"
''; '';
add-telegram.filename = pkgs.writeDash "add-telegram" '' add-telegram.filename = pkgs.writeDash "add-telegram" ''
set -euf set -euf
if [ "$#" -ne 1 ]; then if [ "$#" -ne 1 ]; then
echo 'usage: brockman-helper: add-telegram $telegram_user' echo 'usage: ${name}: add-telegram $telegram_user'
exit 1 exit 1
fi fi
telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') telegram_user=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
@ -85,7 +87,7 @@
add-youtube.filename = pkgs.writeDash "add-youtube" '' add-youtube.filename = pkgs.writeDash "add-youtube" ''
set -euf set -euf
if [ "$#" -ne 1 ]; then if [ "$#" -ne 1 ]; then
echo 'usage: brockman-helper: add-youtube $nick $channelid' echo 'usage: ${name}: add-youtube $nick $channelid'
exit 1 exit 1
fi fi
youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') youtube_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
@ -95,7 +97,7 @@
search.filename = pkgs.writeDash "search" '' search.filename = pkgs.writeDash "search" ''
set -euf set -euf
if [ "$#" -ne 1 ]; then if [ "$#" -ne 1 ]; then
echo 'usage: brockman-helper: search $searchterm' echo 'usage: ${name}: search $searchterm'
exit 1 exit 1
fi fi
searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]') searchterm=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')

9
krebs/2configs/shack/glados/default.nix
View File

@ -1,5 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
unstable = import (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev;
sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256;
}) {};
in { in {
services.nginx.virtualHosts."hass.shack" = { services.nginx.virtualHosts."hass.shack" = {
serverAliases = [ "glados.shack" ]; serverAliases = [ "glados.shack" ];
@ -40,6 +46,9 @@ in {
{ {
enable = true; enable = true;
autoExtraComponents = true; autoExtraComponents = true;
package = unstable.home-assistant.overrideAttrs (old: {
doInstallCheck = false;
});
config = { config = {
homeassistant = { homeassistant = {
name = "Glados"; name = "Glados";

1
krebs/3modules/brockman.nix
View File

@ -29,6 +29,7 @@ in {
PrivateTmp = true; PrivateTmp = true;
RuntimeDirectory = "brockman"; RuntimeDirectory = "brockman";
WorkingDirectory = "%t/brockman"; WorkingDirectory = "%t/brockman";
RestartSec = 5;
}; };
}; };
}; };

66
krebs/3modules/external/mic92.nix vendored
View File

@ -97,6 +97,27 @@ in {
}; };
}; };
}; };
dimitriosxps = {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.189";
aliases = [
"dimitriosxps.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAz9aKIhzk8+ZNBQmU054yc1yTdMyaw1aqWXYyQZoCmFaBIlMvF8I0
dd+56cGjK8O7KkEhheDL/ijj9cCcxbqHSTktXz47ScyTaN63h13+MBUIUzDwSO4E
9fRUUn3lbZenhGoON7hlaHb/qAR0yLxip0Tw77bcq4hvKleD74NnAJILPoP1KRDY
O5vs8C8wpdJUtnlsfkAa058wDI+7GNPb0cs0/pBQVR2GUGb1xqVJ5obO/lFKOJ/e
DKemnlg736cEaIF6v9M+w4VmL8mNudDy6RxA6/xIErP5Ru2aK5lH5UBHVCwdLLCy
8y3It9Tgji3G9nOFbhaeKDjeIAJ8sG+WjQIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
donna = { donna = {
owner = config.krebs.users.mic92; owner = config.krebs.users.mic92;
nets = rec { nets = rec {
@ -453,6 +474,51 @@ in {
}; };
}; };
}; };
redha = {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.188";
aliases = [
"redha.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAx7STxTTPMxXugweHpUGOeLUrrTSCt7j5l+fjNtArIygOGKEiAC5O
s0G4WHK2IcrNnv7pxS09S5mnXywi51aAL+G2fKzcU3YgLFuoUN4Kk5LohMvBynEE
a3kZK2/D+LMeFfpK2RWBPjLnulN29ke11Iot42TC6+NIMWiZh/Y2T0mKirUJQGsH
RV3zRlR7YfIOdR1AZ5S+qrmPF8hLb7O08TTXrHo8NQk5NAVUS89OYcn1pc9hnf/e
FK5qRrQFMRFB8KGV+n3+cx3XCM2q0ZPTNf06N+Usx6vTKLASa/4GaTcbBx+9Dndm
mFVWq9JjLa8e65tojzj8PhmgxqaNCf8aKwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
grandalf = {
owner = config.krebs.users.mic92;
nets = {
retiolum = {
ip4.addr = "10.243.29.187";
aliases = [
"grandalf.r"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAn1wLOI8DluJAKvscyImoyG0gjxyVC1/Ky8A63YO7INy0SYBg3wU7
XPSbix5VJZdADQ382LWg31ORYjnDg40c49gCGLfR6+awgd+Rb0sb4eAz07XENXJC
qc70oQrrXLi8HIfeckCsJHe514LJOMA3pU+muaMShOiSygoTiTlEH6RRrkC8HROL
2/V7Hm2Sg7YS+MY8bI/x61MIagfkQKH2eFyqGG54Y80bIhm5SohMkiANu78GdngI
jb+EGlT/vq3+oGNFJ7Shy/VsR5GLDoZ5KCsT45DM87lOjGB7m+bOdizZQtWmJtC/
/btEPWJPAD9lIY2iGtPrmeMWDNTW9c0iCwIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
eva = { eva = {
owner = config.krebs.users.mic92; owner = config.krebs.users.mic92;
nets = rec { nets = rec {

52
krebs/3modules/lass/default.nix
View File

@ -125,7 +125,6 @@ in {
ip6.addr = r6 "1e1"; ip6.addr = r6 "1e1";
aliases = [ aliases = [
"uriel.r" "uriel.r"
"cgit.uriel.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -151,7 +150,6 @@ in {
ip6.addr = r6 "dea7"; ip6.addr = r6 "dea7";
aliases = [ aliases = [
"mors.r" "mors.r"
"cgit.mors.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -185,7 +183,6 @@ in {
ip6.addr = r6 "50da"; ip6.addr = r6 "50da";
aliases = [ aliases = [
"shodan.r" "shodan.r"
"cgit.shodan.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -220,7 +217,6 @@ in {
ip6.addr = r6 "1205"; ip6.addr = r6 "1205";
aliases = [ aliases = [
"icarus.r" "icarus.r"
"cgit.icarus.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -254,7 +250,6 @@ in {
ip6.addr = r6 "daed"; ip6.addr = r6 "daed";
aliases = [ aliases = [
"daedalus.r" "daedalus.r"
"cgit.daedalus.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -286,7 +281,6 @@ in {
ip6.addr = r6 "5ce7"; ip6.addr = r6 "5ce7";
aliases = [ aliases = [
"skynet.r" "skynet.r"
"cgit.skynet.r"
]; ];
tinc.pubkey = '' tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY----- -----BEGIN RSA PUBLIC KEY-----
@ -688,11 +682,53 @@ in {
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU ";
syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN"; syncthing.id = "JAVJ6ON-WLCWOA3-YB7EHPX-VGIN4XF-635NIVZ-WZ4HN4M-QRMLT4N-5PL5MQN";
}; };
coaxmetal = {
cores = 16;
nets = {
retiolum = {
ip4.addr = "10.243.0.17";
ip6.addr = r6 "17";
aliases = [
"coaxmetal.r"
];
tinc.pubkey = ''
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwcuMl/W6DZ7UMK4RHrxA
xCc8CkqpUTYldPdB9KJmcH6OpbQqCcPxGOvRe42NdOfCyy11WjAjUMRGnzMyi4MK
gMEjcrl5CnQd9nF9f8Mom8cuSOVm1j46qY7Trl/MsEKsKHiYAHtLFpHz2+UI+HBU
WbSeDLLA8g79SZq/pqWHfp3YKzqP4p+dmi8j+aOZJWkGu9l+Q40qQrTJQCxYgEek
ODeBFCY3DGfJRn79IFGuhF1/jGiAwF3/1j2Rxlesazl6/Lyvmtioplsqn8J94z32
G5wyGpqn/BcXkJTlWtwb3Rrg6OOALJAqy2H5EoIVT26gwmvkEStMtvgLfAeYjL8F
G2bAtaeQGzwQZNuVJAMI9Qtb+PHw322Wz+P8U669C/HCdGCumMf+M7UDHP79kXOO
IFs1NvkU3z/iO/5bj41v8u0W8+b9NWe++dI8N8q0hWLPgnz5PI998xW06Dul7pAX
K1OMIMfTTGgAZHAF1Kdn1BSXezgwkutwzy5h8XkYclyHB2nPXkXIYmahi1XgWeAE
7B4NmefbS6H8dLOU7yMEWuxmYl41UOybtyrsp1za5wtERpQgzl6EWfIXISEdx1Ly
bmb3SGtB85RyqqCe2O9DzVZCw7mXgN69R5efyEuq3HIIN9udLNrybPNNyD/OlAqo
l/xwDxiSCEsO6yY5lGc0MCMCAwEAAQ==
-----END PUBLIC KEY-----
'';
};
wiregrill = {
ip6.addr = w6 "17";
aliases = [
"coaxmetal.w"
];
wireguard.pubkey = ''
lkjR14oOVKl03/0sUzOmddf28ps+v5qRxrbRY03Pg38=
'';
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO9vAYuTv07c9bOjDJId3ShXJ1qIEuyrjkVYkJn9yMET ";
syncthing.id = "W5BJ4TL-GAQ46WS-ZB72HFS-XOURLBA-RNBVMYC-POFH4UA-CBORQID-BMIHNQZ";
};
}; };
users = rec { users = rec {
lass = lass-blue; lass = lass-yubikey;
lass-yubikey = { lass-yubikey = {
mail = lass.mail; mail = "lass@lassul.us";
pubkey = builtins.readFile ./ssh/yubikey.rsa; pubkey = builtins.readFile ./ssh/yubikey.rsa;
pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp; pgp.pubkeys.default = builtins.readFile ./pgp/yubikey.pgp;
}; };

9
krebs/3modules/makefu/default.nix
View File

@ -197,6 +197,15 @@ in {
wg.euer IN A ${nets.internet.ip4.addr} wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr} wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr} wikisearch IN A ${nets.internet.ip4.addr}
meet.euer IN A ${nets.internet.ip4.addr}
work.euer IN A ${nets.internet.ip4.addr}
admin.work.euer IN A ${nets.internet.ip4.addr}
push.work.euer IN A ${nets.internet.ip4.addr}
api.work.euer IN A ${nets.internet.ip4.addr}
maps.work.euer IN A ${nets.internet.ip4.addr}
play.work.euer IN A ${nets.internet.ip4.addr}
ul.work.euer IN A ${nets.internet.ip4.addr}
''; '';
}; };
cores = 8; cores = 8;

26
krebs/5pkgs/haskell/brockman.nix
View File

@ -1,26 +0,0 @@
{ mkDerivation, aeson, aeson-pretty, base, bloomfilter, bytestring
, case-insensitive, conduit, containers, directory, feed, filepath
, hslogger, html-entity, http-client, irc-conduit, lens, network
, optparse-applicative, random, safe, stdenv, text, time, timerep
, wreq
, fetchFromGitHub
}:
mkDerivation rec {
pname = "brockman";
version = "3.2.3";
src = fetchFromGitHub {
owner = "kmein";
repo = "brockman";
rev = version;
sha256 = "1qbjbf0l1ikfzmvky4cnvv7nlcwi2in4afliifh618j0a4f7j427";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson aeson-pretty base bloomfilter bytestring case-insensitive
conduit containers directory feed filepath hslogger html-entity
http-client irc-conduit lens network optparse-applicative random
safe text time timerep wreq
];
license = stdenv.lib.licenses.mit;
}

26
krebs/5pkgs/haskell/brockman/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ mkDerivation, aeson, aeson-pretty, base, bytestring
, case-insensitive, conduit, containers, directory, feed, filepath
, hashable, hslogger, html-entity, http-client, irc-conduit, lens
, lrucache, lrucaching, network, optparse-applicative, random, safe
, stdenv, text, time, timerep, wreq
, fetchFromGitHub
}:
mkDerivation rec {
pname = "brockman";
version = "3.4.0";
src = fetchFromGitHub {
owner = "kmein";
repo = "brockman";
rev = version;
sha256 = "02nval6a9xcddj6znzxvcb8g6klzjydj1lb4ych64i9mr4a8jvic";
};
isLibrary = false;
isExecutable = true;
executableHaskellDepends = [
aeson aeson-pretty base bytestring case-insensitive conduit
containers directory feed filepath hashable hslogger html-entity
http-client irc-conduit lens lrucache lrucaching network
optparse-applicative random safe text time timerep wreq
];
license = stdenv.lib.licenses.mit;
}

6
krebs/5pkgs/simple/rss-bridge/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "rss-bridge"; pname = "rss-bridge";
version = "2020-11-10"; version = "unstable-2021-01-10";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "RSS-Bridge"; owner = "RSS-Bridge";
repo = "rss-bridge"; repo = "rss-bridge";
rev = version; rev = "98352845a14b9f2eb8925ad7a04a5f6cc6a5af06";
sha256 = "00cp61lqvhi7b7j0rglsqg3l7cg8s9b8vq098bgvg5dygyi44hyv"; sha256 = "1nv1f6f17cn057k9mydd3a0bmj2xa5k410fdq7nhw5b7msyxy2qv";
}; };
patchPhase = '' patchPhase = ''

8
krebs/nixpkgs-unstable.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "f217c0ea7c148ddc0103347051555c7c252dcafb", "rev": "8c8731330b53ba0061686f36f10f101e662a4717",
"date": "2021-01-21T09:50:34+01:00", "date": "2021-02-08T20:46:59+01:00",
"path": "/nix/store/8srlzkkvbvlg4g585g9iyzd3ryiilm8a-nixpkgs", "path": "/nix/store/agilvsqqdsqx36wf4zkq5gnhnab47qpd-nixpkgs",
"sha256": "0cyksxg2lnzxd0pss09rmmk2c2axz0lf9wvgvfng59nwf8dpq2kf", "sha256": "0ak4d254myq6cl3d7jkq6n0apxabvwjz62zdw9habnrqg8asl8gk",
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,
"leaveDotGit": false "leaveDotGit": false

8
krebs/nixpkgs.json
View File

@ -1,9 +1,9 @@
{ {
"url": "https://github.com/NixOS/nixpkgs", "url": "https://github.com/NixOS/nixpkgs",
"rev": "a058d005b3cbb370bf171ebce01839dd6ff52222", "rev": "2394284537b89471c87065b040d3dedd8b5907fe",
"date": "2021-01-23T17:41:51-05:00", "date": "2021-02-10T23:24:22+01:00",
"path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs", "path": "/nix/store/rqgraycidchn5wc5mki5sqj8bl5cpx78-nixpkgs",
"sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb", "sha256": "1j7vp735is5d32mbrgavpxi3fbnsm6d99a01ap8gn30n5ysd14sl",
"fetchSubmodules": false, "fetchSubmodules": false,
"deepClone": false, "deepClone": false,
"leaveDotGit": false "leaveDotGit": false

53
lass/1systems/coaxmetal/config.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
{
imports = [
<stockholm/lass>
<stockholm/lass/2configs/retiolum.nix>
<stockholm/lass/2configs/exim-retiolum.nix>
<stockholm/lass/2configs/baseX.nix>
<stockholm/lass/2configs/browsers.nix>
<stockholm/lass/2configs/programs.nix>
<stockholm/lass/2configs/network-manager.nix>
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/sync/sync.nix>
<stockholm/lass/2configs/games.nix>
<stockholm/lass/2configs/steam.nix>
<stockholm/lass/2configs/wine.nix>
<stockholm/lass/2configs/fetchWallpaper.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/pass.nix>
<stockholm/lass/2configs/mail.nix>
<stockholm/lass/2configs/bitcoin.nix>
];
krebs.build.host = config.krebs.hosts.coaxmetal;
environment.shellAliases = {
deploy = pkgs.writeDash "deploy" ''
set -eu
export SYSTEM="$1"
$(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy)
'';
usb-tether-on = pkgs.writeDash "usb-tether-on" ''
adb shell su -c service call connectivity 33 i32 1 s16 text
'';
usb-tether-off = pkgs.writeDash "usb-tether-off" ''
adb shell su -c service call connectivity 33 i32 0 s16 text
'';
};
programs.adb.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
# config.General.Disable = "Headset";
extraConfig = ''
[General]
Disable = Headset
'';
};
hardware.pulseaudio.package = pkgs.pulseaudioFull;
}

52
lass/1systems/coaxmetal/physical.nix Normal file
View File

@ -0,0 +1,52 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
./config.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
networking.hostId = "e0c335ea";
boot.zfs.requestEncryptionCredentials = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
# device = "/dev/disk/by-id/nvme-WDC_PC_SN730_SDBQNTY-1T00-1001_205349800040";
device = "nodev";
efiSupport = true;
# efiInstallAsRemovable = true;
};
services.xserver.videoDrivers = [
"amdgpu"
];
hardware.opengl.extraPackages = [ pkgs.amdvlk ];
# is required for amd graphics support ( xorg wont boot otherwise )
boot.kernelPackages = pkgs.linuxPackages_latest;
environment.variables.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = [ "kvm-amd" ];
fileSystems."/" = {
device = "zpool/root/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "zpool/root/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/50A7-1889";
fsType = "vfat";
};
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchDocked = "ignore";
boot.extraModprobeConfig = ''
options psmouse proto=imps
'';
}

14
lass/1systems/yellow/config.nix
View File

@ -152,10 +152,11 @@ with import <stockholm/lib>;
krebs.iptables = { krebs.iptables = {
enable = true; enable = true;
tables.filter.INPUT.rules = [ tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin
]; ];
}; };
@ -265,4 +266,9 @@ with import <stockholm/lib>;
''; '';
}; };
}; };
services.jellyfin = {
enable = true;
group = "download";
};
} }

158
lass/2configs/hass/default.nix
View File

@ -1,7 +1,29 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import ./lib.nix { inherit lib; }; with import ./lib.nix { inherit lib; };
let
unstable = import (pkgs.fetchFromGitHub {
owner = "nixos";
repo = "nixpkgs";
rev = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).rev;
sha256 = (lib.importJSON ../../../krebs/nixpkgs-unstable.json).sha256;
}) {};
dwdwfsapi = pkgs.python3Packages.buildPythonPackage rec {
pname = "dwdwfsapi";
version = "1.0.3";
{ src = pkgs.python3Packages.fetchPypi {
inherit pname version;
sha256 = "0fcv79xiq0qr4kivhd68iqpgrsjc7djxqs2h543pyr0sdgb5nz9x";
};
buildInputs = with pkgs.python3Packages; [
requests ciso8601
];
# LC_ALL = "en_US.UTF-8";
};
in {
imports = [ imports = [
./zigbee.nix ./zigbee.nix
./rooms/bett.nix ./rooms/bett.nix
@ -21,78 +43,80 @@ with import ./lib.nix { inherit lib; };
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
package = pkgs.home-assistant.override { package = (unstable.home-assistant.overrideAttrs (old: {
# extraComponents = [ "hue" ]; doInstallCheck = false;
})).override {
extraPackages = _: [ dwdwfsapi ];
}; };
configWritable = true; configWritable = true;
lovelaceConfigWritable = true; lovelaceConfigWritable = true;
}; config = let
tasmota_s20 = name: topic: {
services.home-assistant.config = let platform = "mqtt";
tasmota_s20 = name: topic: { inherit name;
platform = "mqtt"; state_topic = "stat/${topic}/POWER";
inherit name; command_topic = "cmnd/${topic}/POWER";
state_topic = "stat/${topic}/POWER"; payload_on = "ON";
command_topic = "cmnd/${topic}/POWER"; payload_off = "OFF";
payload_on = "ON";
payload_off = "OFF";
};
in {
homeassistant = {
name = "Home";
time_zone = "Europe/Berlin";
latitude = "52.46187";
longitude = "13.41489";
elevation = 90;
unit_system = "metric";
customize = friendly_names;
};
config = {};
sun.elevation = 66;
shopping_list = {};
discovery = {};
frontend = {};
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "gg23";
password = "gg23-mqtt";
keepalive = 60;
protocol = 3.1;
discovery = true;
birth_message = {
topic = "/hass/status";
payload = "online";
}; };
will_message = { in {
topic = "/hass/status"; homeassistant = {
payload = "offline"; name = "Home";
time_zone = "Europe/Berlin";
latitude = "52.46187";
longitude = "13.41489";
elevation = 90;
unit_system = "metric";
customize = friendly_names;
}; };
config = {};
sun.elevation = 66;
shopping_list = {};
discovery = {};
frontend = {};
http = {};
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
username = "gg23";
password = "gg23-mqtt";
keepalive = 60;
protocol = 3.1;
discovery = true;
birth_message = {
topic = "/hass/status";
payload = "online";
};
will_message = {
topic = "/hass/status";
payload = "offline";
};
};
sensor = [
{
platform = "dwd_weather_warnings";
region_name = "Berlin";
}
];
switch = [
(tasmota_s20 "TV" "tv")
(tasmota_s20 "Drucker Strom" "drucker")
(tasmota_s20 "Waschmaschine" "wasch")
(tasmota_s20 "Stereo Anlage" "stereo")
];
mobile_app = {};
weather = [
{
platform = "openweathermap";
api_key = "xxx"; # TODO put into secrets
}
];
system_health = {};
history = {};
shopping_list = {};
}; };
sensor = [
{
platform = "dwd_weather_warnings";
region_name = "Berlin";
}
];
switch = [
(tasmota_s20 "TV" "tv")
(tasmota_s20 "Drucker Strom" "drucker")
(tasmota_s20 "Waschmaschine" "wasch")
(tasmota_s20 "Stereo Anlage" "stereo")
];
mobile_app = {};
weather = [
{
platform = "openweathermap";
api_key = "xxx"; # TODO put into secrets
}
];
system_health = {};
history = {};
shopping_list = {};
}; };
services.mosquitto = { services.mosquitto = {

8
lass/5pkgs/custom/xmonad-lass/default.nix
View File

@ -35,6 +35,7 @@ import XMonad.Hooks.ManageHelpers (doCenterFloat, doRectFloat, (-?>))
import XMonad.Hooks.Place (placeHook, smart) import XMonad.Hooks.Place (placeHook, smart)
import XMonad.Hooks.UrgencyHook (focusUrgent) import XMonad.Hooks.UrgencyHook (focusUrgent)
import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..)) import XMonad.Hooks.UrgencyHook (withUrgencyHook, UrgencyHook(..))
import XMonad.Layout.BoringWindows (boringWindows, focusDown, focusUp)
import XMonad.Layout.FixedColumn (FixedColumn(..)) import XMonad.Layout.FixedColumn (FixedColumn(..))
import XMonad.Layout.Grid (Grid(..)) import XMonad.Layout.Grid (Grid(..))
import XMonad.Layout.Minimize (minimize) import XMonad.Layout.Minimize (minimize)
@ -93,7 +94,7 @@ main' = do
myLayoutHook = defLayout myLayoutHook = defLayout
where where
defLayout = minimize $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid) defLayout = minimize . boringWindows $ ((avoidStruts $ Mirror (Tall 1 (3/100) (1/2))) ||| Full ||| FixedColumn 2 80 80 1 ||| Tall 1 (3/100) (1/2) ||| simplestFloat ||| mouseResizableTile ||| Grid)
floatHooks = composeAll floatHooks = composeAll
[ className =? "Pinentry" --> doCenterFloat [ className =? "Pinentry" --> doCenterFloat
@ -123,6 +124,11 @@ myKeyMap =
, ("<XF86Launch1>", gridselectWorkspace gridConfig W.view) , ("<XF86Launch1>", gridselectWorkspace gridConfig W.view)
, ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill") , ("M4-C-k", spawn "${pkgs.xorg.xkill}/bin/xkill")
, ("M4-<Tab>", focusDown)
, ("M4-S-<Tab>", focusUp)
, ("M4-j", focusDown)
, ("M4-k", focusUp)
, ("M4-a", focusUrgent) , ("M4-a", focusUrgent)
, ("M4-S-r", renameWorkspace myXPConfig) , ("M4-S-r", renameWorkspace myXPConfig)
, ("M4-S-a", addWorkspacePrompt myXPConfig) , ("M4-S-a", addWorkspacePrompt myXPConfig)

4
lass/5pkgs/tdlib-purple/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "tdlib-purple"; pname = "tdlib-purple";
version = "0.7.6"; version = "0.7.8";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "ars3niy"; owner = "ars3niy";
repo = pname; repo = pname;
rev = "v${version}"; rev = "v${version}";
sha256 = "1inamfzbrz0sy4y431jgwjfg6lz14a7c71khrg02481raxchhzzf"; sha256 = "17g54mcxsidcx37l6m4p8i06ln1hvq3347dhdl9xkkn7pqpwvv1c";
}; };
cmakeFlags = [ cmakeFlags = [

30
makefu/1systems/gum/config.nix
View File

@ -65,7 +65,7 @@ in {
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = allowedTCPPorts =
[ [
53 53
655 655
21031 21031
@ -83,6 +83,9 @@ in {
# <stockholm/makefu/2configs/exim-retiolum.nix> # <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix> <stockholm/makefu/2configs/git/cgit-retiolum.nix>
### systemdUltras ###
<stockholm/makefu/2configs/systemdultras/ircbot.nix>
###### Shack ##### ###### Shack #####
# <stockholm/makefu/2configs/shack/events-publisher> # <stockholm/makefu/2configs/shack/events-publisher>
# <stockholm/makefu/2configs/shack/gitlab-runner> # <stockholm/makefu/2configs/shack/gitlab-runner>
@ -98,7 +101,7 @@ in {
{ krebs.exim.enable = mkDefault true; } { krebs.exim.enable = mkDefault true; }
# sharing # sharing
<stockholm/makefu/2configs/share/gum.nix> <stockholm/makefu/2configs/share/gum.nix> # samba sahre
<stockholm/makefu/2configs/torrent.nix> <stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/sickbeard> <stockholm/makefu/2configs/sickbeard>
@ -145,7 +148,10 @@ in {
<stockholm/makefu/2configs/deployment/gecloudpad> <stockholm/makefu/2configs/deployment/gecloudpad>
<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix> <stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
<stockholm/makefu/2configs/shiori.nix> <stockholm/makefu/2configs/shiori.nix>
<stockholm/makefu/2configs/workadventure>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix> <stockholm/makefu/2configs/bgt/hidden_service.nix>
@ -177,12 +183,19 @@ in {
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ]; { path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable ###### stable
security.acme.certs."cgit.euer.krebsco.de" = {
services.nginx.virtualHosts."cgit.euer.krebsco.de" = { email = "letsencrypt@syntax-fehler.de";
forceSSL = true; webroot = "/var/lib/acme/acme-challenge";
enableACME = true; group = "nginx";
locations."/".proxyPass = "http://localhost/"; };
locations."/".extraConfig = ''proxy_set_header Host cgit;''; services.nginx.virtualHosts."cgit" = {
serverAliases = [ "cgit.euer.krebsco.de" ];
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
}; };
krebs.build.host = config.krebs.hosts.gum; krebs.build.host = config.krebs.hosts.gum;
@ -190,6 +203,7 @@ in {
# Network # Network
networking = { networking = {
firewall = { firewall = {
allowedTCPPorts = [ 80 443 ];
allowPing = true; allowPing = true;
logRefusedConnections = false; logRefusedConnections = false;
}; };

2
makefu/1systems/gum/hardware-config.nix
View File

@ -69,7 +69,7 @@ in {
fsType = "ext4"; fsType = "ext4";
options = [ "nofail" ]; options = [ "nofail" ];
}; };
fileSystems."/var/www/o.euer.krebsco.de" = { fileSystems."/var/lib/nextcloud/data" = {
device = "/dev/nixos/nextcloud"; device = "/dev/nixos/nextcloud";
fsType = "ext4"; fsType = "ext4";
options = [ "nofail" ]; options = [ "nofail" ];

92
makefu/1systems/x/config.nix
View File

@ -4,7 +4,30 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports =
[ # base [
# hardware-dependent
# device
./x13
# ./x230
# Common Hardware Components
# <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/cc2531.nix>
<stockholm/makefu/2configs/hw/droidcam.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
<stockholm/makefu/2configs/hw/upower.nix>
# base
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/home-manager>
@ -19,8 +42,37 @@
<stockholm/makefu/2configs/editor/neovim> <stockholm/makefu/2configs/editor/neovim>
<stockholm/makefu/2configs/tools/all.nix> <stockholm/makefu/2configs/tools/all.nix>
{ programs.adb.enable = true; } { programs.adb.enable = true; }
{
services.openssh.hostKeys = [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";}
];
}
{ systemd.services.docker.wantedBy = lib.mkForce []; } #{
# users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ];
# services.ympd.enable = true;
# services.mpd = {
# enable = true;
# extraConfig = ''
# log_level "default"
# auto_update "yes"
# audio_output {
# type "httpd"
# name "lassulus radio"
# encoder "vorbis" # optional
# port "8000"
# quality "5.0" # do not define if bitrate is defined
# # bitrate "128" # do not define if quality is defined
# format "44100:16:2"
# always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
# tags "yes" # httpd supports sending tags to listening streams.
# }
# '';
# };
#}
# { systemd.services.docker.wantedBy = lib.mkForce []; }
<stockholm/makefu/2configs/dict.nix> <stockholm/makefu/2configs/dict.nix>
# <stockholm/makefu/2configs/legacy_only.nix> # <stockholm/makefu/2configs/legacy_only.nix>
#<stockholm/makefu/3modules/netboot_server.nix> #<stockholm/makefu/3modules/netboot_server.nix>
@ -59,10 +111,13 @@
# <stockholm/makefu/2configs/deployment/hound> # <stockholm/makefu/2configs/deployment/hound>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/bureautomation/hass.nix> # <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
<stockholm/makefu/2configs/bureautomation/office-radio>
# Krebs # Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
# <stockholm/makefu/2configs/share/gum-client.nix> # <stockholm/makefu/2configs/share/anon-ftp.nix>
# <stockholm/makefu/2configs/share/anon-sftp.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/temp-share-samba.nix> # <stockholm/makefu/2configs/share/temp-share-samba.nix>
@ -75,7 +130,7 @@
# Virtualization # Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix> # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
<stockholm/makefu/2configs/virtualisation/virtualbox.nix> # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{ #{
# networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = { # networking.nat = {
@ -96,26 +151,10 @@
<stockholm/makefu/2configs/binary-cache/gum.nix> <stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix> <stockholm/makefu/2configs/binary-cache/lass.nix>
# Hardware
<stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
# <stockholm/makefu/2configs/hw/mceusb.nix>
<stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/cc2531.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
<stockholm/makefu/2configs/hw/upower.nix>
# Filesystem
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security # Security
<stockholm/makefu/2configs/sshd-totp.nix> # <stockholm/makefu/2configs/sshd-totp.nix>
# temporary # temporary
# { services.redis.enable = true; } # { services.redis.enable = true; }
@ -149,7 +188,6 @@
} }
]; ];
makefu.server.primary-itf = "wlp3s0";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.oraclejdk.accept_license = true; nixpkgs.config.oraclejdk.accept_license = true;
@ -158,19 +196,13 @@
# configure pulseAudio to provide a HDMI sink as well # configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedUDPPorts = [ 665 26061 ]; networking.firewall.allowedUDPPorts = [ 665 26061 1514 ];
networking.firewall.trustedInterfaces = [ "vboxnet0" ]; networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ];
krebs.build.host = config.krebs.hosts.x; krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ]; krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices.luksroot =
{
device = "/dev/sda2";
allowDiscards = true;
};
environment.systemPackages = [ pkgs.passwdqc-utils ]; environment.systemPackages = [ pkgs.passwdqc-utils ];

52
makefu/1systems/x/x13/default.nix Normal file
View File

@ -0,0 +1,52 @@
{ pkgs, lib, ... }:
# new zfs deployment
{
imports = [
./zfs.nix
./input.nix
<stockholm/makefu/2configs/hw/bluetooth.nix>
<nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
# <stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix>
];
boot.zfs.requestEncryptionCredentials = true;
networking.hostId = "f8b8e0a2";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# services.xserver.enable = lib.mkForce false;
services.xserver.videoDrivers = [
"amdgpu"
];
hardware.opengl.extraPackages = [ pkgs.amdvlk ];
# is required for amd graphics support ( xorg wont boot otherwise )
boot.kernelPackages = pkgs.linuxPackages_latest;
environment.variables.VK_ICD_FILENAMES =
"/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
programs.light.enable = true;
services.actkbd = {
enable = true;
bindings = [
{ keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; }
{ keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; }
{ keys = [ 227 ]; events = [ "key" ]; command = builtins.toString (
pkgs.writers.writeDash "toggle_lcdshadow" ''
proc=/proc/acpi/ibm/lcdshadow
status=$(${pkgs.gawk}/bin/awk '/status:/{print $2}' "$proc")
if [ "$status" -eq 0 ];then
echo 1 > "$proc"
else
echo 0 > "$proc"
fi
'');
}
];
};
users.groups.video = {};
users.users.makefu.extraGroups = [ "video" ];
}

13
makefu/1systems/x/x13/input.nix Normal file
View File

@ -0,0 +1,13 @@
{
# current issues:
# 1. for pressing insert hold shift+fn+Fin
# scroll by holding middle mouse
services.xserver.displayManager.sessionCommands =''
xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1
xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2
xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
# configure timeout of pressing and holding middle button
# xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
'';
}

8
makefu/1systems/x/x13/toggle_brightness Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
proc=/proc/acpi/ibm/lcdshadow
status=$(awk '/status:/{print $2}' "$proc")
if [ "$status" -eq 0 ];then
echo 1 > "$proc"
else
echo 0 > "$proc"
fi

32
makefu/1systems/x/x13/zfs.nix Normal file
View File

@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/20BF-2755";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "zroot/root/home";
fsType = "zfs";
};
swapDevices = [ ];
}

19
makefu/1systems/x/x230/default.nix Normal file
View File

@ -0,0 +1,19 @@
{
imports = [
<stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
<stockholm/makefu/2configs/hw/tpm.nix>
<stockholm/makefu/2configs/hw/ssd.nix>
# hard dependency because otherwise the device will not be unlocked
{
boot.initrd.luks.devices.luksroot =
{
device = "/dev/sda2";
allowDiscards = true;
};
}
{ makefu.server.primary-itf = "wlp3s0"; }
];
}

6
makefu/2configs/bureautomation/office-radio/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./mpd.nix
./webserver.nix
];
}

58
makefu/2configs/bureautomation/office-radio/mpd.nix Normal file
View File

@ -0,0 +1,58 @@
{ config, lib, pkgs, ... }:
let
mpds = import ./mpdconfig.nix;
systemd_mpd = name: value: let
path = "/var/lib/mpd-${name}";
num = lib.strings.fixedWidthNumber 2 value;
mpdconf = pkgs.writeText "mpd-config-${name}" ''
music_directory "${path}/music"
playlist_directory "${path}/playlists"
db_file "${path}/tag_cache"
state_file "${path}/state"
sticker_file "${path}/sticker.sql"
bind_to_address "127.0.0.1"
port "66${num}"
log_level "default"
auto_update "yes"
audio_output {
type "httpd"
name "Office Radio ${num} - ${name}"
encoder "vorbis" # optional
port "280${num}"
quality "5.0" # do not define if bitrate is defined
# bitrate "128" # do not define if quality is defined
format "44100:16:2"
always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
tags "yes" # httpd supports sending tags to listening streams.
}
'';
in {
after = [ "network.target" ];
description = "Office Radio MPD ${toString value} - ${name}";
wantedBy = ["multi-user.target"];
serviceConfig = {
#User = "mpd";
DynamicUser = true;
ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}";
LimitRTPRIO = 50;
LimitRTTIME = "infinity";
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
StateDirectory = [ "mpd-${name}" ];
};
};
in
{
systemd.services = lib.attrsets.mapAttrs' (name: value:
lib.attrsets.nameValuePair
("office-radio-" +name) (systemd_mpd name value))
mpds;
}

6
makefu/2configs/bureautomation/office-radio/mpdconfig.nix Normal file
View File

@ -0,0 +1,6 @@
{
"cybertisch1" = 0;
"cybertisch2" = 1;
"cyberklo" = 2;
"baellebad" = 3;
}

40
makefu/2configs/bureautomation/office-radio/webserver.nix Normal file
View File

@ -0,0 +1,40 @@
{ pkgs, ... }:
let
mpds = import ./mpdconfig.nix;
pkg = pkgs.office-radio;
in {
systemd.services.office-radio-appsrv = {
after = [ "network.target" ];
description = "Office Radio Appserver";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkg}/bin/office-radio";
DynamicUser = true;
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
};
};
systemd.services.office-radio-stopper = {
after = [ "network.target" ];
description = "Office Radio Script to stop idle streams";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkg}/bin/stop-idle-streams";
DynamicUser = true;
ProtectSystem = true;
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
Restart = "always";
};
};
}

9
makefu/2configs/deployment/mycube.connector.one.nix
View File

@ -1,15 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module # more than just nginx config but not enough to become a module
with import <stockholm/lib>;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock"; wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in { in {
services.redis = { services.redis = { enable = true; };
enable = true; systemd.services.redis.serviceConfig.LimitNOFILE=65536;
};
systemd.services.redis.serviceConfig.LimitNOFILE=10032;
services.uwsgi = { services.uwsgi = {
enable = true; enable = true;
@ -28,7 +25,7 @@ in {
}; };
services.nginx = { services.nginx = {
enable = mkDefault true; enable = lib.mkDefault true;
virtualHosts."mybox.connector.one" = { virtualHosts."mybox.connector.one" = {
locations = { locations = {
"/".extraConfig = '' "/".extraConfig = ''

18
makefu/2configs/deployment/newsbot.nix
View File

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
let
newsfile = pkgs.writeText "feeds" ''
nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs
'';
in {
environment.systemPackages = [
pkgs.newsbot-js
];
krebs.newsbot-js = {
enable = true;
ircServer = "chat.freenode.net";
feeds = newsfile;
urlShortenerHost = "go";
urlShortenerPort = "80";
};
}

19
makefu/2configs/deployment/wiki-irc-bot/default.nix
View File

@ -1,19 +0,0 @@
{ config, pkgs, ... }:
let
pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
patches = [ ./wiki-output.patch ];
});
newsfile = pkgs.writeText "feeds" ''
nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
'';
in {
krebs.newsbot-js = {
enable = true;
package = pkg;
ircServer = "chat.freenode.net";
feeds = newsfile;
urlShortenerHost = "go";
urlShortenerPort = "80";
};
}

45
makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
View File

@ -1,45 +0,0 @@
diff --git a/newsbot.js b/newsbot.js
index 42d0666..a284011 100644
--- a/newsbot.js
+++ b/newsbot.js
@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
}
function broadcast_new_item (item) {
+ console.log('Broadcasting item ',item.link)
return getShortLink(item.link, function (error, shortlink) {
- return broadcast(item.title + ' ' + shortlink)
+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
})
}
@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
if (client.lastItems) {
items.forEach(function (item) {
- if (!client.lastItems.hasOwnProperty(item.title)) {
+
+ if (!client.lastItems.hasOwnProperty(item.guid)) {
broadcast_new_item(item)
+ }else {
+ console.log("Item already seen:",item.guid)
}
})
}
client.lastItems = {}
items.forEach(function (item) {
- client.lastItems[item.title] = true
+ client.lastItems[item.guid] = true
})
return continue_loop()
@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
}
function getShortLink (link, callback) {
+ callback(null,link)
+ return
var form = new FormData()
try {
form.append('uri', link)

2
makefu/2configs/ham/automation/giesskanne.nix
View File

@ -7,7 +7,7 @@ let
light = "light.espcam_02_light"; light = "light.espcam_02_light";
seconds = 60; # default shutoff to protect the LED from burning out seconds = 60; # default shutoff to protect the LED from burning out
}; };
seconds = 6; seconds = 60;
pump = "switch.arbeitszimmer_giesskanne_relay"; pump = "switch.arbeitszimmer_giesskanne_relay";
# sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; # sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture";
in in

41
makefu/2configs/ham/automation/moodlight.nix Normal file
View File

@ -0,0 +1,41 @@
# uses:
let
wohnzimmer = "light.wohnzimmer_fenster_lichterkette_licht";
arbeitszimmer = "light.box_led_status";
final_off = "01:00";
turn_on = entity_id: at:
{ alias = "Turn on ${entity_id} at ${at}";
trigger = [
{ platform = "time"; inherit at; }
];
action =
[
{ service = "light.turn_on"; inherit entity_id; }
];
};
in
{
services.home-assistant.config =
{
automation =
[
(turn_on wohnzimmer "17:30")
(turn_on arbeitszimmer "9:00")
{ alias = "Always turn off the lights at ${final_off}";
trigger = [
{ platform = "time"; at = final_off; }
];
action =
[
{
service = "light.turn_off";
entity_id = [ wohnzimmer arbeitszimmer];
}
];
}
];
};
}

82
makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix
View File

@ -26,6 +26,81 @@ let
data.entity_id = light; data.entity_id = light;
}; };
}; };
rf_state = code: light: halfbright:
let
maxbright = 255;
transition = 0.2; # seconds
in
# this function implements a simple state machine based on the state and brightness of the light (light must support brightness
{
alias = "Cycle through states of ${light} via rf code ${code}";
trigger = {
platform = "event";
event_type = "esphome.rf_code_received";
event_data.code = code;
};
action = {
choose = [
{
# state 0: off to half
conditions = {
condition = "template";
value_template = ''{{ states("${light}") == "off" }}'';
};
sequence = [
{
service = "light.turn_on";
data = {
entity_id = light;
brightness = halfbright;
};
}
];
}
{
# state 1: half to full
conditions = {
condition = "template";
value_template = ''{{ states('${light}') == 'on' and ( ${toString (halfbright - 1)} <= state_attr("${light}","brightness") <= ${toString (halfbright + 1)})}}'';
};
sequence = [
{
service = "light.turn_on";
data = {
entity_id = light;
brightness = maxbright;
};
}
];
}
{
# state 2: full to off
conditions = {
condition = "template";
# TODO: it seems like the devices respond with brightness-1 , maybe off-by-one somewhere?
value_template = ''{{ states("${light}") == "on" and state_attr("${light}","brightness") >= ${toString (maxbright - 1)}}}'';
};
sequence = [
{
service = "light.turn_off";
data = {
entity_id = light;
};
}
];
}
];
# default: on to off
# this works because state 0 checks for "state == off"
default = [{
service = "light.turn_off";
data = {
entity_id = light;
};
}];
};
}
;
rf_toggle = code: light: rf_toggle = code: light:
{ {
alias = "Toggle ${light} via rf code ${code}"; alias = "Toggle ${light} via rf code ${code}";
@ -39,14 +114,13 @@ let
data.entity_id = light; data.entity_id = light;
}; };
}; };
in in
{ {
services.home-assistant.config.automation = [ services.home-assistant.config.automation = [
(rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A (rf_toggle "400551" "light.wohnzimmer_fernseher_led_strip") # A
(rf_toggle "401151" "light.wohnzimmer_stehlampe_osram") # B (rf_state "401151" "light.wohnzimmer_stehlampe_osram" 128) # B
(rf_toggle "401451" "light.wohnzimmer_komode_osram") # C (rf_state "401451" "light.wohnzimmer_komode_osram" 128) # C
(rf_toggle "401511" "light.wohnzimmer_schrank_osram") # D (rf_state "401511" "light.wohnzimmer_schrank_osram" 128) # D
# OFF Lane # OFF Lane
(rf_turn_off "400554" "all") # A (rf_turn_off "400554" "all") # A

33
makefu/2configs/home-manager/zsh.nix
View File

@ -8,11 +8,10 @@
}; };
}; };
imports = [ imports = [
{ #direnv {
home-manager.users.makefu.home.packages = [ home-manager.users.makefu.home.packages = [
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox") (pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
pkgs.direnv pkgs.nur.repos.kalbasit.nixify ]; ];
# home-manager.users.makefu.home.file.".direnvrc".text = '''';
} }
{ # bat { # bat
home-manager.users.makefu.home.packages = [ pkgs.bat ]; home-manager.users.makefu.home.packages = [ pkgs.bat ];
@ -24,8 +23,34 @@
}; };
} }
]; ];
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [
"/share/zsh"
];
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
home-manager.users.makefu = { home-manager.users.makefu = {
programs.direnv.enable = true;
programs.direnv.enableNixDirenvIntegration = true;
programs.direnv.enableZshIntegration = true;
home.packages = [ (pkgs.writeDashBin "nixify" ''
test ! -e shell.nix && cat > shell.nix <<EOF
{ pkgs ? import <nixpkgs> {}}:
pkgs.mkShell {
nativeBuildInputs = [ pkgs.hello ];
}
EOF
echo "use nix" >> .envrc
direnv allow
'')
];
#home.packages = [ pkgs.direnv pkgs.nix-direnv ];
programs.fzf.enable = false; # alt-c programs.fzf.enable = false; # alt-c
programs.zsh = { programs.zsh = {
enable = true; enable = true;

4
makefu/2configs/hw/droidcam.nix
View File

@ -1,7 +1,9 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480"; boot.extraModprobeConfig = "options v4l2loopback_dc width=640 height=480";
boot.extraModulePackages = [ boot.extraModulePackages = [
(pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; }) (pkgs.callPackage ../../5pkgs/v4l2loopback-dc { kernel = config.boot.kernelPackages.kernel; })
]; ];
boot.initrd.availableKernelModules = [ "v4l2loopback-dc" ];
users.users.makefu.packages = [ pkgs.droidcam ];
} }

6
makefu/2configs/share/omo.nix
View File

@ -60,6 +60,12 @@ in {
browseable = "yes"; browseable = "yes";
"guest ok" = "yes"; "guest ok" = "yes";
}; };
photos = {
path = "/media/cryptX/photos";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypX-games = { crypX-games = {
path = "/media/cryptX/games"; path = "/media/cryptX/games";
"read only" = "yes"; "read only" = "yes";

2
makefu/2configs/tools/mobility.nix
View File

@ -5,12 +5,10 @@
mosh mosh
sshfs sshfs
rclone rclone
exfat
(pkgs.callPackage ./secrets.nix {}) (pkgs.callPackage ./secrets.nix {})
opensc pcsctools libu2f-host opensc pcsctools libu2f-host
]; ];
boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
boot.supportedFilesystems = [ "exfat" ]; boot.supportedFilesystems = [ "exfat" ];
} }

6
makefu/2configs/workadventure/default.nix Normal file
View File

@ -0,0 +1,6 @@
{
imports = [
./jitsi.nix
./workadventure.nix
];
}

59
makefu/2configs/workadventure/jitsi.nix Normal file
View File

@ -0,0 +1,59 @@
{
# + +
# | |
# | |
# v v
# 80, 443 TCP 443 TCP, 10000 UDP
# +--------------+ +---------------------+
# | nginx | 5222, 5347 TCP | |
# | jitsi-meet |<-------------------+| jitsi-videobridge |
# | prosody | | | |
# | jicofo | | +---------------------+
# +--------------+ |
# | +---------------------+
# | | |
# +----------+| jitsi-videobridge |
# | | |
# | +---------------------+
# |
# | +---------------------+
# | | |
# +----------+| jitsi-videobridge |
# | |
# +---------------------+
# This is a one server setup
services.jitsi-meet = {
enable = true;
hostName = "meet.euer.krebsco.de";
# JItsi COnference FOcus is a server side focus component used in Jitsi Meet conferences.
# https://github.com/jitsi/jicofo
jicofo.enable = true;
# Whether to enable nginx virtual host that will serve the javascript application and act as a proxy for the XMPP server.
# Further nginx configuration can be done by adapting services.nginx.virtualHosts.<hostName>. When this is enabled, ACME
# will be used to retrieve a TLS certificate by default. To disable this, set the
# services.nginx.virtualHosts.<hostName>.enableACME to false and if appropriate do the same for
# services.nginx.virtualHosts.<hostName>.forceSSL.
nginx.enable = true;
# https://github.com/jitsi/jitsi-meet/blob/master/config.js
config = {
enableWelcomePage = true;
defaultLang = "en";
};
# https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
};
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 10000 ];
};
}

161
makefu/2configs/workadventure/workadventure.nix Normal file
View File

@ -0,0 +1,161 @@
{ config, pkgs, lib, ... }:
let
# If your Jitsi environment has authentication set up,
# you MUST set JITSI_PRIVATE_MODE to "true" and
# you MUST pass a SECRET_JITSI_KEY to generate the JWT secret
jitsiPrivateMode = "false";
secretJitsiKey = "";
jitsiISS = "";
workadventureSecretKey = "";
jitsiURL = "meet.euer.krebsco.de";
domain = "work.euer.krebsco.de";
# domain will redirect to this map. (not play.${domain})
defaultMap = "npeguin.github.io/office-map/map.json";
apiURL = "api.${domain}";
apiPort = 9002;
frontURL = "play.${domain}";
frontPort = 9004;
pusherURL = "push.${domain}";
pusherPort = 9005;
uploaderURL = "ul.${domain}";
uploaderPort = 9006;
frontImage = "thecodingmachine/workadventure-front:develop";
pusherImage = "thecodingmachine/workadventure-pusher:develop";
apiImage = "thecodingmachine/workadventure-back:develop";
uploaderImage = "thecodingmachine/workadventure-uploader:develop";
in {
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 ];
};
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
systemd.services.workadventure-network = {
enable = true;
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.docker}/bin/docker network create --driver bridge workadventure ||:
'';
after = [ "docker" ];
before = [
"docker-workadventure-back.service"
"docker-workadventure-pusher.service"
"docker-workadventure-uploader.service"
"docker-workadventure-website.service"
];
};
virtualisation.oci-containers.backend = "docker";
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
return = "301 $scheme://play.${domain}/_/global/${defaultMap}";
};
};
virtualisation.oci-containers.containers.workadventure-front = {
image = frontImage;
environment = {
API_URL = pusherURL;
JITSI_PRIVATE_MODE = jitsiPrivateMode;
JITSI_URL = jitsiURL;
SECRET_JITSI_KEY = secretJitsiKey;
UPLOADER_URL = uploaderURL;
};
ports = [ "127.0.0.1:${toString frontPort}:80" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${frontURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
};
virtualisation.oci-containers.containers.workadventure-pusher = {
image = pusherImage;
environment = {
API_URL = "workadventure-back:50051";
JITSI_ISS = jitsiISS;
JITSI_URL = jitsiURL;
SECRET_KEY = workadventureSecretKey;
};
ports = [ "127.0.0.1:${toString pusherPort}:8080" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${pusherURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
proxyWebsockets = true;
};
locations."/room" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
proxyWebsockets = true;
};
};
virtualisation.oci-containers.containers.workadventure-back = {
image = apiImage;
environment = {
#DEBUG = "*";
JITSI_ISS = jitsiISS;
JITSI_URL = jitsiURL;
SECRET_KEY = workadventureSecretKey;
};
ports = [ "127.0.0.1:${toString apiPort}:8080" "50051" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${apiURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
};
virtualisation.oci-containers.containers.workadventure-uploader = {
image = uploaderImage;
ports = [ "127.0.0.1:${toString uploaderPort}:8080" ];
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${uploaderURL}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString uploaderPort}";
proxyWebsockets = true;
};
};
systemd.services.docker-workadventure-front.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-uploader.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-pusher.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
systemd.services.docker-workadventure-back.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
};
}

4
makefu/5pkgs/kalauerbot/default.nix
View File

@ -1,11 +1,11 @@
{ stdenv, python3, fetchgit }: { stdenv, python3, fetchgit }:
python3.pkgs.buildPythonPackage rec { python3.pkgs.buildPythonPackage rec {
name = "kalauerbot"; name = "kalauerbot";
rev = "08d98aa"; rev = "2a1e868";
src = fetchgit { src = fetchgit {
url = "http://cgit.euer.krebsco.de/kalauerbot"; url = "http://cgit.euer.krebsco.de/kalauerbot";
inherit rev; inherit rev;
sha256 = "017hh61smgq4zsxd10brgwmykwgwabgllxjs31xayvs1hnqmkv2v"; sha256 = "1vymz3dnpgcxwfgbnrpc0plcdmihxcq7xsvpap755c5jvzvb8a1k";
}; };
propagatedBuildInputs = with python3.pkgs;[ propagatedBuildInputs = with python3.pkgs;[
(callPackage ./python-matrixbot.nix { (callPackage ./python-matrixbot.nix {

23
makefu/5pkgs/office-radio/default.nix Normal file
View File

@ -0,0 +1,23 @@
{ lib, pkgs, fetchFromGitHub, ... }:
with pkgs.python3Packages;buildPythonPackage rec {
name = "office-radio-${version}";
version = "0.2.3.4";
propagatedBuildInputs = [
flask
psutil
mpd2
requests
];
src = fetchFromGitHub {
owner = "makefu";
repo = "office-radio";
rev = "601c650";
sha256 = "06zf0sjm4zlnbjlmiajbz1klhz1maj1ww5vah2abcvk1vx0p0hn7";
};
meta = {
homepage = https://github.com/makefu/office-radio;
description = "manage virtual office radio";
license = lib.licenses.asl20;
};
}