Compare commits
1 Commits
0156323836
...
db56045573
Author | SHA1 | Date | |
---|---|---|---|
|
db56045573 |
@ -1,89 +0,0 @@
|
|||||||
{ config, ... }: let
|
|
||||||
lib = import ../../lib;
|
|
||||||
in {
|
|
||||||
|
|
||||||
users.jan = {
|
|
||||||
mail = "jan.heidbrink@posteo.de";
|
|
||||||
};
|
|
||||||
|
|
||||||
hosts.toastbrot = {
|
|
||||||
owner = config.krebs.users.jan;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.117.12";
|
|
||||||
aliases = [
|
|
||||||
"toastbrot.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
|
||||||
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
|
||||||
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
|
||||||
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
|
||||||
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
|
||||||
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
|
||||||
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
|
||||||
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
|
||||||
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
|
||||||
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
|
||||||
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
|
||||||
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
hosts.petrosilia = {
|
|
||||||
owner = config.krebs.users.jan;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.143.11";
|
|
||||||
aliases = [
|
|
||||||
"petrosilia.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
|
|
||||||
y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
|
|
||||||
IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
|
|
||||||
FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
|
|
||||||
fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
|
|
||||||
e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
|
|
||||||
jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
|
|
||||||
vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
|
|
||||||
yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
|
|
||||||
5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
|
|
||||||
eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
hosts.grill = {
|
|
||||||
owner = config.krebs.users.jan;
|
|
||||||
nets.retiolum = {
|
|
||||||
aliases = [ "grill.r" ];
|
|
||||||
ip4.addr = "10.243.217.217";
|
|
||||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
|
|
||||||
1ooJW+q3zOm0P4IySvQkqPCXiynPBKG+W8vz6as4/TjMgqz45zTSZaoGsUjPS7Yg
|
|
||||||
L9qN6bLNJUhjPtyBBIX5l+WSii2RkbtcFTewY9HITPgOvu5rSiYgdz1X86BDTy0w
|
|
||||||
E6g13jwjI0D29jFAXIIfSwfvqikHmicr++3R4URPTiY7Vcg3UtIYGaKEFTPid0Da
|
|
||||||
bd47ZNWI99CI5Znzd4aJSD+0lfD6+EZb4nQ2o/VZ5RRUid9qWKHu5pbXvPrwE5uC
|
|
||||||
TWtsP1nla+zx1nDD2UHt0bJzdfz4sEFrmLHBqsdvfgAlVvVr65ZMIOO5X0fevHi4
|
|
||||||
s3jqYPMLksimuQjHCXYcgxfBYkVPuVWqDivOV8Z60UhAop5xK9i+FV4kyTgL+qmH
|
|
||||||
79VAy8+2Wrzda/MBVFF+0XAryBtqFgk5JtmfRKJ5rcXFy9hnugmfulOC0+XFPFbN
|
|
||||||
cNLbPR/dwON6YIg90z0wwJfPoWwzj3jKwT7YZ/pYSEl0JDgkpTzCxiBbqpJ/r8CZ
|
|
||||||
2avRws5YMVnLcuY1IFlNLJdUZdz+41zmPizIP0dAdrwDH56AJkTukESf1Ir6G2NT
|
|
||||||
isn3pijKy4Y/EbWnJiQpEKDfNh8JW1Ryw1zvNYKYR3OAImp3DgsWmeECAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "cqfMY/8kqtuM5wIzYMNfFIc47Jx1nnfV0//SMpsO61G";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -71,7 +71,6 @@ rec {
|
|||||||
"c.r"
|
"c.r"
|
||||||
"p.r"
|
"p.r"
|
||||||
"search.r"
|
"search.r"
|
||||||
"wallpaper.r"
|
|
||||||
];
|
];
|
||||||
tinc = {
|
tinc = {
|
||||||
pubkey = ''
|
pubkey = ''
|
||||||
|
@ -286,6 +286,60 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
toastbrot = {
|
||||||
|
owner = config.krebs.users.jan;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.117.12";
|
||||||
|
aliases = [
|
||||||
|
"toastbrot.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
||||||
|
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
||||||
|
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
||||||
|
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
||||||
|
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
||||||
|
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
||||||
|
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
||||||
|
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
||||||
|
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
||||||
|
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
||||||
|
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
||||||
|
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
petrosilia = {
|
||||||
|
owner = config.krebs.users.jan;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.143.11";
|
||||||
|
aliases = [
|
||||||
|
"petrosilia.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
|
||||||
|
y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
|
||||||
|
IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
|
||||||
|
FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
|
||||||
|
fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
|
||||||
|
e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
|
||||||
|
jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
|
||||||
|
vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
|
||||||
|
yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
|
||||||
|
5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
|
||||||
|
eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
tpsw = {
|
tpsw = {
|
||||||
owner = config.krebs.users.ciko; # main laptop
|
owner = config.krebs.users.ciko; # main laptop
|
||||||
nets = {
|
nets = {
|
||||||
@ -575,6 +629,9 @@ in {
|
|||||||
ilmu = {
|
ilmu = {
|
||||||
mail = "ilmu@rishi.is";
|
mail = "ilmu@rishi.is";
|
||||||
};
|
};
|
||||||
|
jan = {
|
||||||
|
mail = "jan.heidbrink@posteo.de";
|
||||||
|
};
|
||||||
jonge = {
|
jonge = {
|
||||||
mail = "jacek.galowicz@gmail.com";
|
mail = "jacek.galowicz@gmail.com";
|
||||||
};
|
};
|
||||||
|
@ -1,116 +1,33 @@
|
|||||||
{ config, lib, pkgs, ... }: let
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
users.users.testing = {
|
||||||
|
uid = pkgs.stockholm.lib.genid_uint31 "testing";
|
||||||
|
isNormalUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
config.krebs.users.xkey.pubkey
|
||||||
|
config.krebs.users.lass.pubkey
|
||||||
|
];
|
||||||
|
packages = [
|
||||||
|
pkgs.calendar-cli
|
||||||
|
pkgs.tmux
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
setupGit = ''
|
services.xandikos = {
|
||||||
export PATH=${lib.makeBinPath [
|
|
||||||
pkgs.coreutils
|
|
||||||
pkgs.git
|
|
||||||
]}
|
|
||||||
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519'
|
|
||||||
repo='git@localhost:cal'
|
|
||||||
cd /var/lib/radicale/collections
|
|
||||||
if ! test -d .git; then
|
|
||||||
git init
|
|
||||||
git config user.name "radicale"
|
|
||||||
git config user.email "radicale@${config.networking.hostName}"
|
|
||||||
elif ! url=$(git config remote.origin.url); then
|
|
||||||
git remote add origin "$repo"
|
|
||||||
elif test "$url" != "$repo"; then
|
|
||||||
git remote set-url origin "$repo"
|
|
||||||
fi
|
|
||||||
cp ${pkgs.writeText "gitignore" ''
|
|
||||||
.Radicale.cache
|
|
||||||
''} .gitignore
|
|
||||||
git add .gitignore
|
|
||||||
'';
|
|
||||||
|
|
||||||
pushCal = pkgs.writeDash "push_cal" ''
|
|
||||||
${setupGit}
|
|
||||||
git fetch origin
|
|
||||||
git merge --ff-only origin/master || :
|
|
||||||
'';
|
|
||||||
|
|
||||||
pushCgit = pkgs.writeDash "push_cgit" ''
|
|
||||||
${setupGit}
|
|
||||||
git push origin master
|
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
|
||||||
services.radicale = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
rights = {
|
extraOptions = [
|
||||||
krebs = {
|
"--autocreate"
|
||||||
user = ".*";
|
"--defaults"
|
||||||
collection = ".*";
|
"--current-user-principal /krebs"
|
||||||
permissions = "rRwW";
|
"--dump-dav-xml"
|
||||||
};
|
];
|
||||||
};
|
|
||||||
settings = {
|
|
||||||
auth.type = "none";
|
|
||||||
server.hosts = [
|
|
||||||
"0.0.0.0:5232"
|
|
||||||
"[::]:5232"
|
|
||||||
];
|
|
||||||
storage.filesystem_folder = "/var/lib/radicale/collections";
|
|
||||||
storage.hook = "${pkgs.writers.writeDash "radicale-hook" ''
|
|
||||||
set -efu
|
|
||||||
${setupGit}
|
|
||||||
${pkgs.git}/bin/git add -A
|
|
||||||
(${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"")
|
|
||||||
${pushCgit}
|
|
||||||
''} %(user)s";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"calendar.r".locations."/".proxyPass = "http://localhost:5232/";
|
"calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
krebs.git = {
|
|
||||||
enable = true;
|
|
||||||
cgit.settings = {
|
|
||||||
root-title = "krebs repos";
|
|
||||||
};
|
|
||||||
rules = with pkgs.stockholm.lib.git; [
|
|
||||||
{
|
|
||||||
user = [
|
|
||||||
{
|
|
||||||
name = "cal";
|
|
||||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie";
|
|
||||||
}
|
|
||||||
] ++ (lib.attrValues config.krebs.users);
|
|
||||||
repo = [ config.krebs.git.repos.cal ];
|
|
||||||
perm = push ''refs/heads/master'' [ create merge ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
repos.cal = {
|
|
||||||
public = true;
|
|
||||||
name = "cal";
|
|
||||||
hooks = {
|
|
||||||
post-receive = ''
|
|
||||||
${pkgs.git-hooks.irc-announce {
|
|
||||||
channel = "#xxx";
|
|
||||||
refs = [
|
|
||||||
"refs/heads/master"
|
|
||||||
];
|
|
||||||
nick = config.networking.hostName;
|
|
||||||
server = "irc.r";
|
|
||||||
verbose = true;
|
|
||||||
}}
|
|
||||||
/run/wrappers/bin/sudo -S -u radicale ${pushCal}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
krebs.secret.files.calendar = {
|
|
||||||
path = "/var/lib/radicale/.ssh/id_ed25519";
|
|
||||||
owner = { name = "radicale"; };
|
|
||||||
source-path = "${<secrets/radicale.id_ed25519>}";
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo.extraConfig = ''
|
|
||||||
git ALL=(radicale) NOPASSWD: ${pushCal}
|
|
||||||
'';
|
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
||||||
|
|
||||||
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
||||||
used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)));
|
used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) (lib.filter isString config.services.syncthing.settings.folders)));
|
||||||
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
|
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
|
||||||
in {
|
in {
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
|
@ -190,16 +190,35 @@ with import <stockholm/lib>;
|
|||||||
default = 3;
|
default = 3;
|
||||||
};
|
};
|
||||||
|
|
||||||
username = mkOption {
|
user = mkOption {
|
||||||
type = types.username;
|
type = types.user;
|
||||||
default = tinc.config.netname;
|
default = {
|
||||||
defaultText = literalExample "netname";
|
name = tinc.config.netname;
|
||||||
|
home = "/var/lib/${tinc.config.user.name}";
|
||||||
|
};
|
||||||
|
defaultText = {
|
||||||
|
name = "‹netname›";
|
||||||
|
home = "/var/lib/‹netname›";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
users.users = mapAttrs' (netname: cfg:
|
||||||
|
nameValuePair "${netname}" {
|
||||||
|
inherit (cfg.user) home name uid;
|
||||||
|
createHome = true;
|
||||||
|
isSystemUser = true;
|
||||||
|
group = netname;
|
||||||
|
}
|
||||||
|
) config.krebs.tinc;
|
||||||
|
|
||||||
|
users.groups = mapAttrs' (netname: cfg:
|
||||||
|
nameValuePair netname {}
|
||||||
|
) config.krebs.tinc;
|
||||||
|
|
||||||
krebs.systemd.services = mapAttrs (netname: cfg: {
|
krebs.systemd.services = mapAttrs (netname: cfg: {
|
||||||
restartIfCredentialsChange = true;
|
restartIfCredentialsChange = true;
|
||||||
}) config.krebs.tinc;
|
}) config.krebs.tinc;
|
||||||
@ -219,11 +238,11 @@ with import <stockholm/lib>;
|
|||||||
)
|
)
|
||||||
"rsa_key.priv:${cfg.privkey}"
|
"rsa_key.priv:${cfg.privkey}"
|
||||||
];
|
];
|
||||||
ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
|
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
|
||||||
set -efu
|
set -efu
|
||||||
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
||||||
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
||||||
--chown ${cfg.username} \
|
--chown ${cfg.user.name} \
|
||||||
--chmod u=rwX,g=rX \
|
--chmod u=rwX,g=rX \
|
||||||
--exclude='/*.priv' \
|
--exclude='/*.priv' \
|
||||||
${cfg.confDir}/ /etc/tinc/${netname}/
|
${cfg.confDir}/ /etc/tinc/${netname}/
|
||||||
@ -236,16 +255,14 @@ with import <stockholm/lib>;
|
|||||||
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
||||||
/etc/tinc/${netname}/
|
/etc/tinc/${netname}/
|
||||||
'';
|
'';
|
||||||
ExecStart = "+" + toString [
|
ExecStart = toString [
|
||||||
"${cfg.tincPackage}/sbin/tincd"
|
"${cfg.tincPackage}/sbin/tincd"
|
||||||
"-D"
|
"-D"
|
||||||
"-U ${cfg.username}"
|
"-U ${cfg.user.name}"
|
||||||
"-d 0"
|
"-d 0"
|
||||||
"-n ${netname}"
|
"-n ${netname}"
|
||||||
];
|
];
|
||||||
SyslogIdentifier = netname;
|
SyslogIdentifier = netname;
|
||||||
DynamicUser = true;
|
|
||||||
User = cfg.username;
|
|
||||||
};
|
};
|
||||||
}) config.krebs.tinc;
|
}) config.krebs.tinc;
|
||||||
};
|
};
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
{ lib, pkgs }:
|
|
||||||
|
|
||||||
pkgs.buildGo120Module rec {
|
|
||||||
pname = "cunicu";
|
|
||||||
version = "g${lib.substring 0 7 src.rev}";
|
|
||||||
|
|
||||||
buildInputs = [
|
|
||||||
pkgs.libpcap
|
|
||||||
];
|
|
||||||
|
|
||||||
# XXX tries to access https://relay.cunicu.li
|
|
||||||
doCheck = false;
|
|
||||||
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "stv0g";
|
|
||||||
repo = "cunicu";
|
|
||||||
rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
|
|
||||||
hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
|
|
||||||
};
|
|
||||||
|
|
||||||
vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
{ pkgs, ... }:
|
|
||||||
pkgs.writers.writeDashBin "vicuna-chat" ''
|
|
||||||
set -efu
|
|
||||||
|
|
||||||
export PATH=${with pkgs; lib.makeBinPath [
|
|
||||||
coreutils
|
|
||||||
curl
|
|
||||||
jq
|
|
||||||
]}
|
|
||||||
|
|
||||||
CONTEXT=''${CONTEXT:-$(date -Id)}
|
|
||||||
PROMPT=$*
|
|
||||||
|
|
||||||
if ! test -e "$CONTEXT"; then
|
|
||||||
echo -n 'null' > "$CONTEXT"
|
|
||||||
fi
|
|
||||||
|
|
||||||
add_to_context() {
|
|
||||||
jq -rc --argjson message "$1" '. + [$message]' "$CONTEXT" > "$CONTEXT.tmp"
|
|
||||||
mv "$CONTEXT.tmp" "$CONTEXT"
|
|
||||||
}
|
|
||||||
|
|
||||||
add_to_context "{\"role\": \"user\", \"content\": \"$PROMPT\"}"
|
|
||||||
response=$(
|
|
||||||
jq -nc --slurpfile context "$CONTEXT" '{
|
|
||||||
model: "vicuna-13b",
|
|
||||||
messages: $context[0],
|
|
||||||
}' |
|
|
||||||
curl -Ss http://vicuna.r/v1/chat/completions -H 'Content-Type: application/json' -d @-
|
|
||||||
)
|
|
||||||
add_to_context "$(jq -rcn --argjson response "$response" '$response.choices[0].message')"
|
|
||||||
jq -rcn --argjson response "$response" '$response.choices[0].message.content'
|
|
||||||
''
|
|
@ -1,9 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "7409480d5c8584a1a83c422530419efe4afb0d19",
|
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
|
||||||
"date": "2023-06-04T22:13:39-04:00",
|
"date": "2023-05-22T13:19:02+02:00",
|
||||||
"path": "/nix/store/ljhvmls6vxsg7x93zvaa087y77wh2nzc-nixpkgs",
|
"path": "/nix/store/zgv3fzg2lywfqdrv4mghd62s9i6zxhrw-nixpkgs",
|
||||||
"sha256": "14rv5zjrq5rpqlzc1wzh30yhn8aivwkm2zrh0bh0facbkqwrwigh",
|
"sha256": "0nkg8h5ix0sbjqb0gdj5124nbg2gd1nmyl1p14cvlg77fs7afld6",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb",
|
"rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059",
|
||||||
"date": "2023-06-04T14:52:07+02:00",
|
"date": "2023-05-23T18:09:00+02:00",
|
||||||
"path": "/nix/store/hnnbh80g4jx19h0ac76qrirai16ld2px-nixpkgs",
|
"path": "/nix/store/2n82i65gv1y54xj3dplkvhfyc8rs1j90-nixpkgs",
|
||||||
"sha256": "0ly23mqjzlygsnr0avji6ylyrl90rcqsmkcavg71kd60v8ydmw6c",
|
"sha256": "180ipicp351s99nvn9xvf5nzs5fzxhawfbykaijvaqj63siss13m",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
{ lib, pkgs, test, ... }: let
|
|
||||||
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
|
||||||
in if test then {} else {
|
|
||||||
nixpkgs.git.ref = lib.mkForce npkgs.rev;
|
|
||||||
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
|
|
||||||
}
|
|
@ -5,7 +5,7 @@ let
|
|||||||
in {
|
in {
|
||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
|
url = "prism/realwallpaper-krebs-stars-berlin.png";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -22,14 +22,15 @@
|
|||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
jack.enable = true;
|
jack.enable = true;
|
||||||
};
|
};
|
||||||
environment.etc = {
|
|
||||||
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
systemd.services.wireplumber = {
|
||||||
bluez_monitor.properties = {
|
environment = {
|
||||||
["bluez5.enable-sbc-xq"] = true,
|
HOME = "/var/lib/wireplumber";
|
||||||
["bluez5.enable-msbc"] = true,
|
DISPLAY = ":0";
|
||||||
["bluez5.enable-hw-volume"] = true,
|
};
|
||||||
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
path = [
|
||||||
}
|
pkgs.dbus
|
||||||
'';
|
];
|
||||||
|
serviceConfig.StateDirectory = "wireplumber";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -19,7 +19,8 @@ in {
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
serverAliases = [
|
serverAliases = [
|
||||||
"wallpaper.r"
|
hostname
|
||||||
|
"${hostname}.r"
|
||||||
];
|
];
|
||||||
locations."/realwallpaper/".extraConfig = ''
|
locations."/realwallpaper/".extraConfig = ''
|
||||||
index on;
|
index on;
|
||||||
|
@ -82,7 +82,7 @@ in {
|
|||||||
users.users = {
|
users.users = {
|
||||||
"${name}" = rec {
|
"${name}" = rec {
|
||||||
inherit name;
|
inherit name;
|
||||||
createHome = true;
|
createHome = lib.mkForce false;
|
||||||
group = name;
|
group = name;
|
||||||
uid = pkgs.stockholm.lib.genid_uint31 name;
|
uid = pkgs.stockholm.lib.genid_uint31 name;
|
||||||
description = "radio manager";
|
description = "radio manager";
|
||||||
|
@ -1,31 +1,6 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
|
|
||||||
tts = pkgs.writers.writeBashBin "tts" ''
|
|
||||||
set -efu
|
|
||||||
|
|
||||||
offset=0
|
|
||||||
OUTPUT=$(mktemp -d)
|
|
||||||
trap 'rm -rf "$OUTPUT"' EXIT
|
|
||||||
SPEAKER=$[ $RANDOM % 900 ]
|
|
||||||
while read line; do
|
|
||||||
echo "$line" |
|
|
||||||
${pkgs.larynx}/bin/larynx \
|
|
||||||
--model ${pkgs.fetchzip {
|
|
||||||
url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-libritts-high.tar.gz";
|
|
||||||
hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
|
|
||||||
stripRoot = false;
|
|
||||||
}}/en-us-libritts-high.onnx \
|
|
||||||
-s "$SPEAKER" \
|
|
||||||
-f "$OUTPUT"/"$offset".wav
|
|
||||||
|
|
||||||
((offset+=1))
|
|
||||||
done
|
|
||||||
|
|
||||||
${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
|
|
||||||
cat "$OUTPUT"/all.wav
|
|
||||||
'';
|
|
||||||
|
|
||||||
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
|
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
|
||||||
${pkgs.vorbis-tools}/bin/oggenc - |
|
${pkgs.vorbis-tools}/bin/oggenc - |
|
||||||
${pkgs.cyberlocker-tools}/bin/cput news.ogg
|
${pkgs.cyberlocker-tools}/bin/cput news.ogg
|
||||||
@ -66,16 +41,16 @@ in
|
|||||||
systemd.services.newsshow = {
|
systemd.services.newsshow = {
|
||||||
path = [
|
path = [
|
||||||
newsshow
|
newsshow
|
||||||
tts
|
|
||||||
send_to_radio
|
send_to_radio
|
||||||
gc_news
|
gc_news
|
||||||
get_current_news
|
get_current_news
|
||||||
|
pkgs.curl
|
||||||
pkgs.retry
|
pkgs.retry
|
||||||
];
|
];
|
||||||
script = ''
|
script = ''
|
||||||
set -efu
|
set -efu
|
||||||
retry -t 5 -d 10 -- newsshow |
|
retry -t 5 -d 10 -- newsshow |
|
||||||
retry -t 5 -d 10 -- tts |
|
retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
|
||||||
retry -t 5 -d 10 -- send_to_radio
|
retry -t 5 -d 10 -- send_to_radio
|
||||||
'';
|
'';
|
||||||
startAt = "*:00:00";
|
startAt = "*:00:00";
|
||||||
|
@ -15,7 +15,6 @@
|
|||||||
${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
|
${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
|
||||||
${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
|
${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
|
||||||
${pkgs.procps}/bin/pkill -HUP xsettingsd
|
${pkgs.procps}/bin/pkill -HUP xsettingsd
|
||||||
${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)"
|
|
||||||
else
|
else
|
||||||
echo "theme $1 not found"
|
echo "theme $1 not found"
|
||||||
fi
|
fi
|
||||||
@ -38,13 +37,8 @@ in {
|
|||||||
];
|
];
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
switch-theme
|
switch-theme
|
||||||
pkgs.dracula-theme
|
|
||||||
pkgs.gnome3.adwaita-icon-theme
|
|
||||||
];
|
];
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"themes/light/gtk-theme".text = ''
|
|
||||||
Adwaita
|
|
||||||
'';
|
|
||||||
"themes/light/xsettings.conf".text = ''
|
"themes/light/xsettings.conf".text = ''
|
||||||
Net/ThemeName "Adwaita"
|
Net/ThemeName "Adwaita"
|
||||||
'';
|
'';
|
||||||
@ -52,11 +46,8 @@ in {
|
|||||||
*background: #ffffff
|
*background: #ffffff
|
||||||
*foreground: #000000
|
*foreground: #000000
|
||||||
'';
|
'';
|
||||||
"themes/dark/gtk-theme".text = ''
|
|
||||||
Dracula
|
|
||||||
'';
|
|
||||||
"themes/dark/xsettings.conf".text = ''
|
"themes/dark/xsettings.conf".text = ''
|
||||||
Net/ThemeName "Dracula"
|
Net/ThemeName "Adwaita-dark"
|
||||||
'';
|
'';
|
||||||
"themes/dark/xresources".text = ''
|
"themes/dark/xresources".text = ''
|
||||||
*background: #000000
|
*background: #000000
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
systemd.services.weron = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
environment = {
|
|
||||||
WERON_RADDR = "ws://lassul.us:23420/";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = pkgs.writers.writeDash "weron" ''
|
|
||||||
${pkgs.weron}/bin/weron vpn ip \
|
|
||||||
--community krebs \
|
|
||||||
--password aidsballs \
|
|
||||||
--key aidsballs \
|
|
||||||
--ips 10.249.1.0/24 \
|
|
||||||
--verbose 7 \
|
|
||||||
--dev weron
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
systemd.services.weron-signaler = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
environment = {
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 23420 ];
|
|
||||||
}
|
|
@ -96,9 +96,6 @@ with import ./lib;
|
|||||||
nix-writers = {
|
nix-writers = {
|
||||||
cgit.desc = "collection of package builders";
|
cgit.desc = "collection of package builders";
|
||||||
};
|
};
|
||||||
nixpkgs = {
|
|
||||||
cgit.desc = "Nix Packages collection";
|
|
||||||
};
|
|
||||||
pager = {
|
pager = {
|
||||||
};
|
};
|
||||||
populate = {
|
populate = {
|
||||||
|
@ -11,11 +11,9 @@ in {
|
|||||||
];
|
];
|
||||||
tv.iptables.extra4.nat.PREROUTING = [
|
tv.iptables.extra4.nat.PREROUTING = [
|
||||||
"-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
"-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
||||||
"-d ${cfg.host.nets.wiregrill.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
|
||||||
];
|
];
|
||||||
tv.iptables.extra6.nat.PREROUTING = [
|
tv.iptables.extra6.nat.PREROUTING = [
|
||||||
"-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
"-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
||||||
"-d ${cfg.host.nets.wiregrill.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
|
||||||
];
|
];
|
||||||
tv.iptables.extra.nat.PREROUTING = [
|
tv.iptables.extra.nat.PREROUTING = [
|
||||||
"-p tcp --dport 22 -j REDIRECT --to-ports 0"
|
"-p tcp --dport 22 -j REDIRECT --to-ports 0"
|
||||||
|
Loading…
Reference in New Issue
Block a user