Compare commits
22 Commits
db56045573
...
0156323836
Author | SHA1 | Date | |
---|---|---|---|
|
0156323836 | ||
|
c1ef7c79b6 | ||
|
1a8b5c8e2a | ||
|
f2e4142dff | ||
|
59e0418445 | ||
|
d453d911ce | ||
|
68ebb1a9ca | ||
|
aa58fb3dd5 | ||
|
db1e290ad8 | ||
|
26ad39fe97 | ||
|
7c3b3400b7 | ||
|
1a678e3093 | ||
|
e629da17d5 | ||
|
24b9fc11d6 | ||
|
6ebc5693d6 | ||
|
63573a5fa0 | ||
|
b99a78b18e | ||
|
aade31e65b | ||
|
9fe6e5bb4f | ||
|
56cff01ac4 | ||
|
e3c8492f30 | ||
|
882bbfd606 |
89
kartei/jan/default.nix
Normal file
89
kartei/jan/default.nix
Normal file
@ -0,0 +1,89 @@
|
||||
{ config, ... }: let
|
||||
lib = import ../../lib;
|
||||
in {
|
||||
|
||||
users.jan = {
|
||||
mail = "jan.heidbrink@posteo.de";
|
||||
};
|
||||
|
||||
hosts.toastbrot = {
|
||||
owner = config.krebs.users.jan;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.117.12";
|
||||
aliases = [
|
||||
"toastbrot.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
||||
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
||||
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
||||
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
||||
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
||||
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
||||
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
||||
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
||||
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
||||
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
||||
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
||||
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hosts.petrosilia = {
|
||||
owner = config.krebs.users.jan;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.143.11";
|
||||
aliases = [
|
||||
"petrosilia.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
|
||||
y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
|
||||
IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
|
||||
FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
|
||||
fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
|
||||
e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
|
||||
jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
|
||||
vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
|
||||
yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
|
||||
5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
|
||||
eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hosts.grill = {
|
||||
owner = config.krebs.users.jan;
|
||||
nets.retiolum = {
|
||||
aliases = [ "grill.r" ];
|
||||
ip4.addr = "10.243.217.217";
|
||||
ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
|
||||
1ooJW+q3zOm0P4IySvQkqPCXiynPBKG+W8vz6as4/TjMgqz45zTSZaoGsUjPS7Yg
|
||||
L9qN6bLNJUhjPtyBBIX5l+WSii2RkbtcFTewY9HITPgOvu5rSiYgdz1X86BDTy0w
|
||||
E6g13jwjI0D29jFAXIIfSwfvqikHmicr++3R4URPTiY7Vcg3UtIYGaKEFTPid0Da
|
||||
bd47ZNWI99CI5Znzd4aJSD+0lfD6+EZb4nQ2o/VZ5RRUid9qWKHu5pbXvPrwE5uC
|
||||
TWtsP1nla+zx1nDD2UHt0bJzdfz4sEFrmLHBqsdvfgAlVvVr65ZMIOO5X0fevHi4
|
||||
s3jqYPMLksimuQjHCXYcgxfBYkVPuVWqDivOV8Z60UhAop5xK9i+FV4kyTgL+qmH
|
||||
79VAy8+2Wrzda/MBVFF+0XAryBtqFgk5JtmfRKJ5rcXFy9hnugmfulOC0+XFPFbN
|
||||
cNLbPR/dwON6YIg90z0wwJfPoWwzj3jKwT7YZ/pYSEl0JDgkpTzCxiBbqpJ/r8CZ
|
||||
2avRws5YMVnLcuY1IFlNLJdUZdz+41zmPizIP0dAdrwDH56AJkTukESf1Ir6G2NT
|
||||
isn3pijKy4Y/EbWnJiQpEKDfNh8JW1Ryw1zvNYKYR3OAImp3DgsWmeECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "cqfMY/8kqtuM5wIzYMNfFIc47Jx1nnfV0//SMpsO61G";
|
||||
};
|
||||
};
|
||||
}
|
@ -71,6 +71,7 @@ rec {
|
||||
"c.r"
|
||||
"p.r"
|
||||
"search.r"
|
||||
"wallpaper.r"
|
||||
];
|
||||
tinc = {
|
||||
pubkey = ''
|
||||
|
@ -286,60 +286,6 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
toastbrot = {
|
||||
owner = config.krebs.users.jan;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.117.12";
|
||||
aliases = [
|
||||
"toastbrot.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
||||
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
||||
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
||||
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
||||
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
||||
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
||||
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
||||
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
||||
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
||||
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
||||
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
||||
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
petrosilia = {
|
||||
owner = config.krebs.users.jan;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.143.11";
|
||||
aliases = [
|
||||
"petrosilia.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
|
||||
y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
|
||||
IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
|
||||
FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
|
||||
fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
|
||||
e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
|
||||
jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
|
||||
vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
|
||||
yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
|
||||
5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
|
||||
eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
|
||||
};
|
||||
};
|
||||
};
|
||||
tpsw = {
|
||||
owner = config.krebs.users.ciko; # main laptop
|
||||
nets = {
|
||||
@ -629,9 +575,6 @@ in {
|
||||
ilmu = {
|
||||
mail = "ilmu@rishi.is";
|
||||
};
|
||||
jan = {
|
||||
mail = "jan.heidbrink@posteo.de";
|
||||
};
|
||||
jonge = {
|
||||
mail = "jacek.galowicz@gmail.com";
|
||||
};
|
||||
|
@ -1,33 +1,116 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
users.users.testing = {
|
||||
uid = pkgs.stockholm.lib.genid_uint31 "testing";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
config.krebs.users.xkey.pubkey
|
||||
config.krebs.users.lass.pubkey
|
||||
];
|
||||
packages = [
|
||||
pkgs.calendar-cli
|
||||
pkgs.tmux
|
||||
];
|
||||
};
|
||||
{ config, lib, pkgs, ... }: let
|
||||
|
||||
services.xandikos = {
|
||||
setupGit = ''
|
||||
export PATH=${lib.makeBinPath [
|
||||
pkgs.coreutils
|
||||
pkgs.git
|
||||
]}
|
||||
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519'
|
||||
repo='git@localhost:cal'
|
||||
cd /var/lib/radicale/collections
|
||||
if ! test -d .git; then
|
||||
git init
|
||||
git config user.name "radicale"
|
||||
git config user.email "radicale@${config.networking.hostName}"
|
||||
elif ! url=$(git config remote.origin.url); then
|
||||
git remote add origin "$repo"
|
||||
elif test "$url" != "$repo"; then
|
||||
git remote set-url origin "$repo"
|
||||
fi
|
||||
cp ${pkgs.writeText "gitignore" ''
|
||||
.Radicale.cache
|
||||
''} .gitignore
|
||||
git add .gitignore
|
||||
'';
|
||||
|
||||
pushCal = pkgs.writeDash "push_cal" ''
|
||||
${setupGit}
|
||||
git fetch origin
|
||||
git merge --ff-only origin/master || :
|
||||
'';
|
||||
|
||||
pushCgit = pkgs.writeDash "push_cgit" ''
|
||||
${setupGit}
|
||||
git push origin master
|
||||
'';
|
||||
|
||||
in {
|
||||
services.radicale = {
|
||||
enable = true;
|
||||
extraOptions = [
|
||||
"--autocreate"
|
||||
"--defaults"
|
||||
"--current-user-principal /krebs"
|
||||
"--dump-dav-xml"
|
||||
rights = {
|
||||
krebs = {
|
||||
user = ".*";
|
||||
collection = ".*";
|
||||
permissions = "rRwW";
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
auth.type = "none";
|
||||
server.hosts = [
|
||||
"0.0.0.0:5232"
|
||||
"[::]:5232"
|
||||
];
|
||||
storage.filesystem_folder = "/var/lib/radicale/collections";
|
||||
storage.hook = "${pkgs.writers.writeDash "radicale-hook" ''
|
||||
set -efu
|
||||
${setupGit}
|
||||
${pkgs.git}/bin/git add -A
|
||||
(${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"")
|
||||
${pushCgit}
|
||||
''} %(user)s";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts = {
|
||||
"calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
|
||||
"calendar.r".locations."/".proxyPass = "http://localhost:5232/";
|
||||
};
|
||||
};
|
||||
krebs.git = {
|
||||
enable = true;
|
||||
cgit.settings = {
|
||||
root-title = "krebs repos";
|
||||
};
|
||||
rules = with pkgs.stockholm.lib.git; [
|
||||
{
|
||||
user = [
|
||||
{
|
||||
name = "cal";
|
||||
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie";
|
||||
}
|
||||
] ++ (lib.attrValues config.krebs.users);
|
||||
repo = [ config.krebs.git.repos.cal ];
|
||||
perm = push ''refs/heads/master'' [ create merge ];
|
||||
}
|
||||
];
|
||||
repos.cal = {
|
||||
public = true;
|
||||
name = "cal";
|
||||
hooks = {
|
||||
post-receive = ''
|
||||
${pkgs.git-hooks.irc-announce {
|
||||
channel = "#xxx";
|
||||
refs = [
|
||||
"refs/heads/master"
|
||||
];
|
||||
nick = config.networking.hostName;
|
||||
server = "irc.r";
|
||||
verbose = true;
|
||||
}}
|
||||
/run/wrappers/bin/sudo -S -u radicale ${pushCal}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
krebs.secret.files.calendar = {
|
||||
path = "/var/lib/radicale/.ssh/id_ed25519";
|
||||
owner = { name = "radicale"; };
|
||||
source-path = "${<secrets/radicale.id_ed25519>}";
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
git ALL=(radicale) NOPASSWD: ${pushCal}
|
||||
'';
|
||||
}
|
||||
|
@ -1,17 +1,21 @@
|
||||
{ config, pkgs, ... }: with import <stockholm/lib>; let
|
||||
{ options, config, pkgs, ... }: with import <stockholm/lib>; let
|
||||
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
||||
|
||||
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
||||
used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.declarative.folders));
|
||||
used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)));
|
||||
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
|
||||
in {
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
configDir = "/var/lib/syncthing";
|
||||
devices = mk_peers used_peers;
|
||||
key = toString <secrets/syncthing.key>;
|
||||
cert = toString <secrets/syncthing.cert>;
|
||||
};
|
||||
# workaround for infinite recursion on unstable, remove in 23.11
|
||||
} // (if builtins.hasAttr "settings" options.services.syncthing then
|
||||
{ settings.devices = mk_peers used_peers; }
|
||||
else
|
||||
{ devices = mk_peers used_peers; }
|
||||
);
|
||||
|
||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
|
||||
}
|
||||
|
@ -190,35 +190,16 @@ with import <stockholm/lib>;
|
||||
default = 3;
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.user;
|
||||
default = {
|
||||
name = tinc.config.netname;
|
||||
home = "/var/lib/${tinc.config.user.name}";
|
||||
};
|
||||
defaultText = {
|
||||
name = "‹netname›";
|
||||
home = "/var/lib/‹netname›";
|
||||
};
|
||||
username = mkOption {
|
||||
type = types.username;
|
||||
default = tinc.config.netname;
|
||||
defaultText = literalExample "netname";
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
|
||||
config = {
|
||||
users.users = mapAttrs' (netname: cfg:
|
||||
nameValuePair "${netname}" {
|
||||
inherit (cfg.user) home name uid;
|
||||
createHome = true;
|
||||
isSystemUser = true;
|
||||
group = netname;
|
||||
}
|
||||
) config.krebs.tinc;
|
||||
|
||||
users.groups = mapAttrs' (netname: cfg:
|
||||
nameValuePair netname {}
|
||||
) config.krebs.tinc;
|
||||
|
||||
krebs.systemd.services = mapAttrs (netname: cfg: {
|
||||
restartIfCredentialsChange = true;
|
||||
}) config.krebs.tinc;
|
||||
@ -238,11 +219,11 @@ with import <stockholm/lib>;
|
||||
)
|
||||
"rsa_key.priv:${cfg.privkey}"
|
||||
];
|
||||
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
|
||||
ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
|
||||
set -efu
|
||||
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
||||
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
||||
--chown ${cfg.user.name} \
|
||||
--chown ${cfg.username} \
|
||||
--chmod u=rwX,g=rX \
|
||||
--exclude='/*.priv' \
|
||||
${cfg.confDir}/ /etc/tinc/${netname}/
|
||||
@ -255,14 +236,16 @@ with import <stockholm/lib>;
|
||||
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
||||
/etc/tinc/${netname}/
|
||||
'';
|
||||
ExecStart = toString [
|
||||
ExecStart = "+" + toString [
|
||||
"${cfg.tincPackage}/sbin/tincd"
|
||||
"-D"
|
||||
"-U ${cfg.user.name}"
|
||||
"-U ${cfg.username}"
|
||||
"-d 0"
|
||||
"-n ${netname}"
|
||||
];
|
||||
SyslogIdentifier = netname;
|
||||
DynamicUser = true;
|
||||
User = cfg.username;
|
||||
};
|
||||
}) config.krebs.tinc;
|
||||
};
|
||||
|
22
krebs/5pkgs/simple/cunicu.nix
Normal file
22
krebs/5pkgs/simple/cunicu.nix
Normal file
@ -0,0 +1,22 @@
|
||||
{ lib, pkgs }:
|
||||
|
||||
pkgs.buildGo120Module rec {
|
||||
pname = "cunicu";
|
||||
version = "g${lib.substring 0 7 src.rev}";
|
||||
|
||||
buildInputs = [
|
||||
pkgs.libpcap
|
||||
];
|
||||
|
||||
# XXX tries to access https://relay.cunicu.li
|
||||
doCheck = false;
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "stv0g";
|
||||
repo = "cunicu";
|
||||
rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
|
||||
hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
|
||||
}
|
33
krebs/5pkgs/simple/vicuna-chat/default.nix
Normal file
33
krebs/5pkgs/simple/vicuna-chat/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ pkgs, ... }:
|
||||
pkgs.writers.writeDashBin "vicuna-chat" ''
|
||||
set -efu
|
||||
|
||||
export PATH=${with pkgs; lib.makeBinPath [
|
||||
coreutils
|
||||
curl
|
||||
jq
|
||||
]}
|
||||
|
||||
CONTEXT=''${CONTEXT:-$(date -Id)}
|
||||
PROMPT=$*
|
||||
|
||||
if ! test -e "$CONTEXT"; then
|
||||
echo -n 'null' > "$CONTEXT"
|
||||
fi
|
||||
|
||||
add_to_context() {
|
||||
jq -rc --argjson message "$1" '. + [$message]' "$CONTEXT" > "$CONTEXT.tmp"
|
||||
mv "$CONTEXT.tmp" "$CONTEXT"
|
||||
}
|
||||
|
||||
add_to_context "{\"role\": \"user\", \"content\": \"$PROMPT\"}"
|
||||
response=$(
|
||||
jq -nc --slurpfile context "$CONTEXT" '{
|
||||
model: "vicuna-13b",
|
||||
messages: $context[0],
|
||||
}' |
|
||||
curl -Ss http://vicuna.r/v1/chat/completions -H 'Content-Type: application/json' -d @-
|
||||
)
|
||||
add_to_context "$(jq -rcn --argjson response "$response" '$response.choices[0].message')"
|
||||
jq -rcn --argjson response "$response" '$response.choices[0].message.content'
|
||||
''
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
|
||||
"date": "2023-05-22T13:19:02+02:00",
|
||||
"path": "/nix/store/zgv3fzg2lywfqdrv4mghd62s9i6zxhrw-nixpkgs",
|
||||
"sha256": "0nkg8h5ix0sbjqb0gdj5124nbg2gd1nmyl1p14cvlg77fs7afld6",
|
||||
"rev": "7409480d5c8584a1a83c422530419efe4afb0d19",
|
||||
"date": "2023-06-04T22:13:39-04:00",
|
||||
"path": "/nix/store/ljhvmls6vxsg7x93zvaa087y77wh2nzc-nixpkgs",
|
||||
"sha256": "14rv5zjrq5rpqlzc1wzh30yhn8aivwkm2zrh0bh0facbkqwrwigh",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
@ -1,9 +1,9 @@
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs",
|
||||
"rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059",
|
||||
"date": "2023-05-23T18:09:00+02:00",
|
||||
"path": "/nix/store/2n82i65gv1y54xj3dplkvhfyc8rs1j90-nixpkgs",
|
||||
"sha256": "180ipicp351s99nvn9xvf5nzs5fzxhawfbykaijvaqj63siss13m",
|
||||
"rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb",
|
||||
"date": "2023-06-04T14:52:07+02:00",
|
||||
"path": "/nix/store/hnnbh80g4jx19h0ac76qrirai16ld2px-nixpkgs",
|
||||
"sha256": "0ly23mqjzlygsnr0avji6ylyrl90rcqsmkcavg71kd60v8ydmw6c",
|
||||
"fetchLFS": false,
|
||||
"fetchSubmodules": false,
|
||||
"deepClone": false,
|
||||
|
6
lass/1systems/radio/source.nix
Normal file
6
lass/1systems/radio/source.nix
Normal file
@ -0,0 +1,6 @@
|
||||
{ lib, pkgs, test, ... }: let
|
||||
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||
in if test then {} else {
|
||||
nixpkgs.git.ref = lib.mkForce npkgs.rev;
|
||||
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
|
||||
}
|
@ -5,7 +5,7 @@ let
|
||||
in {
|
||||
krebs.fetchWallpaper = {
|
||||
enable = true;
|
||||
url = "prism/realwallpaper-krebs-stars-berlin.png";
|
||||
url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -22,15 +22,14 @@
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
systemd.services.wireplumber = {
|
||||
environment = {
|
||||
HOME = "/var/lib/wireplumber";
|
||||
DISPLAY = ":0";
|
||||
};
|
||||
path = [
|
||||
pkgs.dbus
|
||||
];
|
||||
serviceConfig.StateDirectory = "wireplumber";
|
||||
environment.etc = {
|
||||
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
||||
bluez_monitor.properties = {
|
||||
["bluez5.enable-sbc-xq"] = true,
|
||||
["bluez5.enable-msbc"] = true,
|
||||
["bluez5.enable-hw-volume"] = true,
|
||||
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -19,8 +19,7 @@ in {
|
||||
}
|
||||
'';
|
||||
serverAliases = [
|
||||
hostname
|
||||
"${hostname}.r"
|
||||
"wallpaper.r"
|
||||
];
|
||||
locations."/realwallpaper/".extraConfig = ''
|
||||
index on;
|
||||
|
@ -82,7 +82,7 @@ in {
|
||||
users.users = {
|
||||
"${name}" = rec {
|
||||
inherit name;
|
||||
createHome = lib.mkForce false;
|
||||
createHome = true;
|
||||
group = name;
|
||||
uid = pkgs.stockholm.lib.genid_uint31 name;
|
||||
description = "radio manager";
|
||||
|
@ -1,6 +1,31 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
|
||||
tts = pkgs.writers.writeBashBin "tts" ''
|
||||
set -efu
|
||||
|
||||
offset=0
|
||||
OUTPUT=$(mktemp -d)
|
||||
trap 'rm -rf "$OUTPUT"' EXIT
|
||||
SPEAKER=$[ $RANDOM % 900 ]
|
||||
while read line; do
|
||||
echo "$line" |
|
||||
${pkgs.larynx}/bin/larynx \
|
||||
--model ${pkgs.fetchzip {
|
||||
url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-libritts-high.tar.gz";
|
||||
hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
|
||||
stripRoot = false;
|
||||
}}/en-us-libritts-high.onnx \
|
||||
-s "$SPEAKER" \
|
||||
-f "$OUTPUT"/"$offset".wav
|
||||
|
||||
((offset+=1))
|
||||
done
|
||||
|
||||
${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
|
||||
cat "$OUTPUT"/all.wav
|
||||
'';
|
||||
|
||||
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
|
||||
${pkgs.vorbis-tools}/bin/oggenc - |
|
||||
${pkgs.cyberlocker-tools}/bin/cput news.ogg
|
||||
@ -41,16 +66,16 @@ in
|
||||
systemd.services.newsshow = {
|
||||
path = [
|
||||
newsshow
|
||||
tts
|
||||
send_to_radio
|
||||
gc_news
|
||||
get_current_news
|
||||
pkgs.curl
|
||||
pkgs.retry
|
||||
];
|
||||
script = ''
|
||||
set -efu
|
||||
retry -t 5 -d 10 -- newsshow |
|
||||
retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
|
||||
retry -t 5 -d 10 -- tts |
|
||||
retry -t 5 -d 10 -- send_to_radio
|
||||
'';
|
||||
startAt = "*:00:00";
|
||||
|
@ -15,6 +15,7 @@
|
||||
${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
|
||||
${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
|
||||
${pkgs.procps}/bin/pkill -HUP xsettingsd
|
||||
${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)"
|
||||
else
|
||||
echo "theme $1 not found"
|
||||
fi
|
||||
@ -37,8 +38,13 @@ in {
|
||||
];
|
||||
environment.systemPackages = [
|
||||
switch-theme
|
||||
pkgs.dracula-theme
|
||||
pkgs.gnome3.adwaita-icon-theme
|
||||
];
|
||||
environment.etc = {
|
||||
"themes/light/gtk-theme".text = ''
|
||||
Adwaita
|
||||
'';
|
||||
"themes/light/xsettings.conf".text = ''
|
||||
Net/ThemeName "Adwaita"
|
||||
'';
|
||||
@ -46,8 +52,11 @@ in {
|
||||
*background: #ffffff
|
||||
*foreground: #000000
|
||||
'';
|
||||
"themes/dark/gtk-theme".text = ''
|
||||
Dracula
|
||||
'';
|
||||
"themes/dark/xsettings.conf".text = ''
|
||||
Net/ThemeName "Adwaita-dark"
|
||||
Net/ThemeName "Dracula"
|
||||
'';
|
||||
"themes/dark/xresources".text = ''
|
||||
*background: #000000
|
||||
|
20
lass/2configs/weron/client.nix
Normal file
20
lass/2configs/weron/client.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
systemd.services.weron = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
WERON_RADDR = "ws://lassul.us:23420/";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = pkgs.writers.writeDash "weron" ''
|
||||
${pkgs.weron}/bin/weron vpn ip \
|
||||
--community krebs \
|
||||
--password aidsballs \
|
||||
--key aidsballs \
|
||||
--ips 10.249.1.0/24 \
|
||||
--verbose 7 \
|
||||
--dev weron
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
13
lass/2configs/weron/signaler.nix
Normal file
13
lass/2configs/weron/signaler.nix
Normal file
@ -0,0 +1,13 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
systemd.services.weron-signaler = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = {
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 23420 ];
|
||||
}
|
@ -96,6 +96,9 @@ with import ./lib;
|
||||
nix-writers = {
|
||||
cgit.desc = "collection of package builders";
|
||||
};
|
||||
nixpkgs = {
|
||||
cgit.desc = "Nix Packages collection";
|
||||
};
|
||||
pager = {
|
||||
};
|
||||
populate = {
|
||||
|
@ -11,9 +11,11 @@ in {
|
||||
];
|
||||
tv.iptables.extra4.nat.PREROUTING = [
|
||||
"-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
||||
"-d ${cfg.host.nets.wiregrill.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
||||
];
|
||||
tv.iptables.extra6.nat.PREROUTING = [
|
||||
"-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
||||
"-d ${cfg.host.nets.wiregrill.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
||||
];
|
||||
tv.iptables.extra.nat.PREROUTING = [
|
||||
"-p tcp --dport 22 -j REDIRECT --to-ports 0"
|
||||
|
Loading…
Reference in New Issue
Block a user