Compare commits
22 Commits
db56045573
...
0156323836
Author | SHA1 | Date | |
---|---|---|---|
|
0156323836 | ||
|
c1ef7c79b6 | ||
|
1a8b5c8e2a | ||
|
f2e4142dff | ||
|
59e0418445 | ||
|
d453d911ce | ||
|
68ebb1a9ca | ||
|
aa58fb3dd5 | ||
|
db1e290ad8 | ||
|
26ad39fe97 | ||
|
7c3b3400b7 | ||
|
1a678e3093 | ||
|
e629da17d5 | ||
|
24b9fc11d6 | ||
|
6ebc5693d6 | ||
|
63573a5fa0 | ||
|
b99a78b18e | ||
|
aade31e65b | ||
|
9fe6e5bb4f | ||
|
56cff01ac4 | ||
|
e3c8492f30 | ||
|
882bbfd606 |
89
kartei/jan/default.nix
Normal file
89
kartei/jan/default.nix
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
{ config, ... }: let
|
||||||
|
lib = import ../../lib;
|
||||||
|
in {
|
||||||
|
|
||||||
|
users.jan = {
|
||||||
|
mail = "jan.heidbrink@posteo.de";
|
||||||
|
};
|
||||||
|
|
||||||
|
hosts.toastbrot = {
|
||||||
|
owner = config.krebs.users.jan;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.117.12";
|
||||||
|
aliases = [
|
||||||
|
"toastbrot.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
||||||
|
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
||||||
|
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
||||||
|
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
||||||
|
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
||||||
|
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
||||||
|
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
||||||
|
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
||||||
|
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
||||||
|
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
||||||
|
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
||||||
|
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hosts.petrosilia = {
|
||||||
|
owner = config.krebs.users.jan;
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.143.11";
|
||||||
|
aliases = [
|
||||||
|
"petrosilia.r"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
|
||||||
|
y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
|
||||||
|
IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
|
||||||
|
FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
|
||||||
|
fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
|
||||||
|
e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
|
||||||
|
jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
|
||||||
|
vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
|
||||||
|
yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
|
||||||
|
5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
|
||||||
|
eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hosts.grill = {
|
||||||
|
owner = config.krebs.users.jan;
|
||||||
|
nets.retiolum = {
|
||||||
|
aliases = [ "grill.r" ];
|
||||||
|
ip4.addr = "10.243.217.217";
|
||||||
|
ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
|
||||||
|
1ooJW+q3zOm0P4IySvQkqPCXiynPBKG+W8vz6as4/TjMgqz45zTSZaoGsUjPS7Yg
|
||||||
|
L9qN6bLNJUhjPtyBBIX5l+WSii2RkbtcFTewY9HITPgOvu5rSiYgdz1X86BDTy0w
|
||||||
|
E6g13jwjI0D29jFAXIIfSwfvqikHmicr++3R4URPTiY7Vcg3UtIYGaKEFTPid0Da
|
||||||
|
bd47ZNWI99CI5Znzd4aJSD+0lfD6+EZb4nQ2o/VZ5RRUid9qWKHu5pbXvPrwE5uC
|
||||||
|
TWtsP1nla+zx1nDD2UHt0bJzdfz4sEFrmLHBqsdvfgAlVvVr65ZMIOO5X0fevHi4
|
||||||
|
s3jqYPMLksimuQjHCXYcgxfBYkVPuVWqDivOV8Z60UhAop5xK9i+FV4kyTgL+qmH
|
||||||
|
79VAy8+2Wrzda/MBVFF+0XAryBtqFgk5JtmfRKJ5rcXFy9hnugmfulOC0+XFPFbN
|
||||||
|
cNLbPR/dwON6YIg90z0wwJfPoWwzj3jKwT7YZ/pYSEl0JDgkpTzCxiBbqpJ/r8CZ
|
||||||
|
2avRws5YMVnLcuY1IFlNLJdUZdz+41zmPizIP0dAdrwDH56AJkTukESf1Ir6G2NT
|
||||||
|
isn3pijKy4Y/EbWnJiQpEKDfNh8JW1Ryw1zvNYKYR3OAImp3DgsWmeECAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
tinc.pubkey_ed25519 = "cqfMY/8kqtuM5wIzYMNfFIc47Jx1nnfV0//SMpsO61G";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -71,6 +71,7 @@ rec {
|
|||||||
"c.r"
|
"c.r"
|
||||||
"p.r"
|
"p.r"
|
||||||
"search.r"
|
"search.r"
|
||||||
|
"wallpaper.r"
|
||||||
];
|
];
|
||||||
tinc = {
|
tinc = {
|
||||||
pubkey = ''
|
pubkey = ''
|
||||||
|
@ -286,60 +286,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
toastbrot = {
|
|
||||||
owner = config.krebs.users.jan;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.117.12";
|
|
||||||
aliases = [
|
|
||||||
"toastbrot.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN PUBLIC KEY-----
|
|
||||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA12VLPJMhGSh5fQgrB6bP
|
|
||||||
2H1eew0/7t1xr3oJ3uaTZd7UIvPQ/aA5pB9xL5s+BIBvRa5P3QFWUAVhqchsPiRc
|
|
||||||
yC4awLvo6zrUZB3pJBFiUuThx1xzmazTbRNyJ0E3Dwi2VSp3dAi5xEwHSVDSElGj
|
|
||||||
DyRrdwyLe9lKghGHgNhB01QAt1/AO3A/TBs2RS/E0kuPhVQzpo5Ae5I530Cr0pf3
|
|
||||||
r/de1TdArIcOfnTvW7WNrdBhwLq14cfdXkZwJ2bBE9Q22FAJp5k21PW5dQ41oDuT
|
|
||||||
PYHZIH555sxifMThrUpuNHIrDtIQk6D+Km90WNf/lBGwZqQr/B5G6zSNX7d/0JbY
|
|
||||||
Hi8Ltq++Sf0XgWNir9+evGNLCBqAXdvQFrj2l7BuNywE0L2nZThnxjTxP6QLFnqO
|
|
||||||
IXY97x3p7AYcfmVFutfYqYM1HdyyehF711hhm30fdcXHsJ+GpQgGrj67+++N7g7g
|
|
||||||
fjWBGNI9EL9CyTZ/N9U3TGeoxooc1BSaAiHmaPoYaAeI0Y/W6bNrixpL3aI5X8MH
|
|
||||||
Flen2y2XEk2n+pXozPDbLAT+MZ3sWwODDYRc8zGbV2RlMvL94LHh95/JC0itdXa3
|
|
||||||
uNRDtSnfbNe4eHw9/HMDkclhywuE+hbyq+JNNodqLwG/o1/r3GI+ggOyCdZHjF4B
|
|
||||||
4R8QXUJiqUdcbR3WQDR5i10CAwEAAQ==
|
|
||||||
-----END PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
petrosilia = {
|
|
||||||
owner = config.krebs.users.jan;
|
|
||||||
nets = {
|
|
||||||
retiolum = {
|
|
||||||
ip4.addr = "10.243.143.11";
|
|
||||||
aliases = [
|
|
||||||
"petrosilia.r"
|
|
||||||
];
|
|
||||||
tinc.pubkey = ''
|
|
||||||
-----BEGIN RSA PUBLIC KEY-----
|
|
||||||
MIICCgKCAgEAxDumQ/06Yd3AQPSlHH9/kNngbc/tq5yBuT0ymbQGMHLL9X3pCz/f
|
|
||||||
y9GZVpQtaKm7EZ0Kj8ieaPOyG7BItH0AvTdSJV7rn4WKuKfe5E5S4E8YqsZfSu4N
|
|
||||||
IdEKVIisyBNCklXaDn6A7nxeUauwHQHuj0wOAnYKfaU+2haL+JzcFtQ1RpxDBsy1
|
|
||||||
FbcEXO5NOhsXK4mHjtRrK1GamnCo5gvJU3w1NrfLRXteOOBsR49HhTIWvi8L4tSf
|
|
||||||
fd/mFwWayB7D0feLhWBpMPQTa5TeeQPxhgJrlIwXJiONG8GWFWNCHEjbQaCuJJWn
|
|
||||||
e37n9xCpdH867P921Ei+gyKZi9t6d+U4blrCpQzIe95t8Uv0i2c+YNt9NQL5Z119
|
|
||||||
jt/Xhm7ccT9FeOuYsbjcO6g0BJumILEjD309vfQfWNims++vMd53q3dzxp4Kau+f
|
|
||||||
vdMyrzWiIytM+/iQmneG8XLv0b7I6FUPEahpCncZ14NqBDaKclwoJ/HfB+WZi6JV
|
|
||||||
yBVJHm9vogfzD1sLmDctHps3uJAeZHzszws8LMKdd5JxxQzVBRcrD1LKHYmmUYTU
|
|
||||||
5gyDxnFn8ZoZ3GFVH+5v2PJgZY++/6zdDxQ9flrdt2zRaoAq2Zayn7R8sQ/ZjMXK
|
|
||||||
eR8aXgHzEL/n/9BMKs+jLu3j8xaiJX8ctnRvwSnOFjU9wQvJ7QNQHk0CAwEAAQ==
|
|
||||||
-----END RSA PUBLIC KEY-----
|
|
||||||
'';
|
|
||||||
tinc.pubkey_ed25519 = "Rs5jdJk/YF4aXohp3isau4LHinD4VWlvSa9CcgznR+A";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
tpsw = {
|
tpsw = {
|
||||||
owner = config.krebs.users.ciko; # main laptop
|
owner = config.krebs.users.ciko; # main laptop
|
||||||
nets = {
|
nets = {
|
||||||
@ -629,9 +575,6 @@ in {
|
|||||||
ilmu = {
|
ilmu = {
|
||||||
mail = "ilmu@rishi.is";
|
mail = "ilmu@rishi.is";
|
||||||
};
|
};
|
||||||
jan = {
|
|
||||||
mail = "jan.heidbrink@posteo.de";
|
|
||||||
};
|
|
||||||
jonge = {
|
jonge = {
|
||||||
mail = "jacek.galowicz@gmail.com";
|
mail = "jacek.galowicz@gmail.com";
|
||||||
};
|
};
|
||||||
|
@ -1,33 +1,116 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }: let
|
||||||
{
|
|
||||||
users.users.testing = {
|
|
||||||
uid = pkgs.stockholm.lib.genid_uint31 "testing";
|
|
||||||
isNormalUser = true;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
config.krebs.users.xkey.pubkey
|
|
||||||
config.krebs.users.lass.pubkey
|
|
||||||
];
|
|
||||||
packages = [
|
|
||||||
pkgs.calendar-cli
|
|
||||||
pkgs.tmux
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.xandikos = {
|
setupGit = ''
|
||||||
|
export PATH=${lib.makeBinPath [
|
||||||
|
pkgs.coreutils
|
||||||
|
pkgs.git
|
||||||
|
]}
|
||||||
|
export GIT_SSH_COMMAND='${pkgs.openssh}/bin/ssh -i /var/lib/radicale/.ssh/id_ed25519'
|
||||||
|
repo='git@localhost:cal'
|
||||||
|
cd /var/lib/radicale/collections
|
||||||
|
if ! test -d .git; then
|
||||||
|
git init
|
||||||
|
git config user.name "radicale"
|
||||||
|
git config user.email "radicale@${config.networking.hostName}"
|
||||||
|
elif ! url=$(git config remote.origin.url); then
|
||||||
|
git remote add origin "$repo"
|
||||||
|
elif test "$url" != "$repo"; then
|
||||||
|
git remote set-url origin "$repo"
|
||||||
|
fi
|
||||||
|
cp ${pkgs.writeText "gitignore" ''
|
||||||
|
.Radicale.cache
|
||||||
|
''} .gitignore
|
||||||
|
git add .gitignore
|
||||||
|
'';
|
||||||
|
|
||||||
|
pushCal = pkgs.writeDash "push_cal" ''
|
||||||
|
${setupGit}
|
||||||
|
git fetch origin
|
||||||
|
git merge --ff-only origin/master || :
|
||||||
|
'';
|
||||||
|
|
||||||
|
pushCgit = pkgs.writeDash "push_cgit" ''
|
||||||
|
${setupGit}
|
||||||
|
git push origin master
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
services.radicale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraOptions = [
|
rights = {
|
||||||
"--autocreate"
|
krebs = {
|
||||||
"--defaults"
|
user = ".*";
|
||||||
"--current-user-principal /krebs"
|
collection = ".*";
|
||||||
"--dump-dav-xml"
|
permissions = "rRwW";
|
||||||
];
|
};
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
auth.type = "none";
|
||||||
|
server.hosts = [
|
||||||
|
"0.0.0.0:5232"
|
||||||
|
"[::]:5232"
|
||||||
|
];
|
||||||
|
storage.filesystem_folder = "/var/lib/radicale/collections";
|
||||||
|
storage.hook = "${pkgs.writers.writeDash "radicale-hook" ''
|
||||||
|
set -efu
|
||||||
|
${setupGit}
|
||||||
|
${pkgs.git}/bin/git add -A
|
||||||
|
(${pkgs.git}/bin/git diff --cached --quiet || ${pkgs.git}/bin/git commit -m "Changes by \"$1\"")
|
||||||
|
${pushCgit}
|
||||||
|
''} %(user)s";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"calendar.r".locations."/".proxyPass = "http://localhost:${toString config.services.xandikos.port}/";
|
"calendar.r".locations."/".proxyPass = "http://localhost:5232/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
krebs.git = {
|
||||||
|
enable = true;
|
||||||
|
cgit.settings = {
|
||||||
|
root-title = "krebs repos";
|
||||||
|
};
|
||||||
|
rules = with pkgs.stockholm.lib.git; [
|
||||||
|
{
|
||||||
|
user = [
|
||||||
|
{
|
||||||
|
name = "cal";
|
||||||
|
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGe1jtHaNFZKmWemWQVEGVYj+s4QGJaL9WYH+wokOZie";
|
||||||
|
}
|
||||||
|
] ++ (lib.attrValues config.krebs.users);
|
||||||
|
repo = [ config.krebs.git.repos.cal ];
|
||||||
|
perm = push ''refs/heads/master'' [ create merge ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
repos.cal = {
|
||||||
|
public = true;
|
||||||
|
name = "cal";
|
||||||
|
hooks = {
|
||||||
|
post-receive = ''
|
||||||
|
${pkgs.git-hooks.irc-announce {
|
||||||
|
channel = "#xxx";
|
||||||
|
refs = [
|
||||||
|
"refs/heads/master"
|
||||||
|
];
|
||||||
|
nick = config.networking.hostName;
|
||||||
|
server = "irc.r";
|
||||||
|
verbose = true;
|
||||||
|
}}
|
||||||
|
/run/wrappers/bin/sudo -S -u radicale ${pushCal}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
krebs.secret.files.calendar = {
|
||||||
|
path = "/var/lib/radicale/.ssh/id_ed25519";
|
||||||
|
owner = { name = "radicale"; };
|
||||||
|
source-path = "${<secrets/radicale.id_ed25519>}";
|
||||||
|
};
|
||||||
|
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
git ALL=(radicale) NOPASSWD: ${pushCal}
|
||||||
|
'';
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
|
||||||
|
|
||||||
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
|
||||||
used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) (lib.filter isString config.services.syncthing.settings.folders)));
|
used_peer_names = unique (filter isString (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)));
|
||||||
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
|
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
|
||||||
in {
|
in {
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
|
@ -190,35 +190,16 @@ with import <stockholm/lib>;
|
|||||||
default = 3;
|
default = 3;
|
||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
username = mkOption {
|
||||||
type = types.user;
|
type = types.username;
|
||||||
default = {
|
default = tinc.config.netname;
|
||||||
name = tinc.config.netname;
|
defaultText = literalExample "netname";
|
||||||
home = "/var/lib/${tinc.config.user.name}";
|
|
||||||
};
|
|
||||||
defaultText = {
|
|
||||||
name = "‹netname›";
|
|
||||||
home = "/var/lib/‹netname›";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
users.users = mapAttrs' (netname: cfg:
|
|
||||||
nameValuePair "${netname}" {
|
|
||||||
inherit (cfg.user) home name uid;
|
|
||||||
createHome = true;
|
|
||||||
isSystemUser = true;
|
|
||||||
group = netname;
|
|
||||||
}
|
|
||||||
) config.krebs.tinc;
|
|
||||||
|
|
||||||
users.groups = mapAttrs' (netname: cfg:
|
|
||||||
nameValuePair netname {}
|
|
||||||
) config.krebs.tinc;
|
|
||||||
|
|
||||||
krebs.systemd.services = mapAttrs (netname: cfg: {
|
krebs.systemd.services = mapAttrs (netname: cfg: {
|
||||||
restartIfCredentialsChange = true;
|
restartIfCredentialsChange = true;
|
||||||
}) config.krebs.tinc;
|
}) config.krebs.tinc;
|
||||||
@ -238,11 +219,11 @@ with import <stockholm/lib>;
|
|||||||
)
|
)
|
||||||
"rsa_key.priv:${cfg.privkey}"
|
"rsa_key.priv:${cfg.privkey}"
|
||||||
];
|
];
|
||||||
ExecStartPre = pkgs.writers.writeDash "init-tinc-${netname}" ''
|
ExecStartPre = "+" + pkgs.writers.writeDash "init-tinc-${netname}" ''
|
||||||
set -efu
|
set -efu
|
||||||
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
${pkgs.coreutils}/bin/mkdir -p /etc/tinc
|
||||||
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
${pkgs.rsync}/bin/rsync -Lacv --delete \
|
||||||
--chown ${cfg.user.name} \
|
--chown ${cfg.username} \
|
||||||
--chmod u=rwX,g=rX \
|
--chmod u=rwX,g=rX \
|
||||||
--exclude='/*.priv' \
|
--exclude='/*.priv' \
|
||||||
${cfg.confDir}/ /etc/tinc/${netname}/
|
${cfg.confDir}/ /etc/tinc/${netname}/
|
||||||
@ -255,14 +236,16 @@ with import <stockholm/lib>;
|
|||||||
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
"$CREDENTIALS_DIRECTORY"/rsa_key.priv \
|
||||||
/etc/tinc/${netname}/
|
/etc/tinc/${netname}/
|
||||||
'';
|
'';
|
||||||
ExecStart = toString [
|
ExecStart = "+" + toString [
|
||||||
"${cfg.tincPackage}/sbin/tincd"
|
"${cfg.tincPackage}/sbin/tincd"
|
||||||
"-D"
|
"-D"
|
||||||
"-U ${cfg.user.name}"
|
"-U ${cfg.username}"
|
||||||
"-d 0"
|
"-d 0"
|
||||||
"-n ${netname}"
|
"-n ${netname}"
|
||||||
];
|
];
|
||||||
SyslogIdentifier = netname;
|
SyslogIdentifier = netname;
|
||||||
|
DynamicUser = true;
|
||||||
|
User = cfg.username;
|
||||||
};
|
};
|
||||||
}) config.krebs.tinc;
|
}) config.krebs.tinc;
|
||||||
};
|
};
|
||||||
|
22
krebs/5pkgs/simple/cunicu.nix
Normal file
22
krebs/5pkgs/simple/cunicu.nix
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{ lib, pkgs }:
|
||||||
|
|
||||||
|
pkgs.buildGo120Module rec {
|
||||||
|
pname = "cunicu";
|
||||||
|
version = "g${lib.substring 0 7 src.rev}";
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
pkgs.libpcap
|
||||||
|
];
|
||||||
|
|
||||||
|
# XXX tries to access https://relay.cunicu.li
|
||||||
|
doCheck = false;
|
||||||
|
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "stv0g";
|
||||||
|
repo = "cunicu";
|
||||||
|
rev = "3ed8109bef97a10a438e5658c41823b7f812db8e";
|
||||||
|
hash = "sha256-FpOJ6/jmnbpufc+kgKwlLtFhOcc2CTe+FvqeV8WEGMc=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorHash = "sha256-eAawhJK9K8/7FCQiYMI9XCPePYsCVF045Di7SpRZvL4=";
|
||||||
|
}
|
33
krebs/5pkgs/simple/vicuna-chat/default.nix
Normal file
33
krebs/5pkgs/simple/vicuna-chat/default.nix
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
pkgs.writers.writeDashBin "vicuna-chat" ''
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
export PATH=${with pkgs; lib.makeBinPath [
|
||||||
|
coreutils
|
||||||
|
curl
|
||||||
|
jq
|
||||||
|
]}
|
||||||
|
|
||||||
|
CONTEXT=''${CONTEXT:-$(date -Id)}
|
||||||
|
PROMPT=$*
|
||||||
|
|
||||||
|
if ! test -e "$CONTEXT"; then
|
||||||
|
echo -n 'null' > "$CONTEXT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
add_to_context() {
|
||||||
|
jq -rc --argjson message "$1" '. + [$message]' "$CONTEXT" > "$CONTEXT.tmp"
|
||||||
|
mv "$CONTEXT.tmp" "$CONTEXT"
|
||||||
|
}
|
||||||
|
|
||||||
|
add_to_context "{\"role\": \"user\", \"content\": \"$PROMPT\"}"
|
||||||
|
response=$(
|
||||||
|
jq -nc --slurpfile context "$CONTEXT" '{
|
||||||
|
model: "vicuna-13b",
|
||||||
|
messages: $context[0],
|
||||||
|
}' |
|
||||||
|
curl -Ss http://vicuna.r/v1/chat/completions -H 'Content-Type: application/json' -d @-
|
||||||
|
)
|
||||||
|
add_to_context "$(jq -rcn --argjson response "$response" '$response.choices[0].message')"
|
||||||
|
jq -rcn --argjson response "$response" '$response.choices[0].message.content'
|
||||||
|
''
|
@ -1,9 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
|
"rev": "7409480d5c8584a1a83c422530419efe4afb0d19",
|
||||||
"date": "2023-05-22T13:19:02+02:00",
|
"date": "2023-06-04T22:13:39-04:00",
|
||||||
"path": "/nix/store/zgv3fzg2lywfqdrv4mghd62s9i6zxhrw-nixpkgs",
|
"path": "/nix/store/ljhvmls6vxsg7x93zvaa087y77wh2nzc-nixpkgs",
|
||||||
"sha256": "0nkg8h5ix0sbjqb0gdj5124nbg2gd1nmyl1p14cvlg77fs7afld6",
|
"sha256": "14rv5zjrq5rpqlzc1wzh30yhn8aivwkm2zrh0bh0facbkqwrwigh",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
{
|
{
|
||||||
"url": "https://github.com/NixOS/nixpkgs",
|
"url": "https://github.com/NixOS/nixpkgs",
|
||||||
"rev": "a17f99dfcb9643200b3884ca195c69ae41d7f059",
|
"rev": "d4a9ff82fc18723219b60c66fb2ccb0734c460eb",
|
||||||
"date": "2023-05-23T18:09:00+02:00",
|
"date": "2023-06-04T14:52:07+02:00",
|
||||||
"path": "/nix/store/2n82i65gv1y54xj3dplkvhfyc8rs1j90-nixpkgs",
|
"path": "/nix/store/hnnbh80g4jx19h0ac76qrirai16ld2px-nixpkgs",
|
||||||
"sha256": "180ipicp351s99nvn9xvf5nzs5fzxhawfbykaijvaqj63siss13m",
|
"sha256": "0ly23mqjzlygsnr0avji6ylyrl90rcqsmkcavg71kd60v8ydmw6c",
|
||||||
"fetchLFS": false,
|
"fetchLFS": false,
|
||||||
"fetchSubmodules": false,
|
"fetchSubmodules": false,
|
||||||
"deepClone": false,
|
"deepClone": false,
|
||||||
|
6
lass/1systems/radio/source.nix
Normal file
6
lass/1systems/radio/source.nix
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
{ lib, pkgs, test, ... }: let
|
||||||
|
npkgs = lib.importJSON ../../../krebs/nixpkgs-unstable.json;
|
||||||
|
in if test then {} else {
|
||||||
|
nixpkgs.git.ref = lib.mkForce npkgs.rev;
|
||||||
|
nixpkgs-unstable = lib.mkForce { file = "/var/empty"; };
|
||||||
|
}
|
@ -5,7 +5,7 @@ let
|
|||||||
in {
|
in {
|
||||||
krebs.fetchWallpaper = {
|
krebs.fetchWallpaper = {
|
||||||
enable = true;
|
enable = true;
|
||||||
url = "prism/realwallpaper-krebs-stars-berlin.png";
|
url = "http://wallpaper.r/realwallpaper-krebs-stars-berlin.png";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -22,15 +22,14 @@
|
|||||||
pulse.enable = true;
|
pulse.enable = true;
|
||||||
jack.enable = true;
|
jack.enable = true;
|
||||||
};
|
};
|
||||||
|
environment.etc = {
|
||||||
systemd.services.wireplumber = {
|
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
||||||
environment = {
|
bluez_monitor.properties = {
|
||||||
HOME = "/var/lib/wireplumber";
|
["bluez5.enable-sbc-xq"] = true,
|
||||||
DISPLAY = ":0";
|
["bluez5.enable-msbc"] = true,
|
||||||
};
|
["bluez5.enable-hw-volume"] = true,
|
||||||
path = [
|
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||||
pkgs.dbus
|
}
|
||||||
];
|
'';
|
||||||
serviceConfig.StateDirectory = "wireplumber";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -19,8 +19,7 @@ in {
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
serverAliases = [
|
serverAliases = [
|
||||||
hostname
|
"wallpaper.r"
|
||||||
"${hostname}.r"
|
|
||||||
];
|
];
|
||||||
locations."/realwallpaper/".extraConfig = ''
|
locations."/realwallpaper/".extraConfig = ''
|
||||||
index on;
|
index on;
|
||||||
|
@ -82,7 +82,7 @@ in {
|
|||||||
users.users = {
|
users.users = {
|
||||||
"${name}" = rec {
|
"${name}" = rec {
|
||||||
inherit name;
|
inherit name;
|
||||||
createHome = lib.mkForce false;
|
createHome = true;
|
||||||
group = name;
|
group = name;
|
||||||
uid = pkgs.stockholm.lib.genid_uint31 name;
|
uid = pkgs.stockholm.lib.genid_uint31 name;
|
||||||
description = "radio manager";
|
description = "radio manager";
|
||||||
|
@ -1,6 +1,31 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
|
|
||||||
|
tts = pkgs.writers.writeBashBin "tts" ''
|
||||||
|
set -efu
|
||||||
|
|
||||||
|
offset=0
|
||||||
|
OUTPUT=$(mktemp -d)
|
||||||
|
trap 'rm -rf "$OUTPUT"' EXIT
|
||||||
|
SPEAKER=$[ $RANDOM % 900 ]
|
||||||
|
while read line; do
|
||||||
|
echo "$line" |
|
||||||
|
${pkgs.larynx}/bin/larynx \
|
||||||
|
--model ${pkgs.fetchzip {
|
||||||
|
url = "https://github.com/rhasspy/piper/releases/download/v0.0.2/voice-en-us-libritts-high.tar.gz";
|
||||||
|
hash = "sha256-jCoK4p0O7BuF0nr6Sfj40tpivCvU5M3GHKQRg1tfIO8=";
|
||||||
|
stripRoot = false;
|
||||||
|
}}/en-us-libritts-high.onnx \
|
||||||
|
-s "$SPEAKER" \
|
||||||
|
-f "$OUTPUT"/"$offset".wav
|
||||||
|
|
||||||
|
((offset+=1))
|
||||||
|
done
|
||||||
|
|
||||||
|
${pkgs.sox}/bin/sox "$OUTPUT"/*.wav "$OUTPUT"/all.wav
|
||||||
|
cat "$OUTPUT"/all.wav
|
||||||
|
'';
|
||||||
|
|
||||||
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
|
send_to_radio = pkgs.writers.writeDashBin "send_to_radio" ''
|
||||||
${pkgs.vorbis-tools}/bin/oggenc - |
|
${pkgs.vorbis-tools}/bin/oggenc - |
|
||||||
${pkgs.cyberlocker-tools}/bin/cput news.ogg
|
${pkgs.cyberlocker-tools}/bin/cput news.ogg
|
||||||
@ -41,16 +66,16 @@ in
|
|||||||
systemd.services.newsshow = {
|
systemd.services.newsshow = {
|
||||||
path = [
|
path = [
|
||||||
newsshow
|
newsshow
|
||||||
|
tts
|
||||||
send_to_radio
|
send_to_radio
|
||||||
gc_news
|
gc_news
|
||||||
get_current_news
|
get_current_news
|
||||||
pkgs.curl
|
|
||||||
pkgs.retry
|
pkgs.retry
|
||||||
];
|
];
|
||||||
script = ''
|
script = ''
|
||||||
set -efu
|
set -efu
|
||||||
retry -t 5 -d 10 -- newsshow |
|
retry -t 5 -d 10 -- newsshow |
|
||||||
retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
|
retry -t 5 -d 10 -- tts |
|
||||||
retry -t 5 -d 10 -- send_to_radio
|
retry -t 5 -d 10 -- send_to_radio
|
||||||
'';
|
'';
|
||||||
startAt = "*:00:00";
|
startAt = "*:00:00";
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
|
${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme
|
||||||
${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
|
${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources
|
||||||
${pkgs.procps}/bin/pkill -HUP xsettingsd
|
${pkgs.procps}/bin/pkill -HUP xsettingsd
|
||||||
|
${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)"
|
||||||
else
|
else
|
||||||
echo "theme $1 not found"
|
echo "theme $1 not found"
|
||||||
fi
|
fi
|
||||||
@ -37,8 +38,13 @@ in {
|
|||||||
];
|
];
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
switch-theme
|
switch-theme
|
||||||
|
pkgs.dracula-theme
|
||||||
|
pkgs.gnome3.adwaita-icon-theme
|
||||||
];
|
];
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
|
"themes/light/gtk-theme".text = ''
|
||||||
|
Adwaita
|
||||||
|
'';
|
||||||
"themes/light/xsettings.conf".text = ''
|
"themes/light/xsettings.conf".text = ''
|
||||||
Net/ThemeName "Adwaita"
|
Net/ThemeName "Adwaita"
|
||||||
'';
|
'';
|
||||||
@ -46,8 +52,11 @@ in {
|
|||||||
*background: #ffffff
|
*background: #ffffff
|
||||||
*foreground: #000000
|
*foreground: #000000
|
||||||
'';
|
'';
|
||||||
|
"themes/dark/gtk-theme".text = ''
|
||||||
|
Dracula
|
||||||
|
'';
|
||||||
"themes/dark/xsettings.conf".text = ''
|
"themes/dark/xsettings.conf".text = ''
|
||||||
Net/ThemeName "Adwaita-dark"
|
Net/ThemeName "Dracula"
|
||||||
'';
|
'';
|
||||||
"themes/dark/xresources".text = ''
|
"themes/dark/xresources".text = ''
|
||||||
*background: #000000
|
*background: #000000
|
||||||
|
20
lass/2configs/weron/client.nix
Normal file
20
lass/2configs/weron/client.nix
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
systemd.services.weron = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment = {
|
||||||
|
WERON_RADDR = "ws://lassul.us:23420/";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = pkgs.writers.writeDash "weron" ''
|
||||||
|
${pkgs.weron}/bin/weron vpn ip \
|
||||||
|
--community krebs \
|
||||||
|
--password aidsballs \
|
||||||
|
--key aidsballs \
|
||||||
|
--ips 10.249.1.0/24 \
|
||||||
|
--verbose 7 \
|
||||||
|
--dev weron
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
13
lass/2configs/weron/signaler.nix
Normal file
13
lass/2configs/weron/signaler.nix
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
systemd.services.weron-signaler = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment = {
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = ''${pkgs.weron}/bin/weron signaler --verbose=7 --laddr ":23420"'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 23420 ];
|
||||||
|
}
|
@ -96,6 +96,9 @@ with import ./lib;
|
|||||||
nix-writers = {
|
nix-writers = {
|
||||||
cgit.desc = "collection of package builders";
|
cgit.desc = "collection of package builders";
|
||||||
};
|
};
|
||||||
|
nixpkgs = {
|
||||||
|
cgit.desc = "Nix Packages collection";
|
||||||
|
};
|
||||||
pager = {
|
pager = {
|
||||||
};
|
};
|
||||||
populate = {
|
populate = {
|
||||||
|
@ -11,9 +11,11 @@ in {
|
|||||||
];
|
];
|
||||||
tv.iptables.extra4.nat.PREROUTING = [
|
tv.iptables.extra4.nat.PREROUTING = [
|
||||||
"-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
"-d ${cfg.host.nets.retiolum.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
||||||
|
"-d ${cfg.host.nets.wiregrill.ip4.addr} -p tcp --dport 22 -j ACCEPT"
|
||||||
];
|
];
|
||||||
tv.iptables.extra6.nat.PREROUTING = [
|
tv.iptables.extra6.nat.PREROUTING = [
|
||||||
"-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
"-d ${cfg.host.nets.retiolum.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
||||||
|
"-d ${cfg.host.nets.wiregrill.ip6.addr} -p tcp --dport 22 -j ACCEPT"
|
||||||
];
|
];
|
||||||
tv.iptables.extra.nat.PREROUTING = [
|
tv.iptables.extra.nat.PREROUTING = [
|
||||||
"-p tcp --dport 22 -j REDIRECT --to-ports 0"
|
"-p tcp --dport 22 -j REDIRECT --to-ports 0"
|
||||||
|
Loading…
Reference in New Issue
Block a user