From 44efc4dfa176c8f810685961a47c84d880c161ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Sun, 22 May 2022 11:47:59 +0200
Subject: [PATCH] feat(passport): init for makanek

---
 configs/telegram-bots/autorenkalender.nix  |   8 ++
 configs/telegram-bots/default.nix          |  18 +++
 configs/telegram-bots/literature-quote.nix |   7 ++
 configs/telegram-bots/nachtischsatan.nix   |   8 ++
 configs/telegram-bots/tlg-wotd.nix         |   8 ++
 lib/default.nix                            |   2 +-
 modules/passport.nix                       | 135 +++++++++++++++++++++
 systems/makanek/configuration.nix          |  25 ++++
 systems/makanek/gitea.nix                  |  11 +-
 systems/makanek/hedgedoc.nix               |   8 ++
 systems/makanek/menstruation.nix           |   8 ++
 systems/makanek/moinbot.nix                |   7 ++
 systems/makanek/monitoring/default.nix     |  20 +++
 systems/makanek/moodle-dl-borsfaye.nix     |   7 ++
 systems/makanek/names.nix                  |   8 ++
 systems/makanek/nextcloud.nix              |   9 ++
 systems/makanek/radio-news.nix             |   8 ++
 systems/makanek/radio.nix                  |   8 ++
 systems/makanek/retiolum-map.nix           |  13 ++
 systems/makanek/tarot.nix                  |   8 ++
 systems/makanek/urlwatch.nix               |   7 ++
 systems/makanek/weechat.nix                |   7 ++
 22 files changed, 338 insertions(+), 2 deletions(-)
 create mode 100644 modules/passport.nix

diff --git a/configs/telegram-bots/autorenkalender.nix b/configs/telegram-bots/autorenkalender.nix
index 0f7a947..97480b6 100644
--- a/configs/telegram-bots/autorenkalender.nix
+++ b/configs/telegram-bots/autorenkalender.nix
@@ -20,4 +20,12 @@ in {
     parseMode = "Markdown";
     command = "${autorenkalender}/bin/autorenkalender";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Autorenkalender";
+      description = "sends <a href=\"https://www.projekt-gutenberg.org/\">Projekt Gutenberg</a>'s anniversary information to Telegram.";
+      link = "https://t.me/Autorenkalender";
+    }
+  ];
 }
diff --git a/configs/telegram-bots/default.nix b/configs/telegram-bots/default.nix
index bb79b2a..fcd827e 100644
--- a/configs/telegram-bots/default.nix
+++ b/configs/telegram-bots/default.nix
@@ -26,6 +26,24 @@ in {
       inherit path;
     }) [reverseDirectory proverbDirectory];
 
+  niveum.passport.services = [
+    {
+      title = "Rückwarts-Bot";
+      link = "https://t.me/RueckwaertsBot";
+      description = "reverses things on Telegram.";
+    }
+    {
+      title = "BetaCode-Bot";
+      link = "https://t.me/BetaCodeBot";
+      description = "converts <a href=\"https://en.wikipedia.org/wiki/Beta_Code\">beta code</a> to polytonic Greek on Telegram.";
+    }
+    {
+      title = "Sprichwortgenerator-Bot";
+      link = "https://t.me/SprichwortGeneratorBot";
+      description = "generates useless German proverbs with optional stock photo background on Telegram.";
+    }
+  ];
+
   systemd.services.telegram-reverse = {
     wantedBy = ["multi-user.target"];
     description = "Telegram reverse bot";
diff --git a/configs/telegram-bots/literature-quote.nix b/configs/telegram-bots/literature-quote.nix
index c09c568..0a8f2b2 100644
--- a/configs/telegram-bots/literature-quote.nix
+++ b/configs/telegram-bots/literature-quote.nix
@@ -14,4 +14,11 @@ in {
     command = "${literature-quote}/bin/literature-quote";
     parseMode = "Markdown";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Literature quote bot";
+      description = "sends me and my friends three <a href=\"https://logotheca.xn--kiern-0qa.de/\">logotheca</a> quotes a day.";
+    }
+  ];
 }
diff --git a/configs/telegram-bots/nachtischsatan.nix b/configs/telegram-bots/nachtischsatan.nix
index 6b7a5bd..02a7b3b 100644
--- a/configs/telegram-bots/nachtischsatan.nix
+++ b/configs/telegram-bots/nachtischsatan.nix
@@ -34,4 +34,12 @@ in {
     });
     serviceConfig.Restart = "always";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Nachtischsatan-Bot";
+      link = "https://t.me/NachtischsatanBot";
+      description = "*flubberflubber*";
+    }
+  ];
 }
diff --git a/configs/telegram-bots/tlg-wotd.nix b/configs/telegram-bots/tlg-wotd.nix
index c4a3a18..d7dddae 100644
--- a/configs/telegram-bots/tlg-wotd.nix
+++ b/configs/telegram-bots/tlg-wotd.nix
@@ -17,4 +17,12 @@
     '');
     parseMode = "Markdown";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Thesaurus Linguae Graecae Word of the Day";
+      description = "sends <a href=\"https://stephanus.tlg.uci.edu/\">TLG</a>'s word of the day to Telegram.";
+      link = "https://t.me/tlgwotd";
+    }
+  ];
 }
diff --git a/lib/default.nix b/lib/default.nix
index 983e9c1..5cde9da 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -28,7 +28,7 @@ rec {
   serveHtml = file: pkgs: ''
     default_type "text/html";
     root ${
-      pkgs.linkFarm "fahrplan" [
+      pkgs.linkFarm "www" [
         {
           name = "index.html";
           path = file;
diff --git a/modules/passport.nix b/modules/passport.nix
new file mode 100644
index 0000000..da54821
--- /dev/null
+++ b/modules/passport.nix
@@ -0,0 +1,135 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.niveum.passport;
+  sortOn = a: lib.sort (as1: as2: lib.lessThan (lib.getAttr a as1) (lib.getAttr a as2));
+  css = ''
+    body {
+      margin: 0;
+      font-family: "Fira Sans Condensed", sans-serif;
+    }
+
+    main {
+      margin: 0 auto;
+      display: grid;
+      grid-template-columns: 1fr 3fr;
+      grid-gap: 2em;
+    }
+    @media only screen and (max-width: 768px) {
+      main {
+        grid-template-columns: 1fr;
+      }
+    }
+
+    footer, section {
+      padding: 1em;
+    }
+
+    footer {
+      text-align: center;
+    }
+
+    dl {
+      border: 3px double #ccc;
+      padding: 0.5em;
+    }
+    dt {
+      float: left;
+      clear: left;
+      width: 200px;
+      text-align: right;
+      font-weight: bold;
+      margin-right: 1em;
+      margin-bottom: 1em;
+    }
+    dd {
+      margin: 0 0 0 110px;
+      padding: 0 0 0.5em 0;
+      margin-bottom: 1em;
+    }
+  '';
+in
+  with lib; {
+    options.niveum.passport = {
+      enable = mkEnableOption "server passport";
+
+      introductionHTML = mkOption {type = types.str;};
+
+      virtualHost = mkOption {
+        type = types.str;
+      };
+
+      services = mkOption {
+        type = types.listOf (types.submodule {
+          options = {
+            title = mkOption {type = types.str;};
+            link = mkOption {
+              type = types.nullOr types.str;
+              default = null;
+            };
+            description = mkOption {
+              type = types.str;
+              default = "";
+            };
+          };
+        });
+        default = [];
+      };
+    };
+
+    config = mkIf cfg.enable {
+      services.nginx.enable = true;
+
+      services.nginx.virtualHosts."${cfg.virtualHost}".locations."/passport".extraConfig = ''
+        default_type "text/html";
+        root ${
+          pkgs.linkFarm "www" [
+            {
+              name = "passport/index.html";
+              path = pkgs.writeText "index.html" ''
+                <!doctype html>
+                <head>
+                  <meta charset="utf-8">
+                  <meta name="viewport" content="width=device-width, initial-scale=1">
+                  <title>${config.networking.hostName} passport</title>
+                  <style>${css}</style>
+                </head>
+                <body>
+                  <main>
+                    <section id="server">
+                    <h1>${config.networking.hostName}</h1>
+                    ${cfg.introductionHTML}
+                    </section>
+
+                    <section id="services">
+                    <h2>Services</h2>
+                    <dl>
+                    ${lib.strings.concatMapStringsSep "\n" (service: ''
+                  <dt>
+                  ${lib.optionalString (service.link != null) "<a href=\"${service.link}\">"}
+                  ${service.title}
+                  ${lib.optionalString (service.link != null) "</a>"}
+                  </dt>
+                  <dd>
+                  ${service.description}
+                  </dd>
+                '') (sortOn "title" cfg.services)}
+                    </dl>
+                    </section>
+                  </main>
+
+                  <footer>
+                    <tt>${config.networking.hostName}</tt> is part of the <i><a href="https://github.com/kmein/niveum/tree/master/systems/${config.networking.hostName}">niveum</a></i> network.
+                  </footer>
+                </body>
+              '';
+            }
+          ]
+        };
+        index index.html;
+      '';
+    };
+  }
diff --git a/systems/makanek/configuration.nix b/systems/makanek/configuration.nix
index 248d6ef..b062cde 100644
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -31,6 +31,7 @@ in {
     <niveum/configs/sshd.nix>
     <niveum/configs/telegram-bots>
     <niveum/modules/retiolum.nix>
+    <niveum/modules/passport.nix>
   ];
 
   services.restic.backups.niveum = {
@@ -52,6 +53,30 @@ in {
     ];
   };
 
+  niveum.passport = {
+    enable = true;
+    introductionHTML = ''
+      <p>
+      The machine <tt>makanek</tt> is named after a Levantine type of <a href="https://en.wikipedia.org/wiki/Makanek">sausage</a> (مقانق <i>maqāniq</i>).
+      </p>
+      <p>
+      It runs on <a href="https://www.hetzner.com/cloud">Hetzner cloud</a>.
+      </p>
+      <figure>
+        <img width="200" src="https://www.albawaba.com/sites/default/files/2019-08/makanek-BeFunky-project.jpg" alt="Makanek sausages"/>
+        <figcaption>Makanek</figcaption>
+      </figure>
+    '';
+    virtualHost = "makanek.r";
+
+    services = [
+      {
+        title = "restic backup";
+        description = "This machine backups its state via restic backup.";
+      }
+    ];
+  };
+
   nix.nixPath = ["/var/src"];
 
   networking = {
diff --git a/systems/makanek/gitea.nix b/systems/makanek/gitea.nix
index 79dc690..72a4821 100644
--- a/systems/makanek/gitea.nix
+++ b/systems/makanek/gitea.nix
@@ -1,10 +1,11 @@
 let
   inherit (import <niveum/lib>) sshPort;
+  domain = "https://code.kmein.de";
 in {
   services.gitea = {
     enable = true;
     disableRegistration = true;
-    rootUrl = "https://code.kmein.de";
+    rootUrl = domain;
     appName = "code.kmein.de";
     ssh.clonePort = sshPort;
   };
@@ -13,4 +14,12 @@ in {
     enableACME = true;
     locations."/".extraConfig = "proxy_pass http://localhost:3000;";
   };
+
+  niveum.passport.services = [
+    {
+      link = domain;
+      title = "Gitea";
+      description = "hosts a couple of <tt>git</tt> repos. Registration is disabled.";
+    }
+  ];
 }
diff --git a/systems/makanek/hedgedoc.nix b/systems/makanek/hedgedoc.nix
index cfeb703..67210d9 100644
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -47,6 +47,14 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      title = "Hedgedoc";
+      link = "https://${domain}";
+      description = "lets you collaborate on Markdown documents.";
+    }
+  ];
+
   systemd.tmpfiles.rules = [
     (tmpfilesConfig {
       user = "codimd";
diff --git a/systems/makanek/menstruation.nix b/systems/makanek/menstruation.nix
index 363182a..3b322d8 100644
--- a/systems/makanek/menstruation.nix
+++ b/systems/makanek/menstruation.nix
@@ -11,6 +11,14 @@ in {
 
   environment.systemPackages = [pkgs.redis];
 
+  niveum.passport.services = [
+    {
+      title = "Tischlein, deck dich!";
+      description = "serves you with Berlin canteen menus via Telegram.";
+      link = "https://t.me/TischleinDeckDichBot";
+    }
+  ];
+
   systemd.services.menstruation-telegram = {
     wants = [
       "network-online.target"
diff --git a/systems/makanek/moinbot.nix b/systems/makanek/moinbot.nix
index 263ebdb..662d258 100644
--- a/systems/makanek/moinbot.nix
+++ b/systems/makanek/moinbot.nix
@@ -12,5 +12,12 @@
     serviceConfig.DynamicUser = true;
   };
 
+  niveum.passport.services = [
+    {
+      title = "moinbot";
+      description = "greets #hsmr:hackint.org daily.";
+    }
+  ];
+
   systemd.timers.moinbot.timerConfig.RandomizedDelaySec = "14h";
 }
diff --git a/systems/makanek/monitoring/default.nix b/systems/makanek/monitoring/default.nix
index 7eb0fb8..5fde2ef 100644
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -22,6 +22,26 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      title = "Prometheus";
+      description = "collects metrics from devices in the <i>niveum</i> network, blackbox monitors some websites.";
+    }
+    {
+      title = "Loki";
+      description = "aggregates logs of the <i>niveum</i> network.";
+    }
+    {
+      title = "Grafana";
+      link = "http://${config.services.grafana.domain}";
+      description = "displays metrics from devices in the <i>niveum</i> network.";
+    }
+    {
+      title = "Alertmanager bot";
+      description = "notifies me when something goes wrong.";
+    }
+  ];
+
   services.prometheus.rules = let
     diskFreeThreshold = 10;
   in [
diff --git a/systems/makanek/moodle-dl-borsfaye.nix b/systems/makanek/moodle-dl-borsfaye.nix
index 7bec62a..abbd551 100644
--- a/systems/makanek/moodle-dl-borsfaye.nix
+++ b/systems/makanek/moodle-dl-borsfaye.nix
@@ -12,6 +12,13 @@
 in {
   imports = [<niveum/modules/moodle-dl.nix>];
 
+  niveum.passport.services = [
+    {
+      title = "MoodleDL";
+      description = "notifies about changes on Moodle.";
+    }
+  ];
+
   services.moodle-dl = {
     enable = true;
     startAt = "hourly";
diff --git a/systems/makanek/names.nix b/systems/makanek/names.nix
index 6071179..0a608ca 100644
--- a/systems/makanek/names.nix
+++ b/systems/makanek/names.nix
@@ -28,6 +28,14 @@ in {
     recommendedTlsSettings = true;
   };
 
+  niveum.passport.services = [
+    {
+      link = "http://names.kmein.r";
+      title = "Onomap";
+      description = "maps surnames within Germany.";
+    }
+  ];
+
   services.nginx.virtualHosts."names.kmein.r" = {
     locations."/".proxyPass = "http://127.0.0.1:${toString port}";
   };
diff --git a/systems/makanek/nextcloud.nix b/systems/makanek/nextcloud.nix
index ef6a3d6..9a48606 100644
--- a/systems/makanek/nextcloud.nix
+++ b/systems/makanek/nextcloud.nix
@@ -1,5 +1,6 @@
 {
   pkgs,
+  config,
   lib,
   ...
 }: let
@@ -33,6 +34,14 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      title = "Nextcloud";
+      link = "https://${config.services.nextcloud.hostName}";
+      description = "manages calendars, to-do lists, files, and recipes.";
+    }
+  ];
+
   services.postgresql = {
     enable = true;
     ensureDatabases = ["nextcloud"];
diff --git a/systems/makanek/radio-news.nix b/systems/makanek/radio-news.nix
index 93b6054..56db084 100644
--- a/systems/makanek/radio-news.nix
+++ b/systems/makanek/radio-news.nix
@@ -8,6 +8,14 @@
 in {
   services.nginx.virtualHosts."redaktion.r".locations."/".extraConfig = serveHtml <niveum/lib/radio-news.html> pkgs;
 
+  niveum.passport.services = [
+    {
+      title = "Retiolum Radio News";
+      link = "http://redaktion.r";
+      description = "supplies git history news to radio lassulus and lets you enter your own.";
+    }
+  ];
+
   systemd.services.stockholm-history = {
     startAt = "hourly";
     script = ''
diff --git a/systems/makanek/radio.nix b/systems/makanek/radio.nix
index bed8a99..bc0b508 100644
--- a/systems/makanek/radio.nix
+++ b/systems/makanek/radio.nix
@@ -126,4 +126,12 @@ in {
     forceSSL = true;
     locations."/".proxyPass = "http://127.0.0.1:${toString config.services.icecast.listen.port}";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Radio";
+      link = "https://radio.kmein.de";
+      description = "broadcasts a few little (and mostly useless) web-radio stations.";
+    }
+  ];
 }
diff --git a/systems/makanek/retiolum-map.nix b/systems/makanek/retiolum-map.nix
index 8f92186..0b19a96 100644
--- a/systems/makanek/retiolum-map.nix
+++ b/systems/makanek/retiolum-map.nix
@@ -44,6 +44,19 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      link = "http://graph.r";
+      title = "Retiolum Realtime Map";
+      description = "displays geographical information about the retiolum network. <a href=\"http://graph.r/graph.html\">Graph</a> info also available.";
+    }
+    {
+      link = "http://c.r/${geo-ip-database}";
+      title = "GeoIP";
+      description = "shares MaxMind's GeoIP database with the krebs world. Updated weekly.";
+    }
+  ];
+
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
diff --git a/systems/makanek/tarot.nix b/systems/makanek/tarot.nix
index 4b77e16..aec5daa 100644
--- a/systems/makanek/tarot.nix
+++ b/systems/makanek/tarot.nix
@@ -48,6 +48,14 @@ in {
       }'';
   };
 
+  niveum.passport.services = [
+    rec {
+      link = "https://tarot.kmein.de";
+      title = "Tarot";
+      description = "draws Tarot cards for you. See <a href=\"${link}/files/key.pdf\">here</a> for information on how to interpret them.";
+    }
+  ];
+
   services.nginx.virtualHosts."tarot.kmein.de" = {
     enableACME = true;
     forceSSL = true;
diff --git a/systems/makanek/urlwatch.nix b/systems/makanek/urlwatch.nix
index 2300201..1723b0e 100644
--- a/systems/makanek/urlwatch.nix
+++ b/systems/makanek/urlwatch.nix
@@ -204,4 +204,11 @@ in {
       Type = "oneshot";
     };
   };
+
+  niveum.passport.services = [
+    {
+      description = "keeps me up-to-date on sites that have no RSS feed (shame be upon them!).";
+      title = "urlwatch";
+    }
+  ];
 }
diff --git a/systems/makanek/weechat.nix b/systems/makanek/weechat.nix
index cef1713..bff40af 100644
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -185,4 +185,11 @@ in {
     isSystemUser = true;
     packages = [pkgs.tmux];
   };
+
+  niveum.passport.services = [
+    {
+      title = "weechat bouncer";
+      description = "keeps me logged in on IRC.";
+    }
+  ];
 }