feat(passport): init for makanek

2026-03-17 18:41:09 +01:00 · 2022-05-22 11:47:59 +02:00
parent 9a3499ab6c
commit 44efc4dfa1
22 changed files with 338 additions and 2 deletions
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -31,6 +31,7 @@ in {
    <niveum/configs/sshd.nix>
    <niveum/configs/telegram-bots>
    <niveum/modules/retiolum.nix>
+    <niveum/modules/passport.nix>
  ];

  services.restic.backups.niveum = {
@@ -52,6 +53,30 @@ in {
    ];
  };

+  niveum.passport = {
+    enable = true;
+    introductionHTML = ''
+      <p>
+      The machine <tt>makanek</tt> is named after a Levantine type of <a href="https://en.wikipedia.org/wiki/Makanek">sausage</a> (مقانق <i>maqāniq</i>).
+      </p>
+      <p>
+      It runs on <a href="https://www.hetzner.com/cloud">Hetzner cloud</a>.
+      </p>
+      <figure>
+        <img width="200" src="https://www.albawaba.com/sites/default/files/2019-08/makanek-BeFunky-project.jpg" alt="Makanek sausages"/>
+        <figcaption>Makanek</figcaption>
+      </figure>
+    '';
+    virtualHost = "makanek.r";
+
+    services = [
+      {
+        title = "restic backup";
+        description = "This machine backups its state via restic backup.";
+      }
+    ];
+  };
+
  nix.nixPath = ["/var/src"];

  networking = {
--- a/systems/makanek/gitea.nix
+++ b/systems/makanek/gitea.nix
@@ -1,10 +1,11 @@
 let
  inherit (import <niveum/lib>) sshPort;
+  domain = "https://code.kmein.de";
 in {
  services.gitea = {
    enable = true;
    disableRegistration = true;
-    rootUrl = "https://code.kmein.de";
+    rootUrl = domain;
    appName = "code.kmein.de";
    ssh.clonePort = sshPort;
  };
@@ -13,4 +14,12 @@ in {
    enableACME = true;
    locations."/".extraConfig = "proxy_pass http://localhost:3000;";
  };
+
+  niveum.passport.services = [
+    {
+      link = domain;
+      title = "Gitea";
+      description = "hosts a couple of <tt>git</tt> repos. Registration is disabled.";
+    }
+  ];
 }
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -47,6 +47,14 @@ in {
    };
  };

+  niveum.passport.services = [
+    {
+      title = "Hedgedoc";
+      link = "https://${domain}";
+      description = "lets you collaborate on Markdown documents.";
+    }
+  ];
+
  systemd.tmpfiles.rules = [
    (tmpfilesConfig {
      user = "codimd";
--- a/systems/makanek/menstruation.nix
+++ b/systems/makanek/menstruation.nix
@@ -11,6 +11,14 @@ in {

  environment.systemPackages = [pkgs.redis];

+  niveum.passport.services = [
+    {
+      title = "Tischlein, deck dich!";
+      description = "serves you with Berlin canteen menus via Telegram.";
+      link = "https://t.me/TischleinDeckDichBot";
+    }
+  ];
+
  systemd.services.menstruation-telegram = {
    wants = [
      "network-online.target"
--- a/systems/makanek/moinbot.nix
+++ b/systems/makanek/moinbot.nix
@@ -12,5 +12,12 @@
    serviceConfig.DynamicUser = true;
  };

+  niveum.passport.services = [
+    {
+      title = "moinbot";
+      description = "greets #hsmr:hackint.org daily.";
+    }
+  ];
+
  systemd.timers.moinbot.timerConfig.RandomizedDelaySec = "14h";
 }
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -22,6 +22,26 @@ in {
    };
  };

+  niveum.passport.services = [
+    {
+      title = "Prometheus";
+      description = "collects metrics from devices in the <i>niveum</i> network, blackbox monitors some websites.";
+    }
+    {
+      title = "Loki";
+      description = "aggregates logs of the <i>niveum</i> network.";
+    }
+    {
+      title = "Grafana";
+      link = "http://${config.services.grafana.domain}";
+      description = "displays metrics from devices in the <i>niveum</i> network.";
+    }
+    {
+      title = "Alertmanager bot";
+      description = "notifies me when something goes wrong.";
+    }
+  ];
+
  services.prometheus.rules = let
    diskFreeThreshold = 10;
  in [
--- a/systems/makanek/moodle-dl-borsfaye.nix
+++ b/systems/makanek/moodle-dl-borsfaye.nix
@@ -12,6 +12,13 @@
 in {
  imports = [<niveum/modules/moodle-dl.nix>];

+  niveum.passport.services = [
+    {
+      title = "MoodleDL";
+      description = "notifies about changes on Moodle.";
+    }
+  ];
+
  services.moodle-dl = {
    enable = true;
    startAt = "hourly";
--- a/systems/makanek/names.nix
+++ b/systems/makanek/names.nix
@@ -28,6 +28,14 @@ in {
    recommendedTlsSettings = true;
  };

+  niveum.passport.services = [
+    {
+      link = "http://names.kmein.r";
+      title = "Onomap";
+      description = "maps surnames within Germany.";
+    }
+  ];
+
  services.nginx.virtualHosts."names.kmein.r" = {
    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
  };
--- a/systems/makanek/nextcloud.nix
+++ b/systems/makanek/nextcloud.nix
@@ -1,5 +1,6 @@
 {
  pkgs,
+  config,
  lib,
  ...
 }: let
@@ -33,6 +34,14 @@ in {
    };
  };

+  niveum.passport.services = [
+    {
+      title = "Nextcloud";
+      link = "https://${config.services.nextcloud.hostName}";
+      description = "manages calendars, to-do lists, files, and recipes.";
+    }
+  ];
+
  services.postgresql = {
    enable = true;
    ensureDatabases = ["nextcloud"];
--- a/systems/makanek/radio-news.nix
+++ b/systems/makanek/radio-news.nix
@@ -8,6 +8,14 @@
 in {
  services.nginx.virtualHosts."redaktion.r".locations."/".extraConfig = serveHtml <niveum/lib/radio-news.html> pkgs;

+  niveum.passport.services = [
+    {
+      title = "Retiolum Radio News";
+      link = "http://redaktion.r";
+      description = "supplies git history news to radio lassulus and lets you enter your own.";
+    }
+  ];
+
  systemd.services.stockholm-history = {
    startAt = "hourly";
    script = ''
--- a/systems/makanek/radio.nix
+++ b/systems/makanek/radio.nix
@@ -126,4 +126,12 @@ in {
    forceSSL = true;
    locations."/".proxyPass = "http://127.0.0.1:${toString config.services.icecast.listen.port}";
  };
+
+  niveum.passport.services = [
+    {
+      title = "Radio";
+      link = "https://radio.kmein.de";
+      description = "broadcasts a few little (and mostly useless) web-radio stations.";
+    }
+  ];
 }
--- a/systems/makanek/retiolum-map.nix
+++ b/systems/makanek/retiolum-map.nix
@@ -44,6 +44,19 @@ in {
    };
  };

+  niveum.passport.services = [
+    {
+      link = "http://graph.r";
+      title = "Retiolum Realtime Map";
+      description = "displays geographical information about the retiolum network. <a href=\"http://graph.r/graph.html\">Graph</a> info also available.";
+    }
+    {
+      link = "http://c.r/${geo-ip-database}";
+      title = "GeoIP";
+      description = "shares MaxMind's GeoIP database with the krebs world. Updated weekly.";
+    }
+  ];
+
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
--- a/systems/makanek/tarot.nix
+++ b/systems/makanek/tarot.nix
@@ -48,6 +48,14 @@ in {
      }'';
  };

+  niveum.passport.services = [
+    rec {
+      link = "https://tarot.kmein.de";
+      title = "Tarot";
+      description = "draws Tarot cards for you. See <a href=\"${link}/files/key.pdf\">here</a> for information on how to interpret them.";
+    }
+  ];
+
  services.nginx.virtualHosts."tarot.kmein.de" = {
    enableACME = true;
    forceSSL = true;
--- a/systems/makanek/urlwatch.nix
+++ b/systems/makanek/urlwatch.nix
@@ -204,4 +204,11 @@ in {
      Type = "oneshot";
    };
  };
+
+  niveum.passport.services = [
+    {
+      description = "keeps me up-to-date on sites that have no RSS feed (shame be upon them!).";
+      title = "urlwatch";
+    }
+  ];
 }
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -185,4 +185,11 @@ in {
    isSystemUser = true;
    packages = [pkgs.tmux];
  };
+
+  niveum.passport.services = [
+    {
+      title = "weechat bouncer";
+      description = "keeps me logged in on IRC.";
+    }
+  ];
 }