chore: move configs to system directories

systems/zaatar/bvg.nix

@@ -0,0 +1,57 @@
+{ pkgs, lib, ... }:
+let
+  inherit (import <niveum/lib>) serveHtml;
+  stations = [
+    900068204 # A/M
+    900068302 # KAS
+    900068203 # B-P
+  ];
+  fahrplan = pkgs.writeText "fahrplan.html" ''
+    <!DOCTYPE html>
+    <title>Fahrplan</title>
+    <link
+      rel="icon"
+      type="image/x-icon"
+      href="https://mobil.bvg.de/Fahrinfo/img/ua_xhtml/logo.gif"
+    />
+    <style>
+      body {
+        margin: 0;
+        --bvg-yellow: #f0d722;
+      }
+      #fahrplan {
+        display: flex;
+        height: 100vh;
+        width: 100%;
+        flex-direction: row;
+      }
+      #fahrplan iframe {
+        flex-grow: 1;
+        border: none;
+      }
+      #fahrplan iframe + iframe {
+        border-left: 2px solid var(--bvg-yellow);
+      }
+    </style>
+    <body>
+      <div id="fahrplan">
+        ${lib.concatMapStrings (station: ''
+          <iframe scrolling="no" src="https://mobil.bvg.de/Fahrinfo/bin/stboard.bin/dox?ld=0.1&input=${toString station}&boardType=depRT&start=yes"></iframe>
+        '') stations}
+      </div>
+    </body>
+  '';
+in
+{
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  services.nginx.virtualHosts."bvg.kmein.r" = {
+    locations."/".extraConfig = serveHtml fahrplan pkgs;
+  };
+}

systems/zaatar/configuration.nix

@@ -4,100 +4,24 @@ let
 in
 {
   imports = [
+    ./bvg.nix
+    ./gaslight.nix
     ./hardware-configuration.nix
+    ./kiosk.nix
+    ./moodle-dl-meinhark.nix
+    ./pulseaudio.nix
+    ./tuna.nix
     <home-manager/nixos>
-    <niveum/configs/wpa_supplicant.nix>
     <niveum/configs/keyboard.nix>
-    <niveum/modules/retiolum.nix>
-    <niveum/configs/spacetime.nix>
+    <niveum/configs/monitoring.nix>
     <niveum/configs/nix.nix>
-    <niveum/configs/tuna.nix>
-    <niveum/configs/sshd.nix>
-    <niveum/configs/version.nix>
-    <niveum/configs/gaslight.nix>
     <niveum/configs/printing.nix>
+    <niveum/configs/spacetime.nix>
+    <niveum/configs/sshd.nix>
     <niveum/configs/traadfri.nix>
-    <niveum/configs/bvg.nix>
-    <niveum/configs/moodle-dl/meinhark.nix>
-    <niveum/configs/monitoring/push.nix>
-    {
-      nixpkgs.config.allowUnfree = true;
-    }
-    {
-      sound.enable = true;
-
-      hardware.pulseaudio = {
-        enable = true;
-        systemWide = true;
-        tcp = {
-          enable = true;
-          anonymousClients.allowedIpRanges = [ "127.0.0.1" "10.243.2.0/24" "192.168.0.0/16" ];
-        };
-        zeroconf.publish.enable = true;
-      };
-      networking.firewall.allowedTCPPorts = [ 4713 ];
-    }
-    {
-      environment.systemPackages =
-      let
-        worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
-      in [
-        (pkgs.writers.writeDashBin "mpv" ''
-          ${pkgs.mpv}/bin/mpv --no-video "$@"
-        '')
-        (pkgs.writers.writeDashBin "worldradio" ''
-          shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
-        '')
-      ];
-    }
-    {
-      users.extraUsers.kiosk = {
-        isNormalUser = true;
-        password = "";
-        extraGroups = [ "audio" ];
-      };
-      services.cage = {
-        enable = true;
-        user = config.users.extraUsers.kiosk.name;
-        extraArguments = [ "-s" ]; # allow vt switching
-        program =
-        let startUrls = [ "https://open.spotify.com" "https://youtube.com" "http://bvg.kmein.r" ];
-        in pkgs.writers.writeDash "kiosk-browser" ''
-          while true; do
-            ${pkgs.chromium}/bin/chromium \
-              --no-first-run --no-message-box --noerrdialogs \
-              --default-browser --no-default-browser-check \
-              --start-maximized ${lib.escapeShellArgs startUrls}
-            sleep 0.5
-          done
-        '';
-      };
-      systemd.services.cage-tty1.environment.XKB_DEFAULT_LAYOUT = "de";
-      programs.chromium = {
-        enable = true;
-        extensions = [
-          "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
-        ];
-      };
-    }
-    {
-      environment.systemPackages = [ pkgs.tmux ];
-      systemd.services.turntables = {
-        description = "music controller session";
-        after = [ "network.target" ];
-        wantedBy = [ "multi-user.target" ];
-        path = [ pkgs.alacritty.terminfo ];
-        script = ''
-          ${pkgs.tmux}/bin/tmux -2 new-session -d -s turntables ${pkgs.alsaUtils}/bin/alsamixer \; new-window
-        '';
-        preStop = "${pkgs.tmux}/bin/tmux kill-session -t turntables";
-        serviceConfig = {
-          User = "root";
-          RemainAfterExit = true;
-          Type = "oneshot";
-        };
-      };
-    }
+    <niveum/configs/version.nix>
+    <niveum/configs/wpa_supplicant.nix>
+    <niveum/modules/retiolum.nix>
   ];
 
   nix.nixPath = [ "/var/src" ];
@@ -110,19 +34,25 @@ in
 
   services.illum.enable = true;
 
-  environment.systemPackages = with pkgs; [ git vim htop ncmpcpp ];
+  environment.systemPackages =
+  let
+    worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
+  in [
+    (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
+    (pkgs.writers.writeDashBin "worldradio" ''
+      shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
+    '')
+    pkgs.git
+    pkgs.vim
+    pkgs.htop
+    pkgs.ncmpcpp
+  ];
 
-  boot.loader.systemd-boot = {
-    enable = true;
-    configurationLimit = 5;
+  networking = {
+    hostName = "zaatar";
+    wireless.interfaces = [ "wlp2s0" ];
+    retiolum = retiolumAddresses.zaatar;
   };
 
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "zaatar";
-  networking.wireless.interfaces = [ "wlp2s0" ];
-
-  networking.retiolum = retiolumAddresses.zaatar;
-
   system.stateVersion = "20.09";
 }

systems/zaatar/gaslight.nix

@@ -0,0 +1,25 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    (pkgs.writers.writeDashBin "gaslight-stream" ''
+      ${pkgs.ffmpeg}/bin/ffmpeg -r 14 -s 640x480 -f video4linux2 -i /dev/video0 -f alsa -i default -c:v libx264 -preset ultrafast -c:a aac -f avi -
+    '')
+    (pkgs.writers.writeDashBin "gaslight-say" ''
+      voices="de
+      de+whisper"
+
+      echo "$@" | ${pkgs.espeak}/bin/espeak -v "$(echo "$voices" | ${pkgs.coreutils}/bin/shuf -n1)"
+    '')
+    (pkgs.writers.writeDashBin "gaslight-play" ''
+      set -o noglob
+      ${pkgs.mpv}/bin/mpv --no-video "$1"
+    '')
+  ];
+}
+
+/*
+
+ssh machine gaslight-stream | mpv -
+ssh machine gaslight-say "blablabla"
+
+*/

systems/zaatar/hardware-configuration.nix

@@ -1,23 +1,32 @@
-{ config, lib, pkgs, ... }: {
+{ config, lib, pkgs, ... }:
+{
   imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
 
-  boot.initrd.availableKernelModules =
-    [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];
-  boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
+  boot = {
+    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    loader = {
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 5;
+      };
+      efi.canTouchEfiVariables = true;
+    };
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/boot";
-    fsType = "vfat";
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+    };
   };
 
-  swapDevices =
-    [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
 
   nix.maxJobs = lib.mkDefault 4;
   powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

systems/zaatar/kiosk.nix

@@ -0,0 +1,31 @@
+{ config, pkgs, lib, ... }:
+{
+  users.extraUsers.kiosk = {
+    isNormalUser = true;
+    password = "";
+    extraGroups = [ "audio" ];
+  };
+  services.cage = {
+    enable = true;
+    user = config.users.extraUsers.kiosk.name;
+    extraArguments = [ "-s" ]; # allow vt switching
+    program =
+    let startUrls = [ "https://open.spotify.com" "https://youtube.com" "http://bvg.kmein.r" ];
+    in pkgs.writers.writeDash "kiosk-browser" ''
+      while true; do
+        ${pkgs.chromium}/bin/chromium \
+          --no-first-run --no-message-box --noerrdialogs \
+          --default-browser --no-default-browser-check \
+          --start-maximized ${lib.escapeShellArgs startUrls}
+        sleep 0.5
+      done
+    '';
+  };
+  systemd.services.cage-tty1.environment.XKB_DEFAULT_LAYOUT = "de";
+  programs.chromium = {
+    enable = true;
+    extensions = [
+      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
+    ];
+  };
+}

systems/zaatar/moodle-dl-meinhark.nix

@@ -0,0 +1,107 @@
+{ config, pkgs, lib, ... }:
+let
+  moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old: old // {
+    patches = [ <niveum/packages/moodle-dl/telegram-format.patch> ];
+  });
+in
+{
+  imports = [ <niveum/modules/moodle-dl.nix> ];
+
+  services.moodle-dl = {
+    enable = true;
+    startAt = "hourly";
+    package = moodle-dl-package;
+    settings = {
+      telegram = {
+        token = lib.strings.fileContents <system-secrets/telegram/moodle-dl.token>;
+        chat_id = "18980945";
+        send_error_msg = false;
+      };
+      token = lib.strings.fileContents <system-secrets/moodle.token>;
+      moodle_domain = "moodle.hu-berlin.de";
+      moodle_path = "/";
+      download_course_ids = [
+        # WS 2020
+        99881 # Dialektologie
+        100183 # Onomastik
+        100353 # Sanskrit I
+        100692 # Sanskrit Tutorium
+        99832 # Germanisch
+        99823 # Gotisch
+        99813 # Altalbanisch
+        98681 # Geistliche Lyrik von Luther bis Lehnert
+        99667 # Antike Mythologie
+        # 52365 # FSR KlassPhil
+
+        # SS 2021
+        104850 # Metrik
+        103274 # Marc Aurel
+        102909 # Sanskrit II
+        104937 # Altirisch
+        104925 # Gradierung und Komparation
+        105264 # Was andere Sprachen anders machen
+        104991 # Warum klingt Orkisch böse
+        105074 # Litauisch
+        103685 # Griechische Sprache und Übersetzung I
+        105455 # Elegia greca
+        105335 # Homerische Epen
+
+        # WS 2021
+        108122 # Griechisch
+        107986 # Altostslavisch
+        107792 # Elegie in Rom
+        107369 # Tusculanae Disputationes
+        108586 # Griechische Religion
+        107988 # Balkanindogermanisch
+        108312 # Altnordisch
+        107281 # NLP
+        108736 # Grammatiktheorie
+        109438 # Warum klingt Orkisch böse
+        108025 # Poetik der Nordgermanen
+        107280 # Statistik
+        108350 # Attische Redner
+        107461 # Argonautika
+        108283 # Digital Classicist
+        109211 # Altlitauisch
+        109185 # Etymologie
+      ];
+      download_submissions = true;
+      download_descriptions = true;
+      download_links_in_descriptions = false;
+      download_databases = false;
+      download_forums = false;
+      download_linked_files = false;
+      download_also_with_cookie = false;
+    };
+  };
+
+  fileSystems."/export/moodle" = {
+    device = config.services.moodle-dl.directory;
+    options = [ "bind" ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2049 ];
+
+  services.nginx.virtualHosts."moodle.kmein.r" =
+  let
+    identity = lib.strings.fileContents <secrets/eduroam/identity>;
+    password = lib.strings.fileContents <secrets/eduroam/password>;
+  in {
+    basicAuth."${identity}" = password;
+    locations."/" = {
+      root = config.services.moodle-dl.directory;
+      extraConfig = ''
+        autoindex on;
+        charset UTF-8;
+      '';
+    };
+  };
+
+  services.nfs.server = {
+    enable = true;
+    exports = let machines = with (import <niveum/lib>).retiolumAddresses; [kabsa manakish]; in ''
+      /export        ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
+      /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
+    '';
+  };
+}

systems/zaatar/pulseaudio.nix

@@ -0,0 +1,14 @@
+{
+  sound.enable = true;
+
+  hardware.pulseaudio = {
+    enable = true;
+    systemWide = true;
+    tcp = {
+      enable = true;
+      anonymousClients.allowedIpRanges = [ "127.0.0.1" "10.243.2.0/24" "192.168.0.0/16" ];
+    };
+    zeroconf.publish.enable = true;
+  };
+  networking.firewall.allowedTCPPorts = [ 4713 ];
+}

systems/zaatar/tuna.nix

@@ -0,0 +1,114 @@
+{ config, pkgs, lib, ... }:
+let
+  firewall = (import <niveum/lib>).firewall lib;
+
+  streams = import <niveum/lib/streams.nix> {
+    di-fm-key = lib.strings.fileContents <secrets/di.fm/key>;
+  };
+  multi-room-audio-port = 8000;
+  password = lib.strings.fileContents <system-secrets/mpd-web.key>;
+in
+{
+  imports = [
+    <niveum/modules/tuna.nix>
+  ];
+
+  services.syncthing = let mpd-directory = config.services.mpd.dataDir; in {
+    enable = true;
+    user = config.services.mpd.user; # config.users.extraUsers.moodle.name;
+    openDefaultPorts = true;
+    configDir = "${mpd-directory}/.config/syncthing";
+    dataDir = "${mpd-directory}/.config/syncthing";
+    cert = toString <system-secrets/syncthing/cert.pem>;
+    key = toString <system-secrets/syncthing/key.pem>;
+    devices = {
+      inherit ((import <niveum/lib>).syncthing.devices) kabsa manakish heym;
+    };
+    folders.${config.services.mpd.musicDirectory} = {
+      devices = [ "heym" "kabsa" "manakish" ];
+      id = "music";
+      type = "receiveonly";
+    };
+  };
+
+  services.mpd = {
+    enable = true;
+    network.listenAddress = "0.0.0.0";
+    extraConfig = ''
+      log_level "default"
+      auto_update "yes"
+
+      audio_output {
+        type "pulse"
+        name "zaatar single room audio system"
+      }
+    '';
+  };
+
+  environment.systemPackages = [ pkgs.mpc_cli ];
+
+  networking.firewall =
+  let
+    dport = config.services.mpd.network.port;
+    protocol = "tcp";
+    rules = [
+      (firewall.accept { inherit dport protocol; source = "192.168.0.0/16"; })
+      (firewall.accept { inherit dport protocol; source = "127.0.0.0/8"; })
+    ];
+  in {
+    allowedTCPPorts = [ 80 ];
+    extraCommands = firewall.addRules rules;
+    extraStopCommands = firewall.removeRules rules;
+  };
+
+  system.activationScripts.mpd-playlists =
+  let playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
+  in ''
+    rm -rf /var/lib/mpd/playlists
+    install -d /var/lib/mpd/playlists
+    ln -sfn "${toString playlistFile}" "/var/lib/mpd/playlists/radio.m3u"
+  '';
+
+  services.tuna = {
+    enable = true;
+    # stationsFile = "/etc/tuna/stations.json";
+    stations = lib.lists.imap0 (id: {desc ? "", logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300", stream, station}: { inherit id desc logo stream station; }) streams;
+    webPort = 8080;
+  };
+
+  systemd.services.tuna-stations =
+  let
+    stations = lib.lists.imap0 (id: {desc ? "", logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300", stream, station}: { inherit id desc logo stream station; }) streams;
+    stationsJson = (pkgs.formats.json {}).generate "stations.json" stations;
+  in {
+    wantedBy = [ "tuna.service" ];
+    startAt = "hourly";
+    script = ''
+      mkdir -p /etc/tuna
+      antenne_asb_url=$(
+        ${pkgs.curl}/bin/curl -sS 'https://www.caster.fm/widgets/em_player.php?jsinit=true&uid=529295&t=blue&c=' \
+          | grep streamUrl \
+          | sed ${lib.escapeShellArg "s/^.*'\\([^']*\\)'.*/\\1/"}
+      )
+      ${pkgs.jq}/bin/jq "map(if .station == \"Antenne ASB\" then .stream |= \"$antenne_asb_url\" else . end)" < ${stationsJson} > /etc/tuna/stations.json
+    '';
+  };
+
+
+  /*
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."radio.kmein.r" = {
+      basicAuth.dj = password;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.tuna.webPort}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+  */
+}