kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-19 03:21:10 +01:00
Code Releases Activity

remove specialArgs niveum and niveumLib, add overlay

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-25 14:00:03 +01:00
parent c490c81a32
commit 82b7ffd39f
59 changed files with 535 additions and 616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
systems/zaatar/backup.nix
View File

@@ -4,9 +4,6 @@
lib,
...
}: let
niveumLib = import ../../lib;
inherit (niveumLib) retiolumAddresses restic;
firewall = niveumLib.firewall lib;
dataDir = "/backup/restic";
in {
services.restic.server = {
@@ -15,7 +12,7 @@ in {
inherit dataDir;
prometheus = true;
extraFlags = ["--no-auth"]; # auth is done via firewall
listenAddress = toString restic.port;
listenAddress = toString pkgs.lib.niveum.restic.port;
};
environment.systemPackages = [
@@ -30,32 +27,32 @@ in {
};
networking.firewall = let
dport = restic.port;
dport = pkgs.lib.niveum.restic.port;
protocol = "tcp";
rules = [
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = retiolumAddresses.kabsa.ipv4;
source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
})
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = retiolumAddresses.manakish.ipv4;
source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
})
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = retiolumAddresses.makanek.ipv4;
source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
})
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = retiolumAddresses.fatteh.ipv4;
source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
})
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = retiolumAddresses.ful.ipv4;
source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
})
];
in {
extraCommands = firewall.addRules rules;
extraStopCommands = firewall.removeRules rules;
extraCommands = pkgs.lib.niveum.firewall.addRules rules;
extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
};
}

39
systems/zaatar/configuration.nix
View File

@@ -3,9 +3,8 @@
pkgs,
lib,
...
}: let
inherit (import ../../lib) retiolumAddresses restic;
in {
}:
{
imports = [
./backup.nix
./gaslight.nix
@@ -51,7 +50,7 @@ in {
services.restic.backups.niveum = {
initialize = true;
inherit (restic) repository;
repository = pkgs.lib.niveum.restic.repository;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "1h";
@@ -70,24 +69,26 @@ in {
services.illum.enable = true;
environment.systemPackages = let
worldradio = pkgs.callPackage ../../packages/worldradio.nix {};
in [
(pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
(pkgs.writers.writeDashBin "worldradio" ''
shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
'')
pkgs.git
pkgs.vim
pkgs.htop
pkgs.ncmpcpp
pkgs.python3 # for sshuttle
];
environment.systemPackages =
let
worldradio = pkgs.callPackage ../../packages/worldradio.nix { };
in
[
(pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
(pkgs.writers.writeDashBin "worldradio" ''
shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
'')
pkgs.git
pkgs.vim
pkgs.htop
pkgs.ncmpcpp
pkgs.python3 # for sshuttle
];
networking = {
hostName = "zaatar";
wireless.interfaces = ["wlp2s0"];
retiolum = retiolumAddresses.zaatar;
wireless.interfaces = [ "wlp2s0" ];
retiolum = pkgs.lib.niveum.retiolumAddresses.zaatar;
};
system.stateVersion = "23.11";

3
systems/zaatar/home-assistant.nix
View File

@@ -1,6 +1,5 @@
{config, pkgs, lib, ...}: let
port = 8123;
inherit (import ../../lib) restic;
volumeName = "home-assistant";
streams = import ../../lib/streams.nix {
di-fm-key = "%DI_FM_KEY%"; # TODO lib.strings.fileContents <secrets/di.fm/key>;
@@ -17,7 +16,7 @@ in {
services.restic.backups.niveum = {
initialize = true;
inherit (restic) repository;
repository = pkgs.lib.niveum.restic.repository;
timerConfig = {
OnCalendar = "daily";
RandomizedDelaySec = "1h";

2
systems/zaatar/moodle-dl-meinhark.nix
View File

@@ -141,7 +141,7 @@ in {
services.nfs.server = {
enable = true;
exports = let
machines = with (import ../../lib).retiolumAddresses; [kabsa manakish];
machines = with pkgs.lib.niveum.retiolumAddresses; [kabsa manakish];
in ''
/export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
/export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}

15
systems/zaatar/mpd.nix
View File

@@ -4,9 +4,6 @@
lib,
...
}: let
firewall = (import ../../lib).firewall lib;
inherit (import ../../lib) tmpfilesConfig;
mukkeMountPoint = "/mnt/mukke";
fritzboxMountPoint = "/mnt/fritz";
@@ -57,7 +54,7 @@ in {
};
systemd.tmpfiles.rules = [
(tmpfilesConfig {
(pkgs.lib.niveum.tmpfilesConfig {
type = "L+";
mode = "0644";
user = "mpd";
@@ -65,7 +62,7 @@ in {
path = "${config.services.mpd.musicDirectory}/mukke";
argument = mukkeMountPoint;
})
(tmpfilesConfig {
(pkgs.lib.niveum.tmpfilesConfig {
type = "L+";
mode = "0644";
user = "mpd";
@@ -81,19 +78,19 @@ in {
dport = config.services.mpd.network.port;
protocol = "tcp";
rules = [
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = "192.168.0.0/16";
})
(firewall.accept {
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = "127.0.0.0/8";
})
];
in {
allowedTCPPorts = [80];
extraCommands = firewall.addRules rules;
extraStopCommands = firewall.removeRules rules;
extraCommands = pkgs.lib.niveum.firewall.addRules rules;
extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
};
systemd.services.mpd-playlists = {