diff --git a/configs/default.nix b/configs/default.nix index 503298f..4ad2bba 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -262,6 +262,7 @@ in { ./rofi.nix ./spacetime.nix ./ssh.nix + ./sshd.nix ./sudo.nix ./sxiv.nix ./themes/mac-os.nix diff --git a/configs/mpd.nix b/configs/mpd.nix new file mode 100644 index 0000000..038c0a8 --- /dev/null +++ b/configs/mpd.nix @@ -0,0 +1,21 @@ +{ config, pkgs, lib, ... }: +let + radioStations = import ; + radioStationsFile = pkgs.writeText "stations" (lib.concatStringsSep "\n" radioStations); +in +{ + system.activationScripts.webradio = '' + install -d /var/lib/mpd/playlists + ln -sfn ${toString radioStationsFile} /var/lib/mpd/playlists/webradio.m3u + ''; + + services.mpd.enable = true; + services.ympd.enable = true; + + # dont let anyone outside localhost or local network in + networking.firewall.extraCommands = let ympdPort = config.services.ympd.webPort; in '' + ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 192.168.0.0/16 -j ACCEPT + ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 127.0.0.0/8 -j ACCEPT + ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -j DROP + ''; +} diff --git a/configs/spotifyd.nix b/configs/spotifyd.nix index 83644f9..6400d8f 100644 --- a/configs/spotifyd.nix +++ b/configs/spotifyd.nix @@ -1,32 +1,12 @@ -{ pkgs, lib, ... }: -let - inherit (lib.strings) fileContents; -in { - services.dbus.packages = [ pkgs.gnome3.dconf ]; - - # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/audio/spotifyd.nix - systemd.user.services.spotifyd = let - spotifyd = pkgs.spotifyd.override { - withMpris = true; - withPulseAudio = true; - inherit (pkgs) libpulseaudio dbus; - }; - spotifydConf = pkgs.writeText "spotifyd.conf" (lib.generators.toINI { } { +{ lib, ... }: +{ + services.spotifyd = { + enable = true; + config = lib.generators.toINI { } { global = { - username = fileContents ; - password = fileContents ; - backend = "pulseaudio"; + username = lib.strings.fileContents ; + password = lib.strings.fileContents ; }; - }); - in { - wantedBy = [ "default.target" ]; - after = [ "network-online.target" "sound.target" ]; - description = "spotifyd, a Spotify playing daemon"; - serviceConfig = { - ExecStart = - "${spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}"; - Restart = "always"; - RestartSec = 12; }; }; } diff --git a/configs/ssh.nix b/configs/ssh.nix index 3711fc4..7fc57fa 100644 --- a/configs/ssh.nix +++ b/configs/ssh.nix @@ -1,26 +1,15 @@ { pkgs, config, lib, ... }: let - sshPort = 22022; + inherit (import ) sshPort; kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl { url = "https://github.com/kmein.keys"; sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx"; })); in { - services.xserver.displayManager.sessionCommands = - "${pkgs.openssh}/bin/ssh-add"; + services.xserver.displayManager.sessionCommands = "${pkgs.openssh}/bin/ssh-add"; programs.ssh.startAgent = true; - services.openssh = { - ports = [ sshPort ]; - enable = true; - passwordAuthentication = false; - forwardX11 = true; - }; - - users.motd = "Welcome to ${config.networking.hostName}!"; - - users.users.root.openssh.authorizedKeys.keys = kmeinKeys; users.users.me.openssh.authorizedKeys.keys = kmeinKeys; home-manager.users.me.programs.ssh = { diff --git a/configs/sshd.nix b/configs/sshd.nix new file mode 100644 index 0000000..8fbeff3 --- /dev/null +++ b/configs/sshd.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: +let + inherit (import ) sshPort; + kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl { + url = "https://github.com/kmein.keys"; + sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx"; + })); +in +{ + users.motd = "Welcome to ${config.networking.hostName}!"; + + services.openssh = { + enable = true; + ports = [ sshPort ]; + passwordAuthentication = false; + forwardX11 = true; + }; + + users.users.root.openssh.authorizedKeys.keys = kmeinKeys; +} diff --git a/configs/urlwatch.nix b/configs/urlwatch.nix new file mode 100644 index 0000000..e20ebc3 --- /dev/null +++ b/configs/urlwatch.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +{ + imports = [ ]; + + krebs.urlwatch = { + enable = true; + onCalendar = "*-*-* 05:00:00"; + sendmail.enable = false; + telegram = { + enable = true; + chatId = [ "18980945" ]; + botToken = lib.strings.fileContents ; + }; + urls = [ ]; + }; +} diff --git a/deploy.nix b/deploy.nix index 213daec..1d371ce 100644 --- a/deploy.nix +++ b/deploy.nix @@ -1,4 +1,6 @@ let + inherit (import ./lib/default.nix) sshPort; + gitFromJson = path: let object = importJson path; in { @@ -29,14 +31,14 @@ let name = "shared"; }; }]; - target = "root@${address}:22022"; + target = "root@${address}:${toString sshPort}"; }; inherit (pkgs.krops) writeDeploy; in { scardanelli = writeDeploy "deploy-scardanelli" (regularSystem { path = systems/scardanelli; name = "scardanelli"; - address = "scardanelli.r"; + address = "192.168.178.21"; }); homeros = writeDeploy "deploy-homeros" (regularSystem { path = systems/homeros; diff --git a/dot/radio-stations.txt b/dot/radio-stations.txt new file mode 100644 index 0000000..c3b012b --- /dev/null +++ b/dot/radio-stations.txt @@ -0,0 +1,37 @@ +http://ice1.somafm.com/groovesalad-32-aac +http://ice1.somafm.com/dronezone-128-mp3 +http://ice1.somafm.com/groovesalad-32-aac +http://ice1.somafm.com/spacestation-128-aac +http://ice1.somafm.com/thetrip-128-mp3 +http://ice1.somafm.com/beatblender-128-aac +http://ice1.somafm.com/dronezone-128-mp3 +http://ice1.somafm.com/groovesalad-32-aac +http://ice1.somafm.com/beatblender-128-aac +http://ice1.somafm.com/spacestation-128-aac +http://ice1.somafm.com/thetrip-128-mp3 +http://ice1.somafm.com/defcon-128-aac +http://ice1.somafm.com/dubstep-128-aac +http://prem2.di.fm:80/glitchhop_hi?4527f2ba1755917 +http://prem2.di.fm:80/bassline_hi?4527f2ba1755917 +http://prem2.di.fm:80/progressivepsy_hi?4527f2ba1755917 +http://prem2.di.fm:80/minimal_hi?4527f2ba1755917 +http://prem2.di.fm:80/drumandbass_hi?4527f2ba1755917 +http://prem2.di.fm:80/dubstep_hi?4527f2ba1755917 +http://prem2.di.fm:80/liquiddnb_hi?4527f2ba1755917 +http://prem2.di.fm:80/progressive_hi?4527f2ba1755917 +http://prem2.di.fm:80/djmixes_hi?4527f2ba1755917 +http://prem2.di.fm:80/electrohouse_hi?4527f2ba1755917 +http://prem2.di.fm:80/breaks_hi?4527f2ba1755917 +http://prem2.di.fm:80/classicelectronica_hi?4527f2ba1755917 +http://prem2.di.fm:80/liquiddubstep_hi?4527f2ba1755917 +http://prem2.di.fm:80/techhouse_hi?4527f2ba1755917 +http://prem2.di.fm:80/chillout_hi?4527f2ba1755917 +http://prem2.di.fm:80/lounge_hi?4527f2ba1755917 +http://prem2.di.fm:80/hardtechno_hi?4527f2ba1755917 +http://prem2.di.fm:80/handsup_hi?4527f2ba1755917 +http://prem2.di.fm:80/deephouse_hi?4527f2ba1755917 +http://prem2.di.fm:80/drumstep_hi?4527f2ba1755917 +http://prem2.di.fm:80/electroswing_hi?4527f2ba1755917 +http://prem2.di.fm:80/dub_hi?4527f2ba1755917 +http://prem2.di.fm:80/trap_hi?4527f2ba1755917 +https://radio.lassul.us/radio.ogg diff --git a/lib/default.nix b/lib/default.nix index d174f4d..2b82d7d 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -15,4 +15,6 @@ url = "https://github.com/NixOS/nixpkgs"; rev = "4512dac960f3833cf24cdbd742b63cb447bbdd9a"; }; + + sshPort = 22022; } diff --git a/packages/scripts/default.nix b/packages/scripts/default.nix index b0f6269..a8005ff 100644 --- a/packages/scripts/default.nix +++ b/packages/scripts/default.nix @@ -36,7 +36,7 @@ in rec { rev = "9cb4ede215be6bb01bd2df1ef3e9689cc8c4eb9e"; sha256 = "1g47cj5an7xgmhpc09m7qim5j9rspqxvnzfy90cnlvz4pg8hil96"; }; - in pkgs.writers.writeBashBin "interdimensional-cable" '' + in pkgs.writeShellScriptBin "interdimensional-cable" '' export PATH=${lib.makeBinPath [ pkgs.mpv pkgs.jq pkgs.gnused ]} mpv --shuffle --playlist=<(jq -r '.videos[]' ${nimaid-github-io}/tv/interdimensional_database.json | sed 's#^#https://youtu.be/#') ''; diff --git a/systems/scardanelli/configuration.nix b/systems/scardanelli/configuration.nix index 1ee9428..6f6b2a2 100644 --- a/systems/scardanelli/configuration.nix +++ b/systems/scardanelli/configuration.nix @@ -11,39 +11,33 @@ in { - - { - services.mpd = { - enable = true; - extraConfig = '' - audio_output { - type "pulse" - name "Pulseaudio" - server "127.0.0.1" - } - ''; - }; - - hardware.pulseaudio.extraConfig = "load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1"; - - services.ympd = { - enable = true; - webPort = 8080; - }; - - networking.firewall.extraCommands = '' - ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -s 192.168.0.0/16 -j ACCEPT - ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -s 127.0.0.0/8 -j ACCEPT - ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -j DROP - ''; - } + + + { sound.enable = true; - - hardware.pulseaudio.enable = true; - - environment.systemPackages = [ pkgs.pavucontrol pkgs.pamixer ]; + } + { + services.illum.enable = true; + } + { + users.extraUsers.kiosk = { + isNormalUser = true; + password = ""; + openssh.authorizedKeys.keys = kmeinKeys; + }; + services.cage = { + enable = true; + user = config.users.extraUsers.kiosk.name; + program = let startUrl = "https://youtube.com"; in '' + ${pkgs.chromium}/bin/chromium \ + --incognito --disable-translate \ + --no-first-run --no-message-box --noerrdialogs \ + --default-browser --no-default-browser-check \ + --start-maximized --kiosk ${startUrl} + ''; + }; } ]; @@ -59,64 +53,6 @@ in { environment.systemPackages = with pkgs; [ git vim htop ]; - users.mutableUsers = false; - users.users.kiosk = { - isNormalUser = true; - name = "kiosk"; - extraGroups = [ "audio" ]; - password = ""; - openssh.authorizedKeys.keys = kmeinKeys; - }; - - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin - ]; - }; - - services.xserver = { - enable = true; - enableCtrlAltBackspace = true; - - displayManager = { - autoLogin = { - enable = true; - user = config.users.users.kiosk.name; - }; - sessionCommands = '' - ${pkgs.xorg.xset}/bin/xset -dpms - ${pkgs.xorg.xset}/bin/xset s off - ''; - session = [ - { - manage = "desktop"; - name = "youtube"; - start = let startUrl = "https://youtube.com"; in '' - export PATH=$PATH:${lib.makeBinPath [ pkgs.chromium pkgs.xorg.xrandr pkgs.gawk pkgs.gnused ]} - SIZE="$(xrandr | awk '/\*\+/{print $1}' | sed s/x/,/)" - - chromium \ - --incognito --disable-translate \ - --no-first-run --no-message-box --noerrdialogs \ - --default-browser --no-default-browser-check \ - --start-maximized --window-position=0,0 --window-size="$SIZE" \ - --kiosk ${startUrl} - waitPID=$! - ''; - } - ]; - }; - }; - - services.openssh = { - enable = true; - ports = [ 22022 ]; - passwordAuthentication = false; - }; - - users.users.root.openssh.authorizedKeys.keys = kmeinKeys; - boot.loader.systemd-boot = { enable = true; configurationLimit = 5; diff --git a/systems/toum/configuration.nix b/systems/toum/configuration.nix index 66eea64..be9357f 100644 --- a/systems/toum/configuration.nix +++ b/systems/toum/configuration.nix @@ -12,7 +12,9 @@ in { + + @@ -34,38 +36,12 @@ in { })); }; } - { services.keybase.enable = true; } { - sound.enable = true; - hardware.pulseaudio.enable = true; - - boot.loader.raspberryPi.firmwareConfig = '' - dtparam=audio=on - ''; - } - { - imports = [ ]; - - krebs.urlwatch = { - enable = true; - onCalendar = "*-*-* 05:00:00"; - sendmail.enable = false; - telegram = { - enable = true; - chatId = [ "18980945" ]; - botToken = lib.strings.fileContents ; - }; - urls = [ - # "https://michael-klonovsky.de/acta-diurna" - ]; - }; - } - { - services.weechat.enable = true; - programs.screen.screenrc = '' + services.weechat.enable = true; + programs.screen.screenrc = '' multiuser on acladd ${config.users.users.me.name} - ''; + ''; } ]; @@ -76,22 +52,11 @@ in { networking.hostName = "toum"; - time.timeZone = "Europe/Berlin"; - - networking.wireless = { - enable = false; - networks.Aether = { - pskRaw = - "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a"; - }; - }; - environment.variables.TERM = "linux"; environment.variables.HTOPRC = toString ; environment.systemPackages = with pkgs; [ git vim htop wget reptyr - raspberrypi-tools ]; @@ -105,19 +70,11 @@ in { hashedPassword = "$6$w9hXyGFl/.IZBXk$5OiWzS1G.5hImhh1YQmZiCXYNAJhi3X6Y3uSLupJNYYXPLMsQpx2fwF4Xr2uYzGMV8Foqh8TgUavx1APD9rcb/"; shell = pkgs.bash; + openssh.authorizedKeys.keys = kmeinKeys; }; security.sudo.enable = true; - services.openssh = { - enable = true; - ports = [ 22022 ]; - passwordAuthentication = false; - }; - - users.users.root.openssh.authorizedKeys.keys = kmeinKeys; - - users.users.me.openssh.authorizedKeys.keys = kmeinKeys; networking.retiolum = { ipv4 = "10.243.2.3";