chore: organize

use read-made spotifyd module move sshPort to niveum lib (used also from deploy.nix) factor out sshd config, use from toum factor out urlwatch access scardanelli locally mpd: configure webradio playlist scardanelli: use cage for kiosk toum: use wifi config toum: use spacetime, dont redeclare toum: use ssh config
2026-03-18 19:11:08 +01:00 · 2020-10-28 21:43:33 +01:00
parent 3efb4682f2
commit a0855f8bbb
12 changed files with 141 additions and 180 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -262,6 +262,7 @@ in {
    ./rofi.nix
    ./spacetime.nix
    ./ssh.nix
+    ./sshd.nix
    ./sudo.nix
    ./sxiv.nix
    ./themes/mac-os.nix
--- a/configs/mpd.nix
+++ b/configs/mpd.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, lib, ... }:
+let
+  radioStations = import <niveum/lib/radio-stations.nix>;
+  radioStationsFile = pkgs.writeText "stations" (lib.concatStringsSep "\n" radioStations);
+in
+{
+  system.activationScripts.webradio = ''
+    install -d /var/lib/mpd/playlists
+    ln -sfn ${toString radioStationsFile} /var/lib/mpd/playlists/webradio.m3u
+  '';
+
+  services.mpd.enable = true;
+  services.ympd.enable = true;
+
+  # dont let anyone outside localhost or local network in
+  networking.firewall.extraCommands = let ympdPort = config.services.ympd.webPort; in ''
+    ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 192.168.0.0/16 -j ACCEPT
+    ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 127.0.0.0/8 -j ACCEPT
+    ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -j DROP
+  '';
+}
--- a/configs/spotifyd.nix
+++ b/configs/spotifyd.nix
@@ -1,32 +1,12 @@
-{ pkgs, lib, ... }:
-let
-  inherit (lib.strings) fileContents;
-in {
-  services.dbus.packages = [ pkgs.gnome3.dconf ];
-
-  # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/audio/spotifyd.nix
-  systemd.user.services.spotifyd = let
-    spotifyd = pkgs.spotifyd.override {
-      withMpris = true;
-      withPulseAudio = true;
-      inherit (pkgs) libpulseaudio dbus;
-    };
-    spotifydConf = pkgs.writeText "spotifyd.conf" (lib.generators.toINI { } {
+{ lib, ... }:
+{
+  services.spotifyd = {
+    enable = true;
+    config = lib.generators.toINI { } {
      global = {
-        username = fileContents <secrets/spotify/username>;
-        password = fileContents <secrets/spotify/password>;
-        backend = "pulseaudio";
+        username = lib.strings.fileContents <secrets/spotify/username>;
+        password = lib.strings.fileContents <secrets/spotify/password>;
      };
-    });
-  in {
-    wantedBy = [ "default.target" ];
-    after = [ "network-online.target" "sound.target" ];
-    description = "spotifyd, a Spotify playing daemon";
-    serviceConfig = {
-      ExecStart =
-        "${spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
-      Restart = "always";
-      RestartSec = 12;
    };
  };
 }
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -1,26 +1,15 @@
 { pkgs, config, lib, ... }:
 let
-  sshPort = 22022;
+  inherit (import <niveum/lib>) sshPort;
  kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl {
    url = "https://github.com/kmein.keys";
    sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx";
  }));
 in {
-  services.xserver.displayManager.sessionCommands =
-    "${pkgs.openssh}/bin/ssh-add";
+  services.xserver.displayManager.sessionCommands = "${pkgs.openssh}/bin/ssh-add";

  programs.ssh.startAgent = true;

-  services.openssh = {
-    ports = [ sshPort ];
-    enable = true;
-    passwordAuthentication = false;
-    forwardX11 = true;
-  };
-
-  users.motd = "Welcome to ${config.networking.hostName}!";
-
-  users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
  users.users.me.openssh.authorizedKeys.keys = kmeinKeys;

  home-manager.users.me.programs.ssh = {
--- a/configs/sshd.nix
+++ b/configs/sshd.nix
@@ -0,0 +1,20 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (import <niveum/lib>) sshPort;
+  kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl {
+    url = "https://github.com/kmein.keys";
+    sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx";
+  }));
+in
+{
+  users.motd = "Welcome to ${config.networking.hostName}!";
+
+  services.openssh = {
+    enable = true;
+    ports = [ sshPort ];
+    passwordAuthentication = false;
+    forwardX11 = true;
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
+}
--- a/configs/urlwatch.nix
+++ b/configs/urlwatch.nix
@@ -0,0 +1,16 @@
+{ lib, ... }:
+{
+  imports = [ <stockholm/krebs/3modules/urlwatch.nix> ];
+
+  krebs.urlwatch = {
+    enable = true;
+    onCalendar = "*-*-* 05:00:00";
+    sendmail.enable = false;
+    telegram = {
+      enable = true;
+      chatId = [ "18980945" ];
+      botToken = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
+    };
+    urls = [ ];
+  };
+}