kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 18:21:07 +01:00
Code Releases Activity

chore: organize

Browse Source 
use read-made spotifyd module
move sshPort to niveum lib (used also from deploy.nix)
factor out sshd config, use from toum
factor out urlwatch
access scardanelli locally
mpd: configure webradio playlist
scardanelli: use cage for kiosk
toum: use wifi config
toum: use spacetime, dont redeclare
toum: use ssh config
This commit is contained in:
Kierán Meinhardt
2020-10-28 21:43:33 +01:00
parent 3efb4682f2
commit a0855f8bbb
12 changed files with 141 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
systems/scardanelli/configuration.nix
View File

@@ -11,39 +11,33 @@ in {
<niveum/configs/keyboard.nix>
<niveum/modules/retiolum.nix>
<niveum/modules/constants.nix>
<niveum/configs/spotifyd.nix>
<niveum/configs/spacetime.nix>
{
services.mpd = {
enable = true;
extraConfig = ''
audio_output {
type "pulse"
name "Pulseaudio"
server "127.0.0.1"
}
'';
};
hardware.pulseaudio.extraConfig = "load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1";
services.ympd = {
enable = true;
webPort = 8080;
};
networking.firewall.extraCommands = ''
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -s 192.168.0.0/16 -j ACCEPT
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -s 127.0.0.0/8 -j ACCEPT
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -j DROP
'';
}
<niveum/configs/mpd.nix>
<niveum/configs/sshd.nix>
<niveum/configs/spotifyd.nix>
{
sound.enable = true;
hardware.pulseaudio.enable = true;
environment.systemPackages = [ pkgs.pavucontrol pkgs.pamixer ];
}
{
services.illum.enable = true;
}
{
users.extraUsers.kiosk = {
isNormalUser = true;
password = "";
openssh.authorizedKeys.keys = kmeinKeys;
};
services.cage = {
enable = true;
user = config.users.extraUsers.kiosk.name;
program = let startUrl = "https://youtube.com"; in ''
${pkgs.chromium}/bin/chromium \
--incognito --disable-translate \
--no-first-run --no-message-box --noerrdialogs \
--default-browser --no-default-browser-check \
--start-maximized --kiosk ${startUrl}
'';
};
}
];
@@ -59,64 +53,6 @@ in {
environment.systemPackages = with pkgs; [ git vim htop ];
users.mutableUsers = false;
users.users.kiosk = {
isNormalUser = true;
name = "kiosk";
extraGroups = [ "audio" ];
password = "";
openssh.authorizedKeys.keys = kmeinKeys;
};
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
];
};
services.xserver = {
enable = true;
enableCtrlAltBackspace = true;
displayManager = {
autoLogin = {
enable = true;
user = config.users.users.kiosk.name;
};
sessionCommands = ''
${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off
'';
session = [
{
manage = "desktop";
name = "youtube";
start = let startUrl = "https://youtube.com"; in ''
export PATH=$PATH:${lib.makeBinPath [ pkgs.chromium pkgs.xorg.xrandr pkgs.gawk pkgs.gnused ]}
SIZE="$(xrandr | awk '/\*\+/{print $1}' | sed s/x/,/)"
chromium \
--incognito --disable-translate \
--no-first-run --no-message-box --noerrdialogs \
--default-browser --no-default-browser-check \
--start-maximized --window-position=0,0 --window-size="$SIZE" \
--kiosk ${startUrl}
waitPID=$!
'';
}
];
};
};
services.openssh = {
enable = true;
ports = [ 22022 ];
passwordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 5;

55
systems/toum/configuration.nix
View File

@@ -12,7 +12,9 @@ in {
<niveum/configs/distrobump.nix>
<niveum/configs/nextcloud.nix>
<niveum/configs/spacetime.nix>
<niveum/configs/sshd.nix>
<niveum/configs/save-space.nix>
<niveum/configs/wifi.nix>
<niveum/configs/tmux.nix>
<niveum/configs/version.nix>
<niveum/configs/traadfri.nix>
@@ -34,38 +36,12 @@ in {
}));
};
}
{ services.keybase.enable = true; }
{
sound.enable = true;
hardware.pulseaudio.enable = true;
boot.loader.raspberryPi.firmwareConfig = ''
dtparam=audio=on
'';
}
{
imports = [ <stockholm/krebs/3modules/urlwatch.nix> ];
krebs.urlwatch = {
enable = true;
onCalendar = "*-*-* 05:00:00";
sendmail.enable = false;
telegram = {
enable = true;
chatId = [ "18980945" ];
botToken = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
};
urls = [
# "https://michael-klonovsky.de/acta-diurna"
];
};
}
{
services.weechat.enable = true;
programs.screen.screenrc = ''
services.weechat.enable = true;
programs.screen.screenrc = ''
multiuser on
acladd ${config.users.users.me.name}
'';
'';
}
];
@@ -76,22 +52,11 @@ in {
networking.hostName = "toum";
time.timeZone = "Europe/Berlin";
networking.wireless = {
enable = false;
networks.Aether = {
pskRaw =
"e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
};
};
environment.variables.TERM = "linux";
environment.variables.HTOPRC = toString <niveum/dot/htoprc>;
environment.systemPackages = with pkgs; [
git vim htop wget reptyr
raspberrypi-tools
];
@@ -105,19 +70,11 @@ in {
hashedPassword =
"$6$w9hXyGFl/.IZBXk$5OiWzS1G.5hImhh1YQmZiCXYNAJhi3X6Y3uSLupJNYYXPLMsQpx2fwF4Xr2uYzGMV8Foqh8TgUavx1APD9rcb/";
shell = pkgs.bash;
openssh.authorizedKeys.keys = kmeinKeys;
};
security.sudo.enable = true;
services.openssh = {
enable = true;
ports = [ 22022 ];
passwordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
users.users.me.openssh.authorizedKeys.keys = kmeinKeys;
networking.retiolum = {
ipv4 = "10.243.2.3";