kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

chore: organize

Browse Source 
use read-made spotifyd module
move sshPort to niveum lib (used also from deploy.nix)
factor out sshd config, use from toum
factor out urlwatch
access scardanelli locally
mpd: configure webradio playlist
scardanelli: use cage for kiosk
toum: use wifi config
toum: use spacetime, dont redeclare
toum: use ssh config
This commit is contained in:
Kierán Meinhardt
2020-10-28 21:43:33 +01:00
parent 3efb4682f2
commit a0855f8bbb
12 changed files with 141 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configs/default.nix
View File

@@ -262,6 +262,7 @@ in {
./rofi.nix ./rofi.nix
./spacetime.nix ./spacetime.nix
./ssh.nix ./ssh.nix
./sshd.nix
./sudo.nix ./sudo.nix
./sxiv.nix ./sxiv.nix
./themes/mac-os.nix ./themes/mac-os.nix

21
configs/mpd.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, lib, ... }:
let
radioStations = import <niveum/lib/radio-stations.nix>;
radioStationsFile = pkgs.writeText "stations" (lib.concatStringsSep "\n" radioStations);
in
{
system.activationScripts.webradio = ''
install -d /var/lib/mpd/playlists
ln -sfn ${toString radioStationsFile} /var/lib/mpd/playlists/webradio.m3u
'';
services.mpd.enable = true;
services.ympd.enable = true;
# dont let anyone outside localhost or local network in
networking.firewall.extraCommands = let ympdPort = config.services.ympd.webPort; in ''
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 192.168.0.0/16 -j ACCEPT
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 127.0.0.0/8 -j ACCEPT
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -j DROP
'';
}

34
configs/spotifyd.nix
View File

@@ -1,32 +1,12 @@
{ pkgs, lib, ... }: { lib, ... }:
let {
inherit (lib.strings) fileContents; services.spotifyd = {
in { enable = true;
services.dbus.packages = [ pkgs.gnome3.dconf ]; config = lib.generators.toINI { } {
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/audio/spotifyd.nix
systemd.user.services.spotifyd = let
spotifyd = pkgs.spotifyd.override {
withMpris = true;
withPulseAudio = true;
inherit (pkgs) libpulseaudio dbus;
};
spotifydConf = pkgs.writeText "spotifyd.conf" (lib.generators.toINI { } {
global = { global = {
username = fileContents <secrets/spotify/username>; username = lib.strings.fileContents <secrets/spotify/username>;
password = fileContents <secrets/spotify/password>; password = lib.strings.fileContents <secrets/spotify/password>;
backend = "pulseaudio";
}; };
});
in {
wantedBy = [ "default.target" ];
after = [ "network-online.target" "sound.target" ];
description = "spotifyd, a Spotify playing daemon";
serviceConfig = {
ExecStart =
"${spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
Restart = "always";
RestartSec = 12;
}; };
}; };
} }

15
configs/ssh.nix
View File

@@ -1,26 +1,15 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
sshPort = 22022; inherit (import <niveum/lib>) sshPort;
kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl { kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl {
url = "https://github.com/kmein.keys"; url = "https://github.com/kmein.keys";
sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx"; sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx";
})); }));
in { in {
services.xserver.displayManager.sessionCommands = services.xserver.displayManager.sessionCommands = "${pkgs.openssh}/bin/ssh-add";
"${pkgs.openssh}/bin/ssh-add";
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
services.openssh = {
ports = [ sshPort ];
enable = true;
passwordAuthentication = false;
forwardX11 = true;
};
users.motd = "Welcome to ${config.networking.hostName}!";
users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
users.users.me.openssh.authorizedKeys.keys = kmeinKeys; users.users.me.openssh.authorizedKeys.keys = kmeinKeys;
home-manager.users.me.programs.ssh = { home-manager.users.me.programs.ssh = {

20
configs/sshd.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let
inherit (import <niveum/lib>) sshPort;
kmeinKeys = lib.strings.splitString "\n" (lib.strings.fileContents (pkgs.fetchurl {
url = "https://github.com/kmein.keys";
sha256 = "1b9gbpgihg7zc89ivsz0gs3najp0zg53rcknvzvkm0851fdzkryx";
}));
in
{
users.motd = "Welcome to ${config.networking.hostName}!";
services.openssh = {
enable = true;
ports = [ sshPort ];
passwordAuthentication = false;
forwardX11 = true;
};
users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
}

16
configs/urlwatch.nix Normal file
View File

@@ -0,0 +1,16 @@
{ lib, ... }:
{
imports = [ <stockholm/krebs/3modules/urlwatch.nix> ];
krebs.urlwatch = {
enable = true;
onCalendar = "*-*-* 05:00:00";
sendmail.enable = false;
telegram = {
enable = true;
chatId = [ "18980945" ];
botToken = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
};
urls = [ ];
};
}

6
deploy.nix
View File

@@ -1,4 +1,6 @@
let let
inherit (import ./lib/default.nix) sshPort;
gitFromJson = path: gitFromJson = path:
let object = importJson path; let object = importJson path;
in { in {
@@ -29,14 +31,14 @@ let
name = "shared"; name = "shared";
}; };
}]; }];
target = "root@${address}:22022"; target = "root@${address}:${toString sshPort}";
}; };
inherit (pkgs.krops) writeDeploy; inherit (pkgs.krops) writeDeploy;
in { in {
scardanelli = writeDeploy "deploy-scardanelli" (regularSystem { scardanelli = writeDeploy "deploy-scardanelli" (regularSystem {
path = systems/scardanelli; path = systems/scardanelli;
name = "scardanelli"; name = "scardanelli";
address = "scardanelli.r"; address = "192.168.178.21";
}); });
homeros = writeDeploy "deploy-homeros" (regularSystem { homeros = writeDeploy "deploy-homeros" (regularSystem {
path = systems/homeros; path = systems/homeros;

37
dot/radio-stations.txt Normal file
View File

@@ -0,0 +1,37 @@
http://ice1.somafm.com/groovesalad-32-aac
http://ice1.somafm.com/dronezone-128-mp3
http://ice1.somafm.com/groovesalad-32-aac
http://ice1.somafm.com/spacestation-128-aac
http://ice1.somafm.com/thetrip-128-mp3
http://ice1.somafm.com/beatblender-128-aac
http://ice1.somafm.com/dronezone-128-mp3
http://ice1.somafm.com/groovesalad-32-aac
http://ice1.somafm.com/beatblender-128-aac
http://ice1.somafm.com/spacestation-128-aac
http://ice1.somafm.com/thetrip-128-mp3
http://ice1.somafm.com/defcon-128-aac
http://ice1.somafm.com/dubstep-128-aac
http://prem2.di.fm:80/glitchhop_hi?4527f2ba1755917
http://prem2.di.fm:80/bassline_hi?4527f2ba1755917
http://prem2.di.fm:80/progressivepsy_hi?4527f2ba1755917
http://prem2.di.fm:80/minimal_hi?4527f2ba1755917
http://prem2.di.fm:80/drumandbass_hi?4527f2ba1755917
http://prem2.di.fm:80/dubstep_hi?4527f2ba1755917
http://prem2.di.fm:80/liquiddnb_hi?4527f2ba1755917
http://prem2.di.fm:80/progressive_hi?4527f2ba1755917
http://prem2.di.fm:80/djmixes_hi?4527f2ba1755917
http://prem2.di.fm:80/electrohouse_hi?4527f2ba1755917
http://prem2.di.fm:80/breaks_hi?4527f2ba1755917
http://prem2.di.fm:80/classicelectronica_hi?4527f2ba1755917
http://prem2.di.fm:80/liquiddubstep_hi?4527f2ba1755917
http://prem2.di.fm:80/techhouse_hi?4527f2ba1755917
http://prem2.di.fm:80/chillout_hi?4527f2ba1755917
http://prem2.di.fm:80/lounge_hi?4527f2ba1755917
http://prem2.di.fm:80/hardtechno_hi?4527f2ba1755917
http://prem2.di.fm:80/handsup_hi?4527f2ba1755917
http://prem2.di.fm:80/deephouse_hi?4527f2ba1755917
http://prem2.di.fm:80/drumstep_hi?4527f2ba1755917
http://prem2.di.fm:80/electroswing_hi?4527f2ba1755917
http://prem2.di.fm:80/dub_hi?4527f2ba1755917
http://prem2.di.fm:80/trap_hi?4527f2ba1755917
https://radio.lassul.us/radio.ogg

2
lib/default.nix
View File

@@ -15,4 +15,6 @@
url = "https://github.com/NixOS/nixpkgs"; url = "https://github.com/NixOS/nixpkgs";
rev = "4512dac960f3833cf24cdbd742b63cb447bbdd9a"; rev = "4512dac960f3833cf24cdbd742b63cb447bbdd9a";
}; };
sshPort = 22022;
} }

2
packages/scripts/default.nix
View File

@@ -36,7 +36,7 @@ in rec {
rev = "9cb4ede215be6bb01bd2df1ef3e9689cc8c4eb9e"; rev = "9cb4ede215be6bb01bd2df1ef3e9689cc8c4eb9e";
sha256 = "1g47cj5an7xgmhpc09m7qim5j9rspqxvnzfy90cnlvz4pg8hil96"; sha256 = "1g47cj5an7xgmhpc09m7qim5j9rspqxvnzfy90cnlvz4pg8hil96";
}; };
in pkgs.writers.writeBashBin "interdimensional-cable" '' in pkgs.writeShellScriptBin "interdimensional-cable" ''
export PATH=${lib.makeBinPath [ pkgs.mpv pkgs.jq pkgs.gnused ]} export PATH=${lib.makeBinPath [ pkgs.mpv pkgs.jq pkgs.gnused ]}
mpv --shuffle --playlist=<(jq -r '.videos[]' ${nimaid-github-io}/tv/interdimensional_database.json | sed 's#^#https://youtu.be/#') mpv --shuffle --playlist=<(jq -r '.videos[]' ${nimaid-github-io}/tv/interdimensional_database.json | sed 's#^#https://youtu.be/#')
''; '';

112
systems/scardanelli/configuration.nix
View File

@@ -11,39 +11,33 @@ in {
<niveum/configs/keyboard.nix> <niveum/configs/keyboard.nix>
<niveum/modules/retiolum.nix> <niveum/modules/retiolum.nix>
<niveum/modules/constants.nix> <niveum/modules/constants.nix>
<niveum/configs/spotifyd.nix>
<niveum/configs/spacetime.nix> <niveum/configs/spacetime.nix>
{ <niveum/configs/mpd.nix>
services.mpd = { <niveum/configs/sshd.nix>
enable = true; <niveum/configs/spotifyd.nix>
extraConfig = ''
audio_output {
type "pulse"
name "Pulseaudio"
server "127.0.0.1"
}
'';
};
hardware.pulseaudio.extraConfig = "load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1";
services.ympd = {
enable = true;
webPort = 8080;
};
networking.firewall.extraCommands = ''
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -s 192.168.0.0/16 -j ACCEPT
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -s 127.0.0.0/8 -j ACCEPT
${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport 8080 -j DROP
'';
}
{ {
sound.enable = true; sound.enable = true;
}
hardware.pulseaudio.enable = true; {
services.illum.enable = true;
environment.systemPackages = [ pkgs.pavucontrol pkgs.pamixer ]; }
{
users.extraUsers.kiosk = {
isNormalUser = true;
password = "";
openssh.authorizedKeys.keys = kmeinKeys;
};
services.cage = {
enable = true;
user = config.users.extraUsers.kiosk.name;
program = let startUrl = "https://youtube.com"; in ''
${pkgs.chromium}/bin/chromium \
--incognito --disable-translate \
--no-first-run --no-message-box --noerrdialogs \
--default-browser --no-default-browser-check \
--start-maximized --kiosk ${startUrl}
'';
};
} }
]; ];
@@ -59,64 +53,6 @@ in {
environment.systemPackages = with pkgs; [ git vim htop ]; environment.systemPackages = with pkgs; [ git vim htop ];
users.mutableUsers = false;
users.users.kiosk = {
isNormalUser = true;
name = "kiosk";
extraGroups = [ "audio" ];
password = "";
openssh.authorizedKeys.keys = kmeinKeys;
};
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
];
};
services.xserver = {
enable = true;
enableCtrlAltBackspace = true;
displayManager = {
autoLogin = {
enable = true;
user = config.users.users.kiosk.name;
};
sessionCommands = ''
${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off
'';
session = [
{
manage = "desktop";
name = "youtube";
start = let startUrl = "https://youtube.com"; in ''
export PATH=$PATH:${lib.makeBinPath [ pkgs.chromium pkgs.xorg.xrandr pkgs.gawk pkgs.gnused ]}
SIZE="$(xrandr | awk '/\*\+/{print $1}' | sed s/x/,/)"
chromium \
--incognito --disable-translate \
--no-first-run --no-message-box --noerrdialogs \
--default-browser --no-default-browser-check \
--start-maximized --window-position=0,0 --window-size="$SIZE" \
--kiosk ${startUrl}
waitPID=$!
'';
}
];
};
};
services.openssh = {
enable = true;
ports = [ 22022 ];
passwordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
boot.loader.systemd-boot = { boot.loader.systemd-boot = {
enable = true; enable = true;
configurationLimit = 5; configurationLimit = 5;

55
systems/toum/configuration.nix
View File

@@ -12,7 +12,9 @@ in {
<niveum/configs/distrobump.nix> <niveum/configs/distrobump.nix>
<niveum/configs/nextcloud.nix> <niveum/configs/nextcloud.nix>
<niveum/configs/spacetime.nix> <niveum/configs/spacetime.nix>
<niveum/configs/sshd.nix>
<niveum/configs/save-space.nix> <niveum/configs/save-space.nix>
<niveum/configs/wifi.nix>
<niveum/configs/tmux.nix> <niveum/configs/tmux.nix>
<niveum/configs/version.nix> <niveum/configs/version.nix>
<niveum/configs/traadfri.nix> <niveum/configs/traadfri.nix>
@@ -34,38 +36,12 @@ in {
})); }));
}; };
} }
{ services.keybase.enable = true; }
{ {
sound.enable = true; services.weechat.enable = true;
hardware.pulseaudio.enable = true; programs.screen.screenrc = ''
boot.loader.raspberryPi.firmwareConfig = ''
dtparam=audio=on
'';
}
{
imports = [ <stockholm/krebs/3modules/urlwatch.nix> ];
krebs.urlwatch = {
enable = true;
onCalendar = "*-*-* 05:00:00";
sendmail.enable = false;
telegram = {
enable = true;
chatId = [ "18980945" ];
botToken = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
};
urls = [
# "https://michael-klonovsky.de/acta-diurna"
];
};
}
{
services.weechat.enable = true;
programs.screen.screenrc = ''
multiuser on multiuser on
acladd ${config.users.users.me.name} acladd ${config.users.users.me.name}
''; '';
} }
]; ];
@@ -76,22 +52,11 @@ in {
networking.hostName = "toum"; networking.hostName = "toum";
time.timeZone = "Europe/Berlin";
networking.wireless = {
enable = false;
networks.Aether = {
pskRaw =
"e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
};
};
environment.variables.TERM = "linux"; environment.variables.TERM = "linux";
environment.variables.HTOPRC = toString <niveum/dot/htoprc>; environment.variables.HTOPRC = toString <niveum/dot/htoprc>;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git vim htop wget reptyr git vim htop wget reptyr
raspberrypi-tools raspberrypi-tools
]; ];
@@ -105,19 +70,11 @@ in {
hashedPassword = hashedPassword =
"$6$w9hXyGFl/.IZBXk$5OiWzS1G.5hImhh1YQmZiCXYNAJhi3X6Y3uSLupJNYYXPLMsQpx2fwF4Xr2uYzGMV8Foqh8TgUavx1APD9rcb/"; "$6$w9hXyGFl/.IZBXk$5OiWzS1G.5hImhh1YQmZiCXYNAJhi3X6Y3uSLupJNYYXPLMsQpx2fwF4Xr2uYzGMV8Foqh8TgUavx1APD9rcb/";
shell = pkgs.bash; shell = pkgs.bash;
openssh.authorizedKeys.keys = kmeinKeys;
}; };
security.sudo.enable = true; security.sudo.enable = true;
services.openssh = {
enable = true;
ports = [ 22022 ];
passwordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = kmeinKeys;
users.users.me.openssh.authorizedKeys.keys = kmeinKeys;
networking.retiolum = { networking.retiolum = {
ipv4 = "10.243.2.3"; ipv4 = "10.243.2.3";