diff --git a/.github/workflows/flake.yml b/.github/workflows/flake.yml index 18ed1a5..8d4be3a 100644 --- a/.github/workflows/flake.yml +++ b/.github/workflows/flake.yml @@ -2,7 +2,7 @@ name: Update flake.lock on: workflow_dispatch: # allows manual triggering schedule: - - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 + - cron: "0 0 * * 0" # runs weekly on Sunday at 00:00 jobs: lockfile: diff --git a/.github/workflows/niveum.yml b/.github/workflows/niveum.yml index 8b969b8..200038b 100644 --- a/.github/workflows/niveum.yml +++ b/.github/workflows/niveum.yml @@ -7,33 +7,33 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - system: [makanek,manakish,kabsa,zaatar,ful,fatteh] + system: [makanek, manakish, kabsa, zaatar, ful, fatteh] steps: - - uses: actions/checkout@v3 - - name: Install QEMU (ARM) - run: | - sudo apt-get update - sudo apt-get install -y qemu-user-static - if: ${{ matrix.system == 'ful' }} - - name: Install Nix (ARM) - uses: cachix/install-nix-action@v16 - if: ${{ matrix.system == 'ful' }} - with: - extra_nix_config: | - system = aarch64-linux - - name: Install Nix (x86_64) - uses: cachix/install-nix-action@v16 - if: ${{ matrix.system != 'ful' }} - - name: nixos-rebuild dry-build - run: | - # remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218 - git submodule deinit -f secrets - rm -rf .git/modules/secrets - git rm -f secrets + - uses: actions/checkout@v3 + - name: Install QEMU (ARM) + run: | + sudo apt-get update + sudo apt-get install -y qemu-user-static + if: ${{ matrix.system == 'ful' }} + - name: Install Nix (ARM) + uses: cachix/install-nix-action@v16 + if: ${{ matrix.system == 'ful' }} + with: + extra_nix_config: | + system = aarch64-linux + - name: Install Nix (x86_64) + uses: cachix/install-nix-action@v16 + if: ${{ matrix.system != 'ful' }} + - name: nixos-rebuild dry-build + run: | + # remove secrets: ref https://stackoverflow.com/questions/1260748/how-do-i-remove-a-submodule/36593218 + git submodule deinit -f secrets + rm -rf .git/modules/secrets + git rm -f secrets - # recreate secrets - mkdir secrets - cat secrets.txt | while read -r path; do touch $path; done - git add secrets + # recreate secrets + mkdir secrets + cat secrets.txt | while read -r path; do touch $path; done + git add secrets - nix run nixpkgs#nixos-rebuild -- dry-build --flake $GITHUB_WORKSPACE#${{matrix.system}} + nix run nixpkgs#nixos-rebuild -- dry-build --flake $GITHUB_WORKSPACE#${{matrix.system}} diff --git a/README.md b/README.md index 2b39123..c5b9364 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,14 @@ > [nĭvĕus](https://logeion.uchicago.edu/niveus), a, um, adj. [nix], _of_ or _from snow, snowy, snow-_ (poet.) > > 1. Lit.: aggeribus niveis informis, Verg. G. 3, 354: aqua, _cooled with snow_, Mart. 12, 17, 6; cf. id. 14, 104 and 117: mons, _covered with snow_, Cat. 64, 240.— -> > 2. Transf., _snow-white, snowy_ (mostly poet.): a similitudine sic: Corpore niveum candorem, aspectu igneum ardorem assequebatur, Auct. Her. 4, 33, 44: lacerti, Verg. A. 8, 387: lac, id. E. 2, 20: hanc si capite niveae agnae exorari judicas, Sen. Q. N. 2, 36: Briseis niveo colore, Hor. C. 2, 4, 3: vestis, Ov. M. 10, 432: candidior nivei folio, Galatea, ligustri, id. ib. 13, 789: dens, id. H. 18, 18: quā notam duxit niveus videri, Hor. C. 4, 2, 59: panis, Juv. 5, 70: flumen, _clear, pellucid_, Sen. Hippol. 504: undae, Mart. 7, 32, 11: tribuni, _clothed in white togas_, Calp. Ecl. 7, 29; so, Quirites, Juv. 10, 45. ## Pressestimmen + > das ist ja pure poesie —[riotbib](https://github.com/riotbib/) > Deine Configs sind wunderschön <3 —[flxai](https://github.com/flxai/) ## To do + 🦗 diff --git a/packages/closest/distance.hs b/packages/closest/distance.hs index f5c39dd..f00a9b2 100644 --- a/packages/closest/distance.hs +++ b/packages/closest/distance.hs @@ -1,17 +1,18 @@ {-# LANGUAGE ApplicativeDo #-} {-# LANGUAGE RecordWildCards #-} + import Control.Arrow ((&&&)) import Control.Monad (forM_) -import Control.Parallel.Strategies (using, parList, rdeepseq) +import Control.Parallel.Strategies (parList, rdeepseq, using) import Data.Char (toLower) import Data.List (sortOn) import Options.Applicative -import Text.EditDistance (levenshteinDistance, defaultEditCosts) +import Text.EditDistance (defaultEditCosts, levenshteinDistance) data Options = Options - { limit :: Int - , word :: String - , dictionary :: FilePath + { limit :: Int, + word :: String, + dictionary :: FilePath } optionsParser :: Parser Options diff --git a/packages/devanagari/devanagari.js b/packages/devanagari/devanagari.js index 30176d1..d13acb5 100755 --- a/packages/devanagari/devanagari.js +++ b/packages/devanagari/devanagari.js @@ -12,6 +12,6 @@ rl.on("line", (line) => { console.log( Sanscript.t(line, "hk", "devanagari") .replace(/\.\./g, "॥") - .replace(/[,.]/g, "।") + .replace(/[,.]/g, "।"), ); }); diff --git a/packages/ipa.py b/packages/ipa.py index 4a76132..72737ba 100644 --- a/packages/ipa.py +++ b/packages/ipa.py @@ -4,150 +4,150 @@ import sys # https://www.phon.ucl.ac.uk/home/sampa/ipasam-x.pdf TODO XSAMPA_TO_IPA = { - "!": "\uA71C", - "!\\": "\u01C3", - "%": "\u02CC", + "!": "\ua71c", + "!\\": "\u01c3", + "%": "\u02cc", "&": "\u0276", - "'": "\u02B2", - "-\\": "\u203F", + "'": "\u02b2", + "-\\": "\u203f", "1": "\u0268", "2": "\u00f8", - "3": "\u025C", - "3\\": "\u025E", - "4": "\u027E", + "3": "\u025c", + "3\\": "\u025e", + "4": "\u027e", "5": "\u026b", "6": "\u0250", "7": "\u0264", "8": "\u0275", "9": "\u0153", - ":": "\u02D0", - ":\\": "\u02D1", - "": "\u02E9", + ":": "\u02d0", + ":\\": "\u02d1", + "": "\u02e9", "": "\u2198", - "": "\u02E6", - "": "\u02E8", - "": "\u02E7", + "": "\u02e6", + "": "\u02e8", + "": "\u02e7", "": "\u2197", - "": "\u02E5", - "<\\": "\u02A2", + "": "\u02e5", + "<\\": "\u02a2", "=": "\u0329", - "=\\": "\u01C2", - ">\\": "\u02A1", + "=\\": "\u01c2", + ">\\": "\u02a1", "?": "\u0294", "?\\": "\u0295", "@": "\u0259", "@\\": "\u0258", "A": "\u0251", - "B": "\u03B2", + "B": "\u03b2", "B\\": "\u0299", - "C": "\u00E7", - "D": "\u00F0", - "E": "\u025B", + "C": "\u00e7", + "D": "\u00f0", + "E": "\u025b", "F": "\u0271", "G": "\u0263", "G\\": "\u0262", - "G\\_<": "\u029B", + "G\\_<": "\u029b", "H": "\u0265", - "H\\": "\u029C", - "I": "\u026A", + "H\\": "\u029c", + "I": "\u026a", "J": "\u0272", - "J\\": "\u025F", + "J\\": "\u025f", "J\\_<": "\u0284", - "K": "\u026C", - "K\\": "\u026E", - "L": "\u028E", - "L\\": "\u029F", - "M": "\u026F", + "K": "\u026c", + "K\\": "\u026e", + "L": "\u028e", + "L\\": "\u029f", + "M": "\u026f", "M\\": "\u0270", - "N": "\u014B", + "N": "\u014b", "N\\": "\u0274", "O": "\u0254", "O\\": "\u0298", - "P": "\u028B", + "P": "\u028b", "Q": "\u0252", "R": "\u0281", "R\\": "\u0280", "S": "\u0283", - "T": "\u03B8", - "U": "\u028A", - "V": "\u028C", - "W": "\u028D", - "X": "\u03C7", + "T": "\u03b8", + "U": "\u028a", + "V": "\u028c", + "W": "\u028d", + "X": "\u03c7", "X\\": "\u0127", - "Y": "\u028F", + "Y": "\u028f", "Z": "\u0292", - "^": "\uA71B", + "^": "\ua71b", "_": "\u0361", - "_+": "\u031F", + "_+": "\u031f", "_-": "\u0320", "_0": "\u0325", "_=": "\u0329", - "_>": "\u02BC", - "_?\\": "\u02E4", + "_>": "\u02bc", + "_?\\": "\u02e4", "_A": "\u0318", - "_B": "\u030F", - "_B_L": "\u1DC5", + "_B": "\u030f", + "_B_L": "\u1dc5", "_F": "\u0302", "_F_R": "\u1dc9", - "_G": "\u02E0", + "_G": "\u02e0", "_H": "\u0341", - "_H_T": "\u1DC4", + "_H_T": "\u1dc4", "_L": "\u0340", "_M": "\u0304", - "_N": "\u033C", + "_N": "\u033c", "_O": "\u0339", - "_R": "\u030C", + "_R": "\u030c", "_R_F": "\u1dc8", - "_T": "\u030B", + "_T": "\u030b", "_X": "\u0306", - "_^": "\u032F", - "_a": "\u033A", - "_c": "\u031C", - "_d": "\u032A", + "_^": "\u032f", + "_a": "\u033a", + "_c": "\u031c", + "_d": "\u032a", "_e": "\u0334", - "_h": "\u02B0", - "_j": "\u02B2", + "_h": "\u02b0", + "_j": "\u02b2", "_k": "\u0330", - "_l": "\u02E1", - "_m": "\u033B", - "_n": "\u207F", - "_o": "\u031E", + "_l": "\u02e1", + "_m": "\u033b", + "_n": "\u207f", + "_o": "\u031e", "_q": "\u0319", - "_r": "\u031D", + "_r": "\u031d", "_t": "\u0324", - "_v": "\u032C", - "_w": "\u02B7", - "_x": "\u033D", - "_}": "\u031A", + "_v": "\u032c", + "_w": "\u02b7", + "_x": "\u033d", + "_}": "\u031a", "_~": "\u0303", - "`": "\u02DE", + "`": "\u02de", "b_<": "\u0253", "d_<": "\u0257", "d`": "\u0256", - "d`_<": "\u1D91", + "d`_<": "\u1d91", "g_<": "\u0260", "h\\": "\u0266", - "j\\": "\u029D", - "l\\": "\u027A", - "l`": "\u026D", + "j\\": "\u029d", + "l\\": "\u027a", + "l`": "\u026d", "n`": "\u0273", "p\\": "\u0278", "r\\": "\u0279", - "r\\`": "\u027B", - "r` ": "\u027D", + "r\\`": "\u027b", + "r` ": "\u027d", "s\\": "\u0255", "s`": "\u0282", "t`": "\u0288", - "v\\": "\u028B", + "v\\": "\u028b", "x\\": "\u0267", "z\\": "\u0291", "z`": "\u0290", - "{": "\u00E6", - "|\\": "\u01C0", - "|\\|\\": "\u01C1", + "{": "\u00e6", + "|\\": "\u01c0", + "|\\|\\": "\u01c1", "}": "\u0289", "~": "\u0303", - '"': "\u02C8", + '"': "\u02c8", '_"': "\u0308", } diff --git a/packages/radio-news/index.html b/packages/radio-news/index.html index 653963a..7360707 100644 --- a/packages/radio-news/index.html +++ b/packages/radio-news/index.html @@ -1,4 +1,4 @@ - + @@ -78,7 +78,7 @@ startDate.title = isoString(start); startDate.setAttribute("datetime", isoString(start)); startDate.appendChild( - document.createTextNode(start.toLocaleString()) + document.createTextNode(start.toLocaleString()), ); const endDate = document.createElement("time"); @@ -86,7 +86,7 @@ endDate.title = isoString(end); endDate.setAttribute("datetime", isoString(end)); endDate.appendChild( - document.createTextNode(end.toLocaleString()) + document.createTextNode(end.toLocaleString()), ); li.appendChild(document.createTextNode(newsItem.text)); @@ -110,7 +110,7 @@ from: isoString(new Date(formData.get("from"))), to: isoString(new Date(formData.get("to"))), text: formData.get("text"), - }) + }), ); location.reload(); } @@ -119,7 +119,7 @@ const localIsoString = (date) => `${date.getFullYear()}-${pad2(date.getMonth() + 1)}-${pad2( - date.getDate() + date.getDate(), )}T${pad2(date.getHours())}:${pad2(date.getMinutes())}`; function setDate() { diff --git a/packages/vim-kmein/init.lua b/packages/vim-kmein/init.lua index be2dd6e..a8b4715 100644 --- a/packages/vim-kmein/init.lua +++ b/packages/vim-kmein/init.lua @@ -3,14 +3,14 @@ local luasnip = require("luasnip") if vim.g.snippet_directory then require("luasnip.loaders.from_vscode").lazy_load({ - paths = { vim.g.snippet_directory } + paths = { vim.g.snippet_directory }, }) end luasnip.config.set_config({ history = true, updateevents = "TextChanged,TextChangedI", - enable_autosnippets = true + enable_autosnippets = true, }) cmp.setup({ @@ -21,7 +21,7 @@ cmp.setup({ }, mapping = { -- https://github.com/hrsh7th/nvim-cmp/wiki/Example-mappings#super-tab-like-mapping - [''] = cmp.mapping(function(fallback) + [""] = cmp.mapping(function(fallback) if cmp.visible() then cmp.select_next_item() elseif luasnip.expand_or_jumpable() then @@ -29,7 +29,7 @@ cmp.setup({ else fallback() end - end, {"i", "s"}), + end, { "i", "s" }), [""] = cmp.mapping(function(fallback) if cmp.visible() then cmp.select_prev_item() @@ -41,18 +41,18 @@ cmp.setup({ end, { "i", "s" }), }, sources = cmp.config.sources({ - { name = 'nvim_lsp' }, - { name = 'luasnip' }, - }) + { name = "nvim_lsp" }, + { name = "luasnip" }, + }), }) -local capabilities = require('cmp_nvim_lsp').default_capabilities(vim.lsp.protocol.make_client_capabilities()) +local capabilities = require("cmp_nvim_lsp").default_capabilities(vim.lsp.protocol.make_client_capabilities()) -local opts = { noremap=true, silent=true } -vim.keymap.set('n', 'e', vim.diagnostic.open_float, opts) -vim.keymap.set('n', 'dn', vim.diagnostic.goto_prev, opts) -vim.keymap.set('n', 'dp', vim.diagnostic.goto_next, opts) -vim.keymap.set('n', 'q', vim.diagnostic.setloclist, opts) +local opts = { noremap = true, silent = true } +vim.keymap.set("n", "e", vim.diagnostic.open_float, opts) +vim.keymap.set("n", "dn", vim.diagnostic.goto_prev, opts) +vim.keymap.set("n", "dp", vim.diagnostic.goto_next, opts) +vim.keymap.set("n", "q", vim.diagnostic.setloclist, opts) -- Use an on_attach function to only map the following keys -- after the language server attaches to the current buffer @@ -61,23 +61,25 @@ local on_attach = function(client, bufnr) -- vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') -- Mappings. -- See `:help vim.lsp.*` for documentation on any of the below functions - local bufopts = { noremap=true, silent=true, buffer=bufnr } - vim.keymap.set('n', 'gD', vim.lsp.buf.declaration, bufopts) - vim.keymap.set('n', 'gd', vim.lsp.buf.definition, bufopts) - vim.keymap.set('n', 'gt', vim.lsp.buf.type_definition, bufopts) - vim.keymap.set('n', 'K', vim.lsp.buf.hover, bufopts) - vim.keymap.set('n', 'gi', vim.lsp.buf.implementation, bufopts) - vim.keymap.set('n', '', vim.lsp.buf.signature_help, bufopts) - vim.keymap.set('n', 'f', vim.lsp.buf.format, bufopts) - vim.keymap.set('n', 'wa', vim.lsp.buf.add_workspace_folder, bufopts) - vim.keymap.set('n', 'wr', vim.lsp.buf.remove_workspace_folder, bufopts) - vim.keymap.set('n', 'wl', function() + local bufopts = { noremap = true, silent = true, buffer = bufnr } + vim.keymap.set("n", "gD", vim.lsp.buf.declaration, bufopts) + vim.keymap.set("n", "gd", vim.lsp.buf.definition, bufopts) + vim.keymap.set("n", "gt", vim.lsp.buf.type_definition, bufopts) + vim.keymap.set("n", "K", vim.lsp.buf.hover, bufopts) + vim.keymap.set("n", "gi", vim.lsp.buf.implementation, bufopts) + vim.keymap.set("n", "", vim.lsp.buf.signature_help, bufopts) + vim.keymap.set("n", "f", vim.lsp.buf.format, bufopts) + vim.keymap.set("n", "wa", vim.lsp.buf.add_workspace_folder, bufopts) + vim.keymap.set("n", "wr", vim.lsp.buf.remove_workspace_folder, bufopts) + vim.keymap.set("n", "wl", function() print(vim.inspect(vim.lsp.buf.list_workspace_folders())) end, bufopts) - vim.keymap.set('n', 'rn', vim.lsp.buf.rename, bufopts) - vim.keymap.set('n', 'ca', vim.lsp.buf.code_action, bufopts) - vim.keymap.set('n', 'gr', vim.lsp.buf.references, bufopts) - vim.keymap.set('n', 'f', function() vim.lsp.buf.format { async = true } end, bufopts) + vim.keymap.set("n", "rn", vim.lsp.buf.rename, bufopts) + vim.keymap.set("n", "ca", vim.lsp.buf.code_action, bufopts) + vim.keymap.set("n", "gr", vim.lsp.buf.references, bufopts) + vim.keymap.set("n", "f", function() + vim.lsp.buf.format({ async = true }) + end, bufopts) end local lsp_flags = { @@ -97,17 +99,17 @@ local language_servers = { lua_ls = { Lua = { runtime = { - version = 'LuaJIT', + version = "LuaJIT", }, diagnostics = { - globals = {'vim'}, + globals = { "vim" }, }, workspace = { - library = vim.api.nvim_get_runtime_file("", true) + library = vim.api.nvim_get_runtime_file("", true), }, telemetry = { enable = false, - } + }, }, }, hls = {}, -- haskell-language-server @@ -115,7 +117,7 @@ local language_servers = { jsonls = {}, -- vscode-langservers-extracted lemminx = {}, -- lemminx (for xml) nil_ls = { - ['nil'] = { + ["nil"] = { formatting = { command = { "nixfmt" }, }, @@ -135,23 +137,23 @@ local language_servers = { args = { "-pdf", "-interaction=nonstopmode", "-synctex=1", "%f" }, executable = "latexmk", forwardSearchAfter = false, - onSave = false + onSave = false, }, chktex = { onEdit = false, - onOpenAndSave = false + onOpenAndSave = false, }, diagnosticsDelay = 300, formatterLineLength = 80, forwardSearch = { - args = {} + args = {}, }, latexFormatter = "latexindent", latexindent = { - modifyLineBreaks = false - } - } - } + modifyLineBreaks = false, + }, + }, + }, } for server, settings in pairs(language_servers) do @@ -159,7 +161,7 @@ for server, settings in pairs(language_servers) do on_attach = on_attach, flags = lsp_flags, settings = settings, - capabilities = capabilities + capabilities = capabilities, }) vim.lsp.enable(server) end diff --git a/systems/makanek/monitoring/grafana-dashboards/niveum.json b/systems/makanek/monitoring/grafana-dashboards/niveum.json index a45ad3b..febb6b8 100644 --- a/systems/makanek/monitoring/grafana-dashboards/niveum.json +++ b/systems/makanek/monitoring/grafana-dashboards/niveum.json @@ -180,9 +180,7 @@ "justifyMode": "auto", "orientation": "auto", "reduceOptions": { - "calcs": [ - "lastNotNull" - ], + "calcs": ["lastNotNull"], "fields": "", "values": false }, @@ -246,9 +244,7 @@ "justifyMode": "auto", "orientation": "auto", "reduceOptions": { - "calcs": [ - "lastNotNull" - ], + "calcs": ["lastNotNull"], "fields": "", "values": false }, @@ -429,9 +425,7 @@ "justifyMode": "auto", "orientation": "auto", "reduceOptions": { - "calcs": [ - "lastNotNull" - ], + "calcs": ["lastNotNull"], "fields": "", "values": false }, @@ -497,9 +491,7 @@ "justifyMode": "auto", "orientation": "auto", "reduceOptions": { - "calcs": [ - "lastNotNull" - ], + "calcs": ["lastNotNull"], "fields": "", "values": false }, @@ -562,9 +554,7 @@ "justifyMode": "auto", "orientation": "auto", "reduceOptions": { - "calcs": [ - "lastNotNull" - ], + "calcs": ["lastNotNull"], "fields": "", "values": false }, diff --git a/systems/makanek/names.nix b/systems/makanek/names.nix index 73cf2d7..575b142 100644 --- a/systems/makanek/names.nix +++ b/systems/makanek/names.nix @@ -1,12 +1,14 @@ { pkgs, ... -}: let +}: +let port = 5703; -in { +in +{ systemd.services.names = { - wants = ["network-online.target"]; - wantedBy = ["multi-user.target"]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; description = "Better clone of geogen.stoepel.net"; serviceConfig = { DynamicUser = true; diff --git a/systems/makanek/nextcloud.nix b/systems/makanek/nextcloud.nix index 7e7b96a..4ff28e6 100644 --- a/systems/makanek/nextcloud.nix +++ b/systems/makanek/nextcloud.nix @@ -2,9 +2,11 @@ pkgs, config, ... -}: let +}: +let storageBoxMountPoint = "/mnt/storagebox"; -in { +in +{ # https://docs.hetzner.com/de/robot/storage-box/access/access-samba-cifs/ fileSystems.${storageBoxMountPoint} = { device = "//u359050.your-storagebox.de/backup"; @@ -23,8 +25,14 @@ in { }; systemd.services.nextcloud-setup = { - wants = ["mnt-storagebox.mount" "postgresql.service"]; - after = ["mnt-storagebox.mount" "postgresql.service"]; + wants = [ + "mnt-storagebox.mount" + "postgresql.service" + ]; + after = [ + "mnt-storagebox.mount" + "postgresql.service" + ]; }; age.secrets = { @@ -73,7 +81,6 @@ in { # extraTrustedDomains = [ "toum.r" ]; }; - settings = { defaultapp = "files"; overwriteprotocol = "https"; @@ -92,12 +99,12 @@ in { services.postgresqlBackup = { enable = true; - databases = [config.services.nextcloud.config.dbname]; + databases = [ config.services.nextcloud.config.dbname ]; }; services.postgresql = { enable = true; - ensureDatabases = [config.services.nextcloud.config.dbname]; + ensureDatabases = [ config.services.nextcloud.config.dbname ]; ensureUsers = [ { name = "nextcloud"; diff --git a/systems/makanek/onlyoffice.nix b/systems/makanek/onlyoffice.nix index feb6432..606fe0a 100644 --- a/systems/makanek/onlyoffice.nix +++ b/systems/makanek/onlyoffice.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.onlyoffice = { enable = true; port = 8111; diff --git a/systems/makanek/retiolum-map.nix b/systems/makanek/retiolum-map.nix index fd13dac..ab16134 100644 --- a/systems/makanek/retiolum-map.nix +++ b/systems/makanek/retiolum-map.nix @@ -3,17 +3,19 @@ pkgs, lib, ... -}: let +}: +let network = "retiolum"; stateDirectory = "retiolum-map"; geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb"; geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}"; -in { +in +{ systemd.services.retiolum-index = { description = "Retiolum indexing service"; - wants = ["tinc.${network}.service"]; + wants = [ "tinc.${network}.service" ]; script = '' ${pkgs.tinc-graph}/bin/tinc-graph --geoip-file ${geo-ip-database-path} --network ${network} \ | ${pkgs.coreutils}/bin/tee network.json \ @@ -24,7 +26,11 @@ in { cp ${pkgs.tinc-graph}/static/graph.html graph.html ''; startAt = "hourly"; - path = [pkgs.coreutils pkgs.jq pkgs.tinc_pre]; + path = [ + pkgs.coreutils + pkgs.jq + pkgs.tinc_pre + ]; serviceConfig = { Type = "oneshot"; User = "root"; @@ -38,7 +44,7 @@ in { settings = { AccountID = 608777; LicenseKey._secret = config.age.secrets.maxmind-license-key.path; - EditionIDs = ["GeoLite2-City"]; + EditionIDs = [ "GeoLite2-City" ]; }; }; @@ -69,8 +75,8 @@ in { }; systemd.services.geoip-share = { - after = ["geoipupdate.service"]; - wantedBy = ["geoipupdate.service"]; + after = [ "geoipupdate.service" ]; + wantedBy = [ "geoipupdate.service" ]; script = "${pkgs.curl}/bin/curl -fSs --data-binary @${geo-ip-database-path} http://c.r/${geo-ip-database} "; serviceConfig = { Type = "oneshot"; diff --git a/systems/makanek/scrabble.nix b/systems/makanek/scrabble.nix index c31a9c0..3800b6a 100644 --- a/systems/makanek/scrabble.nix +++ b/systems/makanek/scrabble.nix @@ -10,22 +10,24 @@ in home = scrabbleDirectory; createHome = true; }; - users.extraGroups.scrabble = {}; + users.extraGroups.scrabble = { }; systemd.services.scrabble = { - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; enable = true; preStart = "npm install @cdot/xanado"; path = [ pkgs.nodejs ]; script = '' - ${scrabbleDirectory}/node_modules/.bin/xanado --config ${(pkgs.formats.json {}).generate "config.json" { - port = port; - host = "localhost"; - game_defaults = { - edition = "Deutsch_Scrabble"; - dictionary = "German"; - }; - }} + ${scrabbleDirectory}/node_modules/.bin/xanado --config ${ + (pkgs.formats.json { }).generate "config.json" { + port = port; + host = "localhost"; + game_defaults = { + edition = "Deutsch_Scrabble"; + dictionary = "German"; + }; + } + } ''; serviceConfig = { User = "scrabble"; @@ -34,7 +36,6 @@ in }; }; - services.nginx.virtualHosts."scrabble.kmein.de" = { enableACME = true; forceSSL = true; @@ -43,10 +44,10 @@ in systemd.services.scrabble-fix = { startAt = "hourly"; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; enable = false; script = '' - ${pkgs.gnused}/bin/sed -i s/encadefrit/en/ sessions/*.json passwd.json" + ${pkgs.gnused}/bin/sed -i s/encadefrit/en/ sessions/*.json passwd.json" ''; serviceConfig = { User = "scrabble"; diff --git a/systems/makanek/tt-rss.nix b/systems/makanek/tt-rss.nix index 6ea2aa3..7fa7b2e 100644 --- a/systems/makanek/tt-rss.nix +++ b/systems/makanek/tt-rss.nix @@ -3,10 +3,12 @@ lib, config, ... -}: let +}: +let domain = "feed.kmein.de"; port = 8181; -in { +in +{ services.miniflux = { enable = true; adminCredentialsFile = config.age.secrets.miniflux-credentials.path; @@ -23,7 +25,7 @@ in { services.postgresqlBackup = { enable = true; - databases = ["miniflux"]; + databases = [ "miniflux" ]; }; services.nginx.virtualHosts.${domain} = { diff --git a/systems/makanek/weechat.nix b/systems/makanek/weechat.nix index 58d4e16..3a9bf16 100644 --- a/systems/makanek/weechat.nix +++ b/systems/makanek/weechat.nix @@ -2,13 +2,15 @@ lib, pkgs, ... -}: let +}: +let weechatHome = "/var/lib/weechat"; -in { - systemd.services.weechat = let - tmux = pkgs.writers.writeDash "tmux" '' - exec ${pkgs.tmux}/bin/tmux -f ${ - pkgs.writeText "tmux.conf" '' +in +{ + systemd.services.weechat = + let + tmux = pkgs.writers.writeDash "tmux" '' + exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' set-option -g prefix ` unbind-key C-b bind ` send-prefix @@ -21,174 +23,195 @@ in { bind-key p switch-client -p bind-key n switch-client -n bind-key C-s switch-client -l - '' - } "$@" - ''; - weechat = pkgs.weechat-declarative.override { - config = { - scripts = [ - pkgs.weechatScripts.weechat-autosort - pkgs.weechatScripts.colorize_nicks - pkgs.weechatScripts.hotlist2extern - # pkgs.weechatScripts.weechat-matrix - ]; - settings = let - nick = "kmein"; - in { - weechat = { - look.mouse = true; - look.prefix_align_max = 15; - color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (lib.range 31 254); - }; - irc = { - look = { - server_buffer = "independent"; - color_nicks_in_nicklist = true; - }; - server_default = { - nicks = nick; - msg_part = "tschö mit ö"; - msg_quit = "ciao kakao"; - msg_kick = "warum machst du diese?"; - realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name); - }; - server = { - hackint = { - autoconnect = true; - addresses = "irc.hackint.org/6697"; - ipv6 = true; - tls = true; - autojoin = ["#eloop" "#krebs" "#the_playlist"]; - sasl_mechanism = "plain"; - sasl_username = nick; - sasl_password = "\${sec.data.hackint_sasl}"; + ''} "$@" + ''; + weechat = pkgs.weechat-declarative.override { + config = { + scripts = [ + pkgs.weechatScripts.weechat-autosort + pkgs.weechatScripts.colorize_nicks + pkgs.weechatScripts.hotlist2extern + # pkgs.weechatScripts.weechat-matrix + ]; + settings = + let + nick = "kmein"; + in + { + weechat = { + look.mouse = true; + look.prefix_align_max = 15; + color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) ( + lib.range 31 254 + ); }; - libera = { - autoconnect = true; - addresses = "irc.libera.chat/6697"; - tls = true; - autojoin = ["#haskell" "#fysi" "#binaergewitter" "#vim"]; - sasl_mechanism = "plain"; - sasl_username = nick; - sasl_password = "\${sec.data.libera_sasl}"; + irc = { + look = { + server_buffer = "independent"; + color_nicks_in_nicklist = true; + }; + server_default = { + nicks = nick; + msg_part = "tschö mit ö"; + msg_quit = "ciao kakao"; + msg_kick = "warum machst du diese?"; + realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name); + }; + server = { + hackint = { + autoconnect = true; + addresses = "irc.hackint.org/6697"; + ipv6 = true; + tls = true; + autojoin = [ + "#eloop" + "#krebs" + "#the_playlist" + ]; + sasl_mechanism = "plain"; + sasl_username = nick; + sasl_password = "\${sec.data.hackint_sasl}"; + }; + libera = { + autoconnect = true; + addresses = "irc.libera.chat/6697"; + tls = true; + autojoin = [ + "#haskell" + "#fysi" + "#binaergewitter" + "#vim" + ]; + sasl_mechanism = "plain"; + sasl_username = nick; + sasl_password = "\${sec.data.libera_sasl}"; + }; + retiolum = { + autoconnect = true; + addresses = "irc.r"; + tls = false; + autojoin = [ + "#xxx" + "#brockman" + "#flix" + ]; + command = lib.concatStringsSep "\\;" [ + "/oper admin aidsballs" + "/msg nickserv always-on true" + "/msg nickserv autoreplay-missed on" + "/msg nickserv auto-away" + ]; + sasl_mechanism = "plain"; + sasl_username = nick; + sasl_password = "\${sec.data.retiolum_sasl}"; + }; + brockman = { + autoconnect = true; + addresses = "brockman.news"; + tls = false; + autojoin = [ + "#cook" + "#kmeinung" + ]; + sasl_username = nick; + sasl_password = "\${sec.data.brockman_sasl}"; + sasl_mechanism = "plain"; + }; + }; }; - retiolum = { - autoconnect = true; - addresses = "irc.r"; - tls = false; - autojoin = ["#xxx" "#brockman" "#flix"]; - command = lib.concatStringsSep "\\;" [ - "/oper admin aidsballs" - "/msg nickserv always-on true" - "/msg nickserv autoreplay-missed on" - "/msg nickserv auto-away" - ]; - sasl_mechanism = "plain"; - sasl_username = nick; - sasl_password = "\${sec.data.retiolum_sasl}"; + logger.level.irc.news = 0; + plugins.var.perl.hotlist2extern = { + external_command_hotlist = "echo %X > ${weechatHome}/hotlist.txt"; + external_command_hotlist_empty = "echo -n %X > ${weechatHome}/hotlist.txt"; + lowest_priority = "2"; + use_title = "off"; + delimiter = ","; }; - brockman = { + matrix.look.server_buffer = "merge_without_core"; + matrix.server.nibbana = { + address = "nibbana.jp"; + username = nick; + password = "\${sec.data.nibbana_account}"; autoconnect = true; - addresses = "brockman.news"; - tls = false; - autojoin = ["#cook" "#kmeinung"]; - sasl_username = nick; - sasl_password = "\${sec.data.brockman_sasl}"; - sasl_mechanism = "plain"; + }; + alias.cmd.mod = "/quote omode $channel +o $nick"; + relay = { + port.weechat = 9000; + network.password = "\${sec.data.relay_password}"; + }; + filters = { + zerocovid = { + buffer = "irc.news.*"; + tags = "*"; + regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|vaxx|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert"; + }; + smart = { + buffer = "*"; + tags = "irc_smart_filter"; + regex = "*"; + }; + playlist_topic = { + buffer = "irc.*.#the_playlist"; + tags = "irc_topic"; + regex = "*"; + }; + brockman_notice = { + buffer = "irc.news.*"; + tags = "irc_notice"; + regex = "*"; + }; + bots = { + buffer = "irc.retiolum.*"; + tags = [ + "nick_gitlab" + "nick_prometheus" + ]; + regex = "*"; + }; + people = { + buffer = "irc.*.*"; + tags = map (name: "nick_${name}") [ "mod_p[matrix-fli" ]; + regex = "*"; + }; }; }; - }; - logger.level.irc.news = 0; - plugins.var.perl.hotlist2extern = { - external_command_hotlist = "echo %X > ${weechatHome}/hotlist.txt"; - external_command_hotlist_empty = "echo -n %X > ${weechatHome}/hotlist.txt"; - lowest_priority = "2"; - use_title = "off"; - delimiter = ","; - }; - matrix.look.server_buffer = "merge_without_core"; - matrix.server.nibbana = { - address = "nibbana.jp"; - username = nick; - password = "\${sec.data.nibbana_account}"; - autoconnect = true; - }; - alias.cmd.mod = "/quote omode $channel +o $nick"; - relay = { - port.weechat = 9000; - network.password = "\${sec.data.relay_password}"; - }; - filters = { - zerocovid = { - buffer = "irc.news.*"; - tags = "*"; - regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|vaxx|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert"; - }; - smart = { - buffer = "*"; - tags = "irc_smart_filter"; - regex = "*"; - }; - playlist_topic = { - buffer = "irc.*.#the_playlist"; - tags = "irc_topic"; - regex = "*"; - }; - brockman_notice = { - buffer = "irc.news.*"; - tags = "irc_notice"; - regex = "*"; - }; - bots = { - buffer = "irc.retiolum.*"; - tags = ["nick_gitlab" "nick_prometheus"]; - regex = "*"; - }; - people = { - buffer = "irc.*.*"; - tags = map (name: "nick_${name}") ["mod_p[matrix-fli"]; - regex = "*"; - }; - }; + extraCommands = '' + /save + /connect -all + ''; + # /matrix connect nibbana }; - extraCommands = '' - /save - /connect -all - ''; - # /matrix connect nibbana + }; + in + { + description = "Weechat bouncer"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + restartIfChanged = true; + path = [ pkgs.alacritty.terminfo ]; + environment.WEECHAT_HOME = weechatHome; + # preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf"; + script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat"; + preStop = "${tmux} kill-session -t IM"; + serviceConfig = { + User = "weechat"; + Group = "weechat"; + RemainAfterExit = true; + Type = "oneshot"; }; }; - in { - description = "Weechat bouncer"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - restartIfChanged = true; - path = [pkgs.alacritty.terminfo]; - environment.WEECHAT_HOME = weechatHome; - # preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf"; - script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat"; - preStop = "${tmux} kill-session -t IM"; - serviceConfig = { - User = "weechat"; - Group = "weechat"; - RemainAfterExit = true; - Type = "oneshot"; - }; - }; - users.groups.weechat = {}; + users.groups.weechat = { }; users.extraUsers.weechat = { useDefaultShell = true; - openssh.authorizedKeys.keys = - pkgs.lib.niveum.kieran.sshKeys - ++ [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh" - ]; + openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh" + ]; createHome = true; group = "weechat"; home = "/var/lib/weechat"; isSystemUser = true; - packages = [pkgs.tmux]; + packages = [ pkgs.tmux ]; }; age.secrets.weechat-sec = { diff --git a/systems/manakish/configuration.nix b/systems/manakish/configuration.nix index 32a3f33..f08e2c9 100644 --- a/systems/manakish/configuration.nix +++ b/systems/manakish/configuration.nix @@ -3,7 +3,8 @@ pkgs, lib, ... -}: { +}: +{ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -47,7 +48,7 @@ wlp3s0.useDHCP = true; wwp0s20u4i6.useDHCP = true; }; - wireless.interfaces = ["wlp3s0"]; + wireless.interfaces = [ "wlp3s0" ]; retiolum = pkgs.lib.niveum.retiolumAddresses.manakish; hostName = "manakish"; }; diff --git a/systems/manakish/hardware-configuration.nix b/systems/manakish/hardware-configuration.nix index 32b4076..f8ff194 100644 --- a/systems/manakish/hardware-configuration.nix +++ b/systems/manakish/hardware-configuration.nix @@ -4,17 +4,25 @@ pkgs, modulesPath, ... -}: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { initrd = { - availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci"]; - kernelModules = []; + availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + kernelModules = [ ]; luks.devices."crypted".device = "/dev/disk/by-uuid/493cb228-c292-4f71-9f38-dcb3e96dec47"; }; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; loader.grub = { enable = true; efiSupport = true; @@ -36,11 +44,11 @@ "/mnt/sd-card" = { device = "/dev/disk/by-id/mmc-5E4S5_0x4c585d15-part1"; fsType = "ext4"; - options = ["nofail"]; + options = [ "nofail" ]; }; }; - swapDevices = []; + swapDevices = [ ]; zramSwap.enable = true; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/systems/manakish/hdmi.nix b/systems/manakish/hdmi.nix index e074fef..4e9c81b 100644 --- a/systems/manakish/hdmi.nix +++ b/systems/manakish/hdmi.nix @@ -1,13 +1,17 @@ -{pkgs, ...}: { - services.xserver.displayManager.sessionCommands = let - intern = "LVDS-1"; - extern = "HDMI-1"; - pulseaudioCard = "alsa_card.pci-0000_00_1b.0"; - # pulseaudioProfile = "output:hdmi-stereo-extra2+input:analog-stereo"; - pulseaudioProfile = "alsa_output.pci-0000_00_1b.0.analog-stereo"; - in - toString (pkgs.writers.writeDash "hdmi-on" '' - ${pkgs.xorg.xrandr}/bin/xrandr --output ${intern} --primary --auto --output ${extern} --above ${intern} --auto - ${pkgs.pulseaudio}/bin/pactl set-card-profile ${pulseaudioCard} ${pulseaudioProfile} - ''); +{ pkgs, ... }: +{ + services.xserver.displayManager.sessionCommands = + let + intern = "LVDS-1"; + extern = "HDMI-1"; + pulseaudioCard = "alsa_card.pci-0000_00_1b.0"; + # pulseaudioProfile = "output:hdmi-stereo-extra2+input:analog-stereo"; + pulseaudioProfile = "alsa_output.pci-0000_00_1b.0.analog-stereo"; + in + toString ( + pkgs.writers.writeDash "hdmi-on" '' + ${pkgs.xorg.xrandr}/bin/xrandr --output ${intern} --primary --auto --output ${extern} --above ${intern} --auto + ${pkgs.pulseaudio}/bin/pactl set-card-profile ${pulseaudioCard} ${pulseaudioProfile} + '' + ); } diff --git a/systems/tabula/hardware-configuration.nix b/systems/tabula/hardware-configuration.nix index c68d58a..3af8372 100644 --- a/systems/tabula/hardware-configuration.nix +++ b/systems/tabula/hardware-configuration.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -15,11 +16,19 @@ device = "/dev/sda"; }; initrd = { - availableKernelModules = ["pata_sis" "ohci_pci" "ehci_pci" "sata_sis" "usb_storage" "sd_mod" "sr_mod"]; - kernelModules = []; + availableKernelModules = [ + "pata_sis" + "ohci_pci" + "ehci_pci" + "sata_sis" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ ]; }; - kernelModules = []; - extraModulePackages = []; + kernelModules = [ ]; + extraModulePackages = [ ]; }; fileSystems."/" = { @@ -28,7 +37,7 @@ }; swapDevices = [ - {device = "/dev/disk/by-uuid/874256aa-5bae-44a4-8933-c65f8600fe78";} + { device = "/dev/disk/by-uuid/874256aa-5bae-44a4-8933-c65f8600fe78"; } ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/systems/tahina/configuration.nix b/systems/tahina/configuration.nix index 49fa2d4..0dad355 100644 --- a/systems/tahina/configuration.nix +++ b/systems/tahina/configuration.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix ../../configs/spacetime.nix @@ -37,7 +38,7 @@ name = "xenos"; password = "xenos"; isNormalUser = true; - extraGroups = ["networkmanager"]; + extraGroups = [ "networkmanager" ]; }; services.desktopManager.pantheon.enable = true; diff --git a/systems/tahina/hardware-configuration.nix b/systems/tahina/hardware-configuration.nix index 67f9a8f..e910eb5 100644 --- a/systems/tahina/hardware-configuration.nix +++ b/systems/tahina/hardware-configuration.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -18,12 +19,21 @@ efi.canTouchEfiVariables = true; }; initrd = { - availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"]; - kernelModules = ["dm-snapshot"]; + availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "firewire_ohci" + "usb_storage" + "sd_mod" + "sr_mod" + "sdhci_pci" + ]; + kernelModules = [ "dm-snapshot" ]; luks.devices.luksmap.device = "/dev/disk/by-uuid/b7d66981-8cb7-4aad-a595-ee6574b312cf"; }; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; }; fileSystems = { diff --git a/systems/zaatar/backup.nix b/systems/zaatar/backup.nix index 2212025..25596b8 100644 --- a/systems/zaatar/backup.nix +++ b/systems/zaatar/backup.nix @@ -3,15 +3,17 @@ pkgs, lib, ... -}: let +}: +let dataDir = "/backup/restic"; -in { +in +{ services.restic.server = { enable = true; appendOnly = true; inherit dataDir; prometheus = true; - extraFlags = ["--no-auth"]; # auth is done via firewall + extraFlags = [ "--no-auth" ]; # auth is done via firewall listenAddress = toString pkgs.lib.niveum.restic.port; }; @@ -26,33 +28,35 @@ in { fsType = "ext4"; }; - networking.firewall = let - dport = pkgs.lib.niveum.restic.port; - protocol = "tcp"; - rules = [ - (pkgs.lib.niveum.firewall.accept { - inherit dport protocol; - source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4; - }) - (pkgs.lib.niveum.firewall.accept { - inherit dport protocol; - source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4; - }) - (pkgs.lib.niveum.firewall.accept { - inherit dport protocol; - source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4; - }) - (pkgs.lib.niveum.firewall.accept { - inherit dport protocol; - source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4; - }) - (pkgs.lib.niveum.firewall.accept { - inherit dport protocol; - source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4; - }) - ]; - in { - extraCommands = pkgs.lib.niveum.firewall.addRules rules; - extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules; - }; + networking.firewall = + let + dport = pkgs.lib.niveum.restic.port; + protocol = "tcp"; + rules = [ + (pkgs.lib.niveum.firewall.accept { + inherit dport protocol; + source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4; + }) + (pkgs.lib.niveum.firewall.accept { + inherit dport protocol; + source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4; + }) + (pkgs.lib.niveum.firewall.accept { + inherit dport protocol; + source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4; + }) + (pkgs.lib.niveum.firewall.accept { + inherit dport protocol; + source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4; + }) + (pkgs.lib.niveum.firewall.accept { + inherit dport protocol; + source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4; + }) + ]; + in + { + extraCommands = pkgs.lib.niveum.firewall.addRules rules; + extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules; + }; } diff --git a/systems/zaatar/gaslight.nix b/systems/zaatar/gaslight.nix index 8c7660c..5d2dae2 100644 --- a/systems/zaatar/gaslight.nix +++ b/systems/zaatar/gaslight.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ environment.systemPackages = [ (pkgs.writers.writeDashBin "gaslight-stream" '' ${pkgs.ffmpeg}/bin/ffmpeg -r 14 -s 640x480 -f video4linux2 -i /dev/video0 -f alsa -i default -c:v libx264 -preset ultrafast -c:a aac -f avi - @@ -16,8 +17,6 @@ ]; } /* - -ssh machine gaslight-stream | mpv - -ssh machine gaslight-say "blablabla" + ssh machine gaslight-stream | mpv - + ssh machine gaslight-say "blablabla" */ - diff --git a/systems/zaatar/hardware-configuration.nix b/systems/zaatar/hardware-configuration.nix index c37bd82..1600c76 100644 --- a/systems/zaatar/hardware-configuration.nix +++ b/systems/zaatar/hardware-configuration.nix @@ -4,14 +4,22 @@ pkgs, modulesPath, ... -}: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot = { - initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc"]; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; - supportedFilesystems = ["ntfs"]; + initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "usb_storage" + "sd_mod" + "sdhci_acpi" + "rtsx_usb_sdmmc" + ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + supportedFilesystems = [ "ntfs" ]; loader = { systemd-boot = { enable = true; @@ -32,9 +40,9 @@ }; }; - swapDevices = - [ { device = "/dev/disk/by-uuid/7b2a3e4c-e53f-4c53-b599-b6d6cff49f1f"; } - ]; + swapDevices = [ + { device = "/dev/disk/by-uuid/7b2a3e4c-e53f-4c53-b599-b6d6cff49f1f"; } + ]; nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/systems/zaatar/home-assistant.nix b/systems/zaatar/home-assistant.nix index 4279a44..8390a0c 100644 --- a/systems/zaatar/home-assistant.nix +++ b/systems/zaatar/home-assistant.nix @@ -1,8 +1,15 @@ -{config, pkgs, lib, ...}: let +{ + config, + pkgs, + lib, + ... +}: +let port = 8123; volumeName = "home-assistant"; -in { - networking.firewall.allowedTCPPorts = [port]; +in +{ + networking.firewall.allowedTCPPorts = [ port ]; services.nginx.virtualHosts."home.kmein.r" = { locations."/" = { @@ -59,7 +66,7 @@ in { enable = true; autoPrune = { enable = true; - flags = ["--all"]; + flags = [ "--all" ]; }; }; diff --git a/systems/zaatar/kiosk.nix b/systems/zaatar/kiosk.nix index 4c5bc47..6607c49 100644 --- a/systems/zaatar/kiosk.nix +++ b/systems/zaatar/kiosk.nix @@ -3,20 +3,25 @@ pkgs, lib, ... -}: { +}: +{ users.extraUsers.kiosk = { isNormalUser = true; password = ""; - extraGroups = ["audio" "pipewire"]; + extraGroups = [ + "audio" + "pipewire" + ]; }; # TODO https://github.com/cage-kiosk/cage/issues/138 services.cage = { enable = true; user = config.users.extraUsers.kiosk.name; - extraArguments = ["-s"]; # allow vt switching - program = let - startUrls = []; - in + extraArguments = [ "-s" ]; # allow vt switching + program = + let + startUrls = [ ]; + in pkgs.writers.writeDash "kiosk-browser" '' while true; do ${pkgs.brave}/bin/brave \ diff --git a/systems/zaatar/moodle-dl-meinhark.nix b/systems/zaatar/moodle-dl-meinhark.nix index 2f3c69e..633de82 100644 --- a/systems/zaatar/moodle-dl-meinhark.nix +++ b/systems/zaatar/moodle-dl-meinhark.nix @@ -3,21 +3,25 @@ pkgs, lib, ... -}: let - moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old: +}: +let + moodle-dl-package = pkgs.moodle-dl.overrideAttrs ( + old: old // { # patches = [../../packages/moodle-dl/telegram-format.patch]; TODO? - }); -in { + } + ); +in +{ age.secrets = { /* - moodle-dl-tokens = { - file = ../../secrets/zaatar-moodle-dl-tokens.json.age; - owner = "moodle-dl"; - group = "moodle-dl"; - mode = "400"; - }; + moodle-dl-tokens = { + file = ../../secrets/zaatar-moodle-dl-tokens.json.age; + owner = "moodle-dl"; + group = "moodle-dl"; + mode = "400"; + }; */ moodle-dl-basicAuth = { file = ../../secrets/zaatar-moodle-dl-basicAuth.age; @@ -120,10 +124,10 @@ in { fileSystems."/export/moodle" = { device = config.services.moodle-dl.directory; - options = ["bind"]; + options = [ "bind" ]; }; - networking.firewall.allowedTCPPorts = [2049]; + networking.firewall.allowedTCPPorts = [ 2049 ]; services.nginx.enable = true; @@ -140,11 +144,16 @@ in { services.nfs.server = { enable = true; - exports = let - machines = with pkgs.lib.niveum.retiolumAddresses; [kabsa manakish]; - in '' - /export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines} - /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines} - ''; + exports = + let + machines = with pkgs.lib.niveum.retiolumAddresses; [ + kabsa + manakish + ]; + in + '' + /export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines} + /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines} + ''; }; }