kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

format

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-28 13:39:42 +01:00
parent 51533efeda
commit c15f5375e2
28 changed files with 576 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
systems/makanek/monitoring/grafana-dashboards/niveum.json
View File

@@ -180,9 +180,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -246,9 +244,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -429,9 +425,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -497,9 +491,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -562,9 +554,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},

10
systems/makanek/names.nix
View File

@@ -1,12 +1,14 @@
{
pkgs,
...
}: let
}:
let
port = 5703;
in {
in
{
systemd.services.names = {
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "Better clone of geogen.stoepel.net";
serviceConfig = {
DynamicUser = true;

21
systems/makanek/nextcloud.nix
View File

@@ -2,9 +2,11 @@
pkgs,
config,
...
}: let
}:
let
storageBoxMountPoint = "/mnt/storagebox";
in {
in
{
# https://docs.hetzner.com/de/robot/storage-box/access/access-samba-cifs/
fileSystems.${storageBoxMountPoint} = {
device = "//u359050.your-storagebox.de/backup";
@@ -23,8 +25,14 @@ in {
};
systemd.services.nextcloud-setup = {
wants = ["mnt-storagebox.mount" "postgresql.service"];
after = ["mnt-storagebox.mount" "postgresql.service"];
wants = [
"mnt-storagebox.mount"
"postgresql.service"
];
after = [
"mnt-storagebox.mount"
"postgresql.service"
];
};
age.secrets = {
@@ -73,7 +81,6 @@ in {
# extraTrustedDomains = [ "toum.r" ];
};
settings = {
defaultapp = "files";
overwriteprotocol = "https";
@@ -92,12 +99,12 @@ in {
services.postgresqlBackup = {
enable = true;
databases = [config.services.nextcloud.config.dbname];
databases = [ config.services.nextcloud.config.dbname ];
};
services.postgresql = {
enable = true;
ensureDatabases = [config.services.nextcloud.config.dbname];
ensureDatabases = [ config.services.nextcloud.config.dbname ];
ensureUsers = [
{
name = "nextcloud";

3
systems/makanek/onlyoffice.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
services.onlyoffice = {
enable = true;
port = 8111;

20
systems/makanek/retiolum-map.nix
View File

@@ -3,17 +3,19 @@
pkgs,
lib,
...
}: let
}:
let
network = "retiolum";
stateDirectory = "retiolum-map";
geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb";
geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}";
in {
in
{
systemd.services.retiolum-index = {
description = "Retiolum indexing service";
wants = ["tinc.${network}.service"];
wants = [ "tinc.${network}.service" ];
script = ''
${pkgs.tinc-graph}/bin/tinc-graph --geoip-file ${geo-ip-database-path} --network ${network} \
| ${pkgs.coreutils}/bin/tee network.json \
@@ -24,7 +26,11 @@ in {
cp ${pkgs.tinc-graph}/static/graph.html graph.html
'';
startAt = "hourly";
path = [pkgs.coreutils pkgs.jq pkgs.tinc_pre];
path = [
pkgs.coreutils
pkgs.jq
pkgs.tinc_pre
];
serviceConfig = {
Type = "oneshot";
User = "root";
@@ -38,7 +44,7 @@ in {
settings = {
AccountID = 608777;
LicenseKey._secret = config.age.secrets.maxmind-license-key.path;
EditionIDs = ["GeoLite2-City"];
EditionIDs = [ "GeoLite2-City" ];
};
};
@@ -69,8 +75,8 @@ in {
};
systemd.services.geoip-share = {
after = ["geoipupdate.service"];
wantedBy = ["geoipupdate.service"];
after = [ "geoipupdate.service" ];
wantedBy = [ "geoipupdate.service" ];
script = "${pkgs.curl}/bin/curl -fSs --data-binary @${geo-ip-database-path} http://c.r/${geo-ip-database} ";
serviceConfig = {
Type = "oneshot";

27
systems/makanek/scrabble.nix
View File

@@ -10,22 +10,24 @@ in
home = scrabbleDirectory;
createHome = true;
};
users.extraGroups.scrabble = {};
users.extraGroups.scrabble = { };
systemd.services.scrabble = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
enable = true;
preStart = "npm install @cdot/xanado";
path = [ pkgs.nodejs ];
script = ''
${scrabbleDirectory}/node_modules/.bin/xanado --config ${(pkgs.formats.json {}).generate "config.json" {
port = port;
host = "localhost";
game_defaults = {
edition = "Deutsch_Scrabble";
dictionary = "German";
};
}}
${scrabbleDirectory}/node_modules/.bin/xanado --config ${
(pkgs.formats.json { }).generate "config.json" {
port = port;
host = "localhost";
game_defaults = {
edition = "Deutsch_Scrabble";
dictionary = "German";
};
}
}
'';
serviceConfig = {
User = "scrabble";
@@ -34,7 +36,6 @@ in
};
};
services.nginx.virtualHosts."scrabble.kmein.de" = {
enableACME = true;
forceSSL = true;
@@ -43,10 +44,10 @@ in
systemd.services.scrabble-fix = {
startAt = "hourly";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
enable = false;
script = ''
${pkgs.gnused}/bin/sed -i s/encadefrit/en/ sessions/*.json passwd.json"
${pkgs.gnused}/bin/sed -i s/encadefrit/en/ sessions/*.json passwd.json"
'';
serviceConfig = {
User = "scrabble";

8
systems/makanek/tt-rss.nix
View File

@@ -3,10 +3,12 @@
lib,
config,
...
}: let
}:
let
domain = "feed.kmein.de";
port = 8181;
in {
in
{
services.miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-credentials.path;
@@ -23,7 +25,7 @@ in {
services.postgresqlBackup = {
enable = true;
databases = ["miniflux"];
databases = [ "miniflux" ];
};
services.nginx.virtualHosts.${domain} = {

339
systems/makanek/weechat.nix
View File

@@ -2,13 +2,15 @@
lib,
pkgs,
...
}: let
}:
let
weechatHome = "/var/lib/weechat";
in {
systemd.services.weechat = let
tmux = pkgs.writers.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${
pkgs.writeText "tmux.conf" ''
in
{
systemd.services.weechat =
let
tmux = pkgs.writers.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
@@ -21,174 +23,195 @@ in {
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''
} "$@"
'';
weechat = pkgs.weechat-declarative.override {
config = {
scripts = [
pkgs.weechatScripts.weechat-autosort
pkgs.weechatScripts.colorize_nicks
pkgs.weechatScripts.hotlist2extern
# pkgs.weechatScripts.weechat-matrix
];
settings = let
nick = "kmein";
in {
weechat = {
look.mouse = true;
look.prefix_align_max = 15;
color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (lib.range 31 254);
};
irc = {
look = {
server_buffer = "independent";
color_nicks_in_nicklist = true;
};
server_default = {
nicks = nick;
msg_part = "tschö mit ö";
msg_quit = "ciao kakao";
msg_kick = "warum machst du diese?";
realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
};
server = {
hackint = {
autoconnect = true;
addresses = "irc.hackint.org/6697";
ipv6 = true;
tls = true;
autojoin = ["#eloop" "#krebs" "#the_playlist"];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.hackint_sasl}";
''} "$@"
'';
weechat = pkgs.weechat-declarative.override {
config = {
scripts = [
pkgs.weechatScripts.weechat-autosort
pkgs.weechatScripts.colorize_nicks
pkgs.weechatScripts.hotlist2extern
# pkgs.weechatScripts.weechat-matrix
];
settings =
let
nick = "kmein";
in
{
weechat = {
look.mouse = true;
look.prefix_align_max = 15;
color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (
lib.range 31 254
);
};
libera = {
autoconnect = true;
addresses = "irc.libera.chat/6697";
tls = true;
autojoin = ["#haskell" "#fysi" "#binaergewitter" "#vim"];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.libera_sasl}";
irc = {
look = {
server_buffer = "independent";
color_nicks_in_nicklist = true;
};
server_default = {
nicks = nick;
msg_part = "tschö mit ö";
msg_quit = "ciao kakao";
msg_kick = "warum machst du diese?";
realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
};
server = {
hackint = {
autoconnect = true;
addresses = "irc.hackint.org/6697";
ipv6 = true;
tls = true;
autojoin = [
"#eloop"
"#krebs"
"#the_playlist"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.hackint_sasl}";
};
libera = {
autoconnect = true;
addresses = "irc.libera.chat/6697";
tls = true;
autojoin = [
"#haskell"
"#fysi"
"#binaergewitter"
"#vim"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.libera_sasl}";
};
retiolum = {
autoconnect = true;
addresses = "irc.r";
tls = false;
autojoin = [
"#xxx"
"#brockman"
"#flix"
];
command = lib.concatStringsSep "\\;" [
"/oper admin aidsballs"
"/msg nickserv always-on true"
"/msg nickserv autoreplay-missed on"
"/msg nickserv auto-away"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.retiolum_sasl}";
};
brockman = {
autoconnect = true;
addresses = "brockman.news";
tls = false;
autojoin = [
"#cook"
"#kmeinung"
];
sasl_username = nick;
sasl_password = "\${sec.data.brockman_sasl}";
sasl_mechanism = "plain";
};
};
};
retiolum = {
autoconnect = true;
addresses = "irc.r";
tls = false;
autojoin = ["#xxx" "#brockman" "#flix"];
command = lib.concatStringsSep "\\;" [
"/oper admin aidsballs"
"/msg nickserv always-on true"
"/msg nickserv autoreplay-missed on"
"/msg nickserv auto-away"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.retiolum_sasl}";
logger.level.irc.news = 0;
plugins.var.perl.hotlist2extern = {
external_command_hotlist = "echo %X > ${weechatHome}/hotlist.txt";
external_command_hotlist_empty = "echo -n %X > ${weechatHome}/hotlist.txt";
lowest_priority = "2";
use_title = "off";
delimiter = ",";
};
brockman = {
matrix.look.server_buffer = "merge_without_core";
matrix.server.nibbana = {
address = "nibbana.jp";
username = nick;
password = "\${sec.data.nibbana_account}";
autoconnect = true;
addresses = "brockman.news";
tls = false;
autojoin = ["#cook" "#kmeinung"];
sasl_username = nick;
sasl_password = "\${sec.data.brockman_sasl}";
sasl_mechanism = "plain";
};
alias.cmd.mod = "/quote omode $channel +o $nick";
relay = {
port.weechat = 9000;
network.password = "\${sec.data.relay_password}";
};
filters = {
zerocovid = {
buffer = "irc.news.*";
tags = "*";
regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|vaxx|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert";
};
smart = {
buffer = "*";
tags = "irc_smart_filter";
regex = "*";
};
playlist_topic = {
buffer = "irc.*.#the_playlist";
tags = "irc_topic";
regex = "*";
};
brockman_notice = {
buffer = "irc.news.*";
tags = "irc_notice";
regex = "*";
};
bots = {
buffer = "irc.retiolum.*";
tags = [
"nick_gitlab"
"nick_prometheus"
];
regex = "*";
};
people = {
buffer = "irc.*.*";
tags = map (name: "nick_${name}") [ "mod_p[matrix-fli" ];
regex = "*";
};
};
};
};
logger.level.irc.news = 0;
plugins.var.perl.hotlist2extern = {
external_command_hotlist = "echo %X > ${weechatHome}/hotlist.txt";
external_command_hotlist_empty = "echo -n %X > ${weechatHome}/hotlist.txt";
lowest_priority = "2";
use_title = "off";
delimiter = ",";
};
matrix.look.server_buffer = "merge_without_core";
matrix.server.nibbana = {
address = "nibbana.jp";
username = nick;
password = "\${sec.data.nibbana_account}";
autoconnect = true;
};
alias.cmd.mod = "/quote omode $channel +o $nick";
relay = {
port.weechat = 9000;
network.password = "\${sec.data.relay_password}";
};
filters = {
zerocovid = {
buffer = "irc.news.*";
tags = "*";
regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|vaxx|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert";
};
smart = {
buffer = "*";
tags = "irc_smart_filter";
regex = "*";
};
playlist_topic = {
buffer = "irc.*.#the_playlist";
tags = "irc_topic";
regex = "*";
};
brockman_notice = {
buffer = "irc.news.*";
tags = "irc_notice";
regex = "*";
};
bots = {
buffer = "irc.retiolum.*";
tags = ["nick_gitlab" "nick_prometheus"];
regex = "*";
};
people = {
buffer = "irc.*.*";
tags = map (name: "nick_${name}") ["mod_p[matrix-fli"];
regex = "*";
};
};
extraCommands = ''
/save
/connect -all
'';
# /matrix connect nibbana
};
extraCommands = ''
/save
/connect -all
'';
# /matrix connect nibbana
};
in
{
description = "Weechat bouncer";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
path = [ pkgs.alacritty.terminfo ];
environment.WEECHAT_HOME = weechatHome;
# preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
preStop = "${tmux} kill-session -t IM";
serviceConfig = {
User = "weechat";
Group = "weechat";
RemainAfterExit = true;
Type = "oneshot";
};
};
in {
description = "Weechat bouncer";
after = ["network.target"];
wantedBy = ["multi-user.target"];
restartIfChanged = true;
path = [pkgs.alacritty.terminfo];
environment.WEECHAT_HOME = weechatHome;
# preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
preStop = "${tmux} kill-session -t IM";
serviceConfig = {
User = "weechat";
Group = "weechat";
RemainAfterExit = true;
Type = "oneshot";
};
};
users.groups.weechat = {};
users.groups.weechat = { };
users.extraUsers.weechat = {
useDefaultShell = true;
openssh.authorizedKeys.keys =
pkgs.lib.niveum.kieran.sshKeys
++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh"
];
openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh"
];
createHome = true;
group = "weechat";
home = "/var/lib/weechat";
isSystemUser = true;
packages = [pkgs.tmux];
packages = [ pkgs.tmux ];
};
age.secrets.weechat-sec = {

5
systems/manakish/configuration.nix
View File

@@ -3,7 +3,8 @@
pkgs,
lib,
...
}: {
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@@ -47,7 +48,7 @@
wlp3s0.useDHCP = true;
wwp0s20u4i6.useDHCP = true;
};
wireless.interfaces = ["wlp3s0"];
wireless.interfaces = [ "wlp3s0" ];
retiolum = pkgs.lib.niveum.retiolumAddresses.manakish;
hostName = "manakish";
};

24
systems/manakish/hardware-configuration.nix
View File

@@ -4,17 +4,25 @@
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci"];
kernelModules = [];
availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
kernelModules = [ ];
luks.devices."crypted".device = "/dev/disk/by-uuid/493cb228-c292-4f71-9f38-dcb3e96dec47";
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
loader.grub = {
enable = true;
efiSupport = true;
@@ -36,11 +44,11 @@
"/mnt/sd-card" = {
device = "/dev/disk/by-id/mmc-5E4S5_0x4c585d15-part1";
fsType = "ext4";
options = ["nofail"];
options = [ "nofail" ];
};
};
swapDevices = [];
swapDevices = [ ];
zramSwap.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

28
systems/manakish/hdmi.nix
View File

@@ -1,13 +1,17 @@
{pkgs, ...}: {
services.xserver.displayManager.sessionCommands = let
intern = "LVDS-1";
extern = "HDMI-1";
pulseaudioCard = "alsa_card.pci-0000_00_1b.0";
# pulseaudioProfile = "output:hdmi-stereo-extra2+input:analog-stereo";
pulseaudioProfile = "alsa_output.pci-0000_00_1b.0.analog-stereo";
in
toString (pkgs.writers.writeDash "hdmi-on" ''
${pkgs.xorg.xrandr}/bin/xrandr --output ${intern} --primary --auto --output ${extern} --above ${intern} --auto
${pkgs.pulseaudio}/bin/pactl set-card-profile ${pulseaudioCard} ${pulseaudioProfile}
'');
{ pkgs, ... }:
{
services.xserver.displayManager.sessionCommands =
let
intern = "LVDS-1";
extern = "HDMI-1";
pulseaudioCard = "alsa_card.pci-0000_00_1b.0";
# pulseaudioProfile = "output:hdmi-stereo-extra2+input:analog-stereo";
pulseaudioProfile = "alsa_output.pci-0000_00_1b.0.analog-stereo";
in
toString (
pkgs.writers.writeDash "hdmi-on" ''
${pkgs.xorg.xrandr}/bin/xrandr --output ${intern} --primary --auto --output ${extern} --above ${intern} --auto
${pkgs.pulseaudio}/bin/pactl set-card-profile ${pulseaudioCard} ${pulseaudioProfile}
''
);
}

21
systems/tabula/hardware-configuration.nix
View File

@@ -4,7 +4,8 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
@@ -15,11 +16,19 @@
device = "/dev/sda";
};
initrd = {
availableKernelModules = ["pata_sis" "ohci_pci" "ehci_pci" "sata_sis" "usb_storage" "sd_mod" "sr_mod"];
kernelModules = [];
availableKernelModules = [
"pata_sis"
"ohci_pci"
"ehci_pci"
"sata_sis"
"usb_storage"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [];
extraModulePackages = [];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
@@ -28,7 +37,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/874256aa-5bae-44a4-8933-c65f8600fe78";}
{ device = "/dev/disk/by-uuid/874256aa-5bae-44a4-8933-c65f8600fe78"; }
];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

5
systems/tahina/configuration.nix
View File

@@ -3,7 +3,8 @@
lib,
pkgs,
...
}: {
}:
{
imports = [
./hardware-configuration.nix
../../configs/spacetime.nix
@@ -37,7 +38,7 @@
name = "xenos";
password = "xenos";
isNormalUser = true;
extraGroups = ["networkmanager"];
extraGroups = [ "networkmanager" ];
};
services.desktopManager.pantheon.enable = true;

20
systems/tahina/hardware-configuration.nix
View File

@@ -4,7 +4,8 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
@@ -18,12 +19,21 @@
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"];
kernelModules = ["dm-snapshot"];
availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"firewire_ohci"
"usb_storage"
"sd_mod"
"sr_mod"
"sdhci_pci"
];
kernelModules = [ "dm-snapshot" ];
luks.devices.luksmap.device = "/dev/disk/by-uuid/b7d66981-8cb7-4aad-a595-ee6574b312cf";
};
kernelModules = ["kvm-intel"];
extraModulePackages = [];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {

68
systems/zaatar/backup.nix
View File

@@ -3,15 +3,17 @@
pkgs,
lib,
...
}: let
}:
let
dataDir = "/backup/restic";
in {
in
{
services.restic.server = {
enable = true;
appendOnly = true;
inherit dataDir;
prometheus = true;
extraFlags = ["--no-auth"]; # auth is done via firewall
extraFlags = [ "--no-auth" ]; # auth is done via firewall
listenAddress = toString pkgs.lib.niveum.restic.port;
};
@@ -26,33 +28,35 @@ in {
fsType = "ext4";
};
networking.firewall = let
dport = pkgs.lib.niveum.restic.port;
protocol = "tcp";
rules = [
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
})
];
in {
extraCommands = pkgs.lib.niveum.firewall.addRules rules;
extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
};
networking.firewall =
let
dport = pkgs.lib.niveum.restic.port;
protocol = "tcp";
rules = [
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
})
(pkgs.lib.niveum.firewall.accept {
inherit dport protocol;
source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
})
];
in
{
extraCommands = pkgs.lib.niveum.firewall.addRules rules;
extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
};
}

9
systems/zaatar/gaslight.nix
View File

@@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [
(pkgs.writers.writeDashBin "gaslight-stream" ''
${pkgs.ffmpeg}/bin/ffmpeg -r 14 -s 640x480 -f video4linux2 -i /dev/video0 -f alsa -i default -c:v libx264 -preset ultrafast -c:a aac -f avi -
@@ -16,8 +17,6 @@
];
}
/*
ssh machine gaslight-stream | mpv -
ssh machine gaslight-say "blablabla"
ssh machine gaslight-stream | mpv -
ssh machine gaslight-say "blablabla"
*/

26
systems/zaatar/hardware-configuration.nix
View File

@@ -4,14 +4,22 @@
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc"];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
supportedFilesystems = ["ntfs"];
initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"usb_storage"
"sd_mod"
"sdhci_acpi"
"rtsx_usb_sdmmc"
];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
supportedFilesystems = [ "ntfs" ];
loader = {
systemd-boot = {
enable = true;
@@ -32,9 +40,9 @@
};
};
swapDevices =
[ { device = "/dev/disk/by-uuid/7b2a3e4c-e53f-4c53-b599-b6d6cff49f1f"; }
];
swapDevices = [
{ device = "/dev/disk/by-uuid/7b2a3e4c-e53f-4c53-b599-b6d6cff49f1f"; }
];
nix.settings.max-jobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

15
systems/zaatar/home-assistant.nix
View File

@@ -1,8 +1,15 @@
{config, pkgs, lib, ...}: let
{
config,
pkgs,
lib,
...
}:
let
port = 8123;
volumeName = "home-assistant";
in {
networking.firewall.allowedTCPPorts = [port];
in
{
networking.firewall.allowedTCPPorts = [ port ];
services.nginx.virtualHosts."home.kmein.r" = {
locations."/" = {
@@ -59,7 +66,7 @@ in {
enable = true;
autoPrune = {
enable = true;
flags = ["--all"];
flags = [ "--all" ];
};
};

17
systems/zaatar/kiosk.nix
View File

@@ -3,20 +3,25 @@
pkgs,
lib,
...
}: {
}:
{
users.extraUsers.kiosk = {
isNormalUser = true;
password = "";
extraGroups = ["audio" "pipewire"];
extraGroups = [
"audio"
"pipewire"
];
};
# TODO https://github.com/cage-kiosk/cage/issues/138
services.cage = {
enable = true;
user = config.users.extraUsers.kiosk.name;
extraArguments = ["-s"]; # allow vt switching
program = let
startUrls = [];
in
extraArguments = [ "-s" ]; # allow vt switching
program =
let
startUrls = [ ];
in
pkgs.writers.writeDash "kiosk-browser" ''
while true; do
${pkgs.brave}/bin/brave \

45
systems/zaatar/moodle-dl-meinhark.nix
View File

@@ -3,21 +3,25 @@
pkgs,
lib,
...
}: let
moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
}:
let
moodle-dl-package = pkgs.moodle-dl.overrideAttrs (
old:
old
// {
# patches = [../../packages/moodle-dl/telegram-format.patch]; TODO?
});
in {
}
);
in
{
age.secrets = {
/*
moodle-dl-tokens = {
file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
owner = "moodle-dl";
group = "moodle-dl";
mode = "400";
};
moodle-dl-tokens = {
file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
owner = "moodle-dl";
group = "moodle-dl";
mode = "400";
};
*/
moodle-dl-basicAuth = {
file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
@@ -120,10 +124,10 @@ in {
fileSystems."/export/moodle" = {
device = config.services.moodle-dl.directory;
options = ["bind"];
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [2049];
networking.firewall.allowedTCPPorts = [ 2049 ];
services.nginx.enable = true;
@@ -140,11 +144,16 @@ in {
services.nfs.server = {
enable = true;
exports = let
machines = with pkgs.lib.niveum.retiolumAddresses; [kabsa manakish];
in ''
/export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
/export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
'';
exports =
let
machines = with pkgs.lib.niveum.retiolumAddresses; [
kabsa
manakish
];
in
''
/export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
/export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
'';
};
}