kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-21 12:21:08 +01:00
Code Releases Activity

format

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-28 13:39:42 +01:00
parent 51533efeda
commit c15f5375e2
28 changed files with 576 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
systems/makanek/monitoring/grafana-dashboards/niveum.json
View File

@@ -180,9 +180,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -246,9 +244,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -429,9 +425,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -497,9 +491,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},
@@ -562,9 +554,7 @@
"justifyMode": "auto",
"orientation": "auto",
"reduceOptions": {
"calcs": [
"lastNotNull"
],
"calcs": ["lastNotNull"],
"fields": "",
"values": false
},

10
systems/makanek/names.nix
View File

@@ -1,12 +1,14 @@
{
pkgs,
...
}: let
}:
let
port = 5703;
in {
in
{
systemd.services.names = {
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "Better clone of geogen.stoepel.net";
serviceConfig = {
DynamicUser = true;

21
systems/makanek/nextcloud.nix
View File

@@ -2,9 +2,11 @@
pkgs,
config,
...
}: let
}:
let
storageBoxMountPoint = "/mnt/storagebox";
in {
in
{
# https://docs.hetzner.com/de/robot/storage-box/access/access-samba-cifs/
fileSystems.${storageBoxMountPoint} = {
device = "//u359050.your-storagebox.de/backup";
@@ -23,8 +25,14 @@ in {
};
systemd.services.nextcloud-setup = {
wants = ["mnt-storagebox.mount" "postgresql.service"];
after = ["mnt-storagebox.mount" "postgresql.service"];
wants = [
"mnt-storagebox.mount"
"postgresql.service"
];
after = [
"mnt-storagebox.mount"
"postgresql.service"
];
};
age.secrets = {
@@ -73,7 +81,6 @@ in {
# extraTrustedDomains = [ "toum.r" ];
};
settings = {
defaultapp = "files";
overwriteprotocol = "https";
@@ -92,12 +99,12 @@ in {
services.postgresqlBackup = {
enable = true;
databases = [config.services.nextcloud.config.dbname];
databases = [ config.services.nextcloud.config.dbname ];
};
services.postgresql = {
enable = true;
ensureDatabases = [config.services.nextcloud.config.dbname];
ensureDatabases = [ config.services.nextcloud.config.dbname ];
ensureUsers = [
{
name = "nextcloud";

3
systems/makanek/onlyoffice.nix
View File

@@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
services.onlyoffice = {
enable = true;
port = 8111;

20
systems/makanek/retiolum-map.nix
View File

@@ -3,17 +3,19 @@
pkgs,
lib,
...
}: let
}:
let
network = "retiolum";
stateDirectory = "retiolum-map";
geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb";
geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}";
in {
in
{
systemd.services.retiolum-index = {
description = "Retiolum indexing service";
wants = ["tinc.${network}.service"];
wants = [ "tinc.${network}.service" ];
script = ''
${pkgs.tinc-graph}/bin/tinc-graph --geoip-file ${geo-ip-database-path} --network ${network} \
| ${pkgs.coreutils}/bin/tee network.json \
@@ -24,7 +26,11 @@ in {
cp ${pkgs.tinc-graph}/static/graph.html graph.html
'';
startAt = "hourly";
path = [pkgs.coreutils pkgs.jq pkgs.tinc_pre];
path = [
pkgs.coreutils
pkgs.jq
pkgs.tinc_pre
];
serviceConfig = {
Type = "oneshot";
User = "root";
@@ -38,7 +44,7 @@ in {
settings = {
AccountID = 608777;
LicenseKey._secret = config.age.secrets.maxmind-license-key.path;
EditionIDs = ["GeoLite2-City"];
EditionIDs = [ "GeoLite2-City" ];
};
};
@@ -69,8 +75,8 @@ in {
};
systemd.services.geoip-share = {
after = ["geoipupdate.service"];
wantedBy = ["geoipupdate.service"];
after = [ "geoipupdate.service" ];
wantedBy = [ "geoipupdate.service" ];
script = "${pkgs.curl}/bin/curl -fSs --data-binary @${geo-ip-database-path} http://c.r/${geo-ip-database} ";
serviceConfig = {
Type = "oneshot";

27
systems/makanek/scrabble.nix
View File

@@ -10,22 +10,24 @@ in
home = scrabbleDirectory;
createHome = true;
};
users.extraGroups.scrabble = {};
users.extraGroups.scrabble = { };
systemd.services.scrabble = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
enable = true;
preStart = "npm install @cdot/xanado";
path = [ pkgs.nodejs ];
script = ''
${scrabbleDirectory}/node_modules/.bin/xanado --config ${(pkgs.formats.json {}).generate "config.json" {
port = port;
host = "localhost";
game_defaults = {
edition = "Deutsch_Scrabble";
dictionary = "German";
};
}}
${scrabbleDirectory}/node_modules/.bin/xanado --config ${
(pkgs.formats.json { }).generate "config.json" {
port = port;
host = "localhost";
game_defaults = {
edition = "Deutsch_Scrabble";
dictionary = "German";
};
}
}
'';
serviceConfig = {
User = "scrabble";
@@ -34,7 +36,6 @@ in
};
};
services.nginx.virtualHosts."scrabble.kmein.de" = {
enableACME = true;
forceSSL = true;
@@ -43,10 +44,10 @@ in
systemd.services.scrabble-fix = {
startAt = "hourly";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
enable = false;
script = ''
${pkgs.gnused}/bin/sed -i s/encadefrit/en/ sessions/*.json passwd.json"
${pkgs.gnused}/bin/sed -i s/encadefrit/en/ sessions/*.json passwd.json"
'';
serviceConfig = {
User = "scrabble";

8
systems/makanek/tt-rss.nix
View File

@@ -3,10 +3,12 @@
lib,
config,
...
}: let
}:
let
domain = "feed.kmein.de";
port = 8181;
in {
in
{
services.miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux-credentials.path;
@@ -23,7 +25,7 @@ in {
services.postgresqlBackup = {
enable = true;
databases = ["miniflux"];
databases = [ "miniflux" ];
};
services.nginx.virtualHosts.${domain} = {

339
systems/makanek/weechat.nix
View File

@@ -2,13 +2,15 @@
lib,
pkgs,
...
}: let
}:
let
weechatHome = "/var/lib/weechat";
in {
systemd.services.weechat = let
tmux = pkgs.writers.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${
pkgs.writeText "tmux.conf" ''
in
{
systemd.services.weechat =
let
tmux = pkgs.writers.writeDash "tmux" ''
exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" ''
set-option -g prefix `
unbind-key C-b
bind ` send-prefix
@@ -21,174 +23,195 @@ in {
bind-key p switch-client -p
bind-key n switch-client -n
bind-key C-s switch-client -l
''
} "$@"
'';
weechat = pkgs.weechat-declarative.override {
config = {
scripts = [
pkgs.weechatScripts.weechat-autosort
pkgs.weechatScripts.colorize_nicks
pkgs.weechatScripts.hotlist2extern
# pkgs.weechatScripts.weechat-matrix
];
settings = let
nick = "kmein";
in {
weechat = {
look.mouse = true;
look.prefix_align_max = 15;
color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (lib.range 31 254);
};
irc = {
look = {
server_buffer = "independent";
color_nicks_in_nicklist = true;
};
server_default = {
nicks = nick;
msg_part = "tschö mit ö";
msg_quit = "ciao kakao";
msg_kick = "warum machst du diese?";
realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
};
server = {
hackint = {
autoconnect = true;
addresses = "irc.hackint.org/6697";
ipv6 = true;
tls = true;
autojoin = ["#eloop" "#krebs" "#the_playlist"];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.hackint_sasl}";
''} "$@"
'';
weechat = pkgs.weechat-declarative.override {
config = {
scripts = [
pkgs.weechatScripts.weechat-autosort
pkgs.weechatScripts.colorize_nicks
pkgs.weechatScripts.hotlist2extern
# pkgs.weechatScripts.weechat-matrix
];
settings =
let
nick = "kmein";
in
{
weechat = {
look.mouse = true;
look.prefix_align_max = 15;
color.chat_nick_colors = lib.lists.subtractLists (lib.range 52 69 ++ lib.range 231 248) (
lib.range 31 254
);
};
libera = {
autoconnect = true;
addresses = "irc.libera.chat/6697";
tls = true;
autojoin = ["#haskell" "#fysi" "#binaergewitter" "#vim"];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.libera_sasl}";
irc = {
look = {
server_buffer = "independent";
color_nicks_in_nicklist = true;
};
server_default = {
nicks = nick;
msg_part = "tschö mit ö";
msg_quit = "ciao kakao";
msg_kick = "warum machst du diese?";
realname = lib.head (lib.strings.split " " pkgs.lib.niveum.kieran.name);
};
server = {
hackint = {
autoconnect = true;
addresses = "irc.hackint.org/6697";
ipv6 = true;
tls = true;
autojoin = [
"#eloop"
"#krebs"
"#the_playlist"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.hackint_sasl}";
};
libera = {
autoconnect = true;
addresses = "irc.libera.chat/6697";
tls = true;
autojoin = [
"#haskell"
"#fysi"
"#binaergewitter"
"#vim"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.libera_sasl}";
};
retiolum = {
autoconnect = true;
addresses = "irc.r";
tls = false;
autojoin = [
"#xxx"
"#brockman"
"#flix"
];
command = lib.concatStringsSep "\\;" [
"/oper admin aidsballs"
"/msg nickserv always-on true"
"/msg nickserv autoreplay-missed on"
"/msg nickserv auto-away"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.retiolum_sasl}";
};
brockman = {
autoconnect = true;
addresses = "brockman.news";
tls = false;
autojoin = [
"#cook"
"#kmeinung"
];
sasl_username = nick;
sasl_password = "\${sec.data.brockman_sasl}";
sasl_mechanism = "plain";
};
};
};
retiolum = {
autoconnect = true;
addresses = "irc.r";
tls = false;
autojoin = ["#xxx" "#brockman" "#flix"];
command = lib.concatStringsSep "\\;" [
"/oper admin aidsballs"
"/msg nickserv always-on true"
"/msg nickserv autoreplay-missed on"
"/msg nickserv auto-away"
];
sasl_mechanism = "plain";
sasl_username = nick;
sasl_password = "\${sec.data.retiolum_sasl}";
logger.level.irc.news = 0;
plugins.var.perl.hotlist2extern = {
external_command_hotlist = "echo %X > ${weechatHome}/hotlist.txt";
external_command_hotlist_empty = "echo -n %X > ${weechatHome}/hotlist.txt";
lowest_priority = "2";
use_title = "off";
delimiter = ",";
};
brockman = {
matrix.look.server_buffer = "merge_without_core";
matrix.server.nibbana = {
address = "nibbana.jp";
username = nick;
password = "\${sec.data.nibbana_account}";
autoconnect = true;
addresses = "brockman.news";
tls = false;
autojoin = ["#cook" "#kmeinung"];
sasl_username = nick;
sasl_password = "\${sec.data.brockman_sasl}";
sasl_mechanism = "plain";
};
alias.cmd.mod = "/quote omode $channel +o $nick";
relay = {
port.weechat = 9000;
network.password = "\${sec.data.relay_password}";
};
filters = {
zerocovid = {
buffer = "irc.news.*";
tags = "*";
regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|vaxx|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert";
};
smart = {
buffer = "*";
tags = "irc_smart_filter";
regex = "*";
};
playlist_topic = {
buffer = "irc.*.#the_playlist";
tags = "irc_topic";
regex = "*";
};
brockman_notice = {
buffer = "irc.news.*";
tags = "irc_notice";
regex = "*";
};
bots = {
buffer = "irc.retiolum.*";
tags = [
"nick_gitlab"
"nick_prometheus"
];
regex = "*";
};
people = {
buffer = "irc.*.*";
tags = map (name: "nick_${name}") [ "mod_p[matrix-fli" ];
regex = "*";
};
};
};
};
logger.level.irc.news = 0;
plugins.var.perl.hotlist2extern = {
external_command_hotlist = "echo %X > ${weechatHome}/hotlist.txt";
external_command_hotlist_empty = "echo -n %X > ${weechatHome}/hotlist.txt";
lowest_priority = "2";
use_title = "off";
delimiter = ",";
};
matrix.look.server_buffer = "merge_without_core";
matrix.server.nibbana = {
address = "nibbana.jp";
username = nick;
password = "\${sec.data.nibbana_account}";
autoconnect = true;
};
alias.cmd.mod = "/quote omode $channel +o $nick";
relay = {
port.weechat = 9000;
network.password = "\${sec.data.relay_password}";
};
filters = {
zerocovid = {
buffer = "irc.news.*";
tags = "*";
regex = "[kc]orona|💉|🤒|😷|[kc]ovid|virus|lockdown|va[kc][sc]in|vaxx|mutante|mutation|impf|pandemi|κορ[ωο]ν[αο]ϊό|корона|expert|infe[ck]t|infizi|in[cz]iden[cz]|sars-cov|drosten|virolog|lauterbach|delta|omi[ck]ron|epidemi|booster|r-wert";
};
smart = {
buffer = "*";
tags = "irc_smart_filter";
regex = "*";
};
playlist_topic = {
buffer = "irc.*.#the_playlist";
tags = "irc_topic";
regex = "*";
};
brockman_notice = {
buffer = "irc.news.*";
tags = "irc_notice";
regex = "*";
};
bots = {
buffer = "irc.retiolum.*";
tags = ["nick_gitlab" "nick_prometheus"];
regex = "*";
};
people = {
buffer = "irc.*.*";
tags = map (name: "nick_${name}") ["mod_p[matrix-fli"];
regex = "*";
};
};
extraCommands = ''
/save
/connect -all
'';
# /matrix connect nibbana
};
extraCommands = ''
/save
/connect -all
'';
# /matrix connect nibbana
};
in
{
description = "Weechat bouncer";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
restartIfChanged = true;
path = [ pkgs.alacritty.terminfo ];
environment.WEECHAT_HOME = weechatHome;
# preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
preStop = "${tmux} kill-session -t IM";
serviceConfig = {
User = "weechat";
Group = "weechat";
RemainAfterExit = true;
Type = "oneshot";
};
};
in {
description = "Weechat bouncer";
after = ["network.target"];
wantedBy = ["multi-user.target"];
restartIfChanged = true;
path = [pkgs.alacritty.terminfo];
environment.WEECHAT_HOME = weechatHome;
# preStart = "${pkgs.coreutils}/bin/rm $WEECHAT_HOME/*.conf";
script = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat";
preStop = "${tmux} kill-session -t IM";
serviceConfig = {
User = "weechat";
Group = "weechat";
RemainAfterExit = true;
Type = "oneshot";
};
};
users.groups.weechat = {};
users.groups.weechat = { };
users.extraUsers.weechat = {
useDefaultShell = true;
openssh.authorizedKeys.keys =
pkgs.lib.niveum.kieran.sshKeys
++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh"
];
openssh.authorizedKeys.keys = pkgs.lib.niveum.kieran.sshKeys ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@kibbeh"
];
createHome = true;
group = "weechat";
home = "/var/lib/weechat";
isSystemUser = true;
packages = [pkgs.tmux];
packages = [ pkgs.tmux ];
};
age.secrets.weechat-sec = {