kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat: convert to flake

Browse Source 
feat(zaatar): convert to flake

feat(tahina, tabula): convert to flake

feat(makanek): convert to flake

feat(manakish, zaatar): convert to flake

feat(ci): build flake systems

fix: ci build

feat: secrets via submodule

foo

foo

foo
This commit is contained in:
Kierán Meinhardt
2023-02-22 10:02:55 +01:00
parent ba27e98297
commit d03c6bb0de
92 changed files with 1656 additions and 934 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/niveum.yml vendored
View File

@@ -11,4 +11,4 @@ jobs:
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: cachix/install-nix-action@v16 - uses: cachix/install-nix-action@v16
- run: nix run .#build-${{matrix.system}} - run: nix build --dry-run .#nixosConfigurations.${{matrix.system}}.config.system.build.toplevel

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "secrets"]
path = secrets
url = ssh://gitea@code.kmein.de:22022/kfm/niveum-secrets.git

10
ci.nix
View File

@@ -3,7 +3,7 @@
system, system,
name, name,
}: let }: let
nixpkgs = inputs.nixos-stable; nixpkgs = inputs.nixpkgs;
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
ensureFiles = paths: ensureFiles = paths:
pkgs.runCommand "directory" {} '' pkgs.runCommand "directory" {} ''
@@ -23,13 +23,7 @@
"nixos-config=${toString ./.}/systems/${name}/configuration.nix" "nixos-config=${toString ./.}/systems/${name}/configuration.nix"
"system-secrets=${systemSecrets}" "system-secrets=${systemSecrets}"
"secrets=${sharedSecrets}" "secrets=${sharedSecrets}"
"nixpkgs=${ "nixpkgs=${toString (inputs.nixpkgs)}"
toString (
if name == "kabsa" || name == "manakish"
then inputs.nixos-unstable
else inputs.nixos-stable
)
}"
] ]
++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs); ++ nixpkgs.lib.mapAttrsToList (name: value: "${name}=${value}") inputs);
# cd ~/.password-store/shared && find * -type f | sed 's/.gpg$//' # cd ~/.password-store/shared && find * -type f | sed 's/.gpg$//'

48
configs/aerc.nix
View File

@@ -16,8 +16,38 @@
smtp.port = 25; smtp.port = 25;
smtp.tls.useStartTls = true; smtp.tls.useStartTls = true;
}; };
passwordCommandFrom = path: toString (pkgs.writers.writeDash "email-credentials" "echo ${lib.escapeShellArg (lib.strings.fileContents path)}");
in { in {
age.secrets = {
email-password-cock = {
file = ../secrets/email-password-cock.age;
owner = config.users.users.me.name;
};
email-password-fysi = {
file = ../secrets/email-password-fysi.age;
owner = config.users.users.me.name;
};
email-password-posteo = {
file = ../secrets/email-password-posteo.age;
owner = config.users.users.me.name;
};
email-password-meinhark = {
file = ../secrets/email-password-meinhark.age;
owner = config.users.users.me.name;
};
email-password-meinhaki = {
file = ../secrets/email-password-meinhaki.age;
owner = config.users.users.me.name;
};
email-password-dslalewa = {
file = ../secrets/email-password-dslalewa.age;
owner = config.users.users.me.name;
};
email-password-fsklassp = {
file = ../secrets/email-password-fsklassp.age;
owner = config.users.users.me.name;
};
};
home-manager.users.me = { home-manager.users.me = {
accounts.email.accounts = rec { accounts.email.accounts = rec {
hu-student = hu-student =
@@ -27,7 +57,7 @@ in {
userName = "meinhark"; userName = "meinhark";
address = "kieran.felix.meinhardt@hu-berlin.de"; address = "kieran.felix.meinhardt@hu-berlin.de";
aliases = ["${userName}@hu-berlin.de"]; aliases = ["${userName}@hu-berlin.de"];
passwordCommand = passwordCommandFrom <secrets/eduroam/password>; passwordCommand = "cat ${config.age.secrets.email-password-meinhark.path}";
}); });
hu-student-cs = hu-student-cs =
lib.recursiveUpdate defaults lib.recursiveUpdate defaults
@@ -38,7 +68,7 @@ in {
aliases = ["${userName}@informatik.hu-berlin.de"]; aliases = ["${userName}@informatik.hu-berlin.de"];
imap.host = "mailbox.informatik.hu-berlin.de"; imap.host = "mailbox.informatik.hu-berlin.de";
smtp.host = "mailhost.informatik.hu-berlin.de"; smtp.host = "mailhost.informatik.hu-berlin.de";
passwordCommand = passwordCommandFrom <secrets/eduroam/password>; passwordCommand = "cat ${config.age.secrets.email-password-meinhark.path}";
}); });
hu-employee = hu-employee =
lib.recursiveUpdate defaults lib.recursiveUpdate defaults
@@ -47,7 +77,7 @@ in {
userName = "meinhaki"; userName = "meinhaki";
address = "kieran.meinhardt@hu-berlin.de"; address = "kieran.meinhardt@hu-berlin.de";
aliases = ["${userName}@hu-berlin.de"]; aliases = ["${userName}@hu-berlin.de"];
passwordCommand = passwordCommandFrom <secrets/mail/meinhaki>; passwordCommand = "cat ${config.age.secrets.email-password-meinhaki.path}";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text); aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
signature = { signature = {
showSignature = "append"; showSignature = "append";
@@ -69,7 +99,7 @@ in {
userName = "dslalewa"; userName = "dslalewa";
address = "admin.alew.vglsprwi@hu-berlin.de"; address = "admin.alew.vglsprwi@hu-berlin.de";
aliases = ["${userName}@hu-berlin.de"]; aliases = ["${userName}@hu-berlin.de"];
passwordCommand = passwordCommandFrom <secrets/mail/dslalewa>; passwordCommand = "cat ${config.age.secrets.email-password-dslalewa.path}";
inherit (hu-employee) signature; inherit (hu-employee) signature;
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text); aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
}); });
@@ -78,7 +108,7 @@ in {
(lib.recursiveUpdate hu-defaults (lib.recursiveUpdate hu-defaults
rec { rec {
userName = "fsklassp"; userName = "fsklassp";
passwordCommand = passwordCommandFrom <secrets/mail/fsklassp>; passwordCommand = "cat ${config.age.secrets.email-password-fsklassp.path}";
address = "${userName}@hu-berlin.de"; address = "${userName}@hu-berlin.de";
realName = "FSI Klassische Philologie"; realName = "FSI Klassische Philologie";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text); aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
@@ -100,7 +130,7 @@ in {
rec { rec {
address = "kieran@fysi.tech"; address = "kieran@fysi.tech";
userName = address; userName = address;
passwordCommand = passwordCommandFrom <secrets/mail/fastmail>; passwordCommand = "cat ${config.age.secrets.email-password-fysi.path}";
flavor = "fastmail.com"; flavor = "fastmail.com";
}; };
cock = cock =
@@ -108,7 +138,7 @@ in {
rec { rec {
address = "2210@cock.li"; address = "2210@cock.li";
userName = address; userName = address;
passwordCommand = passwordCommandFrom <secrets/mail/cock>; passwordCommand = "cat ${config.age.secrets.email-password-cock.path}";
realName = ""; realName = "";
imap.host = "mail.cock.li"; imap.host = "mail.cock.li";
smtp.host = imap.host; smtp.host = imap.host;
@@ -122,7 +152,7 @@ in {
imap.host = "posteo.de"; imap.host = "posteo.de";
smtp.host = imap.host; smtp.host = imap.host;
primary = true; primary = true;
passwordCommand = passwordCommandFrom <secrets/mail/posteo>; passwordCommand = "cat ${config.age.secrets.email-password-posteo.path}";
# himalaya = { enable = true; backend = "imap"; sender = "smtp"; }; # himalaya = { enable = true; backend = "imap"; sender = "smtp"; };
}; };
}; };

6
configs/alacritty.nix
View File

@@ -47,7 +47,7 @@
alacritty-pkg = pkgs.symlinkJoin { alacritty-pkg = pkgs.symlinkJoin {
name = "alacritty"; name = "alacritty";
paths = [ paths = [
(pkgs.writeDashBin "alacritty" '' (pkgs.writers.writeDashBin "alacritty" ''
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml msg create-window "$@" || ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml msg create-window "$@" ||
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml "$@" ${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml "$@"
'') '')
@@ -62,7 +62,7 @@ in {
]; ];
environment.etc = { environment.etc = {
"themes/dark/alacritty.yml".source = alacritty-cfg (import <niveum/lib/colours/papercolor-dark.nix>); "themes/dark/alacritty.yml".source = alacritty-cfg (import ../lib/colours/papercolor-dark.nix);
"themes/light/alacritty.yml".source = alacritty-cfg (import <niveum/lib/colours/papercolor-light.nix>); "themes/light/alacritty.yml".source = alacritty-cfg (import ../lib/colours/papercolor-light.nix);
}; };
} }

8
configs/backup.nix
View File

@@ -3,7 +3,7 @@
config, config,
... ...
}: let }: let
inherit (import <niveum/lib>) restic; inherit (import ../lib) restic;
in { in {
services.restic.backups.niveum = { services.restic.backups.niveum = {
initialize = true; initialize = true;
@@ -12,7 +12,7 @@ in {
OnCalendar = "8:00"; OnCalendar = "8:00";
RandomizedDelaySec = "1h"; RandomizedDelaySec = "1h";
}; };
passwordFile = toString <secrets/restic/password>; passwordFile = config.age.secrets.restic.path;
extraBackupArgs = [ extraBackupArgs = [
"--exclude=/home/kfm/projects/nixpkgs/.git" "--exclude=/home/kfm/projects/nixpkgs/.git"
"--exclude=node_modules" "--exclude=node_modules"
@@ -38,7 +38,7 @@ in {
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writers.writeDashBin "restic-niveum" '' (pkgs.writers.writeDashBin "restic-niveum" ''
${pkgs.restic}/bin/restic -r ${restic.repository} -p ${<secrets/restic/password>} "$@" ${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} "$@"
'') '')
(pkgs.writers.writeDashBin "restic-mount" '' (pkgs.writers.writeDashBin "restic-mount" ''
mountdir=$(mktemp -d) mountdir=$(mktemp -d)
@@ -46,7 +46,7 @@ in {
clean() { clean() {
rm -r "$mountdir" rm -r "$mountdir"
} }
${pkgs.restic}/bin/restic -r ${restic.repository} -p ${<secrets/restic/password>} mount "$mountdir" ${pkgs.restic}/bin/restic -r ${restic.repository} -p ${config.age.secrets.restic.path} mount "$mountdir"
'') '')
]; ];
} }

26
configs/cloud.nix
View File

@@ -4,16 +4,8 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) tmpfilesConfig; inherit (import ../lib) tmpfilesConfig;
in { in {
imports = [
<niveum/modules/dropbox.nix>
];
niveum = {
dropbox.enable = false;
};
systemd.tmpfiles.rules = map tmpfilesConfig [ systemd.tmpfiles.rules = map tmpfilesConfig [
{ {
type = "L+"; type = "L+";
@@ -55,13 +47,13 @@ in {
script = let script = let
kieran = { kieran = {
user = "kieran"; user = "kieran";
password = lib.fileContents <secrets/nextcloud/password>; passwordFile = config.age.secrets.nextcloud-password-kieran.path;
endpoint = "https://cloud.xn--kiern-0qa.de"; endpoint = "https://cloud.xn--kiern-0qa.de";
target = "${config.users.users.me.home}/notes"; target = "${config.users.users.me.home}/notes";
}; };
in '' in ''
mkdir -p ${lib.escapeShellArg kieran.target} mkdir -p ${lib.escapeShellArg kieran.target}
${pkgs.nextcloud-client}/bin/nextcloudcmd --non-interactive --user ${kieran.user} --password ${lib.escapeShellArg kieran.password} --path /Notes ${lib.escapeShellArg kieran.target} ${kieran.endpoint} ${pkgs.nextcloud-client}/bin/nextcloudcmd --non-interactive --user ${kieran.user} --password "$(cat ${kieran.passwordFile})" --path /Notes ${lib.escapeShellArg kieran.target} ${kieran.endpoint}
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@@ -81,9 +73,9 @@ in {
(let (let
kieran = { kieran = {
user = "kieran.meinhardt@gmail.com"; user = "kieran.meinhardt@gmail.com";
password = lib.fileContents <secrets/mega/password>; passwordFile = config.age.secrets.mega-password.path;
}; };
megatools = command: "${pkgs.megatools}/bin/megatools ${command} --username ${lib.escapeShellArg kieran.user} --password ${lib.escapeShellArg kieran.password}"; megatools = command: ''${pkgs.megatools}/bin/megatools ${command} --username ${lib.escapeShellArg kieran.user} --password "$(cat ${kieran.passwordFile})"'';
in in
pkgs.writers.writeDashBin "book-mega" '' pkgs.writers.writeDashBin "book-mega" ''
set -efu set -efu
@@ -104,6 +96,8 @@ in {
'') '')
]; ];
age.secrets.mega-password.file = ../secrets/mega-password.age;
fileSystems."/media/moodle" = { fileSystems."/media/moodle" = {
device = "zaatar.r:/moodle"; device = "zaatar.r:/moodle";
fsType = "nfs"; fsType = "nfs";
@@ -120,9 +114,9 @@ in {
openDefaultPorts = true; openDefaultPorts = true;
configDir = "/home/kfm/.config/syncthing"; configDir = "/home/kfm/.config/syncthing";
dataDir = "/home/kfm/.config/syncthing"; dataDir = "/home/kfm/.config/syncthing";
cert = toString <system-secrets/syncthing/cert.pem>; cert = config.age.secrets.syncthing-cert.path;
key = toString <system-secrets/syncthing/key.pem>; key = config.age.secrets.syncthing-key.path;
inherit ((import <niveum/lib>).syncthing) devices; inherit ((import ../lib).syncthing) devices;
folders = let folders = let
cloud-dir = "${config.users.users.me.home}/cloud"; cloud-dir = "${config.users.users.me.home}/cloud";
in { in {

24
configs/default.nix
View File

@@ -6,13 +6,12 @@
... ...
}: let }: let
inherit (lib.strings) makeBinPath; inherit (lib.strings) makeBinPath;
inherit (import <niveum/lib>) localAddresses kieran; inherit (import ../lib) localAddresses kieran;
scripts = import <niveum/packages/scripts> {inherit pkgs lib;}; scripts = import ../packages/scripts {inherit config pkgs lib;};
defaultApplications = (import <niveum/lib>).defaultApplications {inherit pkgs;}; defaultApplications = (import ../lib).defaultApplications {inherit pkgs;};
in { in {
imports = [ imports = [
<home-manager/nixos> ../modules/system-dependent.nix
<niveum/modules/system-dependent.nix>
{ {
boot.supportedFilesystems = ["ntfs"]; boot.supportedFilesystems = ["ntfs"];
} }
@@ -28,10 +27,10 @@ in {
allowUnfree = true; allowUnfree = true;
packageOverrides = pkgs: { packageOverrides = pkgs: {
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"''; dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
gfs-fonts = pkgs.callPackage <niveum/packages/gfs-fonts.nix> {}; gfs-fonts = pkgs.callPackage ../packages/gfs-fonts.nix {};
tocharian-font = pkgs.callPackage <niveum/packages/tocharian-font.nix> {}; tocharian-font = pkgs.callPackage ../packages/tocharian-font.nix {};
iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> {}; iolanguage = pkgs.callPackage ../packages/iolanguage.nix {};
ix = pkgs.callPackage <niveum/packages/ix.nix> {}; ix = pkgs.callPackage ../packages/ix.nix {};
}; };
permittedInsecurePackages = [ permittedInsecurePackages = [
"qtwebkit-5.212.0-alpha4" "qtwebkit-5.212.0-alpha4"
@@ -43,6 +42,9 @@ in {
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
boot.loader.timeout = 1; boot.loader.timeout = 1;
} }
{
age.secrets.di-fm-key.file = ../secrets/di-fm-key.age;
}
{ {
home-manager.users.me = { home-manager.users.me = {
programs.zathura = { programs.zathura = {
@@ -226,7 +228,6 @@ in {
./clipboard.nix ./clipboard.nix
./cloud.nix ./cloud.nix
./direnv.nix ./direnv.nix
./distrobump.nix
./docker.nix ./docker.nix
./dunst.nix ./dunst.nix
./flix.nix ./flix.nix
@@ -244,7 +245,7 @@ in {
./neovim.nix ./neovim.nix
./nix.nix ./nix.nix
./newsboat.nix ./newsboat.nix
./flameshot-once.nix ./flameshot.nix
./packages.nix ./packages.nix
./picom.nix ./picom.nix
./stardict.nix ./stardict.nix
@@ -262,7 +263,6 @@ in {
./sshd.nix ./sshd.nix
./sound.nix ./sound.nix
./sudo.nix ./sudo.nix
./nsxiv.nix
./themes.nix ./themes.nix
./tmux.nix ./tmux.nix
# ./traadfri.nix # ./traadfri.nix

2
configs/dunst.nix
View File

@@ -3,7 +3,7 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) defaultApplications colours theme; inherit (import ../lib) defaultApplications colours theme;
in { in {
home-manager.users.me.services.dunst = { home-manager.users.me.services.dunst = {
enable = true; enable = true;

52
configs/flameshot-once.nix
View File

@@ -1,52 +0,0 @@
{
lib,
pkgs,
...
}: let
inherit (import <niveum/lib>) defaultApplications;
flameshot-once = pkgs.callPackage <stockholm/krebs/5pkgs/simple/flameshot-once> {};
in {
environment.systemPackages = [
(flameshot-once.override {
name = "flameshot-once-kmein";
config = {
imgur = {
enable = true;
createUrl = "http://p.r/image";
deleteUrl = "http://p.r/image/delete/%1";
xdg-open.browser = (defaultApplications pkgs).browser;
};
settings.General = {
autoCloseIdleDaemon = true;
drawColor = "#ff0000";
drawThickness = 2;
checkForUpdates = false;
showDesktopNotification = true;
disabledTrayIcon = true;
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
buttons = [
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COPY"
"TYPE_DRAWER"
"TYPE_EXIT"
"TYPE_IMAGEUPLOADER"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_PENCIL"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_SAVE"
"TYPE_SELECTION"
# "TYPE_SELECTIONINDICATOR"
"TYPE_TEXT"
"TYPE_UNDO"
];
};
};
})
];
}

44
configs/flameshot.nix Normal file
View File

@@ -0,0 +1,44 @@
{
lib,
pkgs,
...
}: let
inherit (import <niveum/lib>) defaultApplications;
flameshot-once = pkgs.callPackage <stockholm/krebs/5pkgs/simple/flameshot-once> {};
in {
home-manager.users.me = {
services.flameshot = {
enable = true;
settings.General = {
autoCloseIdleDaemon = true;
drawColor = "#ff0000";
drawThickness = 2;
checkForUpdates = false;
showDesktopNotification = true;
disabledTrayIcon = true;
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
buttons = lib.concatStringsSep " " [
"TYPE_ARROW"
"TYPE_CIRCLE"
"TYPE_CIRCLECOUNT"
"TYPE_COPY"
"TYPE_DRAWER"
"TYPE_EXIT"
"TYPE_IMAGEUPLOADER"
"TYPE_MARKER"
"TYPE_MOVESELECTION"
"TYPE_PENCIL"
"TYPE_PIXELATE"
"TYPE_RECTANGLE"
"TYPE_SAVE"
"TYPE_SELECTION"
# "TYPE_SELECTIONINDICATOR"
"TYPE_TEXT"
"TYPE_UNDO"
];
};
};
};
}

2
configs/flix.nix
View File

@@ -8,7 +8,7 @@
indexFilename = "index"; indexFilename = "index";
flixUser = "flix"; flixUser = "flix";
flixGroup = "users"; flixGroup = "users";
inherit (import <niveum/lib>) tmpfilesConfig; inherit (import ../lib) tmpfilesConfig;
in { in {
fileSystems.${flixLocation} = { fileSystems.${flixLocation} = {
device = "prism.r:/export"; device = "prism.r:/export";

5
configs/git.nix
View File

@@ -4,7 +4,8 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) kieran ignorePaths; inherit (import ../lib) kieran ignorePaths;
git-preview = pkgs.callPackage ../packages/git-preview.nix {};
in { in {
environment.systemPackages = [ environment.systemPackages = [
pkgs.mr pkgs.mr
@@ -18,7 +19,7 @@ in {
pkgs.gitstats pkgs.gitstats
pkgs.patch pkgs.patch
pkgs.patchutils pkgs.patchutils
pkgs.git-preview git-preview
]; ];
environment.shellAliases = { environment.shellAliases = {

2
configs/hledger.nix
View File

@@ -3,7 +3,7 @@
pkgs, pkgs,
... ...
}: { }: {
imports = [<niveum/modules/hledger.nix>]; imports = [../modules/hledger.nix];
environment.systemPackages = let environment.systemPackages = let
timeLedger = "$HOME/projects/ledger/time.timeclock"; timeLedger = "$HOME/projects/ledger/time.timeclock";

17
configs/hu-berlin.nix
View File

@@ -5,7 +5,7 @@
... ...
}: let }: let
inherit (lib.strings) fileContents; inherit (lib.strings) fileContents;
inherit (import <niveum/lib>) sshPort; inherit (import ../lib) sshPort;
eduroam = { eduroam = {
identity = fileContents <secrets/eduroam/identity>; identity = fileContents <secrets/eduroam/identity>;
password = fileContents <secrets/eduroam/password>; password = fileContents <secrets/eduroam/password>;
@@ -15,8 +15,7 @@
"gid=${toString config.users.groups.users.gid}" "gid=${toString config.users.groups.users.gid}"
"sec=ntlmv2" "sec=ntlmv2"
"workgroup=german" "workgroup=german"
"username=meinhaki" "credentials=${config.age.secrets.cifs-credentials-hu-berlin.path}"
"password=${lib.strings.fileContents <secrets/mail/meinhaki>}"
"noauto" "noauto"
"x-systemd.requires=hu-vpn.service" "x-systemd.requires=hu-vpn.service"
"x-systemd.automount" "x-systemd.automount"
@@ -36,6 +35,8 @@ in {
options = hu-berlin-cifs-options; options = hu-berlin-cifs-options;
}; };
age.secrets.cifs-credentials-hu-berlin.file = ../secrets/cifs-credentials-hu-berlin.age;
home-manager.users.me.programs.ssh = { home-manager.users.me.programs.ssh = {
matchBlocks = { matchBlocks = {
"alew.hu-berlin.de" = { "alew.hu-berlin.de" = {
@@ -65,14 +66,16 @@ in {
systemd.services.hu-vpn = { systemd.services.hu-vpn = {
enable = true; enable = true;
wants = ["network-online.target"]; wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhark.path}";
script = '' script = ''
${pkgs.openfortivpn}/bin/openfortivpn -c ${ ${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
--config=${
pkgs.writeText "hu-berlin.config" '' pkgs.writeText "hu-berlin.config" ''
host = forti-ssl.vpn.hu-berlin.de host = forti-ssl.vpn.hu-berlin.de
port = 443 port = 443
trusted-cert = 42193a913d276d9eb86217612956e1e6464d6f07bed5393a4787c87adc4bd359 username = meinhark
username = ${eduroam.identity} trusted-cert = 9e5dea8e077970d245900839f437ef7fb9551559501c7defd70af70ea568573d
password = ${eduroam.password}
'' ''
} }
''; '';

30
configs/i3.nix
View File

@@ -4,9 +4,9 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) defaultApplications colours; inherit (import ../lib) defaultApplications colours;
scripts = import <niveum/packages/scripts> {inherit pkgs lib;}; scripts = import ../packages/scripts {inherit config pkgs lib;};
klem = import <niveum/packages/scripts/klem.nix> { klem = import ../packages/scripts/klem.nix {
inherit pkgs lib; inherit pkgs lib;
config.scripts = { config.scripts = {
"p.r" = pkgs.writers.writeDash "p.r" '' "p.r" = pkgs.writers.writeDash "p.r" ''
@@ -57,6 +57,21 @@
i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1)) i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
''; '';
in { in {
age.secrets = {
github-token-i3status-rust = {
file = ../secrets/github-token-i3status-rust.age;
owner = "kfm";
group = "users";
mode = "400";
};
openweathermap-api-key = {
file = ../secrets/openweathermap-api-key.age;
owner = "kfm";
group = "users";
mode = "400";
};
};
services.xserver = { services.xserver = {
displayManager.defaultSession = "none+i3"; displayManager.defaultSession = "none+i3";
windowManager.i3 = { windowManager.i3 = {
@@ -175,14 +190,17 @@ in {
text = colours.foreground; text = colours.foreground;
}; };
}; };
statusCommand = "env I3RS_GITHUB_TOKEN=${lib.strings.fileContents <secrets/github/notification.token>} ${pkgs.i3status-rust}/bin/i3status-rs ${ statusCommand = toString (pkgs.writers.writeDash "i3status-rust" ''
(pkgs.formats.toml {}).generate "i3status-rust.toml" (import <niveum/lib/i3status-rust.nix> { export I3RS_GITHUB_TOKEN="$(cat ${config.age.secrets.github-token-i3status-rust.path})"
export OPENWEATHERMAP_API_KEY="$(cat ${config.age.secrets.openweathermap-api-key.path})"
${pkgs.i3status-rust}/bin/i3status-rs ${
(pkgs.formats.toml {}).generate "i3status-rust.toml" (import ../lib/i3status-rust.nix {
inherit (config.niveum) batteryName wirelessInterface; inherit (config.niveum) batteryName wirelessInterface;
inherit (config.home-manager.users.me.accounts.email) accounts; inherit (config.home-manager.users.me.accounts.email) accounts;
inherit colours; inherit colours;
inherit pkgs; inherit pkgs;
}) })
}"; }'');
} }
]; ];
modes.resize = { modes.resize = {

15
configs/khal.nix
View File

@@ -8,14 +8,19 @@
kmeinCloud = { kmeinCloud = {
davEndpoint = "https://cloud.xn--kiern-0qa.de/remote.php/dav"; davEndpoint = "https://cloud.xn--kiern-0qa.de/remote.php/dav";
username = "kieran"; username = "kieran";
password = lib.fileContents <secrets/nextcloud/password>; passwordFile = config.age.secrets.nextcloud-password-kieran.path;
}; };
fysiCloud = { fysiCloud = {
davEndpoint = "https://nextcloud.fysi.dev/remote.php/dav"; davEndpoint = "https://nextcloud.fysi.dev/remote.php/dav";
username = "kmein"; username = "kmein";
password = lib.fileContents <secrets/nextcloud-fysi/password>; passwordFile = config.age.secrets.nextcloud-password-fysi.path;
}; };
in { in {
age.secrets = {
nextcloud-password-kieran.file = ../secrets/nextcloud-password-kieran.age;
nextcloud-password-fysi.file = ../secrets/nextcloud-password-fysi.age;
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.khal pkgs.khal
pkgs.vdirsyncer pkgs.vdirsyncer
@@ -167,19 +172,19 @@ in {
type = "carddav" type = "carddav"
url = "${kmeinCloud.davEndpoint}/addressbooks/users/${kmeinCloud.username}/" url = "${kmeinCloud.davEndpoint}/addressbooks/users/${kmeinCloud.username}/"
username = "${kmeinCloud.username}" username = "${kmeinCloud.username}"
password = "${kmeinCloud.password}" password.fetch = ["cat", "${kmeinCloud.passwordFile}"]
[storage kalender_cloud] [storage kalender_cloud]
type = "caldav" type = "caldav"
url = "${kmeinCloud.davEndpoint}/calendars/${kmeinCloud.username}/" url = "${kmeinCloud.davEndpoint}/calendars/${kmeinCloud.username}/"
username = "${kmeinCloud.username}" username = "${kmeinCloud.username}"
password = "${kmeinCloud.password}" password.fetch = ["cat", "${kmeinCloud.passwordFile}"]
[storage fysi_cloud] [storage fysi_cloud]
type = "caldav" type = "caldav"
url = "${fysiCloud.davEndpoint}/calendars/${fysiCloud.username}/" url = "${fysiCloud.davEndpoint}/calendars/${fysiCloud.username}/"
username = "${fysiCloud.username}" username = "${fysiCloud.username}"
password = "${fysiCloud.password}" password.fetch = ["cat", "${fysiCloud.passwordFile}"]
''; '';
}; };
}; };

4
configs/mpv.nix
View File

@@ -4,7 +4,7 @@
config, config,
... ...
}: let }: let
scripts = import <niveum/packages/scripts> {inherit pkgs lib;}; scripts = import ../packages/scripts {inherit config pkgs lib;};
swallow = command: "${scripts.swallow}/bin/swallow ${command}"; swallow = command: "${scripts.swallow}/bin/swallow ${command}";
in { in {
environment.shellAliases.smpv = swallow "mpv"; environment.shellAliases.smpv = swallow "mpv";
@@ -37,7 +37,7 @@ in {
}; };
scripts = [ scripts = [
pkgs.mpvScripts.youtube-quality pkgs.mpvScripts.youtube-quality
(pkgs.callPackage <niveum/packages/mpv-visualizer.nix> {}) (pkgs.callPackage ../packages/mpv-visualizer.nix {})
]; ];
}; };
}; };

20
configs/neovim.nix
View File

@@ -8,15 +8,15 @@
vimPlugins = vimPlugins =
pkgs.vimPlugins pkgs.vimPlugins
// { // {
cheat-sh-vim = pkgs.callPackage <niveum/packages/vimPlugins/cheat-sh.nix> {}; cheat-sh-vim = pkgs.callPackage ../packages/vimPlugins/cheat-sh.nix {};
vim-fetch = pkgs.callPackage <niveum/packages/vimPlugins/vim-fetch.nix> {}; vim-fetch = pkgs.callPackage ../packages/vimPlugins/vim-fetch.nix {};
vim-colors-paramount = pkgs.callPackage <niveum/packages/vimPlugins/vim-colors-paramount.nix> {}; vim-colors-paramount = pkgs.callPackage ../packages/vimPlugins/vim-colors-paramount.nix {};
vim-256noir = pkgs.callPackage <niveum/packages/vimPlugins/vim-256noir.nix> {}; vim-256noir = pkgs.callPackage ../packages/vimPlugins/vim-256noir.nix {};
icalendar-vim = pkgs.callPackage <niveum/packages/vimPlugins/icalendar-vim.nix> {}; icalendar-vim = pkgs.callPackage ../packages/vimPlugins/icalendar-vim.nix {};
jq-vim = pkgs.callPackage <niveum/packages/vimPlugins/jq-vim.nix> {}; jq-vim = pkgs.callPackage ../packages/vimPlugins/jq-vim.nix {};
vim-fsharp = pkgs.callPackage <niveum/packages/vimPlugins/vim-fsharp.nix> {}; vim-fsharp = pkgs.callPackage ../packages/vimPlugins/vim-fsharp.nix {};
vim-reason-plus = pkgs.callPackage <niveum/packages/vimPlugins/vim-reason-plus.nix> {}; vim-reason-plus = pkgs.callPackage ../packages/vimPlugins/vim-reason-plus.nix {};
vim-mail = pkgs.callPackage <niveum/packages/vimPlugins/vim-mail.nix> {}; vim-mail = pkgs.callPackage ../packages/vimPlugins/vim-mail.nix {};
}; };
}; };
@@ -24,7 +24,7 @@
(pkgs.writers.writeDashBin "vim" ''neovim "$@"'') (pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
(pkgs.neovim.override { (pkgs.neovim.override {
configure = { configure = {
customRC = builtins.readFile <niveum/lib/vim/init.vim>; customRC = builtins.readFile ../lib/vim/init.vim;
packages.nvim = with pkgs.vimPlugins; { packages.nvim = with pkgs.vimPlugins; {
start = [ start = [
ale ale

35
configs/networkmanager.nix
View File

@@ -42,7 +42,7 @@
}; };
}; };
in { in {
imports = [<niveum/modules/networkmanager-declarative.nix>]; imports = [../modules/networkmanager-declarative.nix];
programs.nm-applet.enable = true; programs.nm-applet.enable = true;
@@ -55,39 +55,6 @@ in {
wifi.macAddress = "random"; wifi.macAddress = "random";
ethernet.macAddress = "random"; ethernet.macAddress = "random";
unmanaged = ["docker*"]; unmanaged = ["docker*"];
profiles = lib.mapAttrs profile {
Aether = {
connection.uuid = "7138bb0f-1aeb-4905-890e-a6628427aa21";
ipv6.addr-gen-mode = "stable";
wifi.cloned-mac-address = "stable";
wifi-security = {
psk = lib.strings.fileContents <secrets/wifi/Aether.psk>;
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
FactoryCommunityGuest = {
connection.uuid = "fb1f2e52-651e-48b5-a72c-1accddf31afb";
connection.timestamp = "1631885129";
wifi.seen-bssids = "54:EC:2F:19:30:DC;54:EC:2F:19:5C:9C;54:EC:2F:58:E4:3C;";
wifi-security = {
psk = "Factory4ever";
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
o2-WLAN66 = {
connection.uuid = "c563aec3-f344-4ffb-8d1c-60a6cdac8fe0";
wifi-security = {
psk = "PK3468KV488T934U";
auth-alg = "open";
key-mgmt = "wpa-psk";
};
};
"WIFI@DB".connection.uuid = "4eff4e94-8850-4e9f-a338-1787d0d90479";
eduroam = eduroamProfile;
eduroam_5GHz = eduroamProfile;
};
}; };
users.users.me.extraGroups = ["networkmanager"]; users.users.me.extraGroups = ["networkmanager"];

6
configs/nix.nix
View File

@@ -1,13 +1,9 @@
{pkgs, ...}: { {pkgs, ...}: {
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
overlays = [
(import <nix-writers/pkgs>)
(import <stockholm/krebs/5pkgs>)
];
}; };
nix = { nix = {
package = pkgs.nixUnstable; package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
}; };
} }

66
configs/nsxiv.nix
View File

@@ -1,66 +0,0 @@
{
pkgs,
lib,
...
}: let
important-directories = pkgs.writeText "directories" ''
h ~/
d ~/cloud/Dropbox/
g ~/cloud/gdrive/
s ~/cloud/Seafile/
kk ~/cloud/keybase/private/kmein/
kp ~/cloud/keybase/public/kmein/
t /tmp
D ~/Downloads
cf ''${XDG_CONFIG_HOME:-$HOME/.config}
'';
in {
environment.systemPackages = [pkgs.nsxiv];
# TODO fix
home-manager.users.me.xdg.configFile."nsxiv/exec/key-handler".source = pkgs.writers.writeDash "key-handler" ''
PATH=$PATH:${
lib.makeBinPath [
pkgs.gnused
pkgs.gawk
pkgs.dmenu
pkgs.coreutils
pkgs.libnotify
pkgs.imagemagick
pkgs.xclip
]
}
echo >&2 key "$1" pressed
while read file; do
case "$1" in
"c")
[ -z "$destdir" ] && destdir="$(sed "s/\s.*#.*$//;/^\s*$/d" ${important-directories} | awk '{print $2}' | dmenu -l 20 -i -p "Copy file(s) to where?" | sed "s|~|$HOME|g")"
[ -z "$destdir" ] && exit
[ ! -d "$destdir" ] && notify-send "$destdir is not a directory, cancelled." && exit
cp "$file" "$destdir" && notify-send -i "$(readlink -f "$file")" "$file copied to $destdir." &
;;
"m")
[ -z "$destdir" ] && destdir="$(sed "s/\s.*#.*$//;/^\s*$/d" ${important-directories} | awk '{print $2}' | dmenu -l 20 -i -p "Move file(s) to where?" | sed "s|~|$HOME|g")"
[ -z "$destdir" ] && exit
[ ! -d "$destdir" ] && notify-send "$destdir is not a directory, cancelled." && exit
mv "$file" "$destdir" && notify-send -i "$(readlink -f "$file")" "$file moved to $destdir." &
;;
"r")
convert -rotate 90 "$file" "$file" ;;
"R")
convert -rotate -90 "$file" "$file" ;;
"f")
convert -flop "$file" "$file" ;;
"y")
echo -n "$file" | xclip -selection clipboard &&
notify-send "$file copied to clipboard" & ;;
"Y")
readlink -f "$file" | xclip -selection clipboard &&
notify-send "$(readlink -f "$file") copied to clipboard" & ;;
"d")
[ "$(printf "No\\nYes" | dmenu -i -p "Really delete $file?")" = "Yes" ] && rm "$file" && notify-send "$file deleted." ;;
esac
done
'';
}

34
configs/packages.nix
View File

@@ -1,14 +1,19 @@
{ {
config,
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
hc = pkgs.callPackage <stockholm/tv/5pkgs/simple/hc.nix> {utillinux = pkgs.util-linux;}; hc = pkgs.callPackage ../packages/hc.nix {};
worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {}; worldradio = pkgs.callPackage ../packages/worldradio.nix {};
menstruation = pkgs.callPackage <menstruation-backend> {}; pandoc-doc = pkgs.callPackage ../packages/man/pandoc.nix {};
pandoc-doc = pkgs.callPackage <niveum/packages/man/pandoc.nix> {}; dic = pkgs.callPackage ../packages/dic.nix {};
untilport = pkgs.callPackage ../packages/untilport.nix {};
cyberlocker-tools = pkgs.callPackage ../packages/cyberlocker-tools.nix {};
kpaste = pkgs.callPackage ../packages/kpaste.nix {};
scripts = import <niveum/packages/scripts> {inherit pkgs lib;}; scripts = import ../packages/scripts {inherit config pkgs lib;};
zoteroStyle = { zoteroStyle = {
name, name,
@@ -56,7 +61,7 @@
''; '';
}); });
recht = pkgs.callPackage <recht> {}; recht = pkgs.callPackage inputs.recht.outPath {};
in { in {
home-manager.users.me.home.file = { home-manager.users.me.home.file = {
".csl".source = cslDirectory; ".csl".source = cslDirectory;
@@ -79,6 +84,7 @@ in {
ffmpeg ffmpeg
imagemagick imagemagick
exiftool exiftool
nsxiv
# ARCHIVE TOOLS # ARCHIVE TOOLS
unzip unzip
unrar unrar
@@ -173,7 +179,6 @@ in {
scripts.interdimensional-cable scripts.interdimensional-cable
scripts.dmenubluetooth scripts.dmenubluetooth
scripts.manual-sort scripts.manual-sort
scripts.much-scripts
scripts.dns-sledgehammer scripts.dns-sledgehammer
ts ts
scripts.vg scripts.vg
@@ -198,7 +203,7 @@ in {
par par
qrencode qrencode
menstruation inputs.menstruation-backend
(pkgs.writers.writeDashBin "worldradio" '' (pkgs.writers.writeDashBin "worldradio" ''
shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video shuf ${worldradio} | ${pkgs.findutils}/bin/xargs ${pkgs.mpv}/bin/mpv --no-video
@@ -208,8 +213,8 @@ in {
${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars ${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
'') '')
(pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import <niveum/lib/local-network.nix>).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'') (pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
(pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import <niveum/lib/local-network.nix>).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'') (pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
spotify spotify
ncspot ncspot
@@ -223,9 +228,7 @@ in {
cyberlocker-tools cyberlocker-tools
untilport untilport
kpaste kpaste
irc-announce config.nur.repos.mic92.ircsink
git-preview
ircaids
(python3.withPackages (py: [ (python3.withPackages (py: [
py.black py.black
@@ -270,11 +273,12 @@ in {
shellcheck shellcheck
(pkgs.writers.writeDashBin "hass-cli" '' (pkgs.writers.writeDashBin "hass-cli" ''
HASS_SERVER=http://zaatar.r:8123 HASS_TOKEN=${lib.strings.fileContents <secrets/hass/token>} exec ${pkgs.home-assistant-cli}/bin/hass-cli "$@" HASS_SERVER=http://zaatar.r:8123 HASS_TOKEN="$(cat ${config.age.secrets.home-assistant-token.path})" exec ${pkgs.home-assistant-cli}/bin/hass-cli "$@"
'') '')
scripts.rofi-hass
]; ];
age.secrets.home-assistant-token.file = ../secrets/home-assistant-token.age;
home-manager.users.me.xdg.configFile."pycodestyle".text = '' home-manager.users.me.xdg.configFile."pycodestyle".text = ''
[pycodestyle] [pycodestyle]
max-line-length = 110 max-line-length = 110

8
configs/power-action.nix
View File

@@ -5,15 +5,15 @@
}: let }: let
suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend"; suspend = pkgs.writers.writeDash "suspend" "${pkgs.systemd}/bin/systemctl suspend";
in { in {
imports = [<stockholm/krebs/3modules/power-action.nix>]; imports = [../modules/power-action.nix];
krebs.power-action = { services.power-action = {
enable = true; enable = true;
plans.suspend = { plans.suspend = {
upperLimit = 7; upperLimit = 7;
lowerLimit = 0; lowerLimit = 0;
charging = false; charging = false;
action = pkgs.writeDash "suspend-wrapper" '' action = pkgs.writers.writeDash "suspend-wrapper" ''
/run/wrappers/bin/sudo ${suspend} /run/wrappers/bin/sudo ${suspend}
''; '';
}; };
@@ -21,6 +21,6 @@ in {
}; };
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend} ${config.services.power-action.user} ALL= (root) NOPASSWD: ${suspend}
''; '';
} }

2
configs/printing.nix
View File

@@ -1,5 +1,5 @@
{pkgs, ...}: let {pkgs, ...}: let
inherit (import <niveum/lib>) localAddresses; inherit (import ../lib) localAddresses;
hp-driver = pkgs.hplip; hp-driver = pkgs.hplip;
in { in {
services.printing = { services.printing = {

8
configs/retiolum.nix
View File

@@ -3,14 +3,10 @@
pkgs, pkgs,
... ...
}: { }: {
imports = [
<retiolum/modules/retiolum>
];
networking.hosts = {"42:0:ca48:f98f:63d7:31ce:922b:245d" = ["go"];}; networking.hosts = {"42:0:ca48:f98f:63d7:31ce:922b:245d" = ["go"];};
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
rsaPrivateKeyFile = toString <system-secrets/retiolum.key>; rsaPrivateKeyFile = config.age.secrets.retiolum-rsa.path;
ed25519PrivateKeyFile = toString <system-secrets/retiolum.ed25519>; ed25519PrivateKeyFile = config.age.secrets.retiolum-ed25519.path;
}; };
} }

7
configs/ssh.nix
View File

@@ -4,11 +4,13 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) sshPort kieran; inherit (import ../lib) sshPort kieran;
externalNetwork = import <niveum/lib/external-network.nix>; externalNetwork = import ../lib/external-network.nix;
sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}"; sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>; ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
in { in {
/*
TODO how do I do this?
services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" '' services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
#!${pkgs.expect}/bin/expect -f #!${pkgs.expect}/bin/expect -f
spawn ${pkgs.openssh}/bin/ssh-add spawn ${pkgs.openssh}/bin/ssh-add
@@ -17,6 +19,7 @@ in {
expect "Identity added: *" expect "Identity added: *"
interact interact
''); '');
*/
programs.ssh.startAgent = true; programs.ssh.startAgent = true;

2
configs/sshd.nix
View File

@@ -4,7 +4,7 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) sshPort kieran; inherit (import ../lib) sshPort kieran;
in { in {
users.motd = "Welcome to ${config.networking.hostName}!"; users.motd = "Welcome to ${config.networking.hostName}!";

2
configs/stardict.nix
View File

@@ -169,7 +169,7 @@
exec ${pkgs.sdcv}/bin/sdcv --color --only-data-dir --data-dir ${makeStardictDataDir dicts} "$@" exec ${pkgs.sdcv}/bin/sdcv --color --only-data-dir --data-dir ${makeStardictDataDir dicts} "$@"
''; '';
sdcvPager = pkgs.writeDash "sdcvPager" '' sdcvPager = pkgs.writers.writeDash "sdcvPager" ''
export PATH=${lib.makeBinPath [pkgs.gnused pkgs.ncurses pkgs.less]} export PATH=${lib.makeBinPath [pkgs.gnused pkgs.ncurses pkgs.less]}
sed " sed "
s!<sup>1</sup>!¹!gI s!<sup>1</sup>!¹!gI

8
configs/telegram-bots/astrology.nix
View File

@@ -4,8 +4,6 @@
lib, lib,
... ...
}: let }: let
unstable = import <nixos-unstable> {inherit (config.nixpkgs) config;};
toSymbols = pkgs.writers.writeDash "to-symbols" '' toSymbols = pkgs.writers.writeDash "to-symbols" ''
${pkgs.gnused}/bin/sed ' ${pkgs.gnused}/bin/sed '
s/\bTri\b//; s/\bTri\b//;
@@ -46,14 +44,14 @@ in {
niveum.telegramBots.transits = { niveum.telegramBots.transits = {
enable = true; enable = true;
time = "*:0/1"; time = "*:0/1";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["-1001796440545"]; chatIds = ["-1001796440545"];
command = toString (pkgs.writers.writeDash "common-transits" '' command = toString (pkgs.writers.writeDash "common-transits" ''
now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//') now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//')
date=$(${pkgs.coreutils}/bin/date +'%m %d %Y') date=$(${pkgs.coreutils}/bin/date +'%m %d %Y')
{ {
${unstable.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node" -A 2 ${pkgs.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node" -A 2
${unstable.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node" ${pkgs.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
} | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || : } | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || :
''); '');
}; };

5
configs/telegram-bots/autorenkalender.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
lib, lib,
config,
... ...
}: let }: let
autorenkalender-package = pkgs.fetchFromGitHub { autorenkalender-package = pkgs.fetchFromGitHub {
@@ -15,12 +16,14 @@ in {
niveum.telegramBots.autorenkalender = { niveum.telegramBots.autorenkalender = {
enable = true; enable = true;
time = "07:00"; time = "07:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@autorenkalender"]; chatIds = ["@autorenkalender"];
parseMode = "Markdown"; parseMode = "Markdown";
command = "${autorenkalender}/bin/autorenkalender"; command = "${autorenkalender}/bin/autorenkalender";
}; };
age.secrets.telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
niveum.passport.services = [ niveum.passport.services = [
{ {
title = "Autorenkalender"; title = "Autorenkalender";

3
configs/telegram-bots/celan.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
lib, lib,
config,
... ...
}: let }: let
celan = pkgs.fetchzip { celan = pkgs.fetchzip {
@@ -11,7 +12,7 @@ in {
niveum.telegramBots.celan = { niveum.telegramBots.celan = {
enable = true; enable = true;
time = "08:00"; time = "08:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@PaulCelan"]; chatIds = ["@PaulCelan"];
command = toString (pkgs.writers.writeDash "random-celan" '' command = toString (pkgs.writers.writeDash "random-celan" ''
cd ${celan} cd ${celan}

36
configs/telegram-bots/default.nix
View File

@@ -2,17 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
nixpkgs-21-11 = import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/nixos-21.11.tar.gz") { telebots = inputs.telebots.defaultPackage.x86_64-linux;
config.permittedInsecurePackages = [
"python3.9-poetry-1.1.12"
];
};
telebots = nixpkgs-21-11.callPackage <telebots> {};
reverseDirectory = "/run/telegram-reverse"; reverseDirectory = "/run/telegram-reverse";
proverbDirectory = "/run/telegram-proverb"; proverbDirectory = "/run/telegram-proverb";
inherit (import <niveum/lib>) tmpfilesConfig; inherit (import ../../lib) tmpfilesConfig;
in { in {
imports = [ imports = [
./literature-quote.nix ./literature-quote.nix
@@ -23,7 +19,7 @@ in {
./nachtischsatan.nix ./nachtischsatan.nix
./tlg-wotd.nix ./tlg-wotd.nix
./celan.nix ./celan.nix
<niveum/modules/telegram-bot.nix> ../../modules/telegram-bot.nix
]; ];
systemd.tmpfiles.rules = map (path: systemd.tmpfiles.rules = map (path:
@@ -52,33 +48,45 @@ in {
} }
]; ];
age.secrets = {
telegram-token-reverse.file = ../../secrets/telegram-token-reverse.age;
telegram-token-betacode.file = ../../secrets/telegram-token-betacode.age;
telegram-token-proverb.file = ../../secrets/telegram-token-proverb.age;
};
systemd.services.telegram-reverse = { systemd.services.telegram-reverse = {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
description = "Telegram reverse bot"; description = "Telegram reverse bot";
path = [pkgs.ffmpeg]; path = [pkgs.ffmpeg];
environment.TELEGRAM_BOT_TOKEN = lib.strings.fileContents <system-secrets/telegram/reverse.token>;
enable = true; enable = true;
script = "${telebots}/bin/telegram-reverse"; script = ''
TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-reverse
'';
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.WorkingDirectory = reverseDirectory; serviceConfig.WorkingDirectory = reverseDirectory;
serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-reverse.path}";
}; };
systemd.services.telegram-betacode = { systemd.services.telegram-betacode = {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
description = "Telegram beta code bot"; description = "Telegram beta code bot";
environment.TELEGRAM_BOT_TOKEN = lib.strings.fileContents <system-secrets/telegram/betacode.token>;
enable = true; enable = true;
script = "${telebots}/bin/telegram-betacode"; script = ''
TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-betacode
'';
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-betacode.path}";
}; };
systemd.services.telegram-proverb = { systemd.services.telegram-proverb = {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
description = "Telegram proverb bot"; description = "Telegram proverb bot";
environment.TELEGRAM_BOT_TOKEN = lib.strings.fileContents <system-secrets/telegram/proverb.token>;
enable = true; enable = true;
script = "${telebots}/bin/telegram-proverb"; script = ''
TELEGRAM_BOT_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")" ${telebots}/bin/telegram-proverb
'';
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
serviceConfig.WorkingDirectory = proverbDirectory; serviceConfig.WorkingDirectory = proverbDirectory;
serviceConfig.LoadCredential = "token:${config.age.secrets.telegram-token-proverb.path}";
}; };
} }

6
configs/telegram-bots/hesychius.nix
View File

@@ -1,14 +1,16 @@
{ {
pkgs, pkgs,
config,
inputs,
lib, lib,
... ...
}: let }: let
hesychius = <scripts> + "/hesychius/hesychius.txt"; hesychius = inputs.scripts.outPath + "/hesychius/hesychius.txt";
in { in {
niveum.telegramBots.hesychius = { niveum.telegramBots.hesychius = {
enable = true; enable = true;
time = "08:00"; time = "08:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@HesychiosAlexandreus"]; chatIds = ["@HesychiosAlexandreus"];
command = "${pkgs.coreutils}/bin/shuf -n1 ${hesychius}"; command = "${pkgs.coreutils}/bin/shuf -n1 ${hesychius}";
}; };

5
configs/telegram-bots/literature-quote.nix
View File

@@ -1,15 +1,16 @@
{ {
pkgs, pkgs,
config,
lib, lib,
... ...
}: let }: let
scripts = import <niveum/packages/scripts> {inherit pkgs lib;}; scripts = import ../../packages/scripts {inherit config pkgs lib;};
inherit (scripts) literature-quote; inherit (scripts) literature-quote;
in { in {
niveum.telegramBots.quotebot = { niveum.telegramBots.quotebot = {
enable = true; enable = true;
time = "08/6:00"; time = "08/6:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["-1001760262519"]; chatIds = ["-1001760262519"];
command = "${literature-quote}/bin/literature-quote"; command = "${literature-quote}/bin/literature-quote";
parseMode = "Markdown"; parseMode = "Markdown";

10
configs/telegram-bots/nachtischsatan.nix
View File

@@ -1,9 +1,10 @@
{ {
pkgs, pkgs,
config,
lib, lib,
... ...
}: let }: let
nachtischsatan-bot = {token}: nachtischsatan-bot = {tokenFile}:
pkgs.writers.writePython3 "nachtischsatan-bot" { pkgs.writers.writePython3 "nachtischsatan-bot" {
libraries = [pkgs.python3Packages.python-telegram-bot]; libraries = [pkgs.python3Packages.python-telegram-bot];
} '' } ''
@@ -18,7 +19,8 @@
update.message.reply_text("*flubberflubber*") update.message.reply_text("*flubberflubber*")
updater = Updater('${token}') with open('${tokenFile}', 'r') as tokenFile:
updater = Updater(tokenFile.read().strip())
updater.dispatcher.add_handler(MessageHandler(Filters.all, flubber)) updater.dispatcher.add_handler(MessageHandler(Filters.all, flubber))
updater.start_polling() updater.start_polling()
@@ -30,11 +32,13 @@ in {
description = "*flubberflubber*"; description = "*flubberflubber*";
enable = true; enable = true;
script = toString (nachtischsatan-bot { script = toString (nachtischsatan-bot {
token = lib.strings.fileContents <system-secrets/telegram/nachtischsatan.token>; tokenFile = config.age.secrets.telegram-token-nachtischsatan.path;
}); });
serviceConfig.Restart = "always"; serviceConfig.Restart = "always";
}; };
age.secrets.telegram-token-nachtischsatan.file = ../../secrets/telegram-token-nachtischsatan.age;
niveum.passport.services = [ niveum.passport.services = [
{ {
title = "Nachtischsatan-Bot"; title = "Nachtischsatan-Bot";

3
configs/telegram-bots/smyth.nix
View File

@@ -1,4 +1,5 @@
{ {
config,
pkgs, pkgs,
lib, lib,
... ...
@@ -6,7 +7,7 @@
niveum.telegramBots.smyth = { niveum.telegramBots.smyth = {
enable = true; enable = true;
time = "08:00"; time = "08:00";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; tokenFile = config.age.secrets.telegram-token-kmein.path;
chatIds = ["@HerbertWeirSmyth"]; chatIds = ["@HerbertWeirSmyth"];
command = toString (pkgs.writers.writeDash "random-smyth" '' command = toString (pkgs.writers.writeDash "random-smyth" ''
set -efu set -efu

3
configs/telegram-bots/tlg-wotd.nix
View File

@@ -1,13 +1,14 @@
{ {
pkgs, pkgs,
lib, lib,
config,
... ...
}: { }: {
niveum.telegramBots.tlg-wotd = { niveum.telegramBots.tlg-wotd = {
enable = true; enable = true;
time = "9:30"; time = "9:30";
token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
chatIds = ["@tlgwotd"]; chatIds = ["@tlgwotd"];
tokenFile = config.age.secrets.telegram-token-kmein.path;
command = toString (pkgs.writers.writeDash "tlg-wotd" '' command = toString (pkgs.writers.writeDash "tlg-wotd" ''
${pkgs.curl}/bin/curl -sSL http://stephanus.tlg.uci.edu/Iris/Wotd \ ${pkgs.curl}/bin/curl -sSL http://stephanus.tlg.uci.edu/Iris/Wotd \
| ${pkgs.recode}/bin/recode html..utf8 \ | ${pkgs.recode}/bin/recode html..utf8 \

31
configs/wallpaper.nix
View File

@@ -2,18 +2,27 @@
pkgs, pkgs,
lib, lib,
... ...
}: { }: let
imports = [<stockholm/krebs/3modules/fetchWallpaper.nix>];
krebs.fetchWallpaper = {
enable = true;
url = "http://prism.r/realwallpaper-krebs-stars-berlin.png"; url = "http://prism.r/realwallpaper-krebs-stars-berlin.png";
stateDir = "~/.cache/wallpaper";
in {
systemd.user.services.wallpaper = {
wantedBy = ["graphical-session.target"];
after = ["network.target"];
script = ''
set -euf
mkdir -p ${stateDir}
chmod o+rx ${stateDir}
cd ${stateDir}
(${pkgs.curl}/bin/curl -s -o wallpaper.tmp -z wallpaper.tmp ${lib.escapeShellArg url} && cp wallpaper.tmp wallpaper) || :
${pkgs.feh}/bin/feh --no-fehbg --bg-scale wallpaper
'';
startAt = "*:00,10,20,30,40,50";
serviceConfig = {
Restart = "always";
RestartSec = "15s";
StartLimitBurst = 0;
}; };
users.users.fetchWallpaper.isSystemUser = true;
services.xserver = {
display = lib.mkForce 0; # needed for fetchWallpaper to find the X display
displayManager.sessionCommands = "${pkgs.xorg.xhost}/bin/xhost +LOCAL:";
}; };
} }

462
flake.lock generated
View File

@@ -1,5 +1,48 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1677021463,
"narHash": "sha256-K6mqm0VP9eOxNxKpFVI3MEiwZPOlN2TWtscsnLOWox0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "0c50bbe60e907c9a3a7512c591adc8e66f0393a0",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1676283394, "lastModified": 1676283394,
@@ -15,24 +58,99 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixos-unstable" "nixpkgs"
], ],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1676367705, "lastModified": 1676257154,
"narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=", "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5", "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "master", "ref": "release-22.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@@ -43,7 +161,7 @@
"flake-utils" "flake-utils"
], ],
"nixpkgs": [ "nixpkgs": [
"nixos-stable" "nixpkgs"
] ]
}, },
"locked": { "locked": {
@@ -61,13 +179,53 @@
} }
}, },
"menstruation-backend": { "menstruation-backend": {
"flake": false, "inputs": {
"flake-utils": [
"menstruation-backend",
"rust-overlay",
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": { "locked": {
"lastModified": 1667816906, "lastModified": 1677075142,
"narHash": "sha256-VdckYVSQZfqThPb06Y5TGSI+kkibgM/G9pH5SQHIybI=", "narHash": "sha256-0RXVZcK2YtPckd/3+jb+yLpeXZ6jnQe25w9idztDXi8=",
"owner": "kmein", "owner": "kmein",
"repo": "menstruation.rs", "repo": "menstruation.rs",
"rev": "95c495d453c35f20a6a5641a88a862c668404acf", "rev": "e34af4393963cdbadb456b7b9ae2e95e6db7b8a3",
"type": "github"
},
"original": {
"owner": "kmein",
"repo": "menstruation.rs",
"type": "github"
}
},
"menstruation-backend_2": {
"inputs": {
"flake-utils": [
"menstruation-telegram",
"menstruation-backend",
"rust-overlay",
"flake-utils"
],
"nixpkgs": [
"menstruation-telegram",
"menstruation-backend",
"rust-overlay",
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1677075142,
"narHash": "sha256-0RXVZcK2YtPckd/3+jb+yLpeXZ6jnQe25w9idztDXi8=",
"owner": "kmein",
"repo": "menstruation.rs",
"rev": "e34af4393963cdbadb456b7b9ae2e95e6db7b8a3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -77,13 +235,17 @@
} }
}, },
"menstruation-telegram": { "menstruation-telegram": {
"flake": false, "inputs": {
"flake-utils": "flake-utils_3",
"menstruation-backend": "menstruation-backend_2",
"nixpkgs": "nixpkgs_3"
},
"locked": { "locked": {
"lastModified": 1667816918, "lastModified": 1677075205,
"narHash": "sha256-yQSl0iKqHm7qFLELY8e7OzRRdnqSBbzJmQIYgkXlJpQ=", "narHash": "sha256-2+xuAhsS3y2qB0ObVPCHXrmnTsIZ8uI5HFI4+Ash8PY=",
"owner": "kmein", "owner": "kmein",
"repo": "menstruation-telegram", "repo": "menstruation-telegram",
"rev": "828872cf9c425442705a95019eceee397bc1c03f", "rev": "f7ddb6d9610aacb50ec66a3ce1bdc49fe4664a49",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -92,29 +254,95 @@
"type": "github" "type": "github"
} }
}, },
"nix-writers": { "nixinate": {
"flake": false, "inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": { "locked": {
"lastModified": 1675197881, "lastModified": 1671116920,
"narHash": "sha256-gYtduNF59yqv4BgW4fC+tZHKE7cpOkZf+Y34psyFO5U=", "narHash": "sha256-QmDGsUUmAGn77UTR7eQJmebl8f3IIUCtmbbAdJqKA3s=",
"ref": "refs/heads/master", "owner": "matthewcroughan",
"rev": "d1424777b5f2e12cbd80efd1b55335dcba7c32bd", "repo": "nixinate",
"revCount": 38, "rev": "b4d17b8e2a4abc47e93e1a1c466e0286a63640d8",
"type": "git", "type": "github"
"url": "https://cgit.krebsco.de/nix-writers"
}, },
"original": { "original": {
"type": "git", "owner": "matthewcroughan",
"url": "https://cgit.krebsco.de/nix-writers" "repo": "nixinate",
"type": "github"
} }
}, },
"nixos-stable": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1676375384, "lastModified": 1665296151,
"narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=", "narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c43f676c938662072772339be6269226c77b51b8", "rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1669418739,
"narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "695b3515251873e0a7e2021add4bba643c56cde3",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "695b3515251873e0a7e2021add4bba643c56cde3",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1676895851,
"narHash": "sha256-xdhBKw2el790G+88tZYpRWlP9VjQC9OLR5Jx84VPe08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e19f25b587f15871d26442cfa1abe4418a815d7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -124,30 +352,61 @@
"type": "github" "type": "github"
} }
}, },
"nixos-unstable": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1676300157, "lastModified": 1659446231,
"narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=", "narHash": "sha256-hekabNdTdgR/iLsgce5TGWmfIDZ86qjPhxDg/8TlzhE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "545c7a31e5dedea4a6d372712a18e00ce097d462", "rev": "eabc38219184cc3e04a974fe31857d8e0eac098d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-21.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": {
"locked": {
"lastModified": 1665296151,
"narHash": "sha256-uOB0oxqxN9K7XGF1hcnY+PQnlQJ+3bP2vCn/+Ru/bbc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "14ccaaedd95a488dd7ae142757884d8e125b3363",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1677062856,
"narHash": "sha256-WE2OZupfe+ciV0axRdI4ch2Jk+V2pGgFoxuwTbETvDo=",
"owner": "nix-community",
"repo": "NUR",
"rev": "0418d68eef55022e6f50a5a0401bfdc21fbec8bd",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"recht": { "recht": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1669719044, "lastModified": 1677161248,
"narHash": "sha256-WsLWlTM2Hrurj9kVajybIOavV9QPYiJweMCOQR6h+YI=", "narHash": "sha256-/yEG92y5ukwjoGrw++VEnis8Qw/tW/CkcE+mA8ufjGM=",
"owner": "kmein", "owner": "kmein",
"repo": "recht", "repo": "recht",
"rev": "7c15b13328fb5cee01012c488ff235ee730cac70", "rev": "a8a2f2a2c244ef052f54cc45149895a591da3231",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -173,22 +432,78 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"krops": "krops", "krops": "krops",
"menstruation-backend": "menstruation-backend", "menstruation-backend": "menstruation-backend",
"menstruation-telegram": "menstruation-telegram", "menstruation-telegram": "menstruation-telegram",
"nix-writers": "nix-writers", "nixinate": "nixinate",
"nixos-stable": "nixos-stable", "nixpkgs": "nixpkgs_5",
"nixos-unstable": "nixos-unstable", "nur": "nur",
"recht": "recht", "recht": "recht",
"retiolum": "retiolum", "retiolum": "retiolum",
"scripts": "scripts", "scripts": "scripts",
"stockholm": "stockholm",
"telebots": "telebots", "telebots": "telebots",
"tinc-graph": "tinc-graph", "tinc-graph": "tinc-graph",
"traadfri": "traadfri", "traadfri": "traadfri"
"tuna": "tuna" }
},
"rust-overlay": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1677033035,
"narHash": "sha256-w6XsKaW46kZNEk2vVfuoNIBEq/YzDy9kNk8cU0xJZEQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6c9e8ea3ba73a9fed29ddc1cc52ade8e5c946a8d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1677033035,
"narHash": "sha256-w6XsKaW46kZNEk2vVfuoNIBEq/YzDy9kNk8cU0xJZEQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6c9e8ea3ba73a9fed29ddc1cc52ade8e5c946a8d",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1677119371,
"narHash": "sha256-L0Da4eKzDZrsy8ysOS1lhgDjAgEqGvYGf/lXaRd5/YQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c67c79ea25664d66e74ae91a6fa0d6c65d12d3a7",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
} }
}, },
"scripts": { "scripts": {
@@ -207,30 +522,17 @@
"type": "github" "type": "github"
} }
}, },
"stockholm": {
"flake": false,
"locked": {
"lastModified": 1676206058,
"narHash": "sha256-httLH/By88YYpnfYAEnke2gnLiayMlcznia0aDNqK28=",
"ref": "refs/heads/master",
"rev": "5234e1c7eaf478bc4ebd0edb48547168e91eba02",
"revCount": 11364,
"type": "git",
"url": "https://cgit.krebsco.de/stockholm"
},
"original": {
"type": "git",
"url": "https://cgit.krebsco.de/stockholm"
}
},
"telebots": { "telebots": {
"flake": false, "inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_6"
},
"locked": { "locked": {
"lastModified": 1623510321, "lastModified": 1677156381,
"narHash": "sha256-MxYNNL81RXZkYLd4IgiNTSo1X80kTuDzsdGNSA0f1y8=", "narHash": "sha256-OMhqYJO2bWtL6osTMpQhA4ySUl4gvJTI13m1agipHJ0=",
"owner": "kmein", "owner": "kmein",
"repo": "telebots", "repo": "telebots",
"rev": "22931c9457e092c4e413555dbe61819d77844246", "rev": "5527e359e8394f2f66067de7f61587eb65055209",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -240,13 +542,23 @@
} }
}, },
"tinc-graph": { "tinc-graph": {
"flake": false, "inputs": {
"flake-utils": [
"tinc-graph",
"rust-overlay",
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_3"
},
"locked": { "locked": {
"lastModified": 1666162569, "lastModified": 1677154877,
"narHash": "sha256-7ebWs/ryDebUMONkn6dPckNnUGrEuPQScoY+O/+vo+Q=", "narHash": "sha256-Kj+DirWozvH6q9CeNZJKKsAwZaUFAQYMswQqr5FsbcY=",
"owner": "kmein", "owner": "kmein",
"repo": "tinc-graph", "repo": "tinc-graph",
"rev": "72a4b305fcb49cfd6d456103cda45888a6b34bbe", "rev": "19035dda75f30586f93be0a0bcef8d48cde83797",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -271,22 +583,6 @@
"type": "github" "type": "github"
} }
}, },
"tuna": {
"flake": false,
"locked": {
"lastModified": 1627117248,
"narHash": "sha256-OfqbWLblJY4BJlrCpn8EkHoP3baNJSDTbw45SPaX+0Q=",
"owner": "kmein",
"repo": "tuna",
"rev": "1cbed44069a3009738afdafecefe0a05316039a6",
"type": "github"
},
"original": {
"owner": "kmein",
"repo": "tuna",
"type": "github"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,

302
flake.nix
View File

@@ -2,193 +2,161 @@
description = "niveum: packages, modules, systems"; description = "niveum: packages, modules, systems";
inputs = { inputs = {
nixos-stable.url = "github:NixOS/nixpkgs/nixos-22.11"; agenix.url = "github:ryantm/agenix";
nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
home-manager = { home-manager.url = "github:nix-community/home-manager/release-22.11";
url = "github:nix-community/home-manager/master"; krops.url = "github:kmein/krops";
inputs.nixpkgs.follows = "nixos-unstable"; menstruation-backend.url = "github:kmein/menstruation.rs";
}; menstruation-telegram.url = "github:kmein/menstruation-telegram";
krops = { nixinate.url = "github:matthewcroughan/nixinate";
url = "github:kmein/krops"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
inputs.nixpkgs.follows = "nixos-stable"; nur.url = "github:nix-community/NUR";
inputs.flake-utils.follows = "flake-utils"; recht.url = "github:kmein/recht";
};
retiolum.url = "git+https://git.thalheim.io/Mic92/retiolum"; retiolum.url = "git+https://git.thalheim.io/Mic92/retiolum";
telebots.url = "github:kmein/telebots";
tinc-graph.url = "github:kmein/tinc-graph";
agenix.inputs.nixpkgs.follows = "nixpkgs";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
krops.inputs.flake-utils.follows = "flake-utils";
krops.inputs.nixpkgs.follows = "nixpkgs";
menstruation-backend.inputs.flake-utils.follows = "flake-utils";
menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
menstruation-telegram.inputs.flake-utils.follows = "flake-utils";
menstruation-telegram.inputs.nixpkgs.follows = "nixpkgs";
nixinate.inputs.nixpkgs.follows = "nixpkgs";
recht.inputs.flake-utils.follows = "flake-utils";
recht.inputs.nixpkgs.follows = "nixpkgs";
retiolum.inputs.nixpkgs.follows = "nixpkgs";
tinc-graph.inputs.flake-utils.follows = "flake-utils";
tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
# legacy # legacy
menstruation-backend = {
url = "github:kmein/menstruation.rs";
flake = false;
};
menstruation-telegram = {
url = "github:kmein/menstruation-telegram";
flake = false;
};
nix-writers = {
url = "git+https://cgit.krebsco.de/nix-writers";
flake = false;
};
recht = {
url = "github:kmein/recht";
flake = false;
};
scripts = { scripts = {
url = "github:kmein/scripts"; url = "github:kmein/scripts";
flake = false; flake = false;
}; };
stockholm = {
url = "git+https://cgit.krebsco.de/stockholm";
flake = false;
};
telebots = {
url = "github:kmein/telebots";
flake = false;
};
tinc-graph = {
url = "github:kmein/tinc-graph";
flake = false;
};
traadfri = { traadfri = {
url = "github:kmein/traadfri"; url = "github:kmein/traadfri";
flake = false; flake = false;
}; };
tuna = {
url = "github:kmein/tuna";
flake = false;
};
}; };
outputs = { outputs = inputs @ {
self, self,
flake-utils, nixpkgs,
nur,
home-manager, home-manager,
krops, nixinate,
menstruation-backend, agenix,
menstruation-telegram,
nix-writers,
nixos-unstable,
nixos-stable,
recht,
retiolum, retiolum,
scripts, ...
stockholm, }: let
telebots,
tinc-graph,
traadfri,
tuna,
} @ inputs: let
system = "x86_64-linux";
pkgs = nixos-stable.legacyPackages.${system};
home =
if nixos-stable.lib.inPureEvalMode or false
then _: /nonexistent
else import lib/home.nix;
source = {
sources,
unstable,
name,
}:
{
niveum.file = toString ./.;
nixos-config.symlink = "niveum/systems/${name}/configuration.nix";
system-secrets.pass = {
dir = toString (home /.password-store);
name = "systems/${name}";
};
secrets.pass = {
dir = toString (home /.password-store);
name = "shared";
};
nixpkgs.git = {
url = "https://github.com/NixOS/nixpkgs";
ref =
(
if unstable
then inputs.nixos-unstable
else inputs.nixos-stable
)
.rev;
shallow = true;
};
}
// nixos-stable.lib.mapAttrs' (name: value: {
inherit name;
value.git = {
url = let
github = x: "https://github.com/${x}";
in
{
home-manager = github "nix-community/home-manager";
menstruation-backend = github "kmein/menstruation.rs";
menstruation-telegram = github "kmein/menstruation-telegram";
nixos-unstable = github "NixOS/nixpkgs";
nix-writers = "https://cgit.krebsco.de/nix-writers";
recht = github "kmein/recht";
retiolum = "https://git.thalheim.io/Mic92/retiolum";
stockholm = "https://cgit.krebsco.de/stockholm";
scripts = github "kmein/scripts";
telebots = github "kmein/telebots";
tinc-graph = github "kmein/tinc-graph";
traadfri = github "kmein/traadfri";
}
.${name};
ref = value.rev;
shallow = true;
};
}) (nixos-stable.lib.filterAttrs (name: _: builtins.elem name sources) inputs);
deployScriptFor = {
name,
user ? "root",
host,
unstable ? false,
sshPort ? (import ./lib/default.nix).sshPort,
sources,
}:
toString (krops.packages.${system}.writeDeploy "deploy-${name}" {
source = krops.lib.evalSource [(source {inherit sources unstable name;})];
target = "${user}@${host}:${toString sshPort}";
useNixOutputMonitor = true;
});
in { in {
apps.${system} = let apps = nixinate.nixinate.x86_64-linux self;
forSystems = f: builtins.listToAttrs (map f (builtins.attrNames (builtins.readDir ./systems)));
externalNetwork = import ./lib/external-network.nix; nixosConfigurations = {
deployScripts = forSystems (name: { ful = nixpkgs.lib.nixosSystem {
name = "deploy-${name}"; system = "aarch64-linux";
value = { modules = [
type = "app"; systems/ful/configuration.nix
program = deployScriptFor { agenix.nixosModules.default
inherit name; retiolum.nixosModules.retiolum
host = ];
if externalNetwork ? name };
then externalNetwork.${name} zaatar = nixpkgs.lib.nixosSystem {
else "${name}.r"; system = "x86_64-linux";
unstable = false; # name == "kabsa" || name == "manakish"; modules = [
sources = {
["nix-writers" "nixpkgs" "retiolum" "stockholm"] _module.args.nixinate = {
++ { host = "zaatar";
zaatar = ["traadfri" "nixos-unstable"]; sshUser = "root";
ful = []; buildOn = "remote";
tahina = []; substituteOnTarget = true;
tabula = []; hermetic = false;
kabsa = ["traadfri" "nixos-unstable" "home-manager" "menstruation-backend" "recht"]; };
manakish = ["traadfri" "nixos-unstable" "home-manager" "menstruation-backend" "recht"];
makanek = ["nixos-unstable" "menstruation-telegram" "menstruation-backend" "scripts" "telebots" "tinc-graph"];
} }
.${name}; systems/zaatar/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
];
};
makanek = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
# for using inputs in other config files
specialArgs = {inherit inputs;};
modules = [
{
_module.args.nixinate = {
host = "makanek";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
}
systems/makanek/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
nur.nixosModules.nur
];
};
tahina = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
systems/tahina/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
];
};
tabula = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
systems/tabula/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
];
};
manakish = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs;};
modules = [
{
_module.args.nixinate = {
host = "manakish";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
}
systems/manakish/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
nur.nixosModules.nur
];
};
kabsa = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs;};
modules = [
{
_module.args.nixinate = {
host = "kabsa";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;
hermetic = false;
};
}
systems/kabsa/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
nur.nixosModules.nur
];
}; };
}; };
});
ciScripts = forSystems (name: {
name = "build-${name}";
value = {
type = "app";
program = import ./ci.nix {inherit name system inputs;};
};
});
in
deployScripts // ciScripts;
}; };
} }

1
lib/email.nix
View File

@@ -2,7 +2,6 @@
cock = rec { cock = rec {
user = "2210@cock.li"; user = "2210@cock.li";
address = user; address = user;
password = lib.strings.fileContents <secrets/mail/cock>;
imap = "mail.cock.li"; imap = "mail.cock.li";
smtp = imap; smtp = imap;
smtpSettings = smtp: "smtp://${smtp}:587"; smtpSettings = smtp: "smtp://${smtp}:587";

3
lib/i3status-rust.nix
View File

@@ -43,7 +43,6 @@ in {
format = "{location}: {temp}C"; format = "{location}: {temp}C";
service = { service = {
name = "openweathermap"; name = "openweathermap";
api_key = lib.strings.fileContents <secrets/openweathermap.key>;
city_id = "2950159"; city_id = "2950159";
units = "metric"; units = "metric";
}; };
@@ -52,7 +51,7 @@ in {
block = "custom"; block = "custom";
interval = 60 * 5; interval = 60 * 5;
command = let command = let
spacetime = import <niveum/configs/spacetime.nix>; spacetime = import ../configs/spacetime.nix;
in in
pkgs.writers.writePython3 "sun.py" { pkgs.writers.writePython3 "sun.py" {
libraries = [pkgs.python3Packages.astral]; libraries = [pkgs.python3Packages.astral];

47
modules/htgen.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}: let
htgen = pkgs.callPackage ../packages/htgen.nix {};
in {
options.services.htgen = lib.mkOption {
default = {};
type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
options = {
enable = lib.mkEnableOption "htgen-${config._module.args.name}";
port = lib.mkOption {
type = lib.types.int;
};
script = lib.mkOption {
type = lib.types.str;
};
};
}));
};
config = {
systemd.services =
lib.mapAttrs' (
name: cfg:
lib.nameValuePair "htgen-${name}" {
wantedBy = ["multi-user.target"];
after = ["network.target"];
environment = {
HOME = "/var/lib/htgen-${name}";
HTGEN_PORT = toString cfg.port;
HTGEN_SCRIPT = cfg.script;
};
serviceConfig = {
SyslogIdentifier = "htgen-${name}";
DynamicUser = true;
StateDirectory = "htgen-${name}";
PrivateTmp = true;
Restart = "always";
ExecStart = "${htgen}/bin/htgen --serve";
};
}
)
config.services.htgen;
};
}

9
modules/moodle-dl.nix
View File

@@ -23,6 +23,13 @@ in {
''; '';
}; };
tokensFile = mkOption {
type = types.path;
description = ''
Path to a JSON file containing a "token" key and, optionally, a "telegram"."token" key.
'';
};
notifyOnly = mkOption { notifyOnly = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
@@ -74,7 +81,7 @@ in {
Group = config.users.groups.moodle-dl.name; Group = config.users.groups.moodle-dl.name;
WorkingDirectory = cfg.directory; WorkingDirectory = cfg.directory;
ExecStart = "${cfg.package}/bin/moodle-dl ${lib.optionalString cfg.notifyOnly "--without-downloading-files"}"; ExecStart = "${cfg.package}/bin/moodle-dl ${lib.optionalString cfg.notifyOnly "--without-downloading-files"}";
ExecStartPre = "${pkgs.coreutils}/bin/ln -sfn ${toString moodle-dl-json} ${cfg.directory}/config.json"; ExecStartPre = "${pkgs.jq}/bin/jq -s '.[0] *.[1]' ${toString moodle-dl-json} ${toString cfg.tokensFile} > ${cfg.directory}/config.json";
} }
(mkIf (cfg.directory == stateDirectoryDefault) {StateDirectory = "moodle-dl";}) (mkIf (cfg.directory == stateDirectoryDefault) {StateDirectory = "moodle-dl";})
]; ];

94
modules/power-action.nix Normal file
View File

@@ -0,0 +1,94 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.power-action;
out = {
options.services.power-action = api;
config = lib.mkIf cfg.enable imp;
};
api = {
enable = mkEnableOption "power-action";
battery = mkOption {
type = types.str;
default = "BAT0";
};
user = mkOption {
type = types.str;
default = "power-action";
};
startAt = mkOption {
type = types.str;
default = "*:0/1";
};
plans = mkOption {
type = with types;
attrsOf (submodule {
options = {
charging = mkOption {
type = nullOr bool;
default = null;
description = ''
check for charging status.
null = don't care
true = only if system is charging or unknown
false = only if system is discharging
'';
};
upperLimit = mkOption {
type = int;
};
lowerLimit = mkOption {
type = int;
};
action = mkOption {
type = path;
};
};
});
};
};
imp = {
systemd.services.power-action = {
serviceConfig = rec {
ExecStart = startScript;
User = cfg.user;
};
startAt = cfg.startAt;
};
};
startScript = pkgs.writers.writeDash "power-action" ''
set -euf
power="$(${powerlvl})"
state="$(${state})"
${concatStringsSep "\n" (mapAttrsToList writeRule cfg.plans)}
'';
charging_check = plan:
if (plan.charging == null)
then ""
else if plan.charging
then ''&& [ "$state" = "true" ]''
else ''&& ! [ "$state" = "true" ]'';
writeRule = _: plan: "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi";
powerlvl = pkgs.writers.writeDash "powerlvl" ''
cat /sys/class/power_supply/${cfg.battery}/capacity
'';
state = pkgs.writers.writeDash "state" ''
if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ]
then echo "false"
else echo "true"
fi
'';
in
out

22
modules/telegram-bot.nix
View File

@@ -11,19 +11,27 @@ with lib; let
nameValuePair "telegram-bot-${name}" { nameValuePair "telegram-bot-${name}" {
enable = bot.enable; enable = bot.enable;
startAt = bot.time; startAt = bot.time;
serviceConfig.Type = "oneshot"; serviceConfig = {
Type = "oneshot";
LoadCredential = "token:${bot.tokenFile}";
};
wants = ["network-online.target"]; wants = ["network-online.target"];
script = strings.concatStringsSep "\n" (["QUOTE=$(${bot.command})" "if [ -n \"$QUOTE\" ]; then" "echo $QUOTE >&2"] script = ''
++ map (chatId: '' export TOKEN="$(cat "$CREDENTIALS_DIRECTORY/token")"
${pkgs.curl}/bin/curl -X POST "https://api.telegram.org/bot${bot.token}/sendMessage" \ QUOTE=$(${bot.command})
if [ -n "$QUOTE" ]; then
echo $QUOTE >&2
${strings.concatStringsSep "\n" (map (chatId: ''
${pkgs.curl}/bin/curl -X POST "https://api.telegram.org/bot''${TOKEN}/sendMessage" \
-d chat_id="${chatId}" \ -d chat_id="${chatId}" \
-d text="$QUOTE" ${ -d text="$QUOTE" ${
lib.strings.optionalString (bot.parseMode != null) lib.strings.optionalString (bot.parseMode != null)
"-d parse_mode=${bot.parseMode}" "-d parse_mode=${bot.parseMode}"
} | ${pkgs.jq}/bin/jq -e .ok } | ${pkgs.jq}/bin/jq -e .ok
'') '')
bot.chatIds bot.chatIds)}
++ ["fi"]); fi
'';
}; };
in { in {
options.niveum.telegramBots = mkOption { options.niveum.telegramBots = mkOption {
@@ -31,7 +39,7 @@ in {
options = { options = {
enable = mkEnableOption "Telegram bot"; enable = mkEnableOption "Telegram bot";
time = mkOption {type = types.str;}; time = mkOption {type = types.str;};
token = mkOption {type = types.strMatching "[0-9A-Za-z:-]+";}; tokenFile = mkOption {type = types.path;};
chatIds = mkOption { chatIds = mkOption {
type = types.listOf (types.strMatching "-?[0-9]+|@[A-Za-z0-9]+"); type = types.listOf (types.strMatching "-?[0-9]+|@[A-Za-z0-9]+");
}; };

23
packages/cyberlocker-tools.nix Normal file
View File

@@ -0,0 +1,23 @@
{pkgs}:
pkgs.symlinkJoin {
name = "cyberlocker-tools";
paths = [
(pkgs.writers.writeDashBin "cput" ''
set -efu
path=''${1:-$(hostname)}
path=$(echo "/$path" | sed -E 's:/+:/:')
url=http://c.r$path
${pkgs.curl}/bin/curl -fSs --data-binary @- "$url"
echo "$url"
'')
(pkgs.writers.writeDashBin "cdel" ''
set -efu
path=$1
path=$(echo "/$path" | sed -E 's:/+:/:')
url=http://c.r$path
${pkgs.curl}/bin/curl -f -X DELETE "$url"
'')
];
}

43
packages/dic.nix Normal file
View File

@@ -0,0 +1,43 @@
{
fetchgit,
lib,
stdenv,
coreutils,
curl,
gnugrep,
gnused,
util-linux,
}:
stdenv.mkDerivation {
name = "dic";
src = fetchgit {
url = https://cgit.ni.krebsco.de/dic;
rev = "refs/tags/v1.1.1";
sha256 = "1gbj967a5hj53fdkkxijqgwnl9hb8kskz0cmpjq7v65ffz3v6vag";
};
phases = [
"unpackPhase"
"installPhase"
];
installPhase = let
path = lib.makeBinPath [
coreutils
curl
gnused
gnugrep
util-linux
];
in ''
mkdir -p $out/bin
sed \
's,^main() {$,&\n PATH=${path}; export PATH,' \
< ./dic \
> $out/bin/dic
chmod +x $out/bin/dic
'';
}

23
packages/git-preview.nix Normal file
View File

@@ -0,0 +1,23 @@
{
coreutils,
git,
writers,
}:
writers.writeDashBin "git-preview" ''
set -efu
head_commit=$(${git}/bin/git log -1 --format=%H)
merge_commit=$1; shift
merge_message='Merge for git-preview'
preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX)
preview_name=$(${coreutils}/bin/basename "$preview_dir")
${git}/bin/git worktree add --detach -f "$preview_dir" 2>/dev/null
${git}/bin/git -C "$preview_dir" checkout -q "$head_commit"
${git}/bin/git -C "$preview_dir" merge \
''${GIT_PREVIEW_MERGE_STRATEGY+-s "$GIT_PREVIEW_MERGE_STRATEGY"} \
-m "$merge_message" \
-q \
"$merge_commit"
${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@"
${coreutils}/bin/rm -fR "$preview_dir"
${coreutils}/bin/rm -R .git/worktrees/"$preview_name"
''

49
packages/hc.nix Normal file
View File

@@ -0,0 +1,49 @@
{
fetchgit,
lib,
makeWrapper,
stdenv,
coreutils,
findutils,
gawk,
gnugrep,
qrencode,
texlive,
utillinux,
zbar,
}:
stdenv.mkDerivation rec {
name = "hc-${meta.version}";
src = fetchgit {
url = "https://cgit.krebsco.de/hc";
rev = "refs/tags/v${meta.version}";
sha256 = "09349gja22p0j3xs082kp0fnaaada14bafszn4r3q7rg1id2slfb";
};
nativeBuildInputs = [makeWrapper];
buildPhase = null;
installPhase = ''
mkdir -p $out/bin
cp $src/bin/hc $out/bin/hc
wrapProgram $out/bin/hc \
--prefix PATH : ${lib.makeBinPath [
coreutils
findutils
gawk
gnugrep
qrencode
texlive.combined.scheme-full
utillinux
zbar
]}
'';
meta = {
version = "1.0.0";
};
}

31
packages/htgen.nix Normal file
View File

@@ -0,0 +1,31 @@
{
fetchgit,
lib,
pkgs,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "htgen";
version = "1.3.1";
src = fetchgit {
url = "http://cgit.krebsco.de/htgen";
rev = "refs/tags/${version}";
sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
};
installPhase = ''
mkdir -p $out/bin
{
echo '#! ${pkgs.dash}/bin/dash'
echo 'export PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.jq
pkgs.ucspi-tcp
]}''${PATH+":$PATH"}'
sed 's:^Server=htgen$:&/${version}:' htgen
} > $out/bin/htgen
chmod +x $out/bin/htgen
cp -r examples $out
'';
}

9
packages/kpaste.nix Normal file
View File

@@ -0,0 +1,9 @@
{
curl,
gnused,
writers,
}:
writers.writeDashBin "kpaste" ''
${curl}/bin/curl -sS http://p.r --data-binary @"''${1:--}" |
${gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
''

57
packages/scripts/default.nix
View File

@@ -1,11 +1,12 @@
{ {
pkgs, pkgs,
lib, lib,
config,
... ...
}: let }: let
kpaste = pkgs.callPackage <stockholm/krebs/5pkgs/simple/kpaste> {}; kpaste = pkgs.callPackage <stockholm/krebs/5pkgs/simple/kpaste> {};
opustags = pkgs.callPackage <niveum/packages/opustags.nix> {}; opustags = pkgs.callPackage ../opustags.nix {};
betacode = pkgs.callPackage <niveum/packages/python3Packages/betacode.nix> {}; betacode = pkgs.callPackage ../python3Packages/betacode.nix {};
wrapScript = { wrapScript = {
packages ? [], packages ? [],
name, name,
@@ -73,33 +74,6 @@ in
${pkgs.coreutils}/bin/printf '%s\n' 'nameserver 1.1.1.1' 'options edns0' > /etc/resolv.conf ${pkgs.coreutils}/bin/printf '%s\n' 'nameserver 1.1.1.1' 'options edns0' > /etc/resolv.conf
''; '';
much-scripts = let
much-current-query = wrapScript {
packages = [pkgs.curl];
name = "much-current-query";
script = ./much-current-query.sh;
};
mail-send = wrapScript {
packages = [pkgs.notmuch pkgs.msmtp pkgs.jq];
name = "mail-send";
script = ./mail-send.sh;
};
mail-reply = wrapScript {
packages = [much-current-query pkgs.notmuch pkgs.gnused pkgs.jq];
name = "mail-reply";
script = ./mail-reply.sh;
};
mail-kill = wrapScript {
name = "mail-kill";
script = ./mail-kill.sh;
packages = [pkgs.notmuch];
};
in
pkgs.symlinkJoin {
name = "much-scripts";
paths = [mail-send much-current-query mail-reply mail-kill];
};
showkeys-toggle = pkgs.writers.writeDashBin "showkeys-toggle" '' showkeys-toggle = pkgs.writers.writeDashBin "showkeys-toggle" ''
if ${pkgs.procps}/bin/pgrep screenkey; then if ${pkgs.procps}/bin/pgrep screenkey; then
exec ${pkgs.procps}/bin/pkill screenkey exec ${pkgs.procps}/bin/pkill screenkey
@@ -205,7 +179,7 @@ in
| ${pkgs.man}/bin/man --local-file --pager="${pkgs.bat}/bin/bat -p" - | ${pkgs.man}/bin/man --local-file --pager="${pkgs.bat}/bin/bat -p" -
''; '';
playlist = import ./pls.nix {inherit pkgs;}; playlist = import ./pls.nix {inherit pkgs lib config;};
mpv-tv = import ./mpv-tv.nix {inherit pkgs lib;}; mpv-tv = import ./mpv-tv.nix {inherit pkgs lib;};
@@ -396,8 +370,8 @@ in
unicodmenu = pkgs.callPackage ./unicodmenu.nix {}; unicodmenu = pkgs.callPackage ./unicodmenu.nix {};
mpv-radio = let mpv-radio = let
streams = import <niveum/lib/streams.nix> { streams = import ../../lib/streams.nix {
di-fm-key = lib.strings.fileContents <secrets/di.fm/key>; di-fm-key = "%DI_FM_KEY%"; # lib.strings.fileContents <secrets/di.fm/key>;
}; };
streams-tsv = pkgs.writeText "streams.tsv" (lib.concatMapStringsSep "\n" ({ streams-tsv = pkgs.writeText "streams.tsv" (lib.concatMapStringsSep "\n" ({
desc ? "", desc ? "",
@@ -408,7 +382,12 @@ in
streams); streams);
in in
pkgs.writers.writeDashBin "mpv-radio" '' pkgs.writers.writeDashBin "mpv-radio" ''
exec ${pkgs.mpv}/bin/mpv --force-window=yes "$(${pkgs.dmenu}/bin/dmenu -i -l 5 < ${streams-tsv} | ${pkgs.coreutils}/bin/cut -f3)" export DI_FM_KEY=$(cat "${config.age.secrets.di-fm-key.path}")
exec ${pkgs.mpv}/bin/mpv --force-window=yes "$(
${pkgs.dmenu}/bin/dmenu -i -l 5 < ${streams-tsv} \
| ${pkgs.coreutils}/bin/cut -f3 \
| ${pkgs.gnused}/bin/sed s/%DI_FM_KEY%/"$DI_FM_KEY"/
)"
''; '';
rfc = wrapScript { rfc = wrapScript {
@@ -489,11 +468,11 @@ in
''; '';
} }
// { // {
devour = pkgs.callPackage <niveum/packages/devour.nix> {}; devour = pkgs.callPackage ../devour.nix {};
depp = pkgs.callPackage <niveum/packages/depp.nix> {}; depp = pkgs.callPackage ../depp.nix {};
text2pdf = pkgs.callPackage <niveum/packages/text2pdf.nix> {}; text2pdf = pkgs.callPackage ../text2pdf.nix {};
vimv = pkgs.callPackage <niveum/packages/vimv.nix> {}; vimv = pkgs.callPackage ../vimv.nix {};
when = pkgs.callPackage <niveum/packages/when.nix> {}; when = pkgs.callPackage ../when.nix {};
mahlzeit = pkgs.haskellPackages.callPackage <niveum/packages/mahlzeit.nix> {}; mahlzeit = pkgs.haskellPackages.callPackage ../mahlzeit.nix {};
inherit opustags; inherit opustags;
} }

20
packages/scripts/mail-kill.sh
View File

@@ -1,20 +0,0 @@
#! /bin/sh
set -efu
if ! notmuch search --exclude=false tag:deleted | tac | grep .; then
echo 'No killed mail.'
exit 1
fi
printf 'want do rm these mail? [y/N] '
read REPLY
case "$REPLY" in
y|Y) :;; # continue
*)
echo 'abort.'
exit 2
;;
esac
notmuch search --output=files --exclude=false tag:deleted | xargs -l rm -v
notmuch new

47
packages/scripts/mail-reply.sh
View File

@@ -1,47 +0,0 @@
#! /bin/sh
set -efu
reply_to=$(much-current-query)
if ! test "$(notmuch search --output=messages "$reply_to" | wc -l)" = 1; then
echo "current query doesn't point to exactly one message. abort." >&2
exit 1
fi
# TODO update headers
notmuch reply "$reply_to" |
sed '
/^Non-text part: /d
/^Attachment: /d
' |
jq -Rrs '
# TODO dedup with mail-send
split("\n") |
index("") as $i |
.[:$i] as $head |
.[$i:] as $body |
{
"MIME-Version": "1.0",
"Content-Type": "text/plain; charset=UTF-8; format=flowed",
"Content-Transfer-Encoding": "8bit"
} as $extra_head |
($extra_head | keys | join("|")) as $extra_head_regex |
($extra_head | to_entries | map("\(.key): \(.value)")) as $extra_head_lines |
# TODO each of these could be followed by multiple lines starting with spaces
($head | map(select(test("^(\($extra_head_regex)):";"i") | not))) as $head |
($head + $extra_head_lines) as $head |
($head + $body) | join("\n")
'
# TODO fix From:
# TODO tune quote
# TODO write draft
# TODO send mail

56
packages/scripts/mail-send.sh
View File

@@ -1,56 +0,0 @@
#! /bin/sh
# usage: mail-send < FILE
set -efu
get_in_reply_to() {
sed -n '/^In-Reply-to:/I{s/In-Reply-to:\s*//I;h;:a;n;/^\s/{s/^\s*//;H;ba};x;p;q}' |
sed -n 's/^<\(.*\)>$/\1/p' |
grep .
}
now=$(date --rfc-email)
id=$(whoami)+$(date +%s -d "$now")@$(hostname -f)
# TODO check if mail with that ID already exists
# TODO encode subject https://ncona.com/2011/06/using-utf-8-characters-on-an-e-mail-subject/
# and maybe recipients
# TODO use tmpfile instead?
mail=$(
env now="$now" id="$id" \
jq -Rrs '
# TODO dedup with mail-reply
split("\n") |
index("") as $i |
.[:$i] as $head |
.[$i:] as $body |
# TODO each of these could be followed by multiple lines starting with spaces
($head | map(select(test("^(Date|Message-ID|User-Agent):";"i") | not))) as $head |
($head + [
"Date: \(env.now)",
"Message-ID: <\(env.id)>",
"User-Agent: much"
]) as $head |
($head + $body) | join("\n")
'
)
printf %s "$mail" | msmtpq --read-recipients --read-envelope-from
printf %s "$mail" | notmuch insert
if in_reply_to=$(printf %s "$mail" | get_in_reply_to); then
if test "$(notmuch search --output=messages "id:$in_reply_to")" != "id:$in_reply_to"; then
echo "while trying to put replied tag, failed to find exactly one message" >&2
echo " query = id:$in_reply_to" >&2
exit 1
fi
notmuch tag +replied -unread -- "id:$in_reply_to"
fi
echo "id:$id"

10
packages/scripts/pls.nix
View File

@@ -1,10 +1,12 @@
{pkgs}: let {
inherit (pkgs) lib; config,
pkgs,
lib,
}: let
playlistAPI = "https://radio.lassul.us"; playlistAPI = "https://radio.lassul.us";
sendIRC = pkgs.writers.writeDash "send-irc" '' sendIRC = pkgs.writers.writeDash "send-irc" ''
${pkgs.ircaids}/bin/ircsink \ ${config.nur.repos.mic92.ircsink}/bin/ircsink \
--nick musikkritiker \ --nick musikkritiker \
--server irc.hackint.org \ --server irc.hackint.org \
--port 6697 \ --port 6697 \

17
packages/untilport.nix Normal file
View File

@@ -0,0 +1,17 @@
{pkgs, ...}:
pkgs.writers.writeDashBin "untilport" ''
set -euf
usage() {
echo 'untiport $target $port'
echo 'Sleeps until the destinated port is reachable.'
echo 'ex: untilport google.de 80 && echo "google is now reachable"'
}
if [ $# -ne 2 ]; then
usage
else
until ${pkgs.libressl.nc}/bin/nc -z "$@"; do sleep 1; done
fi
''

177
packages/weechat-declarative.nix Normal file
View File

@@ -0,0 +1,177 @@
{
pkgs,
lib,
...
} @ args: let
# config cannot be declared in the input attribute set because that would
# cause callPackage to inject the wrong config. Instead, get it from ...
# via args.
config = args.config or {};
lib =
args.lib
// rec {
attrPaths = let
recurse = path: value:
if builtins.isAttrs value
then lib.mapAttrsToList (name: recurse (path ++ [name])) value
else [(lib.nameValuePair path value)];
in
attrs: lib.flatten (recurse [] attrs);
attrPathsSep = sep: attrs: lib.listToAttrs (map (x: x // {name = lib.concatStringsSep sep x.name;}) (attrPaths attrs));
toWeechatValue = x:
{
bool = builtins.toJSON x;
string = x;
list = lib.concatMapStringsSep "," toWeechatValue x;
int = toString x;
}
.${builtins.typeOf x};
setCommand = name: value: "/set ${name} \"${toWeechatValue value}\"";
filterAddreplace = name: filter: "/filter addreplace ${name} ${filter.buffer} ${toWeechatValue filter.tags} ${filter.regex}";
};
cfg = eval.config;
eval = lib.evalModules {
modules = lib.singleton {
_file = toString ./default.nix;
imports = lib.singleton config;
options = {
scripts = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [];
description = ''
some stuff from pkgs.weechatScripts
'';
};
settings = lib.mkOption {
type = (pkgs.formats.json {}).type;
description = ''
your weechat config in nix-style syntax.
secrets can be defined with \''${my.secret.value}
'';
default = {};
example = {
irc.server_default.nicks = "rick_\\\${sec.data.foo}";
irc.server_default.msg_part = "ciao kakao";
irc.server_default.msg_quit = "tschö mit \\\${sec.data.foo}";
irc.look.color_nicks_in_nicklist = true;
matrix.server.nibbana = {
address = "nibbana.jp";
};
irc.server.hackint = {
address = "irc.hackint.org/6697";
ssl = true;
autoconnect = true;
autojoin = ["#krebs"];
};
weechat.bar.buflist.hidden = true;
irc.server.hackint.command = lib.concatStringsSep "\\;" [
"/msg nickserv IDENTIFY \\\${sec.data.hackint_password}"
"/msg nickserv SET CLOAK ON"
];
filters.playlist_topic = {
buffer = "irc.*.#the_playlist";
tags = ["irc_topic"];
regex = "*";
};
relay = {
port.weechat = 9000;
network.password = "hunter2";
};
alias.cmd.mod = "quote omode $channel +o $nick";
secure.test.passphrase_command = "echo lol1234123124";
};
};
extraCommands = lib.mkOption {
type = lib.types.lines;
default = "";
};
files = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {};
example = lib.literalExpression ''
{
"sec.conf" = toString (pkgs.writeText "sec.conf" '''
[crypt]
cipher = aes256
hash_algo = sha256
passphrase_command = ""
salt = on
[data]
__passphrase__ = off
foo = "bar"
''');
}
'';
};
};
};
};
setFile = pkgs.writeText "weechat.set" (
lib.optionalString (cfg.settings != {})
(lib.concatStringsSep "\n" (
lib.optionals
(cfg.settings.irc or {} != {})
(lib.mapAttrsToList
(name: server: "/server add ${name} ${lib.toWeechatValue server.addresses}")
cfg.settings.irc.server)
++ lib.optionals
(cfg.settings.matrix or {} != {})
(lib.mapAttrsToList
(name: server: "/matrix server add ${name} ${server.address}")
cfg.settings.matrix.server)
++ lib.mapAttrsToList lib.setCommand (lib.attrPathsSep "." cfg.settings)
++ lib.optionals
(cfg.settings.filters or {} != {})
(lib.mapAttrsToList lib.filterAddreplace cfg.settings.filters)
++ lib.singleton cfg.extraCommands
))
);
weechat = pkgs.weechat.override {
configure = _: {
init = "/exec -oc cat ${setFile}";
scripts = cfg.scripts;
};
};
wrapper = pkgs.writers.writeDashBin "weechat" ''
CONFDIR=''${XDG_CONFIG_HOME:-$HOME/.config}/weechat
${pkgs.coreutils}/bin/mkdir -p "$CONFDIR"
${
lib.concatStringsSep "\n"
(
lib.mapAttrsToList
(name: target:
/*
sh
*/
''
${pkgs.coreutils}/bin/cp ${lib.escapeShellArg target} "$CONFDIR"/${lib.escapeShellArg name}
${pkgs.coreutils}/bin/chmod +w "$CONFDIR"/${lib.escapeShellArg name}
'')
cfg.files
)
}
exec ${weechat}/bin/weechat "$@"
'';
in
pkgs.symlinkJoin {
name = "weechat-configured";
paths = [
wrapper
pkgs.weechat
];
postBuild = ''
ln -s ${setFile} $out/weechat.set
'';
}

1
secrets Submodule

Submodule secrets added at c7d15a9174

27
systems/ful/configuration.nix
View File

@@ -4,19 +4,26 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) kieran retiolumAddresses restic; inherit (import ../../lib) kieran retiolumAddresses restic;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./matomo.nix ./matomo.nix
<niveum/configs/monitoring.nix> ../../configs/monitoring.nix
<niveum/configs/nix.nix> ../../configs/save-space.nix
<niveum/configs/save-space.nix> ../../configs/spacetime.nix
<niveum/configs/spacetime.nix> ../../configs/retiolum.nix
<niveum/configs/sshd.nix> ../../configs/sshd.nix
<niveum/configs/retiolum.nix> ../../configs/nix.nix
]; ];
age.secrets = {
retiolum-rsa.file = ../../secrets/ful-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/ful-retiolum-privateKey-rsa.age;
root.file = ../../secrets/ful-root.age;
restic.file = ../../secrets/restic.age;
};
services.restic.backups.niveum = { services.restic.backups.niveum = {
initialize = true; initialize = true;
inherit (restic) repository; inherit (restic) repository;
@@ -24,14 +31,12 @@ in {
OnCalendar = "daily"; OnCalendar = "daily";
RandomizedDelaySec = "1h"; RandomizedDelaySec = "1h";
}; };
passwordFile = toString <secrets/restic/password>; passwordFile = config.age.secrets.restic.path;
paths = [ paths = [
config.services.mysqlBackup.location config.services.mysqlBackup.location
]; ];
}; };
nix.nixPath = ["/var/src"];
networking = { networking = {
firewall.allowedTCPPorts = [80 443]; firewall.allowedTCPPorts = [80 443];
hostName = "ful"; hostName = "ful";
@@ -56,7 +61,7 @@ in {
defaults.email = kieran.email; defaults.email = kieran.email;
}; };
users.users.root.passwordFile = toString <system-secrets/root.password>; users.users.root.passwordFile = config.age.secrets.root.path;
environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3]; environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3];

5
systems/ful/hardware-configuration.nix
View File

@@ -2,9 +2,12 @@
config, config,
lib, lib,
pkgs, pkgs,
modulesPath,
... ...
}: { }: {
imports = [<nixpkgs/nixos/modules/profiles/qemu-guest.nix>]; imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = { boot = {
loader = { loader = {

2
systems/ful/matomo.nix
View File

@@ -1,5 +1,5 @@
{pkgs, ...}: let {pkgs, ...}: let
inherit (import <niveum/lib>) kieran; inherit (import ../../lib) kieran;
in { in {
services.nginx = { services.nginx = {
enable = true; enable = true;

16
systems/kabsa/configuration.nix
View File

@@ -4,13 +4,13 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) retiolumAddresses; inherit (import ../../lib) retiolumAddresses;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
<niveum/configs/battery.nix> ../../configs/battery.nix
<niveum/configs/default.nix> ../../configs/default.nix
<niveum/configs/networkmanager.nix> ../../configs/networkmanager.nix # TODO how to get passwords into there?
]; ];
niveum = { niveum = {
@@ -24,6 +24,14 @@ in {
max-jobs = 2; max-jobs = 2;
}; };
age.secrets = {
retiolum-rsa.file = ../../secrets/kabsa-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/kabsa-retiolum-privateKey-ed25519.age;
restic.file = ../../secrets/restic.age;
syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
};
environment.systemPackages = [pkgs.minecraft pkgs.zeroad]; environment.systemPackages = [pkgs.minecraft pkgs.zeroad];
networking = { networking = {

3
systems/kabsa/hardware-configuration.nix
View File

@@ -2,9 +2,10 @@
config, config,
lib, lib,
pkgs, pkgs,
modulesPath,
... ...
}: { }: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>]; imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = { boot = {
initrd = { initrd = {

29
systems/makanek/configuration.nix
View File

@@ -4,7 +4,7 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) kieran retiolumAddresses restic; inherit (import ../../lib) kieran retiolumAddresses restic;
in { in {
imports = [ imports = [
./gitea.nix ./gitea.nix
@@ -13,7 +13,6 @@ in {
./menstruation.nix ./menstruation.nix
./moinbot.nix ./moinbot.nix
./monitoring ./monitoring
./moodle-dl-borsfaye.nix
./names.nix ./names.nix
./nextcloud.nix ./nextcloud.nix
./radio-news.nix ./radio-news.nix
@@ -23,14 +22,14 @@ in {
./tt-rss.nix ./tt-rss.nix
./urlwatch.nix ./urlwatch.nix
./weechat.nix ./weechat.nix
<niveum/configs/monitoring.nix> ../../configs/monitoring.nix
<niveum/configs/nix.nix> ../../configs/nix.nix
<niveum/configs/save-space.nix> ../../configs/save-space.nix
<niveum/configs/spacetime.nix> ../../configs/retiolum.nix
<niveum/configs/sshd.nix> ../../configs/spacetime.nix
<niveum/configs/retiolum.nix> ../../configs/sshd.nix
<niveum/configs/telegram-bots> ../../configs/telegram-bots
<niveum/modules/passport.nix> ../../modules/passport.nix
]; ];
services.restic.backups.niveum = { services.restic.backups.niveum = {
@@ -40,7 +39,7 @@ in {
OnCalendar = "daily"; OnCalendar = "daily";
RandomizedDelaySec = "1h"; RandomizedDelaySec = "1h";
}; };
passwordFile = toString <secrets/restic/password>; passwordFile = config.age.secrets.restic.path;
paths = [ paths = [
"/var/lib/codimd" "/var/lib/codimd"
config.services.postgresqlBackup.location config.services.postgresqlBackup.location
@@ -76,8 +75,6 @@ in {
]; ];
}; };
nix.nixPath = ["/var/src"];
networking = { networking = {
firewall.allowedTCPPorts = [80 443]; firewall.allowedTCPPorts = [80 443];
hostName = "makanek"; hostName = "makanek";
@@ -86,6 +83,12 @@ in {
useDHCP = false; useDHCP = false;
}; };
age.secrets = {
retiolum-rsa.file = ../../secrets/makanek-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/makanek-retiolum-privateKey-ed25519.age;
restic.file = ../../secrets/restic.age;
};
system.stateVersion = "20.03"; system.stateVersion = "20.03";
services.nginx = { services.nginx = {

2
systems/makanek/gitea.nix
View File

@@ -1,5 +1,5 @@
let let
inherit (import <niveum/lib>) sshPort; inherit (import ../../lib) sshPort;
domain = "https://code.kmein.de"; domain = "https://code.kmein.de";
in { in {
services.gitea = { services.gitea = {

3
systems/makanek/hardware-configuration.nix
View File

@@ -2,9 +2,10 @@
config, config,
lib, lib,
pkgs, pkgs,
modulesPath,
... ...
}: { }: {
imports = [<nixpkgs/nixos/modules/profiles/qemu-guest.nix>]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot = { boot = {
initrd = { initrd = {

2
systems/makanek/hedgedoc.nix
View File

@@ -6,7 +6,7 @@
backupLocation = "/var/lib/codimd-backup"; backupLocation = "/var/lib/codimd-backup";
stateLocation = "/var/lib/codimd/state.sqlite"; stateLocation = "/var/lib/codimd/state.sqlite";
domain = "pad.kmein.de"; domain = "pad.kmein.de";
inherit (import <niveum/lib>) tmpfilesConfig; inherit (import ../../lib) tmpfilesConfig;
in { in {
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;

24
systems/makanek/menstruation.nix
View File

@@ -1,16 +1,10 @@
{ {
config,
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
backend = pkgs.callPackage <menstruation-backend> {};
old-pkgs = import (pkgs.fetchFromGitHub {
owner = "NixOs";
repo = "nixpkgs";
rev = "695b3515251873e0a7e2021add4bba643c56cde3";
hash = "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=";
}) {};
telegram = old-pkgs.poetry2nix.mkPoetryApplication {projectDir = <menstruation-telegram>;};
backendPort = 8000; backendPort = 8000;
in { in {
services.redis.servers.menstruation = { services.redis.servers.menstruation = {
@@ -36,24 +30,32 @@ in {
]; ];
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
environment = { environment = {
MENSTRUATION_TOKEN = lib.strings.fileContents <system-secrets/telegram/menstruation.token>;
MENSTRUATION_ENDPOINT = "http://localhost:${toString backendPort}"; MENSTRUATION_ENDPOINT = "http://localhost:${toString backendPort}";
MENSTRUATION_MODERATORS = "18980945"; MENSTRUATION_MODERATORS = "18980945";
}; };
script = ''
set -efu
export MENSTRUATION_TOKEN="$(cat "$CREDENTIALS_DIRECTORY/menstruation-token")"
${inputs.menstruation-telegram.defaultPackage.x86_64-linux}/bin/menstruation-telegram
'';
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
DynamicUser = true; DynamicUser = true;
ExecStart = "${telegram}/bin/menstruation-telegram"; LoadCredential = [
"menstruation-token:${config.age.secrets.telegram-token-menstruation.path}"
];
}; };
}; };
age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;
systemd.services.menstruation-backend = { systemd.services.menstruation-backend = {
wants = ["network-online.target"]; wants = ["network-online.target"];
environment.ROCKET_PORT = toString backendPort; environment.ROCKET_PORT = toString backendPort;
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
DynamicUser = true; DynamicUser = true;
ExecStart = "${backend}/bin/menstruation_server"; ExecStart = "${inputs.menstruation-backend.defaultPackage.x86_64-linux}/bin/menstruation_server";
}; };
}; };
} }

8
systems/makanek/moinbot.nix
View File

@@ -1,4 +1,8 @@
{pkgs, ...}: { {
pkgs,
config,
...
}: {
systemd.services.moinbot = { systemd.services.moinbot = {
startAt = "7:00"; startAt = "7:00";
script = '' script = ''
@@ -8,7 +12,7 @@
MOIN MOIN
OI OI
moi" | shuf -n1) moi" | shuf -n1)
echo "$greeting" | ${pkgs.ircaids}/bin/ircsink \ echo "$greeting" | ${config.nur.repos.mic92.ircsink}/bin/ircsink \
--nick "$greeting""bot" \ --nick "$greeting""bot" \
--server irc.hackint.org \ --server irc.hackint.org \
--port 6697 \ --port 6697 \

38
systems/makanek/monitoring/default.nix
View File

@@ -6,7 +6,7 @@
}: let }: let
lokiConfig = import ./loki.nix; lokiConfig = import ./loki.nix;
blackboxConfig = import ./blackbox.nix; blackboxConfig = import ./blackbox.nix;
inherit (import <niveum/lib>) restic; inherit (import ../../../lib) restic;
in { in {
services.grafana = { services.grafana = {
enable = true; enable = true;
@@ -17,12 +17,12 @@ in {
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
}; };
smtp = let smtp = let
inherit (import <niveum/lib/email.nix> {inherit lib;}) cock; inherit (import ../../../lib/email.nix {inherit lib;}) cock;
address = builtins.split "@" cock.user; address = builtins.split "@" cock.user;
in { in {
enabled = true; enabled = true;
from_address = cock.address; from_address = cock.address;
password = cock.password; password = "$__file{${config.age.secrets.email-password-cock.path}}";
user = cock.user; user = cock.user;
host = cock.smtpSettings cock.smtp; host = cock.smtpSettings cock.smtp;
startTLS_policy = "MandatoryStartTLS"; startTLS_policy = "MandatoryStartTLS";
@@ -30,7 +30,7 @@ in {
dashboards.default_home_dashboard_path = toString ./grafana-dashboards/niveum.json; dashboards.default_home_dashboard_path = toString ./grafana-dashboards/niveum.json;
security = { security = {
admin_user = "admin"; admin_user = "admin";
admin_password = lib.strings.fileContents <system-secrets/grafana/admin>; admin_password = "$__file{${config.age.secrets.grafana-password-admin.path}}";
}; };
}; };
provision = { provision = {
@@ -196,6 +196,7 @@ in {
enable = true; enable = true;
listenAddress = "localhost"; listenAddress = "localhost";
webExternalUrl = "http://alertmanager.kmein.r"; webExternalUrl = "http://alertmanager.kmein.r";
environmentFile = config.age.secrets.alertmanager-token-reporters.path;
configuration = { configuration = {
route = { route = {
group_wait = "30s"; group_wait = "30s";
@@ -207,7 +208,7 @@ in {
name = "all"; name = "all";
telegram_configs = [ telegram_configs = [
{ {
bot_token = lib.strings.fileContents <system-secrets/telegram/prometheus.token>; bot_token = "$TELEGRAM_TOKEN";
chat_id = 18980945; chat_id = 18980945;
parse_mode = ""; parse_mode = "";
api_url = "https://api.telegram.org"; api_url = "https://api.telegram.org";
@@ -220,8 +221,8 @@ in {
} }
]; ];
email_configs = let email_configs = let
inherit (import <niveum/lib>) kieran; inherit (import ../../../lib) kieran;
inherit (import <niveum/lib/email.nix> {inherit lib;}) cock; inherit (import ../../../lib/email.nix {inherit lib;}) cock;
in [ in [
{ {
send_resolved = true; send_resolved = true;
@@ -230,7 +231,7 @@ in {
smarthost = "${cock.smtp}:587"; smarthost = "${cock.smtp}:587";
auth_username = cock.user; auth_username = cock.user;
auth_identity = cock.user; auth_identity = cock.user;
auth_password = cock.password; auth_password = "$EMAIL_PASSWORD";
} }
]; ];
} }
@@ -238,6 +239,27 @@ in {
}; };
}; };
age.secrets = {
email-password-cock = {
file = ../../../secrets/email-password-cock.age;
owner = "grafana";
group = "grafana";
mode = "440";
};
grafana-password-admin = {
file = ../../../secrets/grafana-password-admin.age;
owner = "grafana";
group = "grafana";
mode = "440";
};
alertmanager-token-reporters = {
file = ../../../secrets/alertmanager-token-reporters.age;
owner = "prometheus";
group = "prometheus";
mode = "440";
};
};
services.prometheus.alertmanagers = [ services.prometheus.alertmanagers = [
{ {
scheme = "http"; scheme = "http";

3
systems/makanek/names.nix
View File

@@ -1,10 +1,11 @@
{ {
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
port = 5703; port = 5703;
onomap-src = "${<scripts>}/onomastics-ng"; onomap-src = inputs.scripts.outPath + "/onomastics-ng";
onomap = pkgs.haskellPackages.callCabal2nix "onomap" onomap-src {}; onomap = pkgs.haskellPackages.callCabal2nix "onomap" onomap-src {};
in { in {
systemd.services.names = { systemd.services.names = {

26
systems/makanek/nextcloud.nix
View File

@@ -4,9 +4,23 @@
lib, lib,
... ...
}: let }: let
passwordFile = path: toString (pkgs.writeText "password" (lib.strings.fileContents path)); inherit (import ../../lib) localAddresses;
inherit (import <niveum/lib>) localAddresses;
in { in {
age.secrets = {
nextcloud-password-database = {
file = ../../secrets/nextcloud-password-database.age;
owner = "nextcloud";
group = "nextcloud";
mode = "440";
};
nextcloud-password-admin = {
file = ../../secrets/nextcloud-password-admin.age;
owner = "nextcloud";
group = "nextcloud";
mode = "440";
};
};
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud25; package = pkgs.nextcloud25;
@@ -30,8 +44,8 @@ in {
dbuser = "nextcloud"; dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud"; dbname = "nextcloud";
dbpassFile = passwordFile <system-secrets/nextcloud/database>; dbpassFile = config.age.secrets.nextcloud-password-database.path;
adminpassFile = passwordFile <system-secrets/nextcloud/admin>; adminpassFile = config.age.secrets.nextcloud-password-admin.path;
adminuser = "admin"; adminuser = "admin";
# extraTrustedDomains = [ "toum.r" ]; # extraTrustedDomains = [ "toum.r" ];
defaultPhoneRegion = "DE"; defaultPhoneRegion = "DE";
@@ -40,7 +54,7 @@ in {
logLevel = 2; logLevel = 2;
extraOptions = let extraOptions = let
inherit (import <niveum/lib/email.nix> {inherit lib;}) cock; inherit (import ../../lib/email.nix {inherit lib;}) cock;
address = builtins.split "@" cock.user; address = builtins.split "@" cock.user;
in { in {
defaultapp = "files"; defaultapp = "files";
@@ -54,7 +68,7 @@ in {
mail_smtpauthtype = "LOGIN"; mail_smtpauthtype = "LOGIN";
mail_smtpauth = 1; mail_smtpauth = 1;
mail_smtpname = cock.user; mail_smtpname = cock.user;
mail_smtppassword = cock.password; # mail_smtppassword = cock.password; # TODO how to do this?
}; };
}; };

4
systems/makanek/radio-news.nix
View File

@@ -3,10 +3,10 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) serveHtml; inherit (import ../../lib) serveHtml;
remote = "https://cgit.lassul.us/stockholm"; remote = "https://cgit.lassul.us/stockholm";
in { in {
services.nginx.virtualHosts."redaktion.r".locations."/".extraConfig = serveHtml <niveum/lib/radio-news.html> pkgs; services.nginx.virtualHosts."redaktion.r".locations."/".extraConfig = serveHtml ../../lib/radio-news.html pkgs;
niveum.passport.services = [ niveum.passport.services = [
{ {

2
systems/makanek/radio.nix
View File

@@ -4,7 +4,7 @@
config, config,
... ...
}: let }: let
inherit (import <niveum/lib>) tmpfilesConfig; inherit (import ../../lib) tmpfilesConfig;
liquidsoapDirectory = "/var/cache/liquidsoap"; liquidsoapDirectory = "/var/cache/liquidsoap";
icecastPassword = "hackme"; icecastPassword = "hackme";
lyrikline-poem = pkgs.writers.writeDash "lyrikline.sh" '' lyrikline-poem = pkgs.writers.writeDash "lyrikline.sh" ''

11
systems/makanek/retiolum-map.nix
View File

@@ -2,6 +2,7 @@
config, config,
pkgs, pkgs,
lib, lib,
inputs,
... ...
}: let }: let
network = "retiolum"; network = "retiolum";
@@ -11,7 +12,7 @@
geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb"; geo-ip-database = "${lib.head config.services.geoipupdate.settings.EditionIDs}.mmdb";
geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}"; geo-ip-database-path = "${config.services.geoipupdate.settings.DatabaseDirectory}/${geo-ip-database}";
tinc-graph = pkgs.callPackage <tinc-graph> {}; tinc-graph = inputs.tinc-graph.defaultPackage.x86_64-linux;
in { in {
systemd.services.retiolum-index = { systemd.services.retiolum-index = {
description = "Retiolum indexing service"; description = "Retiolum indexing service";
@@ -39,11 +40,13 @@ in {
enable = true; enable = true;
settings = { settings = {
AccountID = 608777; AccountID = 608777;
LicenseKey = toString <system-secrets/maxmind/license.key>; LicenseKey._secret = config.age.secrets.maxmind-license-key.path;
EditionIDs = ["GeoLite2-City"]; EditionIDs = ["GeoLite2-City"];
}; };
}; };
age.secrets.maxmind-license-key.file = ../../secrets/maxmind-license-key.age;
niveum.passport.services = [ niveum.passport.services = [
{ {
link = "http://graph.r"; link = "http://graph.r";
@@ -71,9 +74,7 @@ in {
systemd.services.geoip-share = { systemd.services.geoip-share = {
after = ["geoipupdate.service"]; after = ["geoipupdate.service"];
wantedBy = ["geoipupdate.service"]; wantedBy = ["geoipupdate.service"];
script = let script = "${pkgs.curl}/bin/curl -fSs --data-binary @${geo-ip-database-path} http://c.r/${geo-ip-database} ";
cyberlocker-tools = pkgs.callPackage <stockholm/krebs/5pkgs/simple/cyberlocker-tools> {};
in "${cyberlocker-tools}/bin/cput ${geo-ip-database} < ${geo-ip-database-path}";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
DynamicUser = true; DynamicUser = true;

9
systems/makanek/tarot.nix
View File

@@ -15,12 +15,11 @@
sha256 = "1n2m53kjg2vj9dbr70b9jrsbqwdfrcb48l4wswn21549fi24g6dx"; sha256 = "1n2m53kjg2vj9dbr70b9jrsbqwdfrcb48l4wswn21549fi24g6dx";
}; };
in { in {
imports = [<stockholm/krebs/3modules/htgen.nix>]; imports = [../../modules/htgen.nix];
krebs.htgen.tarot = { services.htgen.tarot = {
port = tarotPort; port = tarotPort;
user.name = "radio"; script = ''. ${pkgs.writers.writeDash "tarot" ''
scriptFile = pkgs.writers.writeDash "tarot" ''
case "$Method $Request_URI" in case "$Method $Request_URI" in
"GET /") "GET /")
if item=$(${pkgs.findutils}/bin/find ${toString tarotFiles} -type f | ${pkgs.coreutils}/bin/shuf -n1); then if item=$(${pkgs.findutils}/bin/find ${toString tarotFiles} -type f | ${pkgs.coreutils}/bin/shuf -n1); then
@@ -43,7 +42,7 @@ in {
fi fi
;; ;;
esac esac
''; ''}'';
}; };
niveum.passport.services = [ niveum.passport.services = [

7
systems/makanek/tt-rss.nix
View File

@@ -9,10 +9,7 @@
in { in {
services.miniflux = { services.miniflux = {
enable = true; enable = true;
adminCredentialsFile = pkgs.writeText "miniflux" '' adminCredentialsFile = config.age.secrets.miniflux-credentials.path;
ADMIN_USERNAME='kfm'
ADMIN_PASSWORD='${lib.strings.fileContents <secrets/miniflux/password>}'
'';
config = { config = {
FETCH_YOUTUBE_WATCH_TIME = "1"; FETCH_YOUTUBE_WATCH_TIME = "1";
POLLING_FREQUENCY = "20"; POLLING_FREQUENCY = "20";
@@ -22,6 +19,8 @@ in {
}; };
}; };
age.secrets.miniflux-credentials.file = ../../secrets/miniflux-credentials.age;
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
databases = ["miniflux"]; databases = ["miniflux"];

8
systems/makanek/urlwatch.nix
View File

@@ -4,7 +4,7 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) kieran; inherit (import ../../lib) kieran;
urlwatchDir = "/var/lib/urlwatch"; urlwatchDir = "/var/lib/urlwatch";
@@ -141,14 +141,14 @@
port = 587; port = 587;
starttls = true; starttls = true;
auth = true; auth = true;
insecure_password = lib.strings.fileContents <secrets/mail/cock>; # insecure_password = lib.strings.fileContents <secrets/mail/cock>; TODO how?
}; };
subject = "{count} changes: {jobs}"; subject = "{count} changes: {jobs}";
to = kieran.email; to = kieran.email;
}; };
telegram = { telegram = {
enabled = false; enabled = false;
bot_token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; # bot_token = lib.strings.fileContents <system-secrets/telegram/kmein.token>; TODO how?
chat_id = "-1001504043752"; chat_id = "-1001504043752";
}; };
html.diff = "unified"; html.diff = "unified";
@@ -165,7 +165,7 @@
}; };
}; };
urlwatch = pkgs.urlwatch.overrideAttrs (attrs: { urlwatch = pkgs.urlwatch.overrideAttrs (attrs: {
patches = [<niveum/packages/urlwatch-insecure.patch>]; patches = [../../packages/urlwatch-insecure.patch];
}); });
in { in {
users.extraUsers.urlwatch = { users.extraUsers.urlwatch = {

28
systems/makanek/weechat.nix
View File

@@ -3,9 +3,9 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) kieran; inherit (import ../../lib) kieran;
relayPassword = lib.fileContents <system-secrets/weechat/relay>;
weechatHome = "/var/lib/weechat"; weechatHome = "/var/lib/weechat";
weechat-declarative = pkgs.callPackage ../../packages/weechat-declarative.nix {};
in { in {
systemd.services.weechat = let systemd.services.weechat = let
tmux = pkgs.writers.writeDash "tmux" '' tmux = pkgs.writers.writeDash "tmux" ''
@@ -26,13 +26,13 @@ in {
'' ''
} "$@" } "$@"
''; '';
weechat = pkgs.weechat-declarative.override { weechat = weechat-declarative.override {
config = { config = {
scripts = [ scripts = [
pkgs.weechatScripts.weechat-autosort pkgs.weechatScripts.weechat-autosort
pkgs.weechatScripts.colorize_nicks pkgs.weechatScripts.colorize_nicks
pkgs.weechatScripts.weechat-matrix pkgs.weechatScripts.weechat-matrix
(pkgs.callPackage <niveum/packages/weechatScripts/hotlist2extern.nix> {}) (pkgs.callPackage ../../packages/weechatScripts/hotlist2extern.nix {})
]; ];
settings = let settings = let
nick = "kmein"; nick = "kmein";
@@ -63,7 +63,7 @@ in {
autojoin = ["#eloop" "#krebs" "#hsmr" "#hsmr-moin" "#nixos" "#the_playlist" "#flipdot-berlin" "#hackint"]; autojoin = ["#eloop" "#krebs" "#hsmr" "#hsmr-moin" "#nixos" "#the_playlist" "#flipdot-berlin" "#hackint"];
sasl_mechanism = "plain"; sasl_mechanism = "plain";
sasl_username = nick; sasl_username = nick;
sasl_password = lib.strings.fileContents <system-secrets/irc/hackint>; sasl_password = "\${sec.data.hackint_sasl}";
}; };
libera = { libera = {
autoconnect = true; autoconnect = true;
@@ -72,7 +72,7 @@ in {
autojoin = ["#flipdot" "#haskell" "#nixos" "#fysi" "#binaergewitter" "#vim" "#newsboat"]; autojoin = ["#flipdot" "#haskell" "#nixos" "#fysi" "#binaergewitter" "#vim" "#newsboat"];
sasl_mechanism = "plain"; sasl_mechanism = "plain";
sasl_username = nick; sasl_username = nick;
sasl_password = lib.strings.fileContents <system-secrets/irc/libera>; sasl_password = "\${sec.data.libera_sasl}";
}; };
oftc = { oftc = {
autoconnect = true; autoconnect = true;
@@ -80,7 +80,7 @@ in {
ssl = true; ssl = true;
ipv6 = true; ipv6 = true;
command = lib.concatStringsSep "\\;" [ command = lib.concatStringsSep "\\;" [
"/msg nickserv identify ${lib.strings.fileContents <system-secrets/irc/oftc>}" "/msg nickserv identify \${sec.data.oftc_account}"
"/msg nickserv set cloak on" "/msg nickserv set cloak on"
]; ];
autojoin = ["#home-manager"]; autojoin = ["#home-manager"];
@@ -97,7 +97,7 @@ in {
]; ];
sasl_mechanism = "plain"; sasl_mechanism = "plain";
sasl_username = nick; sasl_username = nick;
sasl_password = lib.strings.fileContents <system-secrets/irc/retiolum>; sasl_password = "\${sec.data.retiolum_sasl}";
}; };
news = { news = {
autoconnect = true; autoconnect = true;
@@ -121,13 +121,13 @@ in {
matrix.server.nibbana = { matrix.server.nibbana = {
address = "nibbana.jp"; address = "nibbana.jp";
username = nick; username = nick;
password = lib.strings.fileContents <system-secrets/matrix/nibbana>; password = "\${sec.data.nibbana_account}";
autoconnect = true; autoconnect = true;
}; };
alias.cmd.mod = "/quote omode $channel +o $nick"; alias.cmd.mod = "/quote omode $channel +o $nick";
relay = { relay = {
port.weechat = 9000; port.weechat = 9000;
network.password = relayPassword; network.password = "\${sec.data.relay_password}";
}; };
filters = { filters = {
zerocovid = { zerocovid = {
@@ -202,6 +202,14 @@ in {
packages = [pkgs.tmux]; packages = [pkgs.tmux];
}; };
age.secrets.weechat-sec = {
file = ../../secrets/weechat-sec.conf.age;
path = "/var/lib/weechat/sec.conf";
owner = "weechat";
group = "weechat";
mode = "440";
};
niveum.passport.services = [ niveum.passport.services = [
{ {
title = "weechat bouncer"; title = "weechat bouncer";

16
systems/manakish/configuration.nix
View File

@@ -3,17 +3,25 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) retiolumAddresses; inherit (import ../../lib) retiolumAddresses;
in { in {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./hdmi.nix ./hdmi.nix
<niveum/configs/default.nix> ../../configs/default.nix
<niveum/configs/battery.nix> ../../configs/battery.nix
<niveum/configs/wpa_supplicant.nix> ../../configs/wpa_supplicant.nix
]; ];
age.secrets = {
retiolum-rsa.file = ../../secrets/manakish-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/manakish-retiolum-privateKey-ed25519.age;
restic.file = ../../secrets/restic.age;
syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
};
niveum = { niveum = {
batteryName = "BAT0"; batteryName = "BAT0";
wirelessInterface = "wlp3s0"; wirelessInterface = "wlp3s0";

14
systems/tabula/configuration.nix
View File

@@ -3,16 +3,20 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) retiolumAddresses; inherit (import ../../lib) retiolumAddresses;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
<niveum/configs/spacetime.nix> ../../configs/spacetime.nix
<niveum/configs/retiolum.nix> ../../configs/retiolum.nix
<niveum/configs/sshd.nix> ../../configs/sshd.nix
../../configs/nix.nix
]; ];
nix.nixPath = ["/var/src"]; age.secrets = {
retiolum-rsa.file = ../../secrets/tabula-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/tabula-retiolum-privateKey-rsa.age;
};
services.xserver = { services.xserver = {
libinput.enable = true; libinput.enable = true;

14
systems/tahina/configuration.nix
View File

@@ -3,16 +3,20 @@
pkgs, pkgs,
... ...
}: let }: let
inherit (import <niveum/lib>) retiolumAddresses; inherit (import ../../lib) retiolumAddresses;
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
<niveum/configs/spacetime.nix> ../../configs/spacetime.nix
<niveum/configs/retiolum.nix> ../../configs/sshd.nix
<niveum/configs/sshd.nix> ../../configs/retiolum.nix
../../configs/nix.nix
]; ];
nix.nixPath = ["/var/src"]; age.secrets = {
retiolum-rsa.file = ../../secrets/tahina-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/tahina-retiolum-privateKey-rsa.age;
};
console.keyMap = "de"; console.keyMap = "de";
i18n.defaultLocale = "de_DE.UTF-8"; i18n.defaultLocale = "de_DE.UTF-8";

11
systems/zaatar/atuin.nix
View File

@@ -1,6 +1,9 @@
{config, ...}: let {
inherit (import <niveum/lib>) tmpfilesConfig; config,
unstable = import <nixos-unstable> {inherit (config.nixpkgs) config;}; pkgs,
...
}: let
inherit (import ../../lib) tmpfilesConfig;
in { in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
@@ -47,7 +50,7 @@ in {
}; };
serviceConfig = { serviceConfig = {
User = "atuin"; User = "atuin";
ExecStart = "${unstable.atuin}/bin/atuin server start"; ExecStart = "${pkgs.atuin}/bin/atuin server start";
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };

5
systems/zaatar/backup.nix
View File

@@ -1,9 +1,10 @@
{ {
config,
pkgs, pkgs,
lib, lib,
... ...
}: let }: let
niveumLib = import <niveum/lib>; niveumLib = import ../../lib;
inherit (niveumLib) retiolumAddresses restic; inherit (niveumLib) retiolumAddresses restic;
firewall = niveumLib.firewall lib; firewall = niveumLib.firewall lib;
dataDir = "/backup/restic"; dataDir = "/backup/restic";
@@ -19,7 +20,7 @@ in {
environment.systemPackages = [ environment.systemPackages = [
(pkgs.writers.writeDashBin "restic-niveum" '' (pkgs.writers.writeDashBin "restic-niveum" ''
exec ${pkgs.util-linux}/bin/runuser -u restic -g restic -- ${pkgs.restic}/bin/restic -r ${toString dataDir} -p ${<secrets/restic/password>} "$@" exec ${pkgs.util-linux}/bin/runuser -u restic -g restic -- ${pkgs.restic}/bin/restic -r ${toString dataDir} -p ${config.age.secrets.restic.path} "$@"
'') '')
]; ];

31
systems/zaatar/configuration.nix
View File

@@ -4,7 +4,7 @@
lib, lib,
... ...
}: let }: let
inherit (import <niveum/lib>) retiolumAddresses restic; inherit (import ../../lib) retiolumAddresses restic;
in { in {
imports = [ imports = [
./atuin.nix ./atuin.nix
@@ -18,18 +18,23 @@ in {
./mpd.nix ./mpd.nix
./grocy.nix ./grocy.nix
./spotifyd.nix ./spotifyd.nix
<niveum/configs/keyboard.nix> ../../configs/keyboard.nix
<niveum/configs/monitoring.nix> ../../configs/monitoring.nix
<niveum/configs/nix.nix> ../../configs/retiolum.nix
<niveum/configs/printing.nix> ../../configs/printing.nix
<niveum/configs/spacetime.nix> ../../configs/spacetime.nix
<niveum/configs/sshd.nix> ../../configs/sshd.nix
# <niveum/configs/traadfri.nix> ../../configs/tmux.nix
<niveum/configs/tmux.nix> ../../configs/wpa_supplicant.nix
<niveum/configs/retiolum.nix> ../../configs/nix.nix
<niveum/configs/wpa_supplicant.nix>
]; ];
age.secrets = {
retiolum-rsa.file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
retiolum-ed25519.file = ../../secrets/zaatar-retiolum-privateKey-rsa.age;
restic.file = ../../secrets/restic.age;
};
services.restic.backups.moodle-dl = { services.restic.backups.moodle-dl = {
initialize = true; initialize = true;
inherit (restic) repository; inherit (restic) repository;
@@ -37,7 +42,7 @@ in {
OnCalendar = "daily"; OnCalendar = "daily";
RandomizedDelaySec = "1h"; RandomizedDelaySec = "1h";
}; };
passwordFile = toString <secrets/restic/password>; passwordFile = config.age.secrets.restic.path;
paths = [ paths = [
"/var/lib/moodle-dl" "/var/lib/moodle-dl"
"/var/lib/containers/storage/volumes/home-assistant" "/var/lib/containers/storage/volumes/home-assistant"
@@ -56,7 +61,7 @@ in {
services.illum.enable = true; services.illum.enable = true;
environment.systemPackages = let environment.systemPackages = let
worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {}; worldradio = pkgs.callPackage ../../packages/worldradio.nix {};
in [ in [
(pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'') (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
(pkgs.writers.writeDashBin "worldradio" '' (pkgs.writers.writeDashBin "worldradio" ''

3
systems/zaatar/hardware-configuration.nix
View File

@@ -2,9 +2,10 @@
config, config,
lib, lib,
pkgs, pkgs,
modulesPath,
... ...
}: { }: {
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>]; imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = { boot = {
initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc"]; initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc"];

21
systems/zaatar/moodle-dl-meinhark.nix
View File

@@ -7,22 +7,26 @@
moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old: moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
old old
// { // {
patches = [<niveum/packages/moodle-dl/telegram-format.patch>]; patches = [../../packages/moodle-dl/telegram-format.patch];
}); });
in { in {
imports = [<niveum/modules/moodle-dl.nix>]; imports = [../../modules/moodle-dl.nix];
age.secrets = {
moodle-dl-tokens.file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
moodle-dl-basicAuth.file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
};
services.moodle-dl = { services.moodle-dl = {
enable = true; enable = true;
startAt = "hourly"; startAt = "hourly";
package = moodle-dl-package; package = moodle-dl-package;
tokensFile = config.age.secrets.moodle-dl-tokens.path;
settings = { settings = {
telegram = { telegram = {
token = lib.strings.fileContents <system-secrets/telegram/moodle-dl.token>;
chat_id = "18980945"; chat_id = "18980945";
send_error_msg = false; send_error_msg = false;
}; };
token = lib.strings.fileContents <system-secrets/moodle.token>;
moodle_domain = "moodle.hu-berlin.de"; moodle_domain = "moodle.hu-berlin.de";
moodle_path = "/"; moodle_path = "/";
download_course_ids = [ download_course_ids = [
@@ -103,11 +107,8 @@ in {
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."moodle.kmein.r" = let services.nginx.virtualHosts."moodle.kmein.r" = {
identity = lib.strings.fileContents <secrets/eduroam/identity>; basicAuthFile = config.age.secrets.moodle-dl-basicAuth.path;
password = lib.strings.fileContents <secrets/eduroam/password>;
in {
basicAuth."${identity}" = password;
locations."/" = { locations."/" = {
root = config.services.moodle-dl.directory; root = config.services.moodle-dl.directory;
extraConfig = '' extraConfig = ''
@@ -120,7 +121,7 @@ in {
services.nfs.server = { services.nfs.server = {
enable = true; enable = true;
exports = let exports = let
machines = with (import <niveum/lib>).retiolumAddresses; [kabsa manakish]; machines = with (import ../../lib).retiolumAddresses; [kabsa manakish];
in '' in ''
/export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines} /export ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
/export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines} /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}

28
systems/zaatar/mpd.nix
View File

@@ -4,19 +4,14 @@
lib, lib,
... ...
}: let }: let
firewall = (import <niveum/lib>).firewall lib; firewall = (import ../../lib).firewall lib;
inherit (import <niveum/lib>) tmpfilesConfig; inherit (import ../../lib) tmpfilesConfig;
streams = import <niveum/lib/streams.nix> { streams = import ../../lib/streams.nix {
di-fm-key = lib.strings.fileContents <secrets/di.fm/key>; di-fm-key = ""; # TODO lib.strings.fileContents <secrets/di.fm/key>;
}; };
multi-room-audio-port = 8000; multi-room-audio-port = 8000;
password = lib.strings.fileContents <system-secrets/mpd-web.key>;
in { in {
imports = [
<niveum/modules/tuna.nix>
];
services.syncthing = let services.syncthing = let
mpd-directory = config.services.mpd.dataDir; mpd-directory = config.services.mpd.dataDir;
in { in {
@@ -25,10 +20,10 @@ in {
openDefaultPorts = true; openDefaultPorts = true;
configDir = "${mpd-directory}/.config/syncthing"; configDir = "${mpd-directory}/.config/syncthing";
dataDir = "${mpd-directory}/.config/syncthing"; dataDir = "${mpd-directory}/.config/syncthing";
cert = toString <system-secrets/syncthing/cert.pem>; cert = config.age.secrets.syncthing-cert.path;
key = toString <system-secrets/syncthing/key.pem>; key = config.age.secrets.syncthing-key.path;
devices = { devices = {
inherit ((import <niveum/lib>).syncthing.devices) kabsa manakish heym; inherit ((import ../../lib).syncthing.devices) kabsa manakish heym;
}; };
folders.${config.services.mpd.musicDirectory} = { folders.${config.services.mpd.musicDirectory} = {
devices = ["heym" "kabsa" "manakish"]; devices = ["heym" "kabsa" "manakish"];
@@ -105,6 +100,13 @@ in {
mpd.port = config.services.mpd.network.port; mpd.port = config.services.mpd.network.port;
}; };
age.secrets = {
ympd-basicAuth.file = ../../secrets/zaatar-ympd-basicAuth.age;
syncthing-cert.file = ../../secrets/zaatar-syncthing-cert.age;
syncthing-key.file = ../../secrets/zaatar-syncthing-key.age;
di-fm-key.file = ../../secrets/di-fm-key.age;
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@@ -112,7 +114,7 @@ in {
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."radio.kmein.r" = { virtualHosts."radio.kmein.r" = {
basicAuth.dj = password; basicAuthFile = config.age.secrets.ympd-basicAuth.path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}"; proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}";
proxyWebsockets = true; proxyWebsockets = true;

9
systems/zaatar/spotifyd.nix
View File

@@ -8,8 +8,8 @@
enable = true; enable = true;
settings = { settings = {
global = { global = {
username = lib.strings.fileContents <secrets/spotify/username>; username_cmd = "cat ${config.age.secrets.spotify-username.path}";
password = lib.strings.fileContents <secrets/spotify/password>; password_cmd = "cat ${config.age.secrets.spotify-password.path}";
backend = "pulseaudio"; backend = "pulseaudio";
bitrate = 320; bitrate = 320;
device_type = "s_t_b"; # set-top box device_type = "s_t_b"; # set-top box
@@ -18,6 +18,11 @@
}; };
}; };
age.secrets = {
spotify-username.file = ../../secrets/spotify-username.age;
spotify-password.file = ../../secrets/spotify-password.age;
};
# ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502 # ref https://github.com/NixOS/nixpkgs/issues/71362#issuecomment-753461502
hardware.pulseaudio.extraConfig = '' hardware.pulseaudio.extraConfig = ''
unload-module module-native-protocol-unix unload-module module-native-protocol-unix