kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-30 17:21:07 +02:00
Code Releases Activity

Compare commits

base: kfm:22f957ee1ff1c6af022eb98d07c6c8bdb4d7692f
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail
..
compare: kfm:feature/specus
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail

13 Commits
22f957ee1f ... feature/sp

Author SHA1 Message Date
Kierán Meinhardt
2d25c1fc7b wip: add specus VPN 2023-04-14 08:43:23 +02:00
Kierán Meinhardt
9456adc0b5 chore: update 2023-04-14 08:42:59 +02:00
Kierán Meinhardt
d6372b8d8e feat(stardict): add turkish 2023-04-14 08:42:22 +02:00
Kierán Meinhardt
5da8218a8f feat(streams): add more 2023-04-01 17:46:56 +02:00
Kierán Meinhardt
17cbff9917 feat(radio): add qasida arabic poetry radio 2023-04-01 17:46:48 +02:00
Kierán Meinhardt
d72c234adb fix(weechat): disable matrix for now 2023-03-31 11:00:01 +02:00
Kierán Meinhardt
ffc5f9b596 fix(panoptikon): add watcher name to commit message, random delay 1h, ignore html errors, #xxx notification 2023-03-31 10:59:52 +02:00
Kierán Meinhardt
c20a9e3098 feat(flake): override mpv and dmenu for own packages 2023-03-30 19:16:54 +02:00
Kierán Meinhardt
7759cfb35f feat(panoptikon): add library to flake outputs and use 2023-03-30 19:16:54 +02:00
Kierán Meinhardt
b7a5c3c333 chore: update 2023-03-28 22:28:51 +02:00
Kierán Meinhardt
672257fc04 fix: hu-vpn conflicts with hu-eduroam 2023-03-28 11:03:20 +02:00
Kierán Meinhardt
fada909105 feat(panoptikon): setup in different service 2023-03-27 09:27:44 +02:00
Kierán Meinhardt
96d44a52f0 feat: install agenix package 2023-03-27 09:27:30 +02:00
16 changed files with 474 additions and 188 deletions
Expand all files Collapse all files

11
configs/hu-berlin.nix
View File

@@ -17,7 +17,7 @@
"workgroup=german"
"credentials=${config.age.secrets.cifs-credentials-hu-berlin.path}"
"noauto"
"x-systemd.requires=hu-vpn.service"
# "x-systemd.requires=hu-vpn.service"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
@@ -68,9 +68,11 @@ in {
wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhark.path}";
script = ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
--config=${
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "$CREDENTIALS_DIRECTORY/password")" \
--config=${
pkgs.writeText "hu-berlin.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
@@ -78,6 +80,7 @@ in {
trusted-cert = 9e5dea8e077970d245900839f437ef7fb9551559501c7defd70af70ea568573d
''
}
fi
'';
};
}

1
configs/packages.nix
View File

@@ -191,6 +191,7 @@ in {
qrencode
inputs.menstruation-backend.defaultPackage.x86_64-linux
inputs.agenix.packages.x86_64-linux.default
inputs.recht.defaultPackage.x86_64-linux
(pkgs.writers.writeDashBin "worldradio" ''

14
configs/stardict.nix
View File

@@ -158,6 +158,16 @@
sha256 = "03f9wdmkgpjifpms7dyh10ma29wf3ka1j3zlp1av0cybhdldk2a8";
};
};
turkish = {
BabylonTurkishEnglish = pkgs.fetchzip {
url = "http://download.huzheng.org/babylon/bidirectional/stardict-babylon-Babylon_Turkish_English-2.4.2.tar.bz2";
sha256 = "17rv46r95nkikg7aszqmfrbgdhz9ny52w423m8n01g3p93shdb4i";
};
BabylonEnglishTurkish = pkgs.fetchzip {
url = "http://download.huzheng.org/babylon/bidirectional/stardict-babylon-Babylon_English_Turkish-2.4.2.tar.bz2";
sha256 = "063dl02s8ii8snsxgma8wi49xwr6afk6ysq0v986fygx5511353f";
};
};
};
makeStardictDataDir = dicts: pkgs.linkFarm "dictionaries" (lib.mapAttrsToList (name: path: {inherit name path;}) dicts);
@@ -292,7 +302,8 @@ in {
// dictionaries.sanskrit
// dictionaries.oed
// dictionaries.russian
// dictionaries.englishGerman));
// dictionaries.englishGerman
// dictionaries.turkish));
environment.systemPackages = [
# pkgs.goldendict
@@ -302,6 +313,7 @@ in {
(makeStardict "sd-russian" dictionaries.russian)
(makeStardict "sd" dictionaries.englishGerman)
(makeStardict "jbo" dictionaries.lojban)
(makeStardict "sd-turkish" dictionaries.turkish)
];
}
/*

62
flake.lock generated
View File

@@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1677969766,
"narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
"lastModified": 1680281360,
"narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
"owner": "ryantm",
"repo": "agenix",
"rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
"rev": "e64961977f60388dd0b49572bb0fc453b871f896",
"type": "github"
},
"original": {
@@ -60,12 +60,15 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
@@ -202,11 +205,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1679738842,
"narHash": "sha256-CvqRbsyDW756EskojZptDU590rez29RcHDV3ezoze08=",
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "83110c259889230b324bb2d35bef78bf5f214a1f",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
@@ -360,11 +363,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1679748960,
"narHash": "sha256-BP8XcYHyj1NxQi04RpyNW8e7KiXSoI+Fy1tXIK2GfdA=",
"lastModified": 1681269223,
"narHash": "sha256-i6OeI2f7qGvmLfD07l1Az5iBL+bFeP0RHixisWtpUGo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "da26ae9f6ce2c9ab380c0f394488892616fc5a6a",
"rev": "87edbd74246ccdfa64503f334ed86fa04010bab9",
"type": "github"
},
"original": {
@@ -455,11 +458,11 @@
},
"nur": {
"locked": {
"lastModified": 1679849267,
"narHash": "sha256-AVcqq8qHp7WOYBJY5loLog0O4icNayrd0D9hwtpAnQQ=",
"lastModified": 1681454031,
"narHash": "sha256-JOamj7vKkFRp5mJ7FKt5dPfCmWj33sZLnBGDt15c/sc=",
"owner": "nix-community",
"repo": "NUR",
"rev": "637e2988a940a4ae8a094970fddb60a7a9e6732a",
"rev": "8a35714f0be00235e2a1c8b759e6dc3888763d8b",
"type": "github"
},
"original": {
@@ -490,11 +493,11 @@
},
"retiolum": {
"locked": {
"lastModified": 1679769542,
"narHash": "sha256-j8yR03AKjkgA5kAptjB5felipXT7wTPwemq66M+iB10=",
"lastModified": 1681246809,
"narHash": "sha256-3RUAwk0ApPjq2Ms8KiAh+gG6EJKWurIur612w2m3Zu8=",
"ref": "refs/heads/master",
"rev": "11b764aa2d2e1f6f6392d00806dad7e5cc3ef370",
"revCount": 291,
"rev": "c8ddb36f3d85be762aeb1893a79da36014f55658",
"revCount": 296,
"type": "git",
"url": "https://git.thalheim.io/Mic92/retiolum"
},
@@ -626,6 +629,21 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telebots": {
"inputs": {
"flake-utils": "flake-utils_7",
@@ -706,11 +724,11 @@
"voidrice": {
"flake": false,
"locked": {
"lastModified": 1679694583,
"narHash": "sha256-W0TVLjfMWHjy8OFjkBp4jGZnIczTOYBnRMM/upn6BeE=",
"lastModified": 1681301489,
"narHash": "sha256-5Zz33Q3E4A9nsEmxPQikYeX7Rvu3hM+PlXx/0SIqG34=",
"owner": "Lukesmithxyz",
"repo": "voidrice",
"rev": "749f74f84ef1ec1b15c9003c23120dc5c4baaa35",
"rev": "d4ff2ebaf3e88efe20cae0d1e592fddfc433c96e",
"type": "github"
},
"original": {

17
flake.nix
View File

@@ -49,16 +49,22 @@
passport = import modules/passport.nix;
panoptikon = import modules/panoptikon.nix;
power-action = import modules/power-action.nix;
specus = import modules/specus.nix;
system-dependent = import modules/system-dependent.nix;
telegram-bot = import modules/telegram-bot.nix;
traadfri = import modules/traadfri.nix;
};
lib = {
panoptikon = import lib/panoptikon.nix;
};
nixosConfigurations = {
ful = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";
specialArgs = {
niveumPackages = inputs.self.packages.${system};
niveumLib = inputs.self.lib;
inherit inputs;
};
modules = [
@@ -74,6 +80,7 @@
systems/ful/configuration.nix
agenix.nixosModules.default
inputs.self.nixosModules.passport
inputs.self.nixosModules.specus
inputs.self.nixosModules.panoptikon
retiolum.nixosModules.retiolum
nur.nixosModules.nur
@@ -122,6 +129,7 @@
inputs.self.nixosModules.telegram-bot
inputs.self.nixosModules.htgen
inputs.self.nixosModules.passport
inputs.self.nixosModules.specus
agenix.nixosModules.default
retiolum.nixosModules.retiolum
nur.nixosModules.nur
@@ -185,6 +193,7 @@
systems/kabsa/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
inputs.self.nixosModules.specus
home-manager.nixosModules.home-manager
nur.nixosModules.nur
];
@@ -194,7 +203,13 @@
// flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.aarch64-linux] (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [nur.overlay];
overlays = [
nur.overlay
(self: super: {
mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
})
];
};
wrapScript = {
packages ? [],

45
lib/panoptikon.nix Normal file
View File

@@ -0,0 +1,45 @@
{
pkgs,
lib,
niveumPackages,
config,
...
}: {
# watcher scripts
url = address:
pkgs.writers.writeDash "watch-url" ''
${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
| ${pkgs.python3Packages.html2text}/bin/html2text --decode-errors=ignore
'';
urlSelector = selector: address:
pkgs.writers.writeDash "watch-url-selector" ''
${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
| ${pkgs.htmlq}/bin/htmlq ${lib.escapeShellArg selector} \
| ${pkgs.python3Packages.html2text}/bin/html2text
'';
urlJSON = {jqScript ? "."}: address:
pkgs.writers.writeDash "watch-url-json" ''
${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} | ${pkgs.jq}/bin/jq -f ${pkgs.writeText "script.jq" jqScript}
'';
# reporter scripts
kpaste-irc = {
target,
retiolumLink ? false,
server ? "irc.r",
messagePrefix ? "change detected: ",
nick ? ''"$PANOPTIKON_WATCHER"-watcher'',
}:
pkgs.writers.writeDash "kpaste-irc-reporter" ''
${niveumPackages.kpaste}/bin/kpaste \
| ${pkgs.gnused}/bin/sed -n "${
if retiolumLink
then "2"
else "3"
}s/^/${messagePrefix}/p" \
| ${config.nur.repos.mic92.ircsink}/bin/ircsink \
--nick ${nick} \
--server ${server} \
--target ${target}
'';
}

134
lib/streams.nix
View File

@@ -1847,71 +1847,127 @@ in
stream = dr "p8jazz";
tags = [tags.jazz tags.danish];
}
{
station = "CNN morse code slow";
stream = "http://cw.dimebank.com:8080/CNNslow";
tags = [tags.text];
}
{
station = "CNN morse code fast";
stream = "http://cw.dimebank.com:8080/CNNfast";
tags = [tags.text];
}
{
station = "XXX orchestral";
stream = "http://orion.shoutca.st:8978/stream";
tags = [tags.classical];
}
{
station = "XXX greek";
stream = "http://radio.hostchefs.net:8046/stream?1520818130148";
tags = [tags.greek];
}
{
station = "XXX turkish or greek";
stream = "https://onairmediagroup.live24.gr/kralfm100xanthi";
tags = [tags.greek tags.turkish];
}
{
station = "Hard Rock Hell Radio";
tags = [tags.rock];
stream = "http://andromeda.shoutca.st:9254/stream";
}
{
station = "Divyavani";
tags = [tags.trad tags.indian];
stream = "https://divyavani.radioca.st/stream";
}
{
station = "XXX sanskrit radio";
tags = [tags.text tags.indian];
stream = "https://stream-23.zeno.fm/m08mkwsyw8quv?zs=0w7MJFPdRfavhR_zPt0M2g";
}
{
station = "Radio Mariam Arabic";
stream = "http://www.dreamsiteradiocp4.com:8014/stream";
tags = [tags.text tags.arabic];
}
{
station = "Kamchatka Live Rock";
stream = "https://radio.kamchatkalive.ru:8103/rock";
tags = [tags.rock];
}
{
station = "Kamchatka Live Chillout";
stream = "https://radio.kamchatkalive.ru:8103/chillout";
tags = [tags.chill];
}
{
station = "Kamchatka Live Dance";
stream = "https://radio.kamchatkalive.ru:8103/dance";
tags = [tags.party];
}
{
tags = [tags.arabic tags.text];
stream = "http://n02.radiojar.com/sxfbks1vfy8uv.mp3";
station = "Bahrain Radio 102.3 FM (Arabic Stories)";
}
{
tags = [tags.arabic tags.text tags.holy];
stream = "http://s2.voscast.com:12312/;";
station = "Bahrain Quran Radio";
}
{
tags = [tags.arabic tags.text tags.holy];
stream = "http://162.244.81.30:8224/;";
station = "Quran Radio Lebanon";
}
{
tags = [tags.arabic tags.text tags.holy];
station = "Coptic for God";
stream = "http://66.70.249.70:5832/stream";
}
{
stream = "http://stream-025.zeno.fm/5y95pu36sm0uv?";
station = "Hayat FM";
tags = [tags.arabic tags.text tags.holy];
}
{
stream = "http://uk2.internet-radio.com:8151/stream";
station = "The Quran Radio";
tags = [tags.arabic tags.text tags.holy];
}
]
++ map (name: {
stream = "https://${name}.stream.publicradio.org/${name}.aac";
station = "${name} | Your Classical";
tags = [tags.classical];
}) ["ycradio" "guitar" "cms" "relax" "lullabies" "choral" "favorites" "chambermusic" "concertband" "holiday"]
/*
(caster-fm "TODO" "noasrv" 10182) # https://github.com/cccruzr/albumsyoumusthear/blob/7e00baf575e4d357cd275d54d1aeb717321141a8/HLS/IBERO_90_1.m3u
(caster-fm "TODO" "shaincast" 20866) # https://github.com/cccruzr/albumsyoumusthear/blob/7e00baf575e4d357cd275d54d1aeb717321141a8/HLS/IBERO_90_1.m3u
CNN news in morse code
http://cw.dimebank.com:8080/CNNslow
http://cw.dimebank.com:8080/CNNfast
Orchestral
http://orion.shoutca.st:8978/stream
LoFi / Chill
http://ice55.securenetsystems.net/DASH76
News background music
https://c13014-l-hls.u.core.cdn.streamfarm.net/1000153copo/hk2.m3u8
?
http://94.23.221.158:9163/stream
Greek radio
http://radio.hostchefs.net:8046/stream?1520818130148
: http://audiokrishna.com/stations/japa2.mp3
http://185.105.4.53:2339//;stream.mp3
http://cast5.servcast.net:1390/;stream.mp3
Hard rock
http://andromeda.shoutca.st:9254/stream
Rock alternative
http://icy.unitedradio.it/VirginRockAlternative.mp3
American nautical weather news
http://ca.radioboss.fm:8149/stream
Christian radio in all languages
https://jesuscomingfm.com/#
tamazight http://live.jesuscomingfm.com:8462/;
supposedly good Greek radio
https://onairmediagroup.live24.gr/kralfm100xanthi
Somali Radio
http://n0b.radiojar.com/1pu7hhf8kfhvv
Sanskrit
https://stream-23.zeno.fm/m08mkwsyw8quv?zs=0w7MJFPdRfavhR_zPt0M2g
https://divyavani.radioca.st/stream
Chillout from kassel
https://server4.streamserver24.com:2199/tunein/ejanowsk.pls
Radio Mariam Arabic (Rome)
http://www.dreamsiteradiocp4.com:8014/stream
https://radio.kamchatkalive.ru:8103/rock
https://radio.kamchatkalive.ru:8103/chillout
https://radio.kamchatkalive.ru:8103/dance
Fuā Stories (Bahrain Radio 102.3 FM)
http://n02.radiojar.com/sxfbks1vfy8uv.mp3
Bahrain Quran Radio
http://s2.voscast.com:12312/;
*/

90
modules/panoptikon.nix
View File

@@ -67,48 +67,64 @@
systemd.timers = lib.attrsets.mapAttrs' (watcherName: _:
lib.nameValuePair "panoptikon-${watcherName}" {
timerConfig.RandomizedDelaySec = "60";
timerConfig.RandomizedDelaySec = toString (60 * 60);
})
cfg.watchers;
systemd.services = lib.attrsets.mapAttrs' (watcherName: watcherOptions:
lib.nameValuePair "panoptikon-${watcherName}" {
enable = true;
startAt = watcherOptions.frequency;
serviceConfig = {
Type = "oneshot";
User = "panoptikon";
Group = "panoptikon";
WorkingDirectory = "/var/lib/panoptikon";
RestartSec = "60";
Restart = "on-failure";
systemd.services =
{
setup-panoptikon = {
enable = true;
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "oneshot";
User = "panoptikon";
Group = "panoptikon";
WorkingDirectory = "/var/lib/panoptikon";
Restart = "on-failure";
};
script = ''
${pkgs.git}/bin/git init --quiet
${pkgs.git}/bin/git config user.email "panoptikon@${config.networking.hostName}"
${pkgs.git}/bin/git config user.name Panoptikon
'';
};
unitConfig = {
StartLimitIntervalSec = "300";
StartLimitBurst = "5";
};
environment.PANOPTIKON_WATCHER = watcherName;
wants = ["network-online.target"];
script = ''
set -efux
}
// lib.attrsets.mapAttrs' (watcherName: watcherOptions:
lib.nameValuePair "panoptikon-${watcherName}" {
enable = true;
after = ["setup-panoptikon.service"];
startAt = watcherOptions.frequency;
serviceConfig = {
Type = "oneshot";
User = "panoptikon";
Group = "panoptikon";
WorkingDirectory = "/var/lib/panoptikon";
RestartSec = "60";
Restart = "on-failure";
};
unitConfig = {
StartLimitIntervalSec = "300";
StartLimitBurst = "5";
};
environment.PANOPTIKON_WATCHER = watcherName;
wants = ["network-online.target"];
script = ''
set -efu
${pkgs.git}/bin/git init --quiet
${pkgs.git}/bin/git config user.email "panoptikon@${config.networking.hostName}"
${pkgs.git}/bin/git config user.name Panoptikon
${watcherOptions.script} > ${watcherName}
${pkgs.git}/bin/git add ${watcherName}
${pkgs.git}/bin/git commit --message "${watcherName} / $(${pkgs.coreutils}/bin/date -Is)" || :
${watcherOptions.script} > ${watcherName}
${pkgs.git}/bin/git add ${watcherName}
${pkgs.git}/bin/git commit --message "$(${pkgs.coreutils}/bin/date -Is)" || :
if [ -n "$(${pkgs.git}/bin/git diff HEAD^ -- ${watcherName})" ]; then
${lib.strings.concatMapStringsSep "\n" (reporter: ''
${pkgs.git}/bin/git diff HEAD^ -- ${watcherName} | ${reporter}
'')
watcherOptions.reporters}
:
fi
'';
})
cfg.watchers;
if [ -n "$(${pkgs.git}/bin/git diff HEAD^ -- ${watcherName})" ]; then
${lib.strings.concatMapStringsSep "\n" (reporter: ''
${pkgs.git}/bin/git diff HEAD^ -- ${watcherName} | ${reporter}
'')
watcherOptions.reporters}
:
fi
'';
})
cfg.watchers;
};
}

96
modules/specus.nix Normal file
View File

@@ -0,0 +1,96 @@
{
config,
lib,
pkgs,
...
}: let
specusMachines = {
servers = {
makanek = {
ipv4 = "10.100.0.1";
publicKey = "KhcScd4fBpdhQzK8Vc+1mEHQMQBpbKBUPB4oZ7skeSk=";
};
ful = {
ipv4 = "10.100.0.2";
publicKey = "0Y7+zoXkWJGVOWWnMjvYjtwP+WpggAlmkRbgMw0z8Dk=";
};
};
clients = {
kabsa = {
ipv4 = "10.100.0.101";
publicKey = "nRkzoRi9crKHF7263U37lt4GGL7/8637NBSKjifI9hY=";
};
};
};
in {
options.services.specus = {
server = {
enable = lib.mkEnableOption "Specus private VPN (server)";
};
client = {
enable = lib.mkEnableOption "Specus private VPN (client)";
};
privateKeyFile = lib.mkOption {
type = lib.types.path;
description = "Private key file of the server/client machine";
};
};
config = let
cfg = config.services.specus;
specusPort = 22;
in
{
assertions = [
{
assertion =
!(cfg.server.enable && cfg.client.enable);
message = "specus: systems cannot be client and server at the same time";
}
];
}
// lib.mkIf cfg.server.enable {
networking.nat = {
enable = true;
externalInterface = "eth0"; # TODO
internalInterfaces = ["specus"];
};
networking.firewall.allowedUDPPorts = [specusPort];
networking.wireguard.interfaces.specus = {
ips = ["${specusMachines.servers.${config.networking.hostName}.ipv4}/24"];
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
'';
listenPort = specusPort;
privateKeyFile = cfg.privateKeyFile;
peers =
lib.mapAttrsToList (clientName: clientConfig: {
publicKey = clientConfig.publicKey;
allowedIPs = ["${clientConfig.ipv4}/32"];
})
specusMachines.clients;
};
}
// lib.mkIf cfg.client.enable {
networking.firewall.allowedUDPPorts = [specusPort];
networking.wireguard.interfaces = lib.attrsets.mapAttrs' (serverName: serverConfig:
lib.nameValuePair "specus-${serverName}" {
ips = ["${specusMachines.clients.${config.networking.hostName}.ipv4}/24"];
listenPort = specusPort;
privateKeyFile = cfg.privateKeyFile;
peers = [
{
allowedIPs = ["0.0.0.0/0"];
endpoint = "${(import ../lib/external-network.nix).${serverName}}:${toString specusPort}";
persistentKeepalive = 25;
publicKey = serverConfig.publicKey;
}
];
})
specusMachines.servers;
};
}

2
secrets

Submodule secrets updated: 45acdffecb...99320671a5

6
systems/ful/configuration.nix
View File

@@ -49,6 +49,12 @@ in {
};
root.file = ../../secrets/ful-root.age;
restic.file = ../../secrets/restic.age;
specus.file = ../../secrets/ful-specus-privateKey.age;
};
services.specus = {
privateKeyFile = config.age.secrets.specus.path;
server.enable = true;
};
services.restic.backups.niveum = {

140
systems/ful/panoptikon.nix
View File

@@ -2,128 +2,106 @@
config,
pkgs,
lib,
niveumLib,
niveumPackages,
...
}: let
kpaste = pkgs.writers.writeDash "kpaste" ''
${pkgs.curl}/bin/curl -sS -sS http://p.r --data-binary @"''${1:--}" | ${pkgs.gnused}/bin/sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
'';
panoptikon = niveumLib.panoptikon {inherit pkgs lib niveumPackages config;};
url = address:
pkgs.writers.writeDash "watch-url" ''
${pkgs.w3m}/bin/w3m -dump ${lib.escapeShellArg address}
'';
irc-xxx = panoptikon.kpaste-irc {
target = lib.escapeShellArg "#xxx";
retiolumLink = true;
};
urlJSON = address:
pkgs.writers.writeDash "watch-url-json" ''
${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} | ${pkgs.jq}/bin/jq
'';
urlSelector = selector: address:
pkgs.writers.writeDash "watch-url-selector" ''
${pkgs.curl}/bin/curl -sSL ${lib.escapeShellArg address} \
| ${pkgs.htmlq}/bin/htmlq ${lib.escapeShellArg selector} \
| ${pkgs.python3Packages.html2text}/bin/html2text
'';
reporters.irc-xxx = pkgs.writers.writeDash "irc-xxx" ''
${kpaste} \
| ${pkgs.gnused}/bin/sed -n '2s/^/change detected: /p' \
| ${config.nur.repos.mic92.ircsink}/bin/ircsink \
--nick "$PANOPTIKON_WATCHER"-watcher \
--server irc.r \
--target '#xxx'
'';
reporters.irc-kmein = pkgs.writers.writeDash "irc-xxx" ''
${kpaste} \
| ${pkgs.gnused}/bin/sed -n "3s/^/$PANOPTIKON_WATCHER: /p" \
| ${config.nur.repos.mic92.ircsink}/bin/ircsink \
--nick panoptikon-kmein \
--server irc.r \
--target 'kmein'
'';
irc-kmein = panoptikon.kpaste-irc {
messagePrefix = "$PANOPTIKON_WATCHER: ";
target = "kmein";
nick = "panoptikon-kmein";
retiolumLink = false;
};
in {
services.panoptikon = {
enable = true;
watchers = {
"github-meta" = {
script = urlJSON "https://api.github.com/meta";
reporters = [reporters.irc-xxx];
script = panoptikon.urlJSON {} "https://api.github.com/meta";
reporters = [irc-xxx];
};
lammla = {
script = url "http://lammla.info/index.php?reihe=30";
reporters = [reporters.irc-kmein];
script = panoptikon.url "http://lammla.info/index.php?reihe=30";
reporters = [irc-kmein];
};
kratylos = {
script = url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
reporters = [reporters.irc-kmein];
script = panoptikon.url "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
reporters = [irc-kmein];
};
zeno-free = {
script = urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector ".zenoCOMain" "http://www.zeno.org/Lesesaal/M/E-Books";
reporters = [irc-kmein];
};
carolinawelslau = {
script = urlSelector "#main" "https://carolinawelslau.de/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#main" "https://carolinawelslau.de/";
reporters = [irc-kmein];
};
lisalittmann = {
script = urlSelector "#site-content" "https://lisalittmann.de/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/";
reporters = [irc-kmein];
};
lisalittmann-archive = {
script = urlSelector "#site-content" "https://lisalittmann.de/archive/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/archive/";
reporters = [irc-kmein];
};
lisalittmann-projects = {
script = urlSelector "#site-content" "https://lisalittmann.de/projects/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://lisalittmann.de/projects/";
reporters = [irc-kmein];
};
tatort = {
script = urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector ".linklist" "https://www.daserste.de/unterhaltung/krimi/tatort/sendung/index.html";
reporters = [irc-kmein];
};
warpgrid-idiomarium = {
script = urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/idiomarium/";
reporters = [irc-kmein];
};
warpgrid-futurism = {
script = urlSelector "#site-content" "https://warpgrid.de/futurism/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/futurism/";
reporters = [irc-kmein];
};
warpgrid-imagiary = {
script = urlSelector "#site-content" "https://warpgrid.de/imagiary/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/imagiary/";
reporters = [irc-kmein];
};
warpgrid-alchemy = {
script = urlSelector "#site-content" "https://warpgrid.de/alchemy/";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#site-content" "https://warpgrid.de/alchemy/";
reporters = [irc-kmein];
};
indogermanische-forschungen = {
script = urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "#latestIssue" "https://www.degruyter.com/journal/key/INDO/html";
reporters = [irc-kmein];
};
ig-neuigkeiten = {
script = urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/aktuelles/neuigkeiten.html";
reporters = [irc-kmein];
};
ig-tagungen = {
script = urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
reporters = [reporters.irc-kmein];
script = panoptikon.urlSelector "[itemprop=articleBody]" "https://www.indogermanistik.org/tagungen/tagungen-der-ig.html";
reporters = [irc-kmein];
};
fxght-or-flxght = {
script = pkgs.writers.writeDash "watch-url-json" ''
${pkgs.curl}/bin/curl -sSL 'https://api.tellonym.me/profiles/name/fxght.or.flxght?limit=20' \
| ${pkgs.jq}/bin/jq '.answers | map(
select(.type == "answer")
| {
question: .tell,
answer: .answer,
date: .createdAt,
media: .media | map(.url)
}
)'
'';
reporters = [reporters.irc-kmein];
script = panoptikon.urlJSON {
jqScript = ''
.answers | map(
select(.type == "answer")
| {
question: .tell,
answer: .answer,
date: .createdAt,
media: .media | map(.url)
}
)
'';
} "https://api.tellonym.me/profiles/name/fxght.or.flxght?limit=20";
reporters = [irc-kmein];
};
};
};

28
systems/ful/radio.nix
View File

@@ -2,11 +2,38 @@
lib,
pkgs,
config,
niveumPackages,
...
}: let
inherit (import ../../lib) tmpfilesConfig;
liquidsoapDirectory = "/var/cache/liquidsoap";
icecastPassword = "hackme";
refresh-qasaid = pkgs.writers.writeDashBin "refresh-qasaid" ''
(
for i in $(seq 1 22)
do
${pkgs.curl}/bin/curl -sSL "https://www.hindawi.org/poems/$i/"
done
) | ${pkgs.htmlq}/bin/htmlq '.poems li' \
| ${pkgs.fq}/bin/fq -d html '
.html.body.li
| map(.a
| {
id: .[0].["@href"] | sub("/poems/"; "") | sub("/$"; "") | tonumber,
poem: .[0].["#text"],
author: .[1].["#text"]
})
' | ${niveumPackages.cyberlocker-tools}/bin/cput qasaid.json
'';
qasida-poem = pkgs.writers.writeDash "qasida.sh" ''
set -efu
${pkgs.jq}/bin/jq -c '.[]' < ${pkgs.fetchurl {
url = "https://c.krebsco.de/qasaid.json";
sha256 = "0vh1jzdrvjrdyq7dzya9k9g3jyli9jr0zfsqb2m1phm39psy4g2b";
}} \
| shuf -n1 \
| ${pkgs.jq}/bin/jq -r '"annotate:title=\"\(.poem) | https://www.hindawi.org/poems/\(.id)/\",artist=\"\(.author)\":https://downloads.hindawi.org/poems/\(.id)/\(.id).m4a"'
'';
lyrikline-poem = pkgs.writers.writeDash "lyrikline.sh" ''
set -efu
@@ -92,6 +119,7 @@ in {
end
make_streams("lyrikline", random_url("${lyrikline-poem}"), description="lyrikline. listen to the poet (unofficial)", genre="poetry")
make_streams("qasida", random_url("${qasida-poem}"), description="Qasa'id. Classical arabic poetry", genre="poetry")
make_streams("lyrik", random_url("${stavenhagen-poem}"), description="Fritz Stavenhagen Lyrik für alle | www.deutschelyrik.de", genre="poetry")
make_streams("wikipedia", random_url("${wikipedia-article}"), description="Zufällige Artikel von Wikipedia", genre="useless knowledge")
'';

6
systems/kabsa/configuration.nix
View File

@@ -40,10 +40,16 @@ in {
restic.file = ../../secrets/restic.age;
syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
specus.file = ../../secrets/kabsa-specus-privateKey.age;
};
environment.systemPackages = [pkgs.minecraft pkgs.zeroad];
services.specus = {
privateKeyFile = config.age.secrets.specus.path;
client.enable = false;
};
networking = {
hostName = "kabsa";
wireless.interfaces = ["wlp3s0"];

6
systems/makanek/configuration.nix
View File

@@ -95,6 +95,12 @@ in {
group = "tinc.retiolum";
};
restic.file = ../../secrets/restic.age;
specus.file = ../../secrets/makanek-specus-privateKey.age;
};
services.specus = {
privateKeyFile = config.age.secrets.specus.path;
server.enable = true;
};
system.stateVersion = "20.03";

4
systems/makanek/weechat.nix
View File

@@ -32,7 +32,7 @@ in {
scripts = [
pkgs.weechatScripts.weechat-autosort
pkgs.weechatScripts.colorize_nicks
pkgs.weechatScripts.weechat-matrix
# pkgs.weechatScripts.weechat-matrix
(pkgs.callPackage ../../packages/weechatScripts/hotlist2extern.nix {})
];
settings = let
@@ -166,9 +166,9 @@ in {
};
extraCommands = ''
/save
/matrix connect nibbana
/connect -all
'';
# /matrix connect nibbana
};
};
in {