feat(tahina): init as guest laptop

2026-03-20 20:01:08 +01:00 · 2022-03-29 00:21:20 +02:00
18 changed files with 163 additions and 509 deletions
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -3,9 +3,7 @@
  lib,
  pkgs,
  ...
-}: let
-  inherit (import <niveum/lib>) tmpfilesConfig;
-in {
+}: {
  imports = [
    <niveum/modules/dropbox.nix>
  ];
@@ -14,46 +12,19 @@ in {
    dropbox.enable = false;
  };

-  systemd.tmpfiles.rules = map tmpfilesConfig [
-    {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = "users";
-      mode = "0755";
-      argument = "${config.users.users.me.home}/cloud/Seafile/Wiki";
-      path = "${config.users.users.me.home}/notes";
-    }
-    {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = "users";
-      mode = "0755";
-      argument = "${config.users.users.me.home}/cloud/Seafile/Uni";
-      path = "${config.users.users.me.home}/uni";
-    }
-    {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = "users";
-      mode = "0755";
-      argument = "${config.users.users.me.home}/cloud/syncthing/common/mahlzeit";
-      path = "${config.users.users.me.home}/mahlzeit";
-    }
-  ];
+  system.activationScripts.home-symlinks = ''
+    ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
+    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
+    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Uni ${config.users.users.me.home}/uni
+  '';

  home-manager.users.me = {
-    services.gnome-keyring.enable = true;
    services.nextcloud-client = {
      enable = true;
      startInBackground = true;
    };
  };

-  systemd.user.services.nextcloud-client = {
-    wants = ["gnome-keyring.service"];
-    after = ["gnome-keyring.service"];
-  };
-
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "book" ''
      set -efu
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -262,6 +262,5 @@ in {
    ./vscode.nix
    ./watson.nix
    ./zsh.nix
-    ./tor.nix
  ];
 }
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -1,53 +1,42 @@
 {pkgs, ...}: {
  nixpkgs.config.joypixels.acceptLicense = true;
+
  fonts = {
    enableDefaultFonts = true;
    fontDir.enable = true;
    fonts = with pkgs; [
      alegreya
      alegreya-sans
-      amiri
-      cantarell-fonts
-      charis-sil
      corefonts
-      crimson
      eb-garamond
-      etBook
      fira
      font-awesome-ttf
-      gentium
-      gfs-fonts
-      gyre-fonts
-      ia-writer-duospace
      ibm-plex
-      jetbrains-mono
-      joypixels
-      libertinus
-      libre-bodoni
+      inconsolata
+      iosevka
+      libertine
      lmodern
-      merriweather
      noto-fonts
-      ocr-a
+      noto-fonts-cjk
+      noto-fonts-emoji
      roboto
      roboto-mono
      roboto-slab
-      scheherazade-new
      source-code-pro
-      source-sans-pro
      source-serif-pro
-      theano
+      source-sans-pro
+      ubuntu_font_family
+      gfs-fonts
+      jetbrains-mono
+      twemoji-color-font
+      joypixels
      tocharian-font
-      vistafonts
-      vollkorn
-      zilla-slab
-    ]; # google-fonts league-of-moveable-type
-    fontconfig.defaultFonts = let
-      emojiFont = "JoyPixels";
-    in {
-      monospace = ["JetBrains Mono" emojiFont];
-      serif = ["Merriweather"];
-      sansSerif = ["Cantarell" emojiFont];
-      emoji = [emojiFont];
+    ];
+    fontconfig.defaultFonts = {
+      monospace = ["JetBrains Mono" "JoyPixels"];
+      serif = ["Roboto Slab"];
+      sansSerif = ["Roboto" "Noto Sans"];
+      emoji = ["JoyPixels"];
    };
  };
 }
--- a/configs/keyboard.nix
+++ b/configs/keyboard.nix
@@ -5,12 +5,9 @@
 }: let
  commaSep = builtins.concatStringsSep ",";
 in {
-  # man 7 xkeyboard-config
  services.xserver = {
-    layout = commaSep ["de" "gr" "ru" "ara"];
-    # T3: https://upload.wikimedia.org/wikipedia/commons/a/a9/German-Keyboard-Layout-T3-Version1-large.png
-    # buckwalter: http://www.qamus.org/transliteration.htm
-    xkbVariant = commaSep ["T3" "polytonic" "phonetic" "buckwalter"];
+    layout = commaSep ["de" "gr"];
+    xkbVariant = commaSep ["T3" "polytonic"];
    xkbOptions =
      commaSep ["compose:caps" "terminate:ctrl_alt_bksp" "grp:ctrls_toggle"];
    libinput.enable = true;
@@ -20,15 +17,4 @@ in {

  # improve held key rate
  services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";
-
-  systemd.user.services.gxkb = {
-    wantedBy = ["graphical-session.target"];
-    serviceConfig = {
-      SyslogIdentifier = "gxkb";
-      ExecStart = "${pkgs.gxkb}/bin/gxkb";
-      Restart = "always";
-      RestartSec = "15s";
-      StartLimitBurst = 0;
-    };
-  };
 }
--- a/configs/mpv.nix
+++ b/configs/mpv.nix
@@ -18,7 +18,6 @@ in {
    programs.mpv = {
      enable = true;
      config = {
-        ytdl-format = "bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best";
        ytdl-raw-options = lib.concatStringsSep "," [''sub-lang="de,en"'' "write-sub=" "write-auto-sub="];
        screenshot-template = "%F-%wH%wM%wS-%#04n";
      };
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -161,7 +161,7 @@ in {
    scripts.vimv
    scripts.swallow # window swallowing
    scripts.literature-quote
-    jless # less(1) for json
+    scripts.nav # json navigation
    scripts.notetags
    scripts.booksplit
    scripts.dmenurandr
--- a/configs/telegram-bots/astrology.nix
+++ b/configs/telegram-bots/astrology.nix
@@ -42,7 +42,7 @@
  '';
 in {
  niveum.telegramBots.transits = {
-    enable = false;
+    enable = true;
    time = "*:0/1";
    token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
    chatIds = ["-1001796440545"];
--- a/configs/tor.nix
+++ b/configs/tor.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{
  services.tor.enable = true;
-  environment.systemPackages = [pkgs.tor];
+  services.tor.torsocks.enable = true;
 }
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "flake-utils": {
      "locked": {
-        "lastModified": 1649676176,
-        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+        "lastModified": 1648297722,
+        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
+        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
        "type": "github"
      },
      "original": {
@@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1649887911,
-        "narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=",
+        "lastModified": 1647175256,
+        "narHash": "sha256-7H+veXPM7IwdN1DoZqliwb9sghlN56koV5dnCu1kpsc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5",
+        "rev": "a8d00f5c038cf7ec54e7dac9c57b171c1217f008",
        "type": "github"
      },
      "original": {
@@ -62,11 +62,11 @@
    "menstruation-backend": {
      "flake": false,
      "locked": {
-        "lastModified": 1649545504,
-        "narHash": "sha256-TVm3246ML7gWPeGm+bdb+Qo8o/7nve7sQ2hBdCZm3z8=",
+        "lastModified": 1634573652,
+        "narHash": "sha256-FIj8oCOJO+Wqxr2o5MMqIShvzMJud4iUq3o8y4NIRvw=",
        "owner": "kmein",
        "repo": "menstruation.rs",
-        "rev": "d9f3c6d53542fd7c7ed191e37cf4e342d4a47bcb",
+        "rev": "dd405fe2acf32441e8ac56e488e689bb1c4bea82",
        "type": "github"
      },
      "original": {
@@ -109,11 +109,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1650647313,
-        "narHash": "sha256-6ghnNPXDlG6/tXeIFdbP0cGnik6TGNwc615hhG9dpl4=",
+        "lastModified": 1647992509,
+        "narHash": "sha256-AG40Nt5OWz0LBs5p457emOuwLKOvTtcv/2fUdnEN3Ws=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "a318a09a96a38382fe61a7f85d03ea6e25c46c56",
+        "rev": "d2caa9377539e3b5ff1272ac3aa2d15f3081069f",
        "type": "github"
      },
      "original": {
@@ -125,11 +125,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1650760898,
-        "narHash": "sha256-r1rzTgwi1FKx5t3KKi7Xt4hyGdOnTD0RSTpbNls09KU=",
+        "lastModified": 1648337267,
+        "narHash": "sha256-8DRg8UDvs63iaIaHEbWG7/lnD9ImQlMNsTZMY3PvFLc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "0f1f92d85be76e0bd79ebb2285be8f43683eb845",
+        "rev": "6de161729c81dc98e844793cc9c8fda29d5ef62a",
        "type": "github"
      },
      "original": {
@@ -194,11 +194,11 @@
    "scripts": {
      "flake": false,
      "locked": {
-        "lastModified": 1650402678,
-        "narHash": "sha256-LkaKJvF09wVHpN5FuJtX0M4vOA/DrO9xUMFI8fMtNeA=",
+        "lastModified": 1648314795,
+        "narHash": "sha256-hGIXkAcGiJnVXnl8kigZpI3VFrLmAr2+yr85hi5JwP0=",
        "owner": "kmein",
        "repo": "scripts",
-        "rev": "adfd4238f7a8f0f894547998cbb04327bad97884",
+        "rev": "d1d525b92a34e55b1ad886807c284106e58716b2",
        "type": "github"
      },
      "original": {
@@ -210,11 +210,11 @@
    "stockholm": {
      "flake": false,
      "locked": {
-        "lastModified": 1650040948,
-        "narHash": "sha256-/4Q2vnl53BQVYQFSZqF512CF6tzIyPHaDy4Yheof8G4=",
+        "lastModified": 1648214990,
+        "narHash": "sha256-rptATGq+jcpL+P+Cr6d3OajV6zYkbHPWlt3aQNZI2TY=",
        "ref": "master",
-        "rev": "92d5eacd6d9e530c4d1ea0dec2652417b0fde78a",
-        "revCount": 10516,
+        "rev": "ae9c0b12710b5361d0d45510eb401eebfc1b3fb0",
+        "revCount": 10497,
        "type": "git",
        "url": "https://cgit.lassul.us/stockholm"
      },
--- a/lib/streams.nix
+++ b/lib/streams.nix
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -7,8 +7,9 @@
  stateLocation = "/var/lib/codimd/state.sqlite";
  nixpkgs-unstable = import <nixpkgs-unstable> {};
  domain = "pad.kmein.de";
-  inherit (import <niveum/lib>) tmpfilesConfig;
 in {
+  imports = [<stockholm/krebs/3modules/permown.nix>];
+
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
@@ -48,15 +49,11 @@ in {
    };
  };

-  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
-      user = "codimd";
-      group = "codimd";
-      mode = "0755";
-      type = "d";
-      path = backupLocation;
-    })
-  ];
+  krebs.permown.${backupLocation} = {
+    owner = "codimd";
+    group = "codimd";
+    umask = "0002";
+  };

  systemd.services.hedgedoc-backup = {
    description = "Hedgedoc backup service";
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -220,7 +220,7 @@ in {
            "tarot.kmein.de"
            "cloud.xn--kiern-0qa.de"
            "grafana.kmein.r"
-            # "names.kmein.r"
+            "names.kmein.r"
            "rrm.r"
            "graph.r"
          ];
@@ -238,6 +238,16 @@ in {
        }
      ];
    }
+    {
+      job_name = "tahina";
+      static_configs = [
+        {
+          targets = [
+            "tahina.r:${toString config.services.prometheus.exporters.node.port}"
+          ];
+        }
+      ];
+    }
  ];

  services.prometheus.exporters.blackbox = {
--- a/systems/makanek/names.nix
+++ b/systems/makanek/names.nix
@@ -4,8 +4,8 @@
  ...
 }: let
  port = 5703;
-  onomap-src = "${<scripts>}/onomastics-ng";
-  onomap = pkgs.haskellPackages.callCabal2nix "onomap" onomap-src {};
+  geogen-src = "${<scripts>}/onomastics";
+  geogen = pkgs.callPackage geogen-src {};
 in {
  systemd.services.names = {
    wants = ["network-online.target"];
@@ -13,9 +13,12 @@ in {
    description = "Better clone of geogen.stoepel.net";
    serviceConfig = {
      DynamicUser = true;
-      ExecStart = "${onomap}/bin/onomap-web";
    };
-    environment.PORT = toString port;
+    script = ''
+      cd $(mktemp -d)
+      ln -s "${geogen-src}/wsgi.py" wsgi.py
+      ${geogen.dependencyEnv}/bin/gunicorn wsgi:app -b :${toString port}
+    '';
  };

  services.nginx = {
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -143,11 +143,6 @@ in {
              tags = ["nick_gitlab"];
              regex = "*";
            };
-            people = {
-              buffer = "irc.*.*";
-              tags = map (name: "nick_${name}") ["mod_p[matrix-fli"];
-              regex = "*";
-            };
          };
        };
        extraCommands = ''/matrix connect nibbana'';
--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -11,22 +11,23 @@ in {
    <niveum/configs/spacetime.nix>
    <niveum/modules/retiolum.nix>
    <niveum/configs/sshd.nix>
+    {
+      console.keyMap = "de";
+      i18n.defaultLocale = "de_DE.UTF-8";
+      services.xserver = {
+        layout = "de";
+        libinput.enable = true;
+      };
+    }
+    {
+      nix.nixPath = ["/var/src"];
+    }
  ];

-  nix.nixPath = ["/var/src"];
-
-  console.keyMap = "de";
-  i18n.defaultLocale = "de_DE.UTF-8";
-  services.xserver = {
-    layout = "de";
-    libinput.enable = true;
-  };
-
  users.users.xenos = {
    name = "xenos";
    password = "xenos";
    isNormalUser = true;
-    extraGroups = ["networkmanager"];
  };

  services.xserver = {
--- a/systems/tahina/hardware-configuration.nix
+++ b/systems/tahina/hardware-configuration.nix
@@ -26,23 +26,17 @@
    extraModulePackages = [];
  };

-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
-      fsType = "xfs";
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/9B2F-31E1";
-      fsType = "vfat";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
+    fsType = "xfs";
  };

-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 2048;
-    }
-  ];
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9B2F-31E1";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];

  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -69,15 +69,6 @@ in {
        108283 # Digital Classicist
        109211 # Altlitauisch
        109185 # Etymologie
-
-        # SS 2022
-        112606 # Avestisch
-        111761 # Griechische Wissenschaftsliteratur
-        111515 # H. Furens
-        110914 # Apostelgeschichte
-        112225 # Gr. Paläographie
-        113275 # ALEW
-        112783 # Akzent und Silbenstruktur
      ];
      download_submissions = true;
      download_descriptions = true;
--- a/systems/zaatar/tuna.nix
+++ b/systems/zaatar/tuna.nix
@@ -5,7 +5,6 @@
  ...
 }: let
  firewall = (import <niveum/lib>).firewall lib;
-  inherit (import <niveum/lib>) tmpfilesConfig;

  streams = import <niveum/lib/streams.nix> {
    di-fm-key = lib.strings.fileContents <secrets/di.fm/key>;
@@ -72,31 +71,13 @@ in {
    extraStopCommands = firewall.removeRules rules;
  };

-  systemd.tmpfiles.rules = let
-    tags = lib.lists.unique (lib.concatMap ({tags ? [], ...}: tags) streams);
-    tagStreams = tag: lib.filter ({tags ? [], ...}: lib.elem tag tags) streams;
-    makePlaylist = name: streams: pkgs.writeText "${name}.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
-  in
-    map (tag:
-      tmpfilesConfig {
-        type = "L+";
-        path = "/var/lib/mpd/playlists/${tag}.m3u";
-        mode = "0644";
-        user = "mpd";
-        group = "mpd";
-        argument = makePlaylist tag (tagStreams tag);
-      })
-    tags
-    ++ [
-      (tmpfilesConfig {
-        type = "L+";
-        mode = "0644";
-        user = "mpd";
-        group = "mpd";
-        path = "/var/lib/mpd/playlist/all.m3u";
-        argument = makePlaylist "all" streams;
-      })
-    ];
+  system.activationScripts.mpd-playlists = let
+    playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
+  in ''
+    rm -rf /var/lib/mpd/playlists
+    install -d /var/lib/mpd/playlists
+    ln -sfn "${toString playlistFile}" "/var/lib/mpd/playlists/radio.m3u"
+  '';

  services.tuna = {
    enable = true;
@@ -106,15 +87,33 @@ in {
      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
      stream,
      station,
-      ...
    }: {inherit id desc logo stream station;})
    streams;
-    webPort = 7044;
+    webPort = 8080;
  };

-  services.ympd = {
-    enable = true;
-    mpd.port = config.services.mpd.network.port;
+  systemd.services.tuna-stations = let
+    stations = lib.lists.imap0 (id: {
+      desc ? "",
+      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
+      stream,
+      station,
+    }: {inherit id desc logo stream station;})
+    streams;
+    stationsJson = (pkgs.formats.json {}).generate "stations.json" stations;
+  in {
+    enable = false;
+    wantedBy = ["tuna.service"];
+    startAt = "hourly";
+    script = ''
+      mkdir -p /etc/tuna
+      antenne_asb_url=$(
+        ${pkgs.curl}/bin/curl -sS 'https://www.caster.fm/widgets/em_player.php?jsinit=true&uid=529295&t=blue&c=' \
+          | grep streamUrl \
+          | sed ${lib.escapeShellArg "s/^.*'\\([^']*\\)'.*/\\1/"}
+      )
+      ${pkgs.jq}/bin/jq "map(if .station == \"Antenne ASB\" then .stream |= \"$antenne_asb_url\" else . end)" < ${stationsJson} > /etc/tuna/stations.json
+    '';
  };

  services.nginx = {
@@ -126,7 +125,7 @@ in {
    virtualHosts."radio.kmein.r" = {
      basicAuth.dj = password;
      locations."/" = {
-        proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}";
+        proxyPass = "http://127.0.0.1:${toString config.services.tuna.webPort}";
        proxyWebsockets = true;
      };
    };