mirror of
https://github.com/kmein/niveum
synced 2026-03-24 13:41:08 +01:00
Compare commits
15 Commits
a34b4a8262
...
45644518bb
| Author | SHA1 | Date | |
|---|---|---|---|
| 45644518bb | |||
| 77ddd1d02f | |||
| 0f5e0e8d6f | |||
| de066361b7 | |||
| ba3a139f8e | |||
| 91fa6faeaf | |||
| e95546ef8a | |||
| b9623e3d57 | |||
| 73929c1963 | |||
| 3197a5a232 | |||
| 6a605633ae | |||
| 52376128a5 | |||
| 4a5bc2d89d | |||
| 3ec22d6ef0 | |||
| 3c86532a5d |
18
.bin/ttrss-unread
Executable file
18
.bin/ttrss-unread
Executable file
@@ -0,0 +1,18 @@
|
||||
#/usr/bin/env -S deno run -A:q
|
||||
set -x
|
||||
session_cache="$HOME/.cache/tt-rss.session"
|
||||
ttrss_endpoint=https://feed.kmein.de/api/
|
||||
ttrss_user=k
|
||||
ttrss_password=$(pass shared/tt-rss/password)
|
||||
|
||||
login() {
|
||||
if [ -f "$session_cache" ]; then
|
||||
session_id="$(cat "$session_cache")"
|
||||
else
|
||||
session_id="$(curl -d '{"op":"login","user":"'"$ttrss_user"'","password":"'"$ttrss_password"'"}' "$ttrss_endpoint" | jq -r .content.session_id)"
|
||||
echo "$session_id" > "$session_cache"
|
||||
fi
|
||||
}
|
||||
|
||||
login
|
||||
curl -d '{"sid":"'"$session_id"'","op":"getUnread"}' "$ttrss_endpoint" | jq .content
|
||||
@@ -14,6 +14,7 @@
|
||||
nginx.enable = false;
|
||||
node = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
enabledCollectors = [
|
||||
"conntrack"
|
||||
"diskstats"
|
||||
@@ -38,8 +39,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port];
|
||||
|
||||
systemd.services.promtail = {
|
||||
description = "Promtail service for Loki";
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
||||
@@ -90,6 +90,7 @@
|
||||
urls-source "ttrss"
|
||||
ttrss-url "https://feed.kmein.de"
|
||||
ttrss-login "k"
|
||||
ttrss-flag-star "s"
|
||||
ttrss-password "${lib.strings.fileContents <secrets/tt-rss/password>}"
|
||||
ttrss-mode "multi"
|
||||
'';
|
||||
@@ -99,10 +100,9 @@ in {
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
newsboat = pkgs.writers.writeDashBin "newsboat" ''
|
||||
${pkgs.newsboat}/bin/newsboat -C ${newsboat-config} -u ${pkgs.writeText "newsboat-urls" ''
|
||||
https://feed.kmein.de/public.php?op=rss&id=-1&is_cat=0&q=&key=${lib.strings.fileContents <secrets/tt-rss/private-rss.key>} "foo"
|
||||
"query:🕒 Read Later:flags # \"e\""
|
||||
https://feed.kmein.de/public.php?op=rss&id=-1&is_cat=0&q=&key=${lib.strings.fileContents <secrets/tt-rss/private-rss.key>} "~Starred"
|
||||
"query:📥 Unread:unread = \"yes\""
|
||||
" "
|
||||
''} "$@"
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -7,4 +7,5 @@
|
||||
fonts.fontconfig.enable = false;
|
||||
nix.gc.automatic = true;
|
||||
nix.optimise.automatic = true;
|
||||
services.journald.extraConfig = "SystemMaxUse=500M";
|
||||
}
|
||||
|
||||
48
flake.lock
generated
48
flake.lock
generated
@@ -23,11 +23,11 @@
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669510155,
|
||||
"narHash": "sha256-PS2WdRXujfxH9PuH0w8aRmrEQ+Toz3RqGlp0mXQRGio=",
|
||||
"lastModified": 1669825171,
|
||||
"narHash": "sha256-HxlZHSiRGXnWAFbIJMeujqBe2KgACYx5XDRY0EA9P+4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e999dfe7cba2e1fd59ab135e7496545bd4f82b76",
|
||||
"rev": "478610aa37c8339eacabfa03f07dacf5574edd47",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -95,11 +95,11 @@
|
||||
"nix-writers": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1554228333,
|
||||
"narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=",
|
||||
"lastModified": 1669756621,
|
||||
"narHash": "sha256-Scg3pf+igUXt/YTO8kxQLBmBqCgGPVt/16DFC8YuA2g=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
|
||||
"revCount": 32,
|
||||
"rev": "f65c77bdcc58be2081a0ffbda849289c5191b5e8",
|
||||
"revCount": 33,
|
||||
"type": "git",
|
||||
"url": "https://cgit.krebsco.de/nix-writers"
|
||||
},
|
||||
@@ -110,27 +110,27 @@
|
||||
},
|
||||
"nixos-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1669418739,
|
||||
"narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
|
||||
"lastModified": 1669834992,
|
||||
"narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "695b3515251873e0a7e2021add4bba643c56cde3",
|
||||
"rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.05",
|
||||
"ref": "nixos-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1669411043,
|
||||
"narHash": "sha256-LfPd3+EY+jaIHTRIEOUtHXuanxm59YKgUacmSzaqMLc=",
|
||||
"lastModified": 1669542132,
|
||||
"narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5dc7114b7b256d217fe7752f1614be2514e61bb8",
|
||||
"rev": "a115bb9bd56831941be3776c8a94005867f316a7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -143,11 +143,11 @@
|
||||
"recht": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1664353498,
|
||||
"narHash": "sha256-s1MUaSOkyoAMarB4a1DgMsfVhmhAsLIjtyeT+ZCxOEE=",
|
||||
"lastModified": 1669719044,
|
||||
"narHash": "sha256-WsLWlTM2Hrurj9kVajybIOavV9QPYiJweMCOQR6h+YI=",
|
||||
"owner": "kmein",
|
||||
"repo": "recht",
|
||||
"rev": "dc2cb407052a53965e6678fd84f0d887f887c11c",
|
||||
"rev": "7c15b13328fb5cee01012c488ff235ee730cac70",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -159,11 +159,11 @@
|
||||
"retiolum": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1669363981,
|
||||
"narHash": "sha256-MkcI5WZ1VGmXR9LsX9oTJJLSF36L871lX25jT0Ruklw=",
|
||||
"lastModified": 1669921153,
|
||||
"narHash": "sha256-il4bbuxSU/hXj3dkUcex97vHDuSgBeBaRfoxKS8EeOA=",
|
||||
"owner": "krebs",
|
||||
"repo": "retiolum",
|
||||
"rev": "a805971ef7e25d2cc1ce8a062e5f72617880402a",
|
||||
"rev": "4679cdd5f0851f22518e7011144f22431e6551c0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -211,11 +211,11 @@
|
||||
"stockholm": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1669306514,
|
||||
"narHash": "sha256-bHhys4UdNC2rvg8RHL3BHR5uXv1Z0jxcQb/V7Wavhfk=",
|
||||
"lastModified": 1669756706,
|
||||
"narHash": "sha256-M4Aj6NoYvS6u/52U+cM4yWdpnbdJQ4k1d4u0yrCUY8Y=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "dae12b6893a1d28e8bcb1fe3fb9ee8757bbfbed4",
|
||||
"revCount": 10963,
|
||||
"rev": "81b5682c5ff1e36613f844a874e09b897ee13d3e",
|
||||
"revCount": 10973,
|
||||
"type": "git",
|
||||
"url": "https://cgit.lassul.us/stockholm"
|
||||
},
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
description = "niveum: packages, modules, systems";
|
||||
|
||||
inputs = {
|
||||
nixos-stable.url = "github:NixOS/nixpkgs/nixos-22.05";
|
||||
nixos-stable.url = "github:NixOS/nixpkgs/nixos-22.11";
|
||||
nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
|
||||
@@ -10,10 +10,8 @@ in {
|
||||
./gitea.nix
|
||||
./hardware-configuration.nix
|
||||
./hedgedoc.nix
|
||||
./matterbridge.nix
|
||||
./menstruation.nix
|
||||
./moinbot.nix
|
||||
# ./horoscopy.nix
|
||||
./monitoring
|
||||
./moodle-dl-borsfaye.nix
|
||||
./names.nix
|
||||
|
||||
@@ -4,10 +4,12 @@ let
|
||||
in {
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
disableRegistration = true;
|
||||
rootUrl = domain;
|
||||
appName = "code.kmein.de";
|
||||
ssh.clonePort = sshPort;
|
||||
settings = {
|
||||
server.SSH_PORT = sshPort;
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."code.kmein.de" = {
|
||||
forceSSL = true;
|
||||
|
||||
@@ -27,7 +27,7 @@ in {
|
||||
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
settings = {
|
||||
allowOrigin = [domain];
|
||||
allowAnonymous = true;
|
||||
allowGravatar = false;
|
||||
|
||||
@@ -4,7 +4,13 @@
|
||||
...
|
||||
}: let
|
||||
backend = pkgs.callPackage <menstruation-backend> {};
|
||||
telegram = pkgs.callPackage <menstruation-telegram> {};
|
||||
old-pkgs = import (pkgs.fetchFromGitHub {
|
||||
owner = "NixOs";
|
||||
repo = "nixpkgs";
|
||||
rev = "695b3515251873e0a7e2021add4bba643c56cde3";
|
||||
hash = "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=";
|
||||
}) {};
|
||||
telegram = old-pkgs.poetry2nix.mkPoetryApplication {projectDir = <menstruation-telegram>;};
|
||||
backendPort = 8000;
|
||||
in {
|
||||
services.redis.servers.menstruation = {
|
||||
|
||||
@@ -10,21 +10,40 @@
|
||||
in {
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
domain = "grafana.kmein.r";
|
||||
port = 9444;
|
||||
addr = "127.0.0.1";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${config.services.grafana.domain} = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
||||
proxyWebsockets = true;
|
||||
settings.server = {
|
||||
domain = "grafana.kmein.r";
|
||||
http_port = 9444;
|
||||
http_addr = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
${config.services.grafana.settings.server.domain} = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
${lib.removePrefix "http://" config.services.prometheus.alertmanager.webExternalUrl} = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.alertmanager.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
${lib.removePrefix "http://" config.services.prometheus.webExternalUrl} = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus.webExternalUrl = "http://prometheus.kmein.r";
|
||||
|
||||
niveum.passport.services = [
|
||||
{
|
||||
title = "Prometheus";
|
||||
link = config.services.prometheus.webExternalUrl;
|
||||
description = "collects metrics from devices in the <i>niveum</i> network, blackbox monitors some websites.";
|
||||
}
|
||||
{
|
||||
@@ -33,11 +52,12 @@ in {
|
||||
}
|
||||
{
|
||||
title = "Grafana";
|
||||
link = "http://${config.services.grafana.domain}";
|
||||
link = "http://${config.services.grafana.settings.server.domain}";
|
||||
description = "displays metrics from devices in the <i>niveum</i> network.";
|
||||
}
|
||||
{
|
||||
title = "Alertmanager bot";
|
||||
title = "Alertmanager";
|
||||
link = config.services.prometheus.alertmanager.webExternalUrl;
|
||||
description = "notifies me when something goes wrong.";
|
||||
}
|
||||
];
|
||||
@@ -143,48 +163,31 @@ in {
|
||||
})
|
||||
];
|
||||
|
||||
systemd.services.alertmanager-bot-telegram = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["ip-up.target"];
|
||||
environment.TELEGRAM_ADMIN = "18980945";
|
||||
environment.TELEGRAM_TOKEN = lib.strings.fileContents <system-secrets/telegram/prometheus.token>;
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = "15s";
|
||||
DynamicUser = true;
|
||||
StateDirectory = "alertbot";
|
||||
ExecStart = '' ${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
|
||||
--alertmanager.url=http://localhost:9093 --log.level=info \
|
||||
--store=bolt --bolt.path=/var/lib/alertbot/bot.db \
|
||||
--listen.addr="0.0.0.0:16320" \
|
||||
--template.paths=${
|
||||
pkgs.writeText "template.tmpl" ''
|
||||
{{ define "telegram.default" }}
|
||||
{{range .Alerts -}}
|
||||
{{.Status}}: {{ index .Annotations "summary"}}
|
||||
{{end -}}
|
||||
{{end}}
|
||||
''
|
||||
}'';
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus.alertmanager = {
|
||||
enable = true;
|
||||
listenAddress = "localhost";
|
||||
webExternalUrl = "http://alertmanager.kmein.r";
|
||||
configuration = {
|
||||
route = {
|
||||
group_wait = "30s";
|
||||
repeat_interval = "4h";
|
||||
receiver = "me";
|
||||
repeat_interval = "24h";
|
||||
receiver = "email";
|
||||
};
|
||||
receivers = [
|
||||
{
|
||||
name = "me";
|
||||
webhook_configs = [
|
||||
name = "email";
|
||||
email_configs = let
|
||||
inherit (import <niveum/lib>) kieran;
|
||||
inherit (import <niveum/lib/email.nix> {inherit lib;}) cock;
|
||||
in [
|
||||
{
|
||||
url = "http://localhost:16320";
|
||||
send_resolved = true;
|
||||
to = kieran.email;
|
||||
from = cock.user;
|
||||
smarthost = "${cock.smtp}:587";
|
||||
auth_username = cock.user;
|
||||
auth_identity = cock.user;
|
||||
auth_password = cock.password;
|
||||
}
|
||||
];
|
||||
}
|
||||
@@ -196,7 +199,7 @@ in {
|
||||
{
|
||||
scheme = "http";
|
||||
path_prefix = "/";
|
||||
static_configs = [{targets = ["localhost:9093"];}];
|
||||
static_configs = [{targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"];}];
|
||||
}
|
||||
];
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
in {
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud24;
|
||||
package = pkgs.nextcloud25;
|
||||
|
||||
https = true;
|
||||
|
||||
@@ -20,6 +20,8 @@ in {
|
||||
|
||||
hostName = "cloud.xn--kiern-0qa.de";
|
||||
|
||||
phpOptions."opcache.interned_strings_buffer" = "32"; # buffer size in MB
|
||||
|
||||
config = {
|
||||
overwriteProtocol = "https";
|
||||
|
||||
@@ -31,6 +33,27 @@ in {
|
||||
adminpassFile = passwordFile <system-secrets/nextcloud/admin>;
|
||||
adminuser = "admin";
|
||||
# extraTrustedDomains = [ "toum.r" ];
|
||||
defaultPhoneRegion = "DE";
|
||||
};
|
||||
|
||||
logLevel = 2;
|
||||
|
||||
extraOptions = let
|
||||
inherit (import <niveum/lib/email.nix> {inherit lib;}) cock;
|
||||
address = builtins.split "@" cock.user;
|
||||
in {
|
||||
defaultapp = "files";
|
||||
mail_smtpmode = "smtp";
|
||||
mail_sendmailmode = "smtp";
|
||||
mail_smtphost = cock.smtp;
|
||||
mail_smtpport = "587";
|
||||
mail_from_address = builtins.elemAt address 0;
|
||||
mail_domain = builtins.elemAt address 2;
|
||||
mail_smtpsecure = "tls";
|
||||
mail_smtpauthtype = "LOGIN";
|
||||
mail_smtpauth = 1;
|
||||
mail_smtpname = cock.user;
|
||||
mail_smtppassword = cock.password;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ in {
|
||||
selfUrlPath = "https://${domain}";
|
||||
virtualHost = domain;
|
||||
registration = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
maxUsers = 3;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -26,19 +26,6 @@
|
||||
url = "http://lammla.info/index.php?reihe=30";
|
||||
filter = ["html2text" "strip"];
|
||||
}
|
||||
{
|
||||
name = "Tatort";
|
||||
url = "https://www.daserste.de/unterhaltung/krimi/tatort/vorschau/index.html";
|
||||
filter = [
|
||||
"html2text"
|
||||
"strip"
|
||||
{
|
||||
shellpipe = ''
|
||||
${pkgs.gnused}/bin/sed 's/ / /g;s/))/&\n/g;s/ \+/ /g'
|
||||
'';
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Kratylos";
|
||||
url = "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
|
||||
@@ -49,11 +36,6 @@
|
||||
url = "http://www.zeno.org/Lesesaal/M/E-Books";
|
||||
filter = [{element-by-class = "zenoCOMain";} "html2text" "strip"];
|
||||
}
|
||||
{
|
||||
name = "Arnshaugk Neuerscheinungen";
|
||||
url = "http://www.arnshaugk.de/index.php";
|
||||
filter = ["html2text" "strip"];
|
||||
}
|
||||
{
|
||||
name = "Carolina Welslau";
|
||||
url = "https://carolinawelslau.de/";
|
||||
|
||||
@@ -24,7 +24,7 @@ in {
|
||||
<niveum/configs/printing.nix>
|
||||
<niveum/configs/spacetime.nix>
|
||||
<niveum/configs/sshd.nix>
|
||||
<niveum/configs/traadfri.nix>
|
||||
# <niveum/configs/traadfri.nix>
|
||||
<niveum/configs/tmux.nix>
|
||||
<niveum/configs/wpa_supplicant.nix>
|
||||
<niveum/modules/retiolum.nix>
|
||||
|
||||
Reference in New Issue
Block a user