feat(urlwatch): remove arnshaugk due to spam

.bin/ttrss-unread

@@ -0,0 +1,18 @@
+#/usr/bin/env -S deno run -A:q
+set -x
+session_cache="$HOME/.cache/tt-rss.session"
+ttrss_endpoint=https://feed.kmein.de/api/
+ttrss_user=k
+ttrss_password=$(pass shared/tt-rss/password)
+
+login() {
+  if [ -f "$session_cache" ]; then
+    session_id="$(cat "$session_cache")"
+  else
+    session_id="$(curl -d '{"op":"login","user":"'"$ttrss_user"'","password":"'"$ttrss_password"'"}' "$ttrss_endpoint" | jq -r .content.session_id)"
+    echo "$session_id" > "$session_cache"
+  fi
+}
+
+login
+curl -d '{"sid":"'"$session_id"'","op":"getUnread"}' "$ttrss_endpoint" | jq .content

configs/monitoring.nix

@@ -14,6 +14,7 @@
       nginx.enable = false;
       node = {
         enable = true;
+        openFirewall = true;
         enabledCollectors = [
           "conntrack"
           "diskstats"
@@ -38,8 +39,6 @@
     };
   };
 
-  networking.firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port];
-
   systemd.services.promtail = {
     description = "Promtail service for Loki";
     wantedBy = ["multi-user.target"];

configs/newsboat.nix

@@ -90,6 +90,7 @@
     urls-source "ttrss"
     ttrss-url "https://feed.kmein.de"
     ttrss-login "k"
+    ttrss-flag-star "s"
     ttrss-password "${lib.strings.fileContents <secrets/tt-rss/password>}"
     ttrss-mode "multi"
   '';
@@ -99,10 +100,9 @@ in {
   nixpkgs.config.packageOverrides = pkgs: {
     newsboat = pkgs.writers.writeDashBin "newsboat" ''
       ${pkgs.newsboat}/bin/newsboat -C ${newsboat-config} -u ${pkgs.writeText "newsboat-urls" ''
+        https://feed.kmein.de/public.php?op=rss&id=-1&is_cat=0&q=&key=${lib.strings.fileContents <secrets/tt-rss/private-rss.key>} "foo"
         "query:🕒 Read Later:flags # \"e\""
-        https://feed.kmein.de/public.php?op=rss&id=-1&is_cat=0&q=&key=${lib.strings.fileContents <secrets/tt-rss/private-rss.key>} "~Starred"
         "query:📥 Unread:unread = \"yes\""
-        " "
       ''} "$@"
     '';
   };

configs/save-space.nix

@@ -7,4 +7,5 @@
   fonts.fontconfig.enable = false;
   nix.gc.automatic = true;
   nix.optimise.automatic = true;
+  services.journald.extraConfig = "SystemMaxUse=500M";
 }

flake.lock

@@ -23,11 +23,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1669510155,
+        "lastModified": 1669825171,
-        "narHash": "sha256-PS2WdRXujfxH9PuH0w8aRmrEQ+Toz3RqGlp0mXQRGio=",
+        "narHash": "sha256-HxlZHSiRGXnWAFbIJMeujqBe2KgACYx5XDRY0EA9P+4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "e999dfe7cba2e1fd59ab135e7496545bd4f82b76",
+        "rev": "478610aa37c8339eacabfa03f07dacf5574edd47",
         "type": "github"
       },
       "original": {
@@ -95,11 +95,11 @@
     "nix-writers": {
       "flake": false,
       "locked": {
-        "lastModified": 1554228333,
+        "lastModified": 1669756621,
-        "narHash": "sha256-hG/PlcCvCQhNcU55NpHfATkyH9k6cZmO7uvBoJjasXU=",
+        "narHash": "sha256-Scg3pf+igUXt/YTO8kxQLBmBqCgGPVt/16DFC8YuA2g=",
         "ref": "refs/heads/master",
-        "rev": "c528cf970e292790b414b4c1c8c8e9d7e73b2a71",
+        "rev": "f65c77bdcc58be2081a0ffbda849289c5191b5e8",
-        "revCount": 32,
+        "revCount": 33,
         "type": "git",
         "url": "https://cgit.krebsco.de/nix-writers"
       },
@@ -110,27 +110,27 @@
     },
     "nixos-stable": {
       "locked": {
-        "lastModified": 1669418739,
+        "lastModified": 1669834992,
-        "narHash": "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=",
+        "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "695b3515251873e0a7e2021add4bba643c56cde3",
+        "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-22.05",
+        "ref": "nixos-22.11",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1669411043,
+        "lastModified": 1669542132,
-        "narHash": "sha256-LfPd3+EY+jaIHTRIEOUtHXuanxm59YKgUacmSzaqMLc=",
+        "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5dc7114b7b256d217fe7752f1614be2514e61bb8",
+        "rev": "a115bb9bd56831941be3776c8a94005867f316a7",
         "type": "github"
       },
       "original": {
@@ -143,11 +143,11 @@
     "recht": {
       "flake": false,
       "locked": {
-        "lastModified": 1664353498,
+        "lastModified": 1669719044,
-        "narHash": "sha256-s1MUaSOkyoAMarB4a1DgMsfVhmhAsLIjtyeT+ZCxOEE=",
+        "narHash": "sha256-WsLWlTM2Hrurj9kVajybIOavV9QPYiJweMCOQR6h+YI=",
         "owner": "kmein",
         "repo": "recht",
-        "rev": "dc2cb407052a53965e6678fd84f0d887f887c11c",
+        "rev": "7c15b13328fb5cee01012c488ff235ee730cac70",
         "type": "github"
       },
       "original": {
@@ -159,11 +159,11 @@
     "retiolum": {
       "flake": false,
       "locked": {
-        "lastModified": 1669363981,
+        "lastModified": 1669921153,
-        "narHash": "sha256-MkcI5WZ1VGmXR9LsX9oTJJLSF36L871lX25jT0Ruklw=",
+        "narHash": "sha256-il4bbuxSU/hXj3dkUcex97vHDuSgBeBaRfoxKS8EeOA=",
         "owner": "krebs",
         "repo": "retiolum",
-        "rev": "a805971ef7e25d2cc1ce8a062e5f72617880402a",
+        "rev": "4679cdd5f0851f22518e7011144f22431e6551c0",
         "type": "github"
       },
       "original": {
@@ -211,11 +211,11 @@
     "stockholm": {
       "flake": false,
       "locked": {
-        "lastModified": 1669306514,
+        "lastModified": 1669756706,
-        "narHash": "sha256-bHhys4UdNC2rvg8RHL3BHR5uXv1Z0jxcQb/V7Wavhfk=",
+        "narHash": "sha256-M4Aj6NoYvS6u/52U+cM4yWdpnbdJQ4k1d4u0yrCUY8Y=",
         "ref": "refs/heads/master",
-        "rev": "dae12b6893a1d28e8bcb1fe3fb9ee8757bbfbed4",
+        "rev": "81b5682c5ff1e36613f844a874e09b897ee13d3e",
-        "revCount": 10963,
+        "revCount": 10973,
         "type": "git",
         "url": "https://cgit.lassul.us/stockholm"
       },

flake.nix

@@ -2,7 +2,7 @@
   description = "niveum: packages, modules, systems";
 
   inputs = {
-    nixos-stable.url = "github:NixOS/nixpkgs/nixos-22.05";
+    nixos-stable.url = "github:NixOS/nixpkgs/nixos-22.11";
     nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
     flake-utils.url = "github:numtide/flake-utils";

systems/makanek/configuration.nix

@@ -10,10 +10,8 @@ in {
     ./gitea.nix
     ./hardware-configuration.nix
     ./hedgedoc.nix
-    ./matterbridge.nix
     ./menstruation.nix
     ./moinbot.nix
-    # ./horoscopy.nix
     ./monitoring
     ./moodle-dl-borsfaye.nix
     ./names.nix

systems/makanek/gitea.nix

@@ -4,10 +4,12 @@ let
 in {
   services.gitea = {
     enable = true;
-    disableRegistration = true;
     rootUrl = domain;
     appName = "code.kmein.de";
-    ssh.clonePort = sshPort;
+    settings = {
+      server.SSH_PORT = sshPort;
+      service.DISABLE_REGISTRATION = true;
+    };
   };
   services.nginx.virtualHosts."code.kmein.de" = {
     forceSSL = true;

systems/makanek/hedgedoc.nix

@@ -27,7 +27,7 @@ in {
 
   services.hedgedoc = {
     enable = true;
-    configuration = {
+    settings = {
       allowOrigin = [domain];
       allowAnonymous = true;
       allowGravatar = false;

systems/makanek/menstruation.nix

@@ -4,7 +4,13 @@
   ...
 }: let
   backend = pkgs.callPackage <menstruation-backend> {};
-  telegram = pkgs.callPackage <menstruation-telegram> {};
+  old-pkgs = import (pkgs.fetchFromGitHub {
+    owner = "NixOs";
+    repo = "nixpkgs";
+    rev = "695b3515251873e0a7e2021add4bba643c56cde3";
+    hash = "sha256-T86oFvcUIRwHWBWUt7WjaP4BP/3lDGbv5AppQSI1FkI=";
+  }) {};
+  telegram = old-pkgs.poetry2nix.mkPoetryApplication {projectDir = <menstruation-telegram>;};
   backendPort = 8000;
 in {
   services.redis.servers.menstruation = {

systems/makanek/monitoring/default.nix

@@ -10,21 +10,40 @@
 in {
   services.grafana = {
     enable = true;
-    domain = "grafana.kmein.r";
+    settings.server = {
-    port = 9444;
+      domain = "grafana.kmein.r";
-    addr = "127.0.0.1";
+      http_port = 9444;
-  };
+      http_addr = "127.0.0.1";
-
-  services.nginx.virtualHosts.${config.services.grafana.domain} = {
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
-      proxyWebsockets = true;
     };
   };
 
+  services.nginx.virtualHosts = {
+    ${config.services.grafana.settings.server.domain} = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
+        proxyWebsockets = true;
+      };
+    };
+    ${lib.removePrefix "http://" config.services.prometheus.alertmanager.webExternalUrl} = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.prometheus.alertmanager.port}";
+        proxyWebsockets = true;
+      };
+    };
+    ${lib.removePrefix "http://" config.services.prometheus.webExternalUrl} = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  services.prometheus.webExternalUrl = "http://prometheus.kmein.r";
+
   niveum.passport.services = [
     {
       title = "Prometheus";
+      link = config.services.prometheus.webExternalUrl;
       description = "collects metrics from devices in the <i>niveum</i> network, blackbox monitors some websites.";
     }
     {
@@ -33,11 +52,12 @@ in {
     }
     {
       title = "Grafana";
-      link = "http://${config.services.grafana.domain}";
+      link = "http://${config.services.grafana.settings.server.domain}";
       description = "displays metrics from devices in the <i>niveum</i> network.";
     }
     {
-      title = "Alertmanager bot";
+      title = "Alertmanager";
+      link = config.services.prometheus.alertmanager.webExternalUrl;
       description = "notifies me when something goes wrong.";
     }
   ];
@@ -143,48 +163,31 @@ in {
     })
   ];
 
-  systemd.services.alertmanager-bot-telegram = {
-    wantedBy = ["multi-user.target"];
-    after = ["ip-up.target"];
-    environment.TELEGRAM_ADMIN = "18980945";
-    environment.TELEGRAM_TOKEN = lib.strings.fileContents <system-secrets/telegram/prometheus.token>;
-    serviceConfig = {
-      Restart = "on-failure";
-      RestartSec = "15s";
-      DynamicUser = true;
-      StateDirectory = "alertbot";
-      ExecStart = ''        ${pkgs.alertmanager-bot-telegram}/bin/alertmanager-bot \
-                --alertmanager.url=http://localhost:9093 --log.level=info \
-                --store=bolt --bolt.path=/var/lib/alertbot/bot.db \
-                --listen.addr="0.0.0.0:16320" \
-                --template.paths=${
-          pkgs.writeText "template.tmpl" ''
-            {{ define "telegram.default" }}
-            {{range .Alerts -}}
-            {{.Status}}: {{ index .Annotations "summary"}}
-            {{end -}}
-            {{end}}
-          ''
-        }'';
-    };
-  };
-
   services.prometheus.alertmanager = {
     enable = true;
     listenAddress = "localhost";
+    webExternalUrl = "http://alertmanager.kmein.r";
     configuration = {
       route = {
         group_wait = "30s";
-        repeat_interval = "4h";
+        repeat_interval = "24h";
-        receiver = "me";
+        receiver = "email";
       };
       receivers = [
         {
-          name = "me";
+          name = "email";
-          webhook_configs = [
+          email_configs = let
+            inherit (import <niveum/lib>) kieran;
+            inherit (import <niveum/lib/email.nix> {inherit lib;}) cock;
+          in [
             {
-              url = "http://localhost:16320";
               send_resolved = true;
+              to = kieran.email;
+              from = cock.user;
+              smarthost = "${cock.smtp}:587";
+              auth_username = cock.user;
+              auth_identity = cock.user;
+              auth_password = cock.password;
             }
           ];
         }
@@ -196,7 +199,7 @@ in {
     {
       scheme = "http";
       path_prefix = "/";
-      static_configs = [{targets = ["localhost:9093"];}];
+      static_configs = [{targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"];}];
     }
   ];
 

systems/makanek/nextcloud.nix

@@ -9,7 +9,7 @@
 in {
   services.nextcloud = {
     enable = true;
-    package = pkgs.nextcloud24;
+    package = pkgs.nextcloud25;
 
     https = true;
 
@@ -20,6 +20,8 @@ in {
 
     hostName = "cloud.xn--kiern-0qa.de";
 
+    phpOptions."opcache.interned_strings_buffer" = "32"; # buffer size in MB
+
     config = {
       overwriteProtocol = "https";
 
@@ -31,6 +33,27 @@ in {
       adminpassFile = passwordFile <system-secrets/nextcloud/admin>;
       adminuser = "admin";
       # extraTrustedDomains = [ "toum.r" ];
+      defaultPhoneRegion = "DE";
+    };
+
+    logLevel = 2;
+
+    extraOptions = let
+      inherit (import <niveum/lib/email.nix> {inherit lib;}) cock;
+      address = builtins.split "@" cock.user;
+    in {
+      defaultapp = "files";
+      mail_smtpmode = "smtp";
+      mail_sendmailmode = "smtp";
+      mail_smtphost = cock.smtp;
+      mail_smtpport = "587";
+      mail_from_address = builtins.elemAt address 0;
+      mail_domain = builtins.elemAt address 2;
+      mail_smtpsecure = "tls";
+      mail_smtpauthtype = "LOGIN";
+      mail_smtpauth = 1;
+      mail_smtpname = cock.user;
+      mail_smtppassword = cock.password;
     };
   };
 

systems/makanek/tt-rss.nix

@@ -12,7 +12,7 @@ in {
     selfUrlPath = "https://${domain}";
     virtualHost = domain;
     registration = {
-      enable = true;
+      enable = false;
       maxUsers = 3;
     };
   };

systems/makanek/urlwatch.nix

@@ -26,19 +26,6 @@
       url = "http://lammla.info/index.php?reihe=30";
       filter = ["html2text" "strip"];
     }
-    {
-      name = "Tatort";
-      url = "https://www.daserste.de/unterhaltung/krimi/tatort/vorschau/index.html";
-      filter = [
-        "html2text"
-        "strip"
-        {
-          shellpipe = ''
-            ${pkgs.gnused}/bin/sed 's/ / /g;s/))/&\n/g;s/ \+/ /g'
-          '';
-        }
-      ];
-    }
     {
       name = "Kratylos";
       url = "https://kratylos.reichert-online.org/current_issue/KRATYLOS";
@@ -49,11 +36,6 @@
       url = "http://www.zeno.org/Lesesaal/M/E-Books";
       filter = [{element-by-class = "zenoCOMain";} "html2text" "strip"];
     }
-    {
-      name = "Arnshaugk Neuerscheinungen";
-      url = "http://www.arnshaugk.de/index.php";
-      filter = ["html2text" "strip"];
-    }
     {
       name = "Carolina Welslau";
       url = "https://carolinawelslau.de/";

systems/zaatar/configuration.nix

@@ -24,7 +24,7 @@ in {
     <niveum/configs/printing.nix>
     <niveum/configs/spacetime.nix>
     <niveum/configs/sshd.nix>
-    <niveum/configs/traadfri.nix>
+    # <niveum/configs/traadfri.nix>
     <niveum/configs/tmux.nix>
     <niveum/configs/wpa_supplicant.nix>
     <niveum/modules/retiolum.nix>