feat(tahina): init as guest laptop

2026-03-22 21:01:07 +01:00 · 2022-03-29 00:21:20 +02:00
17 changed files with 160 additions and 492 deletions
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -3,9 +3,7 @@
  lib,
  pkgs,
  ...
-}: let
+}: {
  inherit (import <niveum/lib>) tmpfilesConfig;
 in {
  imports = [
    <niveum/modules/dropbox.nix>
  ];
@@ -14,46 +12,19 @@ in {
    dropbox.enable = false;
  };
-  systemd.tmpfiles.rules = map tmpfilesConfig [
+  system.activationScripts.home-symlinks = ''
-    {
+    ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
-      type = "L+";
+    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
-      user = config.users.users.me.name;
+    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Uni ${config.users.users.me.home}/uni
-      group = "users";
+  '';
      mode = "0755";
      argument = "${config.users.users.me.home}/cloud/Seafile/Wiki";
      path = "${config.users.users.me.home}/notes";
    }
    {
      type = "L+";
      user = config.users.users.me.name;
      group = "users";
      mode = "0755";
      argument = "${config.users.users.me.home}/cloud/Seafile/Uni";
      path = "${config.users.users.me.home}/uni";
    }
    {
      type = "L+";
      user = config.users.users.me.name;
      group = "users";
      mode = "0755";
      argument = "${config.users.users.me.home}/cloud/syncthing/common/mahlzeit";
      path = "${config.users.users.me.home}/mahlzeit";
    }
  ];
  home-manager.users.me = {
    services.gnome-keyring.enable = true;
    services.nextcloud-client = {
      enable = true;
      startInBackground = true;
    };
  };
  systemd.user.services.nextcloud-client = {
    wants = ["gnome-keyring.service"];
    after = ["gnome-keyring.service"];
  };
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "book" ''
      set -efu
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -262,6 +262,5 @@ in {
    ./vscode.nix
    ./watson.nix
    ./zsh.nix
    ./tor.nix
  ];
 }
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -1,53 +1,42 @@
 {pkgs, ...}: {
  nixpkgs.config.joypixels.acceptLicense = true;
  fonts = {
    enableDefaultFonts = true;
    fontDir.enable = true;
    fonts = with pkgs; [
      alegreya
      alegreya-sans
      amiri
      cantarell-fonts
      charis-sil
      corefonts
      crimson
      eb-garamond
      etBook
      fira
      font-awesome-ttf
      gentium
      gfs-fonts
      gyre-fonts
      ia-writer-duospace
      ibm-plex
-      jetbrains-mono
+      inconsolata
-      joypixels
+      iosevka
-      libertinus
+      libertine
      libre-bodoni
      lmodern
      merriweather
      noto-fonts
-      ocr-a
+      noto-fonts-cjk
      noto-fonts-emoji
      roboto
      roboto-mono
      roboto-slab
      scheherazade-new
      source-code-pro
      source-sans-pro
      source-serif-pro
-      theano
+      source-sans-pro
      ubuntu_font_family
      gfs-fonts
      jetbrains-mono
      twemoji-color-font
      joypixels
      tocharian-font
-      vistafonts
+    ];
-      vollkorn
+    fontconfig.defaultFonts = {
-      zilla-slab
+      monospace = ["JetBrains Mono" "JoyPixels"];
-    ]; # google-fonts league-of-moveable-type
+      serif = ["Roboto Slab"];
-    fontconfig.defaultFonts = let
+      sansSerif = ["Roboto" "Noto Sans"];
-      emojiFont = "JoyPixels";
+      emoji = ["JoyPixels"];
    in {
      monospace = ["JetBrains Mono" emojiFont];
      serif = ["Merriweather"];
      sansSerif = ["Cantarell" emojiFont];
      emoji = [emojiFont];
    };
  };
 }
--- a/configs/mpv.nix
+++ b/configs/mpv.nix
@@ -18,7 +18,6 @@ in {
    programs.mpv = {
      enable = true;
      config = {
        ytdl-format = "bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best";
        ytdl-raw-options = lib.concatStringsSep "," [''sub-lang="de,en"'' "write-sub=" "write-auto-sub="];
        screenshot-template = "%F-%wH%wM%wS-%#04n";
      };
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -161,7 +161,7 @@ in {
    scripts.vimv
    scripts.swallow # window swallowing
    scripts.literature-quote
-    jless # less(1) for json
+    scripts.nav # json navigation
    scripts.notetags
    scripts.booksplit
    scripts.dmenurandr
--- a/configs/telegram-bots/astrology.nix
+++ b/configs/telegram-bots/astrology.nix
@@ -42,7 +42,7 @@
  '';
 in {
  niveum.telegramBots.transits = {
-    enable = false;
+    enable = true;
    time = "*:0/1";
    token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
    chatIds = ["-1001796440545"];
--- a/configs/tor.nix
+++ b/configs/tor.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{
  services.tor.enable = true;
-  environment.systemPackages = [pkgs.tor];
+  services.tor.torsocks.enable = true;
 }
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "flake-utils": {
      "locked": {
-        "lastModified": 1649676176,
+        "lastModified": 1648297722,
-        "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
+        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
+        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
        "type": "github"
      },
      "original": {
@@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1649887911,
+        "lastModified": 1647175256,
-        "narHash": "sha256-Af0Ppb1RZ7HWuxUvF0/O7h3cy8tqU2eKFyVwyA1ZD+w=",
+        "narHash": "sha256-7H+veXPM7IwdN1DoZqliwb9sghlN56koV5dnCu1kpsc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "7244c6715cb8f741f3b3e1220a9279e97b2ed8f5",
+        "rev": "a8d00f5c038cf7ec54e7dac9c57b171c1217f008",
        "type": "github"
      },
      "original": {
@@ -62,11 +62,11 @@
    "menstruation-backend": {
      "flake": false,
      "locked": {
-        "lastModified": 1649545504,
+        "lastModified": 1634573652,
-        "narHash": "sha256-TVm3246ML7gWPeGm+bdb+Qo8o/7nve7sQ2hBdCZm3z8=",
+        "narHash": "sha256-FIj8oCOJO+Wqxr2o5MMqIShvzMJud4iUq3o8y4NIRvw=",
        "owner": "kmein",
        "repo": "menstruation.rs",
-        "rev": "d9f3c6d53542fd7c7ed191e37cf4e342d4a47bcb",
+        "rev": "dd405fe2acf32441e8ac56e488e689bb1c4bea82",
        "type": "github"
      },
      "original": {
@@ -109,11 +109,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1649944829,
+        "lastModified": 1647992509,
-        "narHash": "sha256-wjOgLfjCdyoRamMOrVJceeDJk4LvJsQOxBoT3k16/7Q=",
+        "narHash": "sha256-AG40Nt5OWz0LBs5p457emOuwLKOvTtcv/2fUdnEN3Ws=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2f06b87f64bc06229e05045853e0876666e1b023",
+        "rev": "d2caa9377539e3b5ff1272ac3aa2d15f3081069f",
        "type": "github"
      },
      "original": {
@@ -125,11 +125,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1650167080,
+        "lastModified": 1648337267,
-        "narHash": "sha256-sSFOXf1YtX6EIHG5HAh64y6EqJ1/5epcCSq1c8wxCi4=",
+        "narHash": "sha256-8DRg8UDvs63iaIaHEbWG7/lnD9ImQlMNsTZMY3PvFLc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6140c314d5850406dddc78e55dcc8716ea111ee4",
+        "rev": "6de161729c81dc98e844793cc9c8fda29d5ef62a",
        "type": "github"
      },
      "original": {
@@ -194,11 +194,11 @@
    "scripts": {
      "flake": false,
      "locked": {
-        "lastModified": 1650402678,
+        "lastModified": 1648314795,
-        "narHash": "sha256-LkaKJvF09wVHpN5FuJtX0M4vOA/DrO9xUMFI8fMtNeA=",
+        "narHash": "sha256-hGIXkAcGiJnVXnl8kigZpI3VFrLmAr2+yr85hi5JwP0=",
        "owner": "kmein",
        "repo": "scripts",
-        "rev": "adfd4238f7a8f0f894547998cbb04327bad97884",
+        "rev": "d1d525b92a34e55b1ad886807c284106e58716b2",
        "type": "github"
      },
      "original": {
@@ -210,11 +210,11 @@
    "stockholm": {
      "flake": false,
      "locked": {
-        "lastModified": 1650040948,
+        "lastModified": 1648214990,
-        "narHash": "sha256-/4Q2vnl53BQVYQFSZqF512CF6tzIyPHaDy4Yheof8G4=",
+        "narHash": "sha256-rptATGq+jcpL+P+Cr6d3OajV6zYkbHPWlt3aQNZI2TY=",
        "ref": "master",
-        "rev": "92d5eacd6d9e530c4d1ea0dec2652417b0fde78a",
+        "rev": "ae9c0b12710b5361d0d45510eb401eebfc1b3fb0",
-        "revCount": 10516,
+        "revCount": 10497,
        "type": "git",
        "url": "https://cgit.lassul.us/stockholm"
      },
--- a/lib/streams.nix
+++ b/lib/streams.nix
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -7,8 +7,9 @@
  stateLocation = "/var/lib/codimd/state.sqlite";
  nixpkgs-unstable = import <nixpkgs-unstable> {};
  domain = "pad.kmein.de";
  inherit (import <niveum/lib>) tmpfilesConfig;
 in {
  imports = [<stockholm/krebs/3modules/permown.nix>];
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
@@ -48,15 +49,11 @@ in {
    };
  };
-  systemd.tmpfiles.rules = [
+  krebs.permown.${backupLocation} = {
-    (tmpfilesConfig {
+    owner = "codimd";
-      user = "codimd";
+    group = "codimd";
-      group = "codimd";
+    umask = "0002";
-      mode = "0755";
+  };
      type = "d";
      path = backupLocation;
    })
  ];
  systemd.services.hedgedoc-backup = {
    description = "Hedgedoc backup service";
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -238,6 +238,16 @@ in {
        }
      ];
    }
    {
      job_name = "tahina";
      static_configs = [
        {
          targets = [
            "tahina.r:${toString config.services.prometheus.exporters.node.port}"
          ];
        }
      ];
    }
  ];
  services.prometheus.exporters.blackbox = {
--- a/systems/makanek/names.nix
+++ b/systems/makanek/names.nix
@@ -4,8 +4,8 @@
  ...
 }: let
  port = 5703;
-  onomap-src = "${<scripts>}/onomastics-ng";
+  geogen-src = "${<scripts>}/onomastics";
-  onomap = pkgs.haskellPackages.callCabal2nix "onomap" onomap-src {};
+  geogen = pkgs.callPackage geogen-src {};
 in {
  systemd.services.names = {
    wants = ["network-online.target"];
@@ -13,9 +13,12 @@ in {
    description = "Better clone of geogen.stoepel.net";
    serviceConfig = {
      DynamicUser = true;
      ExecStart = "${onomap}/bin/onomap-web";
    };
-    environment.PORT = toString port;
+    script = ''
      cd $(mktemp -d)
      ln -s "${geogen-src}/wsgi.py" wsgi.py
      ${geogen.dependencyEnv}/bin/gunicorn wsgi:app -b :${toString port}
    '';
  };
  services.nginx = {
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -143,11 +143,6 @@ in {
              tags = ["nick_gitlab"];
              regex = "*";
            };
            people = {
              buffer = "irc.*.*";
              tags = map (name: "nick_${name}") ["mod_p[matrix-fli"];
              regex = "*";
            };
          };
        };
        extraCommands = ''/matrix connect nibbana'';
--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -11,22 +11,23 @@ in {
    <niveum/configs/spacetime.nix>
    <niveum/modules/retiolum.nix>
    <niveum/configs/sshd.nix>
    {
      console.keyMap = "de";
      i18n.defaultLocale = "de_DE.UTF-8";
      services.xserver = {
        layout = "de";
        libinput.enable = true;
      };
    }
    {
      nix.nixPath = ["/var/src"];
    }
  ];
  nix.nixPath = ["/var/src"];
  console.keyMap = "de";
  i18n.defaultLocale = "de_DE.UTF-8";
  services.xserver = {
    layout = "de";
    libinput.enable = true;
  };
  users.users.xenos = {
    name = "xenos";
    password = "xenos";
    isNormalUser = true;
    extraGroups = ["networkmanager"];
  };
  services.xserver = {
--- a/systems/tahina/hardware-configuration.nix
+++ b/systems/tahina/hardware-configuration.nix
@@ -26,23 +26,17 @@
    extraModulePackages = [];
  };
-  fileSystems = {
+  fileSystems."/" = {
-    "/" = {
+    device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
-      device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
+    fsType = "xfs";
      fsType = "xfs";
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/9B2F-31E1";
      fsType = "vfat";
    };
  };
-  swapDevices = [
+  fileSystems."/boot" = {
-    {
+    device = "/dev/disk/by-uuid/9B2F-31E1";
-      device = "/swapfile";
+    fsType = "vfat";
-      size = 2048;
+  };
-    }
+
-  ];
+  swapDevices = [];
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -69,15 +69,6 @@ in {
        108283 # Digital Classicist
        109211 # Altlitauisch
        109185 # Etymologie
        # SS 2022
        112606 # Avestisch
        111761 # Griechische Wissenschaftsliteratur
        111515 # H. Furens
        110914 # Apostelgeschichte
        112225 # Gr. Paläographie
        113275 # ALEW
        112783 # Akzent und Silbenstruktur
      ];
      download_submissions = true;
      download_descriptions = true;
--- a/systems/zaatar/tuna.nix
+++ b/systems/zaatar/tuna.nix
@@ -5,7 +5,6 @@
  ...
 }: let
  firewall = (import <niveum/lib>).firewall lib;
  inherit (import <niveum/lib>) tmpfilesConfig;
  streams = import <niveum/lib/streams.nix> {
    di-fm-key = lib.strings.fileContents <secrets/di.fm/key>;
@@ -72,31 +71,13 @@ in {
    extraStopCommands = firewall.removeRules rules;
  };
-  systemd.tmpfiles.rules = let
+  system.activationScripts.mpd-playlists = let
-    tags = lib.lists.unique (lib.concatMap ({tags ? [], ...}: tags) streams);
+    playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
-    tagStreams = tag: lib.filter ({tags ? [], ...}: lib.elem tag tags) streams;
+  in ''
-    makePlaylist = name: streams: pkgs.writeText "${name}.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
+    rm -rf /var/lib/mpd/playlists
-  in
+    install -d /var/lib/mpd/playlists
-    map (tag:
+    ln -sfn "${toString playlistFile}" "/var/lib/mpd/playlists/radio.m3u"
-      tmpfilesConfig {
+  '';
        type = "L+";
        path = "/var/lib/mpd/playlists/${tag}.m3u";
        mode = "0644";
        user = "mpd";
        group = "mpd";
        argument = makePlaylist tag (tagStreams tag);
      })
    tags
    ++ [
      (tmpfilesConfig {
        type = "L+";
        mode = "0644";
        user = "mpd";
        group = "mpd";
        path = "/var/lib/mpd/playlist/all.m3u";
        argument = makePlaylist "all" streams;
      })
    ];
  services.tuna = {
    enable = true;
@@ -106,15 +87,33 @@ in {
      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
      stream,
      station,
      ...
    }: {inherit id desc logo stream station;})
    streams;
-    webPort = 7044;
+    webPort = 8080;
  };
-  services.ympd = {
+  systemd.services.tuna-stations = let
-    enable = true;
+    stations = lib.lists.imap0 (id: {
-    mpd.port = config.services.mpd.network.port;
+      desc ? "",
      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
      stream,
      station,
    }: {inherit id desc logo stream station;})
    streams;
    stationsJson = (pkgs.formats.json {}).generate "stations.json" stations;
  in {
    enable = false;
    wantedBy = ["tuna.service"];
    startAt = "hourly";
    script = ''
      mkdir -p /etc/tuna
      antenne_asb_url=$(
        ${pkgs.curl}/bin/curl -sS 'https://www.caster.fm/widgets/em_player.php?jsinit=true&uid=529295&t=blue&c=' \
          | grep streamUrl \
          | sed ${lib.escapeShellArg "s/^.*'\\([^']*\\)'.*/\\1/"}
      )
      ${pkgs.jq}/bin/jq "map(if .station == \"Antenne ASB\" then .stream |= \"$antenne_asb_url\" else . end)" < ${stationsJson} > /etc/tuna/stations.json
    '';
  };
  services.nginx = {
@@ -126,7 +125,7 @@ in {
    virtualHosts."radio.kmein.r" = {
      basicAuth.dj = password;
      locations."/" = {
-        proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}";
+        proxyPass = "http://127.0.0.1:${toString config.services.tuna.webPort}";
        proxyWebsockets = true;
      };
    };