fix(mpv): support only pulse

ci.nix

@@ -69,6 +69,7 @@
       tabula = ensureFiles basic;
       ful = ensureFiles (["root.password"] ++ basic);
       makanek = ensureFiles ([
+          "grafana/admin"
           "irc/retiolum"
           "irc/hackint"
           "irc/libera"

configs/default.nix

@@ -224,7 +224,6 @@ in {
     ./chromium.nix
     ./clipboard.nix
     ./cloud.nix
-    ./compton.nix
     ./direnv.nix
     ./distrobump.nix
     ./docker.nix
@@ -247,6 +246,7 @@ in {
     ./newsboat.nix
     ./flameshot-once.nix
     ./packages.nix
+    ./picom.nix
     ./stardict.nix
     ./polkit.nix
     ./power-action.nix

configs/mpv.nix

@@ -23,6 +23,7 @@ in {
         ytdl-raw-options = lib.concatStringsSep "," [''sub-lang="de,en"'' "write-sub=" "write-auto-sub="];
         screenshot-template = "%F-%wH%wM%wS-%#04n";
         script-opts = "ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp";
+        ao = "pulse"; # no pipewire for me :(
       };
       bindings = {
         "Alt+RIGHT" = "add video-rotate 90";

configs/picom.nix

@@ -3,8 +3,8 @@
     enable = true;
     activeOpacity = 1;
     fade = true;
-    fadeDelta = 10;
-    inactiveOpacity = 0.8;
+    fadeDelta = 5;
+    inactiveOpacity = 0.9;
     shadow = true;
     menuOpacity = 0.9;
     shadowOpacity = 0.3;

configs/ssh.nix

@@ -72,6 +72,8 @@ in {
         hostname = "135.181.85.233";
         user = "root";
       };
+      "cms-dev.woc2023.app".identityFile = sshIdentity "fysiweb";
+      "cms-master.woc2023.app".identityFile = sshIdentity "fysiweb";
       "fysi-dev1" = {
         hostname = "94.130.229.139";
         user = "root";

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "flake-utils": {
       "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "lastModified": 1676283394,
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1675371293,
-        "narHash": "sha256-LrCjtrAXj/WJphhGEMnHgZs7oTsfOlvPfOjFTIvg39k=",
+        "lastModified": 1676367705,
+        "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d1c7730bb707bf8124d997952f7babd2a281ae68",
+        "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5",
         "type": "github"
       },
       "original": {
@@ -110,11 +110,11 @@
     },
     "nixos-stable": {
       "locked": {
-        "lastModified": 1675237434,
-        "narHash": "sha256-YoFR0vyEa1HXufLNIFgOGhIFMRnY6aZ0IepZF5cYemo=",
+        "lastModified": 1676375384,
+        "narHash": "sha256-6HI3jZiuJX+KLz05cocYy2mBAWlISEKHU84ftYfxHZ8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "285b3ff0660640575186a4086e1f8dc0df2874b5",
+        "rev": "c43f676c938662072772339be6269226c77b51b8",
         "type": "github"
       },
       "original": {
@@ -126,11 +126,11 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1675273418,
-        "narHash": "sha256-tpYc4TEGvDzh9uRf44QemyQ4TpVuUbxb07b2P99XDbM=",
+        "lastModified": 1676300157,
+        "narHash": "sha256-1HjRzfp6LOLfcj/HJHdVKWAkX9QRAouoh6AjzJiIerU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4d7c2644dbac9cf8282c0afe68fca8f0f3e7b2db",
+        "rev": "545c7a31e5dedea4a6d372712a18e00ce097d462",
         "type": "github"
       },
       "original": {
@@ -158,11 +158,11 @@
     },
     "retiolum": {
       "locked": {
-        "lastModified": 1675364416,
-        "narHash": "sha256-u7kbHg/cp+GdW55B6V52GG0D9+zWOhmVI2nh/NiMxfw=",
+        "lastModified": 1676473689,
+        "narHash": "sha256-TGQbsiIojBj4DvGhhkI3i2dq9NmU2Vkt+i7Rw2U/BEg=",
         "ref": "refs/heads/master",
-        "rev": "ae5112af96361acc314e1d270d0c9281984fc517",
-        "revCount": 280,
+        "rev": "30152917194d6e54ce68e45b499323356db3ae7c",
+        "revCount": 283,
         "type": "git",
         "url": "https://git.thalheim.io/Mic92/retiolum"
       },
@@ -210,11 +210,11 @@
     "stockholm": {
       "flake": false,
       "locked": {
-        "lastModified": 1675564669,
-        "narHash": "sha256-Fd4wBl9b5Aqt4ctH2vJu/oPvgTOHD+ME8MUEu3oR2tE=",
+        "lastModified": 1676206058,
+        "narHash": "sha256-httLH/By88YYpnfYAEnke2gnLiayMlcznia0aDNqK28=",
         "ref": "refs/heads/master",
-        "rev": "e44fe862f0bedc658aabd1daafb16376f188857e",
-        "revCount": 11353,
+        "rev": "5234e1c7eaf478bc4ebd0edb48547168e91eba02",
+        "revCount": 11364,
         "type": "git",
         "url": "https://cgit.krebsco.de/stockholm"
       },

systems/ful/configuration.nix

@@ -4,10 +4,11 @@
   pkgs,
   ...
 }: let
-  inherit (import <niveum/lib>) kieran retiolumAddresses;
+  inherit (import <niveum/lib>) kieran retiolumAddresses restic;
 in {
   imports = [
     ./hardware-configuration.nix
+    ./matomo.nix
     <niveum/configs/monitoring.nix>
     <niveum/configs/nix.nix>
     <niveum/configs/save-space.nix>
@@ -16,6 +17,19 @@ in {
     <niveum/configs/retiolum.nix>
   ];
 
+  services.restic.backups.niveum = {
+    initialize = true;
+    inherit (restic) repository;
+    timerConfig = {
+      OnCalendar = "daily";
+      RandomizedDelaySec = "1h";
+    };
+    passwordFile = toString <secrets/restic/password>;
+    paths = [
+      config.services.mysqlBackup.location
+    ];
+  };
+
   nix.nixPath = ["/var/src"];
 
   networking = {

systems/ful/matomo.nix

@@ -0,0 +1,42 @@
+{pkgs, ...}: let
+  inherit (import <niveum/lib>) kieran;
+in {
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = kieran.email;
+  };
+
+  services.matomo = {
+    enable = true;
+    hostname = "matomo.kmein.de";
+    nginx = {
+      serverName = "matomo.kmein.de";
+    };
+  };
+
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    ensureDatabases = ["matomo"];
+    ensureUsers = [
+      {
+        name = "matomo";
+        ensurePermissions."matomo.*" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  services.mysqlBackup = {
+    enable = true;
+    databases = ["matomo"];
+  };
+}

systems/makanek/moinbot.nix

@@ -4,13 +4,16 @@
     script = ''
       greeting=$(echo "moin
       oi
-      noim" | shuf -n1)
+      noim
+      MOIN
+      OI
+      moi" | shuf -n1)
       echo "$greeting" | ${pkgs.ircaids}/bin/ircsink \
         --nick "$greeting""bot" \
         --server irc.hackint.org \
         --port 6697 \
         --secure \
-        --target '#hsmr' >/dev/null 2>&1
+        --target '#hsmr-moin' >/dev/null 2>&1
     '';
     serviceConfig.DynamicUser = true;
   };
@@ -18,7 +21,7 @@
   niveum.passport.services = [
     {
       title = "moinbot";
-      description = "greets #hsmr:hackint.org daily.";
+      description = "greets #hsmr-moin:hackint.org daily.";
     }
   ];
 

systems/makanek/weechat.nix

@@ -60,7 +60,7 @@ in {
                 addresses = "irc.hackint.org/6697";
                 ipv6 = true;
                 ssl = true;
-                autojoin = ["#eloop" "#krebs" "#hsmr" "#nixos" "#the_playlist" "#flipdot-berlin" "#hackint"];
+                autojoin = ["#eloop" "#krebs" "#hsmr" "#hsmr-moin" "#nixos" "#the_playlist" "#flipdot-berlin" "#hackint"];
                 sasl_mechanism = "plain";
                 sasl_username = nick;
                 sasl_password = lib.strings.fileContents <system-secrets/irc/hackint>;

systems/zaatar/backup.nix

@@ -44,6 +44,10 @@ in {
         inherit dport protocol;
         source = retiolumAddresses.makanek.ipv4;
       })
+      (firewall.accept {
+        inherit dport protocol;
+        source = retiolumAddresses.ful.ipv4;
+      })
     ];
   in {
     extraCommands = firewall.addRules rules;

systems/zaatar/configuration.nix

@@ -15,7 +15,7 @@ in {
     ./moodle-dl-meinhark.nix
     ./pulseaudio.nix
     ./home-assistant.nix
-    ./tuna.nix
+    ./mpd.nix
     ./grocy.nix
     ./spotifyd.nix
     <niveum/configs/keyboard.nix>

systems/zaatar/mpd.nix

@@ -100,20 +100,6 @@ in {
       })
     ];
 
-  services.tuna = {
-    enable = true;
-    # stationsFile = "/etc/tuna/stations.json";
-    stations = lib.lists.imap0 (id: {
-      desc ? "",
-      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
-      stream,
-      station,
-      ...
-    }: {inherit id desc logo stream station;})
-    streams;
-    webPort = 7044;
-  };
-
   services.ympd = {
     enable = true;
     mpd.port = config.services.mpd.network.port;