feat(tahina): init as guest laptop

2026-03-16 18:21:07 +01:00 · 2022-03-29 00:21:20 +02:00
17 changed files with 150 additions and 529 deletions
--- a/configs/cloud.nix
+++ b/configs/cloud.nix
@@ -3,9 +3,7 @@
  lib,
  pkgs,
  ...
-}: let
-  inherit (import <niveum/lib>) tmpfilesConfig;
-in {
+}: {
  imports = [
    <niveum/modules/dropbox.nix>
  ];
@@ -14,35 +12,13 @@ in {
    dropbox.enable = false;
  };

-  systemd.tmpfiles.rules = map tmpfilesConfig [
-    {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = "users";
-      mode = "0755";
-      argument = "${config.users.users.me.home}/cloud/Seafile/Wiki";
-      path = "${config.users.users.me.home}/notes";
-    }
-    {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = "users";
-      mode = "0755";
-      argument = "${config.users.users.me.home}/cloud/Seafile/Uni";
-      path = "${config.users.users.me.home}/uni";
-    }
-    {
-      type = "L+";
-      user = config.users.users.me.name;
-      group = "users";
-      mode = "0755";
-      argument = "${config.users.users.me.home}/cloud/syncthing/common/mahlzeit";
-      path = "${config.users.users.me.home}/mahlzeit";
-    }
-  ];
+  system.activationScripts.home-symlinks = ''
+    ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
+    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
+    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Uni ${config.users.users.me.home}/uni
+  '';

  home-manager.users.me = {
-    services.gnome-keyring.enable = true;
    services.nextcloud-client = {
      enable = true;
      startInBackground = true;
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -262,6 +262,5 @@ in {
    ./vscode.nix
    ./watson.nix
    ./zsh.nix
-    ./tor.nix
  ];
 }
--- a/configs/fonts.nix
+++ b/configs/fonts.nix
@@ -1,53 +1,42 @@
 {pkgs, ...}: {
  nixpkgs.config.joypixels.acceptLicense = true;
+
  fonts = {
    enableDefaultFonts = true;
    fontDir.enable = true;
    fonts = with pkgs; [
      alegreya
      alegreya-sans
-      amiri
-      cantarell-fonts
-      charis-sil
      corefonts
-      crimson
      eb-garamond
-      etBook
      fira
      font-awesome-ttf
-      gentium
-      gfs-fonts
-      gyre-fonts
-      ia-writer-duospace
      ibm-plex
-      jetbrains-mono
-      joypixels
-      libertinus
-      libre-bodoni
+      inconsolata
+      iosevka
+      libertine
      lmodern
-      merriweather
      noto-fonts
-      ocr-a
+      noto-fonts-cjk
+      noto-fonts-emoji
      roboto
      roboto-mono
      roboto-slab
-      scheherazade-new
      source-code-pro
-      source-sans-pro
      source-serif-pro
-      theano
+      source-sans-pro
+      ubuntu_font_family
+      gfs-fonts
+      jetbrains-mono
+      twemoji-color-font
+      joypixels
      tocharian-font
-      vistafonts
-      vollkorn
-      zilla-slab
-    ]; # google-fonts league-of-moveable-type
-    fontconfig.defaultFonts = let
-      emojiFont = "JoyPixels";
-    in {
-      monospace = ["JetBrains Mono" emojiFont];
-      serif = ["Merriweather"];
-      sansSerif = ["Cantarell" emojiFont];
-      emoji = [emojiFont];
+    ];
+    fontconfig.defaultFonts = {
+      monospace = ["JetBrains Mono" "JoyPixels"];
+      serif = ["Roboto Slab"];
+      sansSerif = ["Roboto" "Noto Sans"];
+      emoji = ["JoyPixels"];
    };
  };
 }
--- a/configs/mpv.nix
+++ b/configs/mpv.nix
@@ -18,7 +18,6 @@ in {
    programs.mpv = {
      enable = true;
      config = {
-        ytdl-format = "bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best";
        ytdl-raw-options = lib.concatStringsSep "," [''sub-lang="de,en"'' "write-sub=" "write-auto-sub="];
        screenshot-template = "%F-%wH%wM%wS-%#04n";
      };
--- a/configs/packages.nix
+++ b/configs/packages.nix
@@ -161,7 +161,7 @@ in {
    scripts.vimv
    scripts.swallow # window swallowing
    scripts.literature-quote
-    jless # less(1) for json
+    scripts.nav # json navigation
    scripts.notetags
    scripts.booksplit
    scripts.dmenurandr
--- a/configs/telegram-bots/astrology.nix
+++ b/configs/telegram-bots/astrology.nix
@@ -42,7 +42,7 @@
  '';
 in {
  niveum.telegramBots.transits = {
-    enable = false;
+    enable = true;
    time = "*:0/1";
    token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
    chatIds = ["-1001796440545"];
--- a/configs/tor.nix
+++ b/configs/tor.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{
  services.tor.enable = true;
-  environment.systemPackages = [pkgs.tor];
+  services.tor.torsocks.enable = true;
 }
--- a/flake.lock
+++ b/flake.lock
@@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1648834319,
-        "narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=",
+        "lastModified": 1647175256,
+        "narHash": "sha256-7H+veXPM7IwdN1DoZqliwb9sghlN56koV5dnCu1kpsc=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0",
+        "rev": "a8d00f5c038cf7ec54e7dac9c57b171c1217f008",
        "type": "github"
      },
      "original": {
@@ -62,11 +62,11 @@
    "menstruation-backend": {
      "flake": false,
      "locked": {
-        "lastModified": 1649545504,
-        "narHash": "sha256-TVm3246ML7gWPeGm+bdb+Qo8o/7nve7sQ2hBdCZm3z8=",
+        "lastModified": 1634573652,
+        "narHash": "sha256-FIj8oCOJO+Wqxr2o5MMqIShvzMJud4iUq3o8y4NIRvw=",
        "owner": "kmein",
        "repo": "menstruation.rs",
-        "rev": "d9f3c6d53542fd7c7ed191e37cf4e342d4a47bcb",
+        "rev": "dd405fe2acf32441e8ac56e488e689bb1c4bea82",
        "type": "github"
      },
      "original": {
@@ -109,11 +109,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1649490789,
-        "narHash": "sha256-YrhVxwoofZSx/wLZ4GYET//8vS+uqWX572zvdmP/Etg=",
+        "lastModified": 1647992509,
+        "narHash": "sha256-AG40Nt5OWz0LBs5p457emOuwLKOvTtcv/2fUdnEN3Ws=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c86185d20d708013caf97a6adaa8dc6d72313c75",
+        "rev": "d2caa9377539e3b5ff1272ac3aa2d15f3081069f",
        "type": "github"
      },
      "original": {
@@ -125,11 +125,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1649541735,
-        "narHash": "sha256-JdOywA2jcdGCxNgu0dJA7ZNtaV7sS0HwuZg9YaXd94c=",
+        "lastModified": 1648337267,
+        "narHash": "sha256-8DRg8UDvs63iaIaHEbWG7/lnD9ImQlMNsTZMY3PvFLc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c2b6e029cd1efa0efd37daab89264ef040ae5669",
+        "rev": "6de161729c81dc98e844793cc9c8fda29d5ef62a",
        "type": "github"
      },
      "original": {
@@ -194,11 +194,11 @@
    "scripts": {
      "flake": false,
      "locked": {
-        "lastModified": 1648400983,
-        "narHash": "sha256-I9ADWgUN1orbnXPBW4kulHpv8wkx6C8zsQcg9wphpPg=",
+        "lastModified": 1648314795,
+        "narHash": "sha256-hGIXkAcGiJnVXnl8kigZpI3VFrLmAr2+yr85hi5JwP0=",
        "owner": "kmein",
        "repo": "scripts",
-        "rev": "f5df67a2416d8f05a7dbfea269c44668854c7887",
+        "rev": "d1d525b92a34e55b1ad886807c284106e58716b2",
        "type": "github"
      },
      "original": {
@@ -210,11 +210,11 @@
    "stockholm": {
      "flake": false,
      "locked": {
-        "lastModified": 1649089964,
-        "narHash": "sha256-ybuVI8rnpMyBUoyoIXJ1e3QBMBIOoEgKTiFzIPfzy8A=",
+        "lastModified": 1648214990,
+        "narHash": "sha256-rptATGq+jcpL+P+Cr6d3OajV6zYkbHPWlt3aQNZI2TY=",
        "ref": "master",
-        "rev": "b3833baee96d7bce2c54295110b40c646468a1ff",
-        "revCount": 10500,
+        "rev": "ae9c0b12710b5361d0d45510eb401eebfc1b3fb0",
+        "revCount": 10497,
        "type": "git",
        "url": "https://cgit.lassul.us/stockholm"
      },
--- a/lib/streams.nix
+++ b/lib/streams.nix
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -7,8 +7,9 @@
  stateLocation = "/var/lib/codimd/state.sqlite";
  nixpkgs-unstable = import <nixpkgs-unstable> {};
  domain = "pad.kmein.de";
-  inherit (import <niveum/lib>) tmpfilesConfig;
 in {
+  imports = [<stockholm/krebs/3modules/permown.nix>];
+
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
@@ -48,15 +49,11 @@ in {
    };
  };

-  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
-      user = "codimd";
-      group = "codimd";
-      mode = "0755";
-      type = "d";
-      path = backupLocation;
-    })
-  ];
+  krebs.permown.${backupLocation} = {
+    owner = "codimd";
+    group = "codimd";
+    umask = "0002";
+  };

  systemd.services.hedgedoc-backup = {
    description = "Hedgedoc backup service";
--- a/systems/makanek/monitoring/default.nix
+++ b/systems/makanek/monitoring/default.nix
@@ -238,6 +238,16 @@ in {
        }
      ];
    }
+    {
+      job_name = "tahina";
+      static_configs = [
+        {
+          targets = [
+            "tahina.r:${toString config.services.prometheus.exporters.node.port}"
+          ];
+        }
+      ];
+    }
  ];

  services.prometheus.exporters.blackbox = {
--- a/systems/makanek/weechat.nix
+++ b/systems/makanek/weechat.nix
@@ -143,11 +143,6 @@ in {
              tags = ["nick_gitlab"];
              regex = "*";
            };
-            people = {
-              buffer = "irc.*.*";
-              tags = map (name: "nick_${name}") ["mod_p[matrix-fli"];
-              regex = "*";
-            };
          };
        };
        extraCommands = ''/matrix connect nibbana'';
--- a/systems/tahina/configuration.nix
+++ b/systems/tahina/configuration.nix
@@ -11,22 +11,23 @@ in {
    <niveum/configs/spacetime.nix>
    <niveum/modules/retiolum.nix>
    <niveum/configs/sshd.nix>
+    {
+      console.keyMap = "de";
+      i18n.defaultLocale = "de_DE.UTF-8";
+      services.xserver = {
+        layout = "de";
+        libinput.enable = true;
+      };
+    }
+    {
+      nix.nixPath = ["/var/src"];
+    }
  ];

-  nix.nixPath = ["/var/src"];
-
-  console.keyMap = "de";
-  i18n.defaultLocale = "de_DE.UTF-8";
-  services.xserver = {
-    layout = "de";
-    libinput.enable = true;
-  };
-
  users.users.xenos = {
    name = "xenos";
    password = "xenos";
    isNormalUser = true;
-    extraGroups = ["networkmanager"];
  };

  services.xserver = {
--- a/systems/tahina/hardware-configuration.nix
+++ b/systems/tahina/hardware-configuration.nix
@@ -26,23 +26,17 @@
    extraModulePackages = [];
  };

-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
-      fsType = "xfs";
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/9B2F-31E1";
-      fsType = "vfat";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
+    fsType = "xfs";
  };

-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 2048;
-    }
-  ];
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9B2F-31E1";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];

  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -15,7 +15,6 @@ in {
    ./pulseaudio.nix
    ./home-assistant.nix
    ./tuna.nix
-    ./mympd.nix
    ./grocy.nix
    ./spotifyd.nix
    <home-manager/nixos>
--- a/systems/zaatar/mympd.nix
+++ b/systems/zaatar/mympd.nix
@@ -1,57 +0,0 @@
-{pkgs, ...}: let
-  inherit (import <niveum/lib>) tmpfilesConfig;
-in {
-  systemd.tmpfiles.rules = [
-    (tmpfilesConfig {
-      type = "d";
-      mode = "0755";
-      user = "mympd";
-      group = "mympd";
-      path = "/var/lib/mympd";
-    })
-    (tmpfilesConfig {
-      type = "d";
-      mode = "0755";
-      user = "mympd";
-      group = "mympd";
-      age = "1d";
-      path = "/var/cache/mympd";
-    })
-    (tmpfilesConfig {
-      type = "L+";
-      mode = "0644";
-      user = "mympd";
-      group = "mympd";
-      path = "/var/lib/mympd/config/http_port";
-      argument = pkgs.writeText "port" "8764";
-    })
-    (tmpfilesConfig {
-      type = "L+";
-      mode = "0644";
-      user = "mympd";
-      group = "mympd";
-      path = "/var/lib/mympd/config/ssl";
-      argument = pkgs.writeText "ssl" "false";
-    })
-  ];
-
-  users.users.mympd = {
-    isSystemUser = true;
-    group = "mympd";
-  };
-  users.groups.mympd = {};
-
-  systemd.services.mympd = {
-    wantedBy = ["multi-user.target"];
-    after = ["mpd.service"];
-    script = "${pkgs.mympd}/bin/mympd";
-    environment = {
-      MYMPD_HTTP_PORT = "8764";
-    };
-    serviceConfig = {
-      Restart = "always";
-      User = "mympd";
-      Group = "mympd";
-    };
-  };
-}
--- a/systems/zaatar/tuna.nix
+++ b/systems/zaatar/tuna.nix
@@ -5,7 +5,6 @@
  ...
 }: let
  firewall = (import <niveum/lib>).firewall lib;
-  inherit (import <niveum/lib>) tmpfilesConfig;

  streams = import <niveum/lib/streams.nix> {
    di-fm-key = lib.strings.fileContents <secrets/di.fm/key>;
@@ -72,31 +71,13 @@ in {
    extraStopCommands = firewall.removeRules rules;
  };

-  systemd.tmpfiles.rules = let
-    tags = lib.lists.unique (lib.concatMap ({tags ? [], ...}: tags) streams);
-    tagStreams = tag: lib.filter ({tags ? [], ...}: lib.elem tag tags) streams;
-    makePlaylist = name: streams: pkgs.writeText "${name}.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
-  in
-    map (tag:
-      tmpfilesConfig {
-        type = "L+";
-        path = "/var/lib/mpd/playlists/${tag}.m3u";
-        mode = "0644";
-        user = "mpd";
-        group = "mpd";
-        argument = makePlaylist tag (tagStreams tag);
-      })
-    tags
-    ++ [
-      (tmpfilesConfig {
-        type = "L+";
-        mode = "0644";
-        user = "mpd";
-        group = "mpd";
-        path = "/var/lib/mpd/playlist/all.m3u";
-        argument = makePlaylist "all" streams;
-      })
-    ];
+  system.activationScripts.mpd-playlists = let
+    playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
+  in ''
+    rm -rf /var/lib/mpd/playlists
+    install -d /var/lib/mpd/playlists
+    ln -sfn "${toString playlistFile}" "/var/lib/mpd/playlists/radio.m3u"
+  '';

  services.tuna = {
    enable = true;
@@ -106,15 +87,33 @@ in {
      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
      stream,
      station,
-      ...
    }: {inherit id desc logo stream station;})
    streams;
-    webPort = 7044;
+    webPort = 8080;
  };

-  services.ympd = {
-    enable = true;
-    mpd.port = config.services.mpd.network.port;
+  systemd.services.tuna-stations = let
+    stations = lib.lists.imap0 (id: {
+      desc ? "",
+      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
+      stream,
+      station,
+    }: {inherit id desc logo stream station;})
+    streams;
+    stationsJson = (pkgs.formats.json {}).generate "stations.json" stations;
+  in {
+    enable = false;
+    wantedBy = ["tuna.service"];
+    startAt = "hourly";
+    script = ''
+      mkdir -p /etc/tuna
+      antenne_asb_url=$(
+        ${pkgs.curl}/bin/curl -sS 'https://www.caster.fm/widgets/em_player.php?jsinit=true&uid=529295&t=blue&c=' \
+          | grep streamUrl \
+          | sed ${lib.escapeShellArg "s/^.*'\\([^']*\\)'.*/\\1/"}
+      )
+      ${pkgs.jq}/bin/jq "map(if .station == \"Antenne ASB\" then .stream |= \"$antenne_asb_url\" else . end)" < ${stationsJson} > /etc/tuna/stations.json
+    '';
  };

  services.nginx = {
@@ -126,7 +125,7 @@ in {
    virtualHosts."radio.kmein.r" = {
      basicAuth.dj = password;
      locations."/" = {
-        proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}";
+        proxyPass = "http://127.0.0.1:${toString config.services.tuna.webPort}";
        proxyWebsockets = true;
      };
    };