kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-17 02:31:09 +01:00
Code Releases Activity

Compare commits

base: kfm:nethack
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail
..
compare: kfm:4c84da94041cfb7d99faed7bbdb641b5c8b4c17f
Branches Tags
kfm:master kfm:update_flake_lock_action kfm:nethack kfm:wayland kfm:feature/hass-prometheus kfm:feature/itools kfm:feature/specus kfm:hass-nix-2 kfm:hass-nix kfm:grimm kfm:mympd kfm:tahina kfm:new-krops kfm:flakes kfm:flakes-2 kfm:20.09 kfm:mail

1 Commits
nethack ... 4c84da9404

Author SHA1 Message Date
github-actions[bot]
4c84da9404 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded?narHash=sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus%3D' (2025-04-26)
  → 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1?narHash=sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY%2BD81k%3D' (2025-05-18)
• Updated input 'home-manager':
    'github:nix-community/home-manager/50eee705bbdbac942074a8c120e8194185633675?narHash=sha256-EyXUNSa%2BH%2BYvGVuQJP1nZskXAowxKYp79RNUsNdQTj4%3D' (2025-05-02)
  → 'github:nix-community/home-manager/d5f1f641b289553927b3801580598d200a501863?narHash=sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz%2BAFQF7n9NmNc%3D' (2025-05-19)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/1d3aeb5a193b9ff13f63f4d9cc169fb88129f860?narHash=sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0%3D' (2025-05-06)
  → 'github:NixOS/nixpkgs/2baa12ff69913392faf0ace833bc54bba297ea95?narHash=sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0%3D' (2025-05-21)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/0bb671aaa84205c180ec9122d9aa2f5823b7b2aa?narHash=sha256-JtzH3pV0oqlR9lTccOU5SbAY8PzbEp2lyXKlD/DGdRQ%3D' (2025-05-10)
  → 'github:NixOS/nixpkgs/81e63461fb905af981fcb99057a845a930999eaa?narHash=sha256-p4cM3XaeN7YLMw4dSRCIZwXPxOS1SelqxPBUNs0IF6A%3D' (2025-05-25)
• Updated input 'nur':
    'github:nix-community/NUR/887e5be213778cb047379434b6bb41ad09d9c8db?narHash=sha256-%2BU1n00EyLKzvZlMHK/YGS6OGIYsKfaz4j1qydyyrIRk%3D' (2025-05-10)
  → 'github:nix-community/NUR/d8bccb87461726979bc4fe9facbdfa0739fe24a2?narHash=sha256-AWYa6QSgYbd0YiOecaTyJ78XSHcLI7yljdSpBTQWB%2B8%3D' (2025-05-24)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54?narHash=sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ%2BTCkTRpRc%3D' (2025-05-08)
  → 'github:nixos/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D' (2025-05-23)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/be092436d4c0c303b654e4007453b69c0e33009e?narHash=sha256-GcUWDQUDRYrD34ol90KGUpjbVcOfUNbv0s955jPecko%3D' (2025-05-10)
  → 'github:oxalica/rust-overlay/2221d8d53c128beb69346fa3ab36da3f19bb1691?narHash=sha256-rwFiLLNCwkj9bqePtH1sMqzs1xmohE0Ojq249piMzF4%3D' (2025-05-24)
• Updated input 'stockholm':
    'github:krebs/stockholm/8d0538bf86e4f9df4f5cc358a1760b255be797e9?narHash=sha256-tQZ8sXCU6yvC0ut/%2BezRUSd89Nbyqqn0JVCjYDwcqQA%3D' (2025-02-11)
  → 'github:krebs/stockholm/d4abc837cc7b87b4f23fe48cc306df26e3de7aab?narHash=sha256-i2s6jU%2B8GLKVjhWDyvFYxmXI7A44c9p6apPPyKt0ETk%3D' (2025-05-13)
• Updated input 'stockholm/buildbot-nix':
    'github:Mic92/buildbot-nix/c077f430f3717d41bb303d031398058665315166?narHash=sha256-T9THCbnlj4CkKbTP%2BlisA5PUMoTXE7uh4FyDQzui%2Bdc%3D' (2025-01-26)
  → 'github:Mic92/buildbot-nix/7ad9b4886eccb5eecc0686a16266ddabf6cbefe9?narHash=sha256-mRnIdJLP%2B0NSim9ao30ue0Z3ttSuxzXwQG7UN1KuKfU%3D' (2025-05-07)
• Updated input 'stockholm/buildbot-nix/flake-parts':
    'github:hercules-ci/flake-parts/b905f6fc23a9051a6e1b741e1438dbfc0634c6de?narHash=sha256-%2Bhu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU%3D' (2025-01-06)
  → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5?narHash=sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY%3D' (2025-04-01)
• Updated input 'stockholm/buildbot-nix/hercules-ci-effects':
    'github:hercules-ci/hercules-ci-effects/afd0a42e8c61ebb56899315ee4084a8b2e4ff425?narHash=sha256-JTBWmyGf8K1Rwb%2BgviHIUzRJk/sITtT%2B72HXFkTZUjo%3D' (2025-01-15)
  → 'github:hercules-ci/hercules-ci-effects/5b6cec51c9ec095a0d3fd4c8eeb53eb5c59ae33e?narHash=sha256-1Z4WPGVky4w3lrhrgs89OKsLzPdtkbi1bPLNFWsoLfY%3D' (2025-04-15)
• Updated input 'stockholm/buildbot-nix/treefmt-nix':
    'github:numtide/treefmt-nix/f2cc121df15418d028a59c9737d38e3a90fbaf8f?narHash=sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo%3D' (2025-01-21)
  → 'github:numtide/treefmt-nix/29ec5026372e0dec56f890e50dbe4f45930320fd?narHash=sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4%3D' (2025-05-02)
• Updated input 'stockholm/nixpkgs':
    'github:NixOS/nixpkgs/852ff1d9e153d8875a83602e03fdef8a63f0ecf8?narHash=sha256-Zf0hSrtzaM1DEz8//%2BXs51k/wdSajticVrATqDrfQjg%3D' (2025-01-26)
  → 'github:NixOS/nixpkgs/d89fc19e405cb2d55ce7cc114356846a0ee5e956?narHash=sha256-3e%2BAVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ%3D' (2025-05-10)
• Updated input 'stylix':
    'github:danth/stylix/20ace60f9cb5e179cb2256abaee505780df8e804?narHash=sha256-O8rZjqJUIkUva66XTOZy0wcgfBP2eaxU9%2BXt7ZHtfhI%3D' (2025-05-01)
  → 'github:danth/stylix/66f554e4e32d804bcf2c007a7b7efef04a3773b0?narHash=sha256-DYdmj22ZvkN5x9/VtdV5Wnze%2BUaPuboYraCPnOWn6u4%3D' (2025-05-20)
 2025-05-25 01:10:26 +00:00
106 changed files with 2499 additions and 1588 deletions
Expand all files Collapse all files

2
.github/workflows/niveum.yml vendored
View File

@@ -7,7 +7,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
system: [makanek,manakish,kabsa,zaatar,ful,fatteh]
system: [makanek,manakish,kabsa,zaatar,ful,fatteh,kibbeh]
steps:
- uses: actions/checkout@v3
- name: Install QEMU (ARM)

2
README.md
View File

@@ -1,7 +1,5 @@
# niveum
> I must Create a System, or be enslav'd by another Man's. —William Blake
> [nĭvĕus](https://logeion.uchicago.edu/niveus), a, um, adj. [nix], _of_ or _from snow, snowy, snow-_ (poet.)
>
> 1. Lit.: aggeribus niveis informis, Verg. G. 3, 354: aqua, _cooled with snow_, Mart. 12, 17, 6; cf. id. 14, 104 and 117: mons, _covered with snow_, Cat. 64, 240.—

2
configs/admin-essentials.nix
View File

@@ -4,7 +4,7 @@
lib,
...
}: let
darwin = lib.strings.hasSuffix "-darwin" pkgs.stdenv.hostPlatform.system;
darwin = lib.strings.hasSuffix "-darwin" pkgs.system;
in {
environment.systemPackages =
[

25
configs/aerc.nix
View File

@@ -8,14 +8,14 @@
inherit (import ../lib/email.nix) defaults thunderbirdProfile;
in {
age.secrets = {
email-password-ical-ephemeris = {
file = ../secrets/email-password-ical-ephemeris.age;
email-password-cock = {
file = ../secrets/email-password-cock.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
email-password-cock = {
file = ../secrets/email-password-cock.age;
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
@@ -92,17 +92,16 @@ in {
smtp.port = 25;
smtp.tls.useStartTls = true;
};
ical-ephemeris =
letos =
lib.recursiveUpdate defaults
rec {
userName = "ical.ephemeris@web.de";
realName = "Kieran from iCal Ephemeris";
address = userName;
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-ical-ephemeris.path}";
imap.host = "imap.web.de";
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "smtp.web.de";
smtp.port = 587;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
posteo =

50
configs/alacritty.nix
View File

@@ -1,8 +1,58 @@
{
pkgs,
lib,
config,
...
}: let
alacritty-cfg = theme:
(pkgs.formats.yaml {}).generate "alacritty.yml" {
bell = {
animation = "EaseOut";
duration = 100;
color = "#ffffff";
};
font = {
normal.family = "Monospace";
size = 6;
};
live_config_reload = true;
key_bindings = [
{
key = "Plus";
mods = "Control";
action = "IncreaseFontSize";
}
{
key = "Minus";
mods = "Control";
action = "DecreaseFontSize";
}
{
key = "Key0";
mods = "Control";
action = "ResetFontSize";
}
];
colors = let
colourNames = ["black" "red" "green" "yellow" "blue" "magenta" "cyan" "white"];
colourPairs = lib.getAttrs colourNames theme;
in {
primary = {inherit (theme) background foreground;};
cursor = {inherit (theme) cursor;};
normal = lib.mapAttrs (_: colour: colour.dark) colourPairs;
bright = lib.mapAttrs (_: colour: colour.bright) colourPairs;
};
};
alacritty-pkg = pkgs.symlinkJoin {
name = "alacritty";
paths = [
(pkgs.writers.writeDashBin "alacritty" ''
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml msg create-window "$@" ||
${pkgs.alacritty}/bin/alacritty --config-file /var/theme/config/alacritty.yml "$@"
'')
pkgs.alacritty
];
};
in {
environment.variables.TERMINAL = "alacritty";

2
configs/bash.nix
View File

@@ -5,6 +5,6 @@
interactiveShellInit = ''
set -o vi
'';
completion.enable = true;
enableCompletion = true;
};
}

12
configs/bots/autorenkalender.nix
View File

@@ -1,9 +1,17 @@
{
pkgs,
lib,
config,
inputs,
...
}: let
autorenkalender = inputs.autorenkalender.packages.x86_64-linux.default;
autorenkalender-package = pkgs.fetchFromGitHub {
owner = "kmein";
repo = "autorenkalender";
rev = "cf49a7b057301332d980eb47042a626add93db66";
sha256 = "1pa7sjg33vdnjianrqldv445jdzzv3mn231ljk1j58hs0cd505gs";
};
autorenkalender =
pkgs.python3Packages.callPackage autorenkalender-package {};
in {
niveum.bots.autorenkalender = {
enable = true;

6
configs/bots/default.nix
View File

@@ -17,15 +17,11 @@ in {
./hesychius.nix
./smyth.nix
./nachtischsatan.nix
# ./tlg-wotd.nix TODO reenable
./tlg-wotd.nix
./celan.nix
./nietzsche.nix
];
age.secrets = {
telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
};
systemd.tmpfiles.rules = map (path:
tmpfilesConfig {
type = "d";

20
configs/bots/smyth.nix
View File

@@ -20,31 +20,15 @@
command = toString (pkgs.writers.writeDash "random-smyth" ''
set -efu
good_curl() {
${pkgs.curl}/bin/curl "$@" \
--compressed \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en-US,en;q=0.5' \
-H 'DNT: 1' \
-H 'Connection: keep-alive' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'Sec-Fetch-Dest: document' \
-H 'Sec-Fetch-Mode: navigate' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'Priority: u=0, i' \
-H 'Pragma: no-cache' \
-H 'Cache-Control: no-cache'
}
RANDOM_SECTION=$(
good_curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
${pkgs.curl}/bin/curl -sSL http://www.perseus.tufts.edu/hopper/xmltoc?doc=Perseus%3Atext%3A1999.04.0007%3Asmythp%3D1 \
| ${pkgs.gnugrep}/bin/grep -o 'ref="[^"]*"' \
| ${pkgs.coreutils}/bin/shuf -n1 \
| ${pkgs.gnused}/bin/sed 's/^ref="//;s/"$//'
)
url="http://www.perseus.tufts.edu/hopper/text?doc=$RANDOM_SECTION"
good_curl -sSL "$url"\
${pkgs.curl}/bin/curl -sSL "$url"\
| ${pkgs.htmlq}/bin/htmlq '#text_main' \
| ${pkgs.gnused}/bin/sed 's/<\/\?hr>//g' \
| ${pkgs.pandoc}/bin/pandoc -f html -t plain --wrap=none

9
configs/bots/tlg-wotd.nix
View File

@@ -3,14 +3,11 @@
lib,
config,
niveumPackages,
unstablePackages,
...
}: let
mastodonEndpoint = "https://social.krebsco.de";
in {
systemd.services.bot-tlg-wotd = {
# TODO reenable
# once https://github.com/NixOS/nixpkgs/pull/462893 is in stable NixOS
enable = true;
wants = ["network-online.target"];
startAt = "9:30";
@@ -45,8 +42,9 @@ in {
#ancientgreek #classics #wotd #wordoftheday
transliteration=$(${pkgs.writers.writePython3 "translit.py" {
libraries = py: [ py.cltk ];
transliteration=$(${pkgs.writers.makePythonWriter pkgs.python311 pkgs.python311Packages pkgs.python3Packages "translit.py" {
# revert to pkgs.writers.writePython3 once https://github.com/NixOS/nixpkgs/pull/353367 is merged
libraries = [ pkgs.python311Packages.cltk ];
} ''
import sys
from cltk.phonology.grc.transcription import Transcriber
@@ -151,6 +149,7 @@ in {
};
age.secrets = {
telegram-token-kmein.file = ../../secrets/telegram-token-kmein.age;
mastodon-token-tlgwotd.file = ../../secrets/mastodon-token-tlgwotd.age;
};

7
configs/browser.nix
View File

@@ -6,9 +6,8 @@
}: {
environment.systemPackages = [
niveumPackages.cro
pkgs.tor-browser
pkgs.tor-browser-bundle-bin
pkgs.firefox
pkgs.brave
];
home-manager.users.me = {
@@ -82,9 +81,5 @@
};
};
home-manager.users.me = {
stylix.targets.firefox.profileNames = ["default"];
};
environment.variables.BROWSER = "firefox";
}

13
configs/default.nix
View File

@@ -3,6 +3,7 @@
lib,
config,
niveumPackages,
unstablePackages,
inputs,
...
}:
@@ -26,6 +27,9 @@ in
dmenu = pkgs.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
};
permittedInsecurePackages = [
"qtwebkit-5.212.0-alpha4"
"zotero-6.0.26"
"electron-25.9.0"
];
};
};
@@ -102,7 +106,7 @@ in
zathura = swallow "${pkgs.zathura}/bin/zathura";
im = "${pkgs.openssh}/bin/ssh weechat@makanek -t tmux attach-session -t IM";
yt = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -ic"; # Download video link
yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic"; # Download with audio
yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata --audio-format opus --audio-quality 0 -xic"; # Download with audio
};
}
{
@@ -135,6 +139,7 @@ in
};
};
}
{ programs.command-not-found.enable = true; }
{
programs.gnupg = {
agent = {
@@ -210,12 +215,13 @@ in
./direnv.nix
./docker.nix
./dunst.nix
./flix.nix
./fonts.nix
./fzf.nix
./git.nix
./hledger.nix
./htop.nix
./uni.nix
./fu-berlin.nix
./i3.nix
./i3status-rust.nix
./keyboard.nix
@@ -230,8 +236,8 @@ in
./nix.nix
./newsboat.nix
./flameshot.nix
./fritzbox.nix
./packages.nix
./virtualization.nix
./picom.nix
./stardict.nix
./polkit.nix
@@ -256,6 +262,7 @@ in
'';
}
./tor.nix
./stw-berlin.nix
./mastodon-bot.nix
{
fileSystems."${remoteDir}/fritz" = {

2
configs/flameshot.nix
View File

@@ -15,7 +15,7 @@
showHelp = false;
squareMagnifier = true;
uploadWithoutConfirmation = true;
# buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
buttons = ''@Variant(\0\0\0\x7f\0\0\0\vQList<int>\0\0\0\0\x10\0\0\0\x2\0\0\0\x5\0\0\0\x13\0\0\0\xa\0\0\0\x1\0\0\0\xc\0\0\0\xd\0\0\0\x6\0\0\0\x8\0\0\0\0\0\0\0\xf\0\0\0\x4\0\0\0\xb\0\0\0\x3\0\0\0\x12\0\0\0\x9)'';
};
};
};

98
configs/flix.nix Normal file
View File

@@ -0,0 +1,98 @@
{
config,
pkgs,
...
}: let
flixLocation = "/media/flix";
flixLocationNew = "/media/flix-new";
cacheLocation = "/var/cache/flix";
indexFilename = "index";
indexFilenameNew = "index-new";
flixUser = "flix";
flixGroup = "users";
inherit (import ../lib) tmpfilesConfig;
in {
fileSystems.${flixLocation} = {
device = "prism.r:/export/download";
fsType = "nfs";
options = [
"noauto"
"noatime"
"nodiratime"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
"x-systemd.requires=tinc.retiolum.service"
"user"
"_netdev"
];
};
fileSystems.${flixLocationNew} = {
device = "//yellow.r/public";
fsType = "cifs";
options = [
"guest"
"nofail"
"noauto"
"ro"
"x-systemd.automount"
"x-systemd.device-timeout=1"
"x-systemd.idle-timeout=1min"
];
};
systemd.tmpfiles.rules = [
(tmpfilesConfig {
type = "d";
path = cacheLocation;
mode = "0750";
user = flixUser;
group = flixGroup;
})
];
systemd.services.flix-index = {
description = "Flix indexing service";
wants = ["network-online.target"];
script = ''
cp ${flixLocation}/index ./${indexFilename}
cp ${flixLocationNew}/index ./${indexFilenameNew}
'';
startAt = "hourly";
serviceConfig = {
Type = "oneshot";
User = flixUser;
Group = flixGroup;
WorkingDirectory = cacheLocation;
};
};
users.extraUsers.${flixUser} = {
isSystemUser = true;
createHome = true;
home = cacheLocation;
group = flixGroup;
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "mpv-simpsons" ''
set -efu
cd "${flixLocation}/download"
[ -f "${cacheLocation}/${indexFilename}" ] || exit 1
cat "${cacheLocation}/${indexFilename}" \
| ${pkgs.gnugrep}/bin/grep -i 'simpsons.*mkv' \
| shuf \
| ${pkgs.findutils}/bin/xargs -d '\n' ${pkgs.mpv}/bin/mpv
'')
(pkgs.writers.writeDashBin "flixmenu" ''
set -efu
(
${pkgs.gnused}/bin/sed 's#^\.#${flixLocation}#' ${cacheLocation}/${indexFilename}
${pkgs.gnused}/bin/sed 's#^\.#${flixLocationNew}#' ${cacheLocation}/${indexFilenameNew}
) | ${pkgs.dmenu}/bin/dmenu -i -p flix -l 5 "$@" \
| ${pkgs.findutils}/bin/xargs -I '{}' ${pkgs.util-linux}/bin/setsid ${pkgs.xdg-utils}/bin/xdg-open '{}'
'')
];
}

12
configs/fonts.nix
View File

@@ -24,6 +24,11 @@
url = "https://github.com/MKilani/Djehuty/archive/master.zip";
sha256 = "sha256-S3vZxdeBj57KJsF+zaZw7sQw8T+z1aVC2CnpnZ0/x2c=";
};
brill = zip-font "Brill" {
url = "https://brill.com/fileasset/The_Brill_Typeface_Package_v_4_0.zip";
stripRoot = false;
hash = "sha256-ugmEIkeBzD/4C9wkVfbctEtnzI8Kw+YD6KGcbk4BAf4=";
};
antinoou = zip-font "Antinoou" {
url = "https://www.evertype.com/fonts/coptic/AntinoouFont.zip";
sha256 = "0jwihj08n4yrshcx07dnaml2x9yws6dgyjkvg19jqbz17drbp3sw";
@@ -87,7 +92,7 @@ in {
newGardiner
junicode
koineGreek
# brill
brill
ezra-sil
fira
font-awesome
@@ -102,12 +107,11 @@ in {
lmodern
merriweather
ocr-a
montserrat
roboto
roboto-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-emoji
roboto-slab
scheherazade-new
source-code-pro
@@ -115,7 +119,7 @@ in {
source-serif-pro
theano
niveumPackages.tocharian-font
vista-fonts
vistafonts
vollkorn
zilla-slab
]; # google-fonts league-of-moveable-type

19
configs/fritzbox.nix Normal file
View File

@@ -0,0 +1,19 @@
{ config, ... }:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wg-quick.interfaces.aether = {
autostart = false;
dns = ["192.168.178.1" "fritz.box"];
listenPort = 51820;
privateKeyFile = config.age.secrets.wireguard-aether-key.path;
peers = [
{
allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
persistentKeepalive = 25;
presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
}
];
};
}

86
configs/uni.nix → configs/fu-berlin.nix
View File

@@ -30,19 +30,7 @@ in {
};
};
accounts.email.accounts = {
letos =
lib.recursiveUpdate defaults
{
userName = "slfletos";
address = "letos.sprachlit@hu-berlin.de";
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-letos.path}";
imap.host = "mailbox.cms.hu-berlin.de";
imap.port = 993;
smtp.host = "mailhost.cms.hu-berlin.de";
smtp.port = 25;
smtp.tls.useStartTls = true;
};
fu =
fu-student =
lib.recursiveUpdate defaults
(lib.recursiveUpdate fu-defaults
rec {
@@ -50,6 +38,21 @@ in {
address = "kieran.meinhardt@fu-berlin.de";
aliases = ["${userName}@fu-berlin.de"];
passwordCommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets.email-password-meinhak99.path}";
aerc.extraAccounts.signature-file = toString (pkgs.writeText "signature" signature.text);
signature = {
showSignature = "append";
text = ''
${defaults.realName}
${pronouns}
---
Studentische Hilfskraft / ZODIAC
Freie Universität Berlin
Telefon: +49 30 838 58118
Arnimallee 10, Raum 106, 14195 Berlin
'';
};
himalaya = {
enable = true;
settings.backend = "imap";
@@ -65,12 +68,6 @@ in {
group = config.users.users.me.group;
mode = "400";
};
email-password-letos = {
file = ../secrets/email-password-letos.age;
owner = config.users.users.me.name;
group = config.users.users.me.group;
mode = "400";
};
fu-sftp-key = {
file = ../secrets/fu-sftp-key.age;
owner = "root";
@@ -113,31 +110,24 @@ in {
];
};
};
in home-directory-mount "meinhak99";
in {
"${remoteDir}/fu/zodiac" = {
device = "//trove.storage.fu-berlin.de/GESCHKULT";
fsType = "cifs";
options =
fu-berlin-cifs-options
++ [
"credentials=${config.age.secrets.cifs-credentials-zodiac.path}"
];
};
} // home-directory-mount "meinhak99"
// home-directory-mount "xm7234fu";
age.secrets = {
cifs-credentials-zodiac.file = ../secrets/cifs-credentials-zodiac.age;
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "hu-vpn-split" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-split.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@split_tunnel
''
}
'')
(pkgs.writers.writeDashBin "hu-vpn-full" ''
${pkgs.openfortivpn}/bin/openfortivpn \
--password="$(cat "${config.age.secrets.email-password-letos.path}")" \
--config=${
pkgs.writeText "hu-berlin-full.config" ''
host = forti-ssl.vpn.hu-berlin.de
port = 443
username = slfletos@tunnel_all
''
}
'')
(pkgs.writers.writeDashBin "fu-vpn" ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
@@ -148,4 +138,16 @@ in {
fi
'')
];
systemd.services.fu-vpn = {
enable = false;
wants = ["network-online.target"];
serviceConfig.LoadCredential = "password:${config.age.secrets.email-password-meinhak99.path}";
script = ''
if ${pkgs.wirelesstools}/bin/iwgetid | ${pkgs.gnugrep}/bin/grep --invert-match eduroam
then
cat "$CREDENTIALS_DIRECTORY/password" | ${pkgs.openconnect}/bin/openconnect vpn.fu-berlin.de --user ${username} --passwd-on-stdin
fi
'';
};
}

13
configs/gaming.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.zeroad
pkgs.mari0
pkgs.luanti # fka minetest
];
networking.firewall = {
# for 0ad multiplayer
allowedTCPPorts = [ 20595 ];
allowedUDPPorts = [ 20595 ];
};
}

24
configs/git.nix
View File

@@ -17,6 +17,7 @@ in {
pkgs.gitstats
pkgs.patch
pkgs.patchutils
inputs.self.packages.${pkgs.system}.git-preview
];
environment.shellAliases = {
@@ -28,7 +29,9 @@ in {
programs.git = {
enable = true;
package = pkgs.gitFull;
settings.alias = {
userName = kieran.name;
userEmail = kieran.email;
aliases = {
br = "branch";
co = "checkout";
ci = "commit";
@@ -42,12 +45,19 @@ in {
graph = "log --graph --abbrev-commit --decorate --date=relative --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(bold yellow)%d%C(reset)' --all";
};
ignores = ignorePaths;
settings.user.name = kieran.name;
settings.user.email = kieran.email;
settings.pull.ff = "only";
settings.rebase.autoStash = true;
settings.merge.autoStash = true;
settings.push.autoSetupRemove = true;
extraConfig = {
pull.ff = "only";
rebase.autoStash = true;
merge.autoStash = true;
push.autoSetupRemote = true;
# # ref https://github.com/dandavison/delta
# core.pager = "${pkgs.delta}/bin/delta";
# interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
# delta.navigate = true;
# merge.conflictStyle = "diff3";
# diff.colorMoved = "default";
};
};
};
}

51
configs/i3.nix
View File

@@ -94,7 +94,7 @@ in {
services.xserver = {
windowManager.i3 = {
enable = true;
package = pkgs.i3;
package = pkgs.i3-gaps;
};
};
@@ -113,7 +113,6 @@ in {
'';
};
home-manager.users.me = let
modifier = "Mod4";
infoWorkspace = "";
@@ -132,7 +131,7 @@ in {
border = 1;
};
bars = [
(config.home-manager.users.me.stylix.targets.i3.exportedBarConfig
(config.home-manager.users.me.lib.stylix.i3.bar
// rec {
workspaceButtons = true;
mode = "hide"; # "dock";
@@ -270,7 +269,32 @@ in {
# XF86Launch1 (thinkvantage)
};
in {
stylix.targets.i3.enable = true;
wayland.windowManager.sway = {
enable = true;
config = {
menu = "rofi -modi run,ssh,window -show run";
inherit modifier modes gaps bars floating window colors keybindings;
input = {
"*" = {
xkb_layout = "de";
xkb_variant = "T3";
};
};
terminal = (defaultApplications pkgs).terminal;
up = "k";
down = "j";
left = "h";
right = "l";
seat = {
"*" = {
hide_cursor = "when-typing enable";
};
};
startup = [
{command = "echo hello";}
];
};
};
xsession.windowManager.i3 = {
enable = true;
@@ -287,9 +311,19 @@ in {
assign [class="dashboard"] ${infoWorkspace}
exec ${dashboard}/bin/dashboard
'';
config = {
inherit modifier gaps modes bars floating window colors;
keybindings = keybindings // {
config = lib.mkMerge [
{
inherit modifier gaps modes bars floating window colors keybindings;
}
{
keybindings = let
new-workspace = pkgs.writers.writeDash "new-workspace" ''
i3-msg workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
move-to-new-workspace = pkgs.writers.writeDash "new-workspace" ''
i3-msg move container to workspace $(($(i3-msg -t get_workspaces | tr , '\n' | grep '"num":' | cut -d : -f 2 | sort -rn | head -1) + 1))
'';
in {
"${modifier}+ß" = "exec ${niveumPackages.menu-calc}/bin/=";
"${modifier}+F6" = "exec ${pkgs.xorg.xkill}/bin/xkill";
"${modifier}+F9" = "exec ${pkgs.redshift}/bin/redshift -O 4000 -b 0.85";
@@ -300,7 +334,8 @@ in {
# "${modifier}+x" = "exec ${new-workspace}";
"XF86Display" = "exec ${niveumPackages.dmenu-randr}/bin/dmenu-randr";
};
};
}
];
};
};
}

96
configs/keyboard.nix
View File

@@ -2,63 +2,27 @@
pkgs,
lib,
...
}:
let
}: let
commaSep = builtins.concatStringsSep ",";
xkbOptions = [
"compose:caps"
"terminate:ctrl_alt_bksp"
"grp:ctrls_toggle"
];
xkbOptions = ["compose:caps" "terminate:ctrl_alt_bksp" "grp:ctrls_toggle"];
languages = {
deutsch = {
code = "de";
variant = "T3";
};
greek = {
code = "gr";
variant = "polytonic";
};
russian = {
code = "ru";
variant = "phonetic";
};
arabic = {
code = "ara";
variant = "buckwalter";
}; # ../lib/keyboards/arabic;
deutsch = { code = "de"; variant = "T3"; };
greek = { code = "gr"; variant = "polytonic"; };
russian = { code = "ru"; variant = "phonetic"; };
arabic = { code = "ara"; variant = "buckwalter"; }; # ../lib/keyboards/arabic;
coptic = ../lib/keyboards/coptic;
avestan = ../lib/keyboards/avestan;
gothic = ../lib/keyboards/gothic;
farsi = {
code = "ir";
variant = "qwerty";
};
syriac = {
code = "sy";
variant = "syc_phonetic";
};
sanskrit = {
code = "in";
variant = "san-kagapa";
};
gujarati = {
code = "in";
variant = "guj-kagapa";
};
urdu = {
code = "in";
variant = "urd-phonetic";
};
hebrew = {
code = "il";
variant = "phonetic";
};
farsi = { code = "ir"; variant = "qwerty"; };
syriac = { code = "sy"; variant = "syc_phonetic"; };
sanskrit = { code = "in"; variant = "san-kagapa"; };
gujarati = {code = "in"; variant = "guj-kagapa"; };
urdu = {code = "in"; variant = "urd-phonetic"; };
hebrew = {code = "il"; variant = "phonetic";};
};
defaultLanguage = languages.deutsch;
in
{
in {
services.libinput.enable = true;
# man 7 xkeyboard-config
@@ -77,8 +41,7 @@ in
lib.mapAttrsToList (name: value: {
name = "symbols/${name}";
path = value;
}) (lib.filterAttrs (_: value: !(value ? "code")) languages)
++ [
}) (lib.filterAttrs (_: value: !(value ? "code")) languages) ++ [
{
name = "symbols/ir";
path = ../lib/keyboards/farsi;
@@ -91,40 +54,25 @@ in
environment.etc."x11-locale".source = toString pkgs.xorg.libX11 + "share/X11/locale";
home-manager.users.me = {
home.file =
lib.mapAttrs' (name: path: lib.nameValuePair ".xkb/symbols/${name}" { source = path; })
(lib.filterAttrs (_: value: !(value ? "code")) languages) // {
".xkb/symbols/ir".source = ../lib/keyboards/farsi;
};
};
console.keyMap = "de";
environment.systemPackages = lib.mapAttrsToList (
language: settings:
environment.systemPackages =
lib.mapAttrsToList
(language: settings:
let
code = if settings ? "code" then settings.code else language;
variant = if settings ? "variant" then settings.variant else "";
in
pkgs.writers.writeDashBin "kb-${language}" ''
if [ -z $SWAYSOCK ]; then
${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${
toString (map (option: "-option ${option}") xkbOptions)
}
else
swaymsg -s $SWAYSOCK 'input * xkb_layout "${defaultLanguage.code},${code}"'
swaymsg -s $SWAYSOCK 'input * xkb_variant "${defaultLanguage.variant},${variant}"'
swaymsg -s $SWAYSOCK 'input * xkb_options "${lib.concatStringsSep "," xkbOptions}"'
fi
''
) languages;
pkgs.writers.writeDashBin "kb-${language}" ''
${pkgs.xorg.setxkbmap}/bin/setxkbmap ${defaultLanguage.code},${code} ${defaultLanguage.variant},${variant} ${toString (map (option: "-option ${option}") xkbOptions)}
'')
languages;
# improve held key rate
services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";
systemd.user.services.gxkb = {
wantedBy = [ "graphical-session.target" ];
wantedBy = ["graphical-session.target"];
serviceConfig = {
SyslogIdentifier = "gxkb";
ExecStart = "${pkgs.gxkb}/bin/gxkb";

2
configs/mpv.nix
View File

@@ -37,7 +37,7 @@ in {
};
scripts = [
pkgs.mpvScripts.quality-menu
pkgs.mpvScripts.visualizer
niveumPackages.mpv-visualizer
];
};
};

9
configs/neovim.nix
View File

@@ -37,8 +37,8 @@
environment.systemPackages = [
(pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
(niveumPackages.vim.override {
# stylixColors = config.lib.stylix.colors;
colorscheme = "base16-gruvbox-dark-medium";
stylixColors = config.lib.stylix.colors;
colorscheme = "base16-gruvbox-light-medium";
})
# language servers
@@ -46,14 +46,13 @@
pkgs.haskellPackages.haskell-language-server
pkgs.texlab
pkgs.nil
pkgs.gopls
pkgs.nixfmt-rfc-style
pkgs.rust-analyzer
pkgs.nodePackages.typescript-language-server
pkgs.lua-language-server
pkgs.nodePackages.vscode-langservers-extracted
pkgs.lemminx # XML LSP
pkgs.jq-lsp
pkgs.lemminx
niveumPackages.jq-lsp
pkgs.dhall-lsp-server
];
}

46
configs/neovim.sync-conflict-20250130-092404-AJVBWR2.nix Normal file
View File

@@ -0,0 +1,46 @@
{ pkgs, niveumPackages, config, ... }: {
environment.variables.EDITOR = pkgs.lib.mkForce "nvim";
environment.shellAliases.vi = "nvim";
environment.shellAliases.vim = "nvim";
environment.shellAliases.view = "nvim -R";
home-manager.users.me = {
editorconfig = {
enable = true;
settings = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
trim_trailing_whitespace = true;
insert_final_newline = true;
indent_style = "space";
indent_size = 2;
};
"*.py" = { indent_size = 4; };
Makefile = { indent_style = "tab"; };
"*.md" = { trim_trailing_whitespace = false; };
};
};
};
environment.systemPackages = [
(pkgs.writers.writeDashBin "vim" ''neovim "$@"'')
(niveumPackages.vim.override {
stylixColors = config.lib.stylix.colors;
# colorscheme = "base16-gruvbox-dark-medium";
})
# language servers
pkgs.pyright
pkgs.haskellPackages.haskell-language-server
pkgs.texlab
pkgs.nil
pkgs.rust-analyzer
pkgs.nodePackages.typescript-language-server
pkgs.lua-language-server
pkgs.nodePackages.vscode-langservers-extracted
pkgs.lemminx
niveumPackages.jq-lsp
pkgs.dhall-lsp-server
];
}

40
configs/packages.nix
View File

@@ -4,6 +4,7 @@
lib,
inputs,
niveumPackages,
unstablePackages,
...
}: let
worldradio = pkgs.callPackage ../packages/worldradio.nix {};
@@ -62,15 +63,9 @@ in {
};
environment.systemPackages = with pkgs; [
(pkgs.writers.writeDashBin "amfora" ''
${pkgs.st}/bin/st -e ${pkgs.amfora}/bin/amfora
'')
(pkgs.writers.writeDashBin "gpodder" ''
GPODDER_DOWNLOAD_DIR=${config.users.users.me.home}/mobile/audio/Text/podcasts exec ${pkgs.gpodder}/bin/gpodder "$@"
'')
# INTERNET
aria2
telegram-desktop
tdesktop
whois
dnsutils
# FILE MANAGERS
@@ -78,7 +73,6 @@ in {
pcmanfm
# MEDIA
ffmpeg
simplescreenrecorder
imagemagick
exiftool
nsxiv
@@ -91,7 +85,7 @@ in {
gcc
python3Packages.jsonschema # json validation
pup # html toolkit
xan # csv toolkit
xsv # csv toolkit
magic-wormhole-rs # file transfer
man-pages
man-pages-posix
@@ -99,12 +93,10 @@ in {
# HARDWARE TOOLS
gnome-disk-utility
arandr # xrandr for noobs
wdisplays
libnotify # for notify-send
xclip # clipboard CLI
dragon-drop # drag and drop
xdragon # drag and drop
xorg.xkill # kill by clicking
portfolio # personal finance overview
audacity
calibre
electrum
@@ -120,14 +112,14 @@ in {
zoom-us # video conferencing
(pkgs.writers.writeDashBin "im" ''
weechat_password=$(${pkgs.pass}/bin/pass weechat)
exec ${weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
exec ${unstablePackages.weechat}/bin/weechat -t -r '/mouse enable; /remote add makanek http://${externalNetwork.makanek}:8002 -password='"$weechat_password"'; /remote connect makanek'
'')
alejandra # nix formatter
pdfgrep # search in pdf
pdftk # pdf toolkit
mupdf
poppler-utils # pdf toolkit
kdePackages.okular # the word is nucular
poppler_utils # pdf toolkit
okular # the word is nucular
xournalpp # for annotating pdfs
pdfpc # presenter console for pdf slides
niveumPackages.hc # print files as qr codes
@@ -136,7 +128,6 @@ in {
rink # unit converter
niveumPackages.auc
niveumPackages.noise-waves
niveumPackages.stag
niveumPackages.cheat-sh
niveumPackages.polyglot
niveumPackages.qrpaste
@@ -151,14 +142,19 @@ in {
niveumPackages.pls
niveumPackages.mpv-tv
niveumPackages.mpv-iptv
jellyfin-media-player
niveumPackages.devanagari
niveumPackages.betacode # ancient greek betacode to unicode converter
pkgs.jq-lsp
niveumPackages.meteo
niveumPackages.mahlzeit
niveumPackages.jq-lsp
niveumPackages.swallow # window swallowing
niveumPackages.literature-quote
niveumPackages.booksplit
niveumPackages.dmenu-randr
niveumPackages.dmenu-bluetooth
niveumPackages.manual-sort
niveumPackages.dns-sledgehammer
niveumPackages.wttr
niveumPackages.unicodmenu
niveumPackages.emailmenu
@@ -200,13 +196,20 @@ in {
${pkgs.openssh}/bin/ssh makanek "cd /var/lib/weechat/logs && grep --ignore-case --color=always --recursive $@" | ${pkgs.less}/bin/less --raw-control-chars
'')
(pkgs.writers.writeDashBin "ncmpcpp-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.ncmpcpp}/bin/ncmpcpp "$@"'')
(pkgs.writers.writeDashBin "mpc-zaatar" ''MPD_HOST=${(import ../lib/local-network.nix).zaatar} exec ${pkgs.mpc_cli}/bin/mpc "$@"'')
inputs.scripts.packages.x86_64-linux.alarm
spotify
ncspot
playerctl
nix-index
niveumPackages.nix-index-update
#krebs
niveumPackages.dic
pkgs.nur.repos.mic92.ircsink
(haskellPackages.ghcWithHoogle (hs: [
@@ -233,8 +236,9 @@ in {
dhall
html-tidy
nodePackages.csslint
nodePackages.jsonlint
deno # better node.js
go
texlive.combined.scheme-full
latexrun
(aspellWithDicts (dict: [dict.de dict.en dict.en-computers]))

1
configs/spacetime.nix
View File

@@ -3,6 +3,5 @@
location = {
latitude = 52.517;
longitude = 13.3872;
provider = "geoclue2";
};
}

2
configs/ssh.nix
View File

@@ -4,7 +4,6 @@
in {
users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
programs.ssh.startAgent = true;
services.gnome.gcr-ssh-agent.enable = false;
home-manager.users.me = {
# https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663
@@ -41,7 +40,6 @@ in {
home-manager.users.me.programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"github.com" = {
hostname = "ssh.github.com";

52
configs/stw-berlin.nix Normal file
View File

@@ -0,0 +1,52 @@
{
pkgs,
config,
...
}: {
age.secrets.stw-berlin-card-code.file = ../secrets/stw-berlin-card-code.age;
systemd.services.stw-berlin = {
enable = true;
wants = ["network-online.target"];
startAt = "weekly";
serviceConfig = {
User = config.users.users.me.name;
Group = config.users.users.me.group;
WorkingDirectory = "/home/kfm/cloud/nextcloud/Uni/Meta/Mensa";
LoadCredential = [
"password:${config.age.secrets.stw-berlin-card-code.path}"
];
};
script = ''
KARTEN_ID=8071859
PASSWORT=$(cat "$CREDENTIALS_DIRECTORY"/password)
endpoint=https://ks.stw.berlin:4433/TL1/TLM/KASVC
authorization_header='Authorization: Basic S0FTVkM6ekt2NXlFMUxaVW12VzI5SQ=='
get_auth_token() {
${pkgs.curl}/bin/curl -sSL "$endpoint/LOGIN?karteNr=$KARTEN_ID&format=JSON&datenformat=JSON" \
-X POST \
-H "$authorization_header" \
--data-raw '{"BenutzerID":"'$KARTEN_ID'","Passwort":"'$PASSWORT'"}' \
| ${pkgs.jq}/bin/jq -r '.[0].authToken|@uri'
}
get_transactions() {
${pkgs.curl}/bin/curl -sSL "$endpoint/TRANS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-H "$authorization_header" \
| ${pkgs.jq}/bin/jq
}
get_items() {
${pkgs.curl}/bin/curl -sSL "$endpoint/TRANSPOS?format=JSON&authToken=$(get_auth_token)&karteNr=$KARTEN_ID&datumVon=12.02.2018&datumBis=$(date -d tomorrow +%d.%m.%Y)" \
-H "$authorization_header" \
| ${pkgs.jq}/bin/jq
}
get_transactions > transactions-$(date -I).json
get_items > items-$(date -I).json
'';
};
}

7
configs/stylix.nix
View File

@@ -18,7 +18,7 @@ in {
stylix.enable = true;
stylix.image = generatedWallpaper;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.cursor = {
name = "capitaine-cursors-white";
@@ -26,9 +26,6 @@ in {
size = 12;
};
home-manager.users.me = {
stylix.autoEnable = true;
};
# environment.etc."stylix/wallpaper.png".source = generatedWallpaper;
@@ -70,7 +67,7 @@ in {
};
emoji = {
package = pkgs.noto-fonts-color-emoji;
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};

11
configs/tmux.nix
View File

@@ -13,7 +13,7 @@
aggressiveResize = true;
escapeTime = 50;
historyLimit = 7000;
shortcut = "b";
shortcut = "a";
extraConfig = ''
set -g mouse on
@@ -37,6 +37,15 @@
set -g status-left-length 32
set -g status-right-length 150
set -g status-bg colour242
setw -g window-status-format "#[fg=colour12,bg=colour233] #I #[fg=white,bg=colour237] #W "
setw -g window-status-current-format "#[fg=colour12,bg=colour233] * #[fg=white,bg=colour237,bold] #W "
set -g status-left ""
set -g status-right "#[fg=colour255,bg=colour237,bold] #(hostname -I) #[default]#[fg=colour12,bg=colour233] %FT%R "
set -g status-justify left
set -g status-position bottom
'';
};

14
configs/virtualization.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
{
users.users.me.extraGroups = [ "libvirtd" ];
virtualisation.libvirtd.enable = true;
# Enable TPM support for VMs
virtualisation.libvirtd.qemu = {
# swtpm.enable = true;
};
environment.systemPackages = with pkgs; [
virt-manager
];
}

5
configs/wpa_supplicant.nix
View File

@@ -1,9 +1,6 @@
{ config, ... }:
{
networking.wireless = {
enable = true;
secretsFile = config.age.secrets.wifi.path;
# networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
networks.Schilfpalast.pskRaw = "ext:schilfpalast";
networks.Aether.pskRaw = "e1b18af54036c5c9a747fe681c6a694636d60a5f8450f7dec0d76bc93e2ec85a";
};
}

641
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

361
flake.nix
View File

@@ -2,25 +2,25 @@
description = "niveum: packages, modules, systems";
inputs = {
self.submodules = true;
agenix.url = "github:ryantm/agenix";
autorenkalender.url = "github:kmein/autorenkalender";
# alew-web.url = "git+ssh://gitea@code.kmein.de:22022/kfm/alew-web.git?ref=refs/heads/master";
coptic-dictionary.url = "github:kmein/coptic-dictionary";
home-manager.url = "github:nix-community/home-manager/release-25.11";
flake-utils.url = "github:numtide/flake-utils";
home-manager.url = "github:nix-community/home-manager/release-24.11";
menstruation-backend.url = "github:kmein/menstruation.rs";
menstruation-telegram.url = "github:kmein/menstruation-telegram";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-on-droid.url = "github:t184256/nix-on-droid/release-23.05";
nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-old.url = "github:NixOS/nixpkgs/50fc86b75d2744e1ab3837ef74b53f103a9b55a0";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nur.url = "github:nix-community/NUR";
recht.url = "github:kmein/recht";
retiolum.url = "github:krebs/retiolum";
rust-overlay.url = "github:oxalica/rust-overlay";
scripts.url = "github:kmein/scripts";
stockholm.url = "github:krebs/stockholm";
stylix.url = "github:danth/stylix/release-25.11";
stylix.url = "github:danth/stylix/release-24.11";
telebots.url = "github:kmein/telebots";
tinc-graph.url = "github:kmein/tinc-graph";
voidrice.url = "github:Lukesmithxyz/voidrice";
@@ -29,107 +29,116 @@
agenix.inputs.home-manager.follows = "home-manager";
agenix.inputs.nixpkgs.follows = "nixpkgs";
autorenkalender.inputs.nixpkgs.follows = "nixpkgs";
coptic-dictionary.inputs.nixpkgs.follows = "nixpkgs";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# menstruation-backend.inputs.flake-utils.follows = "flake-utils";
# menstruation-backend.inputs.nixpkgs.follows = "nixpkgs";
# menstruation-backend.inputs.rust-overlay.follows = "rust-overlay";
menstruation-telegram.inputs.flake-utils.follows = "flake-utils";
menstruation-telegram.inputs.menstruation-backend.follows = "menstruation-backend";
menstruation-telegram.inputs.nixpkgs.follows = "nixpkgs-old";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
nix-on-droid.inputs.home-manager.follows = "home-manager";
nix-on-droid.inputs.nixpkgs.follows = "nixpkgs";
recht.inputs.flake-utils.follows = "flake-utils";
recht.inputs.nixpkgs.follows = "nixpkgs";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
scripts.inputs.flake-utils.follows = "flake-utils";
scripts.inputs.nixpkgs.follows = "nixpkgs";
scripts.inputs.rust-overlay.follows = "rust-overlay";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
tinc-graph.inputs.flake-utils.follows = "flake-utils";
tinc-graph.inputs.nixpkgs.follows = "nixpkgs";
tinc-graph.inputs.rust-overlay.follows = "rust-overlay";
voidrice.flake = false;
wallpaper-generator.inputs.flake-utils.follows = "flake-utils";
wallpapers.flake = false;
};
outputs =
inputs@{
self,
nixpkgs,
nixpkgs-unstable,
nur,
home-manager,
agenix,
retiolum,
nixinate,
flake-utils,
nix-index-database,
stylix,
...
}:
let
lib = nixpkgs.lib;
eachSupportedSystem = lib.genAttrs lib.systems.flakeExposed;
in
nixConfig = {
extra-substituters = [ "https://kmein.cachix.org" ];
extra-trusted-public-keys = [ "kmein.cachix.org-1:rsJ2b6++VQHJ1W6rGuDUYsK/qUkFA3bNpO6PyEyJ9Ls=" ];
};
outputs = inputs @ {
self,
nixpkgs,
nixpkgs-unstable,
nur,
home-manager,
agenix,
retiolum,
nixinate,
flake-utils,
nix-on-droid,
stylix,
...
}:
{
apps = {
x86_64-linux =
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
lib = nixpkgs.lib;
in
x86_64-darwin = let
pkgs = nixpkgs.legacyPackages.x86_64-darwin;
in {
deploy-maakaron = {
type = "app";
program = toString (pkgs.writers.writeDash "deploy-maakaron" ''
exec $(nix build .#homeConfigurations.maakaron.activationPackage --no-link --print-out-paths)/activate
'');
};
};
x86_64-linux = let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
lib = nixpkgs.lib;
in
nixinate.nixinate.x86_64-linux self
// {
mock-secrets = {
type = "app";
program = toString (
pkgs.writers.writeDash "mock-secrets" ''
${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f | ${pkgs.coreutils}/bin/sort > secrets.txt
''
);
program = toString (pkgs.writers.writeDash "mock-secrets" ''
${pkgs.findutils}/bin/find secrets -not -path '*/.*' -type f | ${pkgs.coreutils}/bin/sort > secrets.txt
'');
};
}
# the following error prevents remote building of ful: https://github.com/NixOS/nixpkgs/issues/177873
// builtins.listToAttrs (
map (
hostname:
let
targets = {
ful = "root@ful";
zaatar = "root@zaatar";
makanek = "root@makanek";
manakish = "root@manakish";
tahina = "root@tahina";
tabula = "root@tabula";
kabsa = "root@kabsa";
fatteh = "root@fatteh";
kibbeh = "root@kibbeh";
};
in
lib.attrsets.nameValuePair "deploy-${hostname}" {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-${hostname}" ''
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
}
) (builtins.attrNames self.nixosConfigurations)
)
// builtins.listToAttrs (map (hostname: let
externalNetwork = import ./lib/external-network.nix;
targets = {
ful = "root@ful";
zaatar = "root@zaatar";
makanek = "root@makanek";
manakish = "root@manakish";
tahina = "root@tahina";
tabula = "root@tabula";
kabsa = "root@kabsa";
fatteh = "root@fatteh";
kibbeh = "root@kibbeh";
};
in
lib.attrsets.nameValuePair "deploy-${hostname}" {
type = "app";
program = toString (pkgs.writers.writeDash "deploy-${hostname}" ''
exec ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch \
--max-jobs 2 \
--log-format internal-json \
--flake .?submodules=1#${hostname} \
--target-host ${targets.${hostname}} 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
'');
}) (builtins.attrNames self.nixosConfigurations))
// {
deploy-ful = {
type = "app";
program = toString (
pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
''
);
program = toString (pkgs.writers.writeDash "deploy-ful" ''
exec ${pkgs.nix}/bin/nix run .?submodules=1#nixinate.ful \
--log-format internal-json 2>&1 \
| ${pkgs.nix-output-monitor}/bin/nom --json
'');
};
};
};
# TODO overlay for packages
# TODO remove flake-utils dependency from my own repos
nixosModules = {
htgen = import modules/htgen.nix;
moodle-dl = import modules/moodle-dl.nix;
networkmanager-declarative = import modules/networkmanager-declarative.nix;
passport = import modules/passport.nix;
@@ -137,13 +146,43 @@
power-action = import modules/power-action.nix;
system-dependent = import modules/system-dependent.nix;
telegram-bot = import modules/telegram-bot.nix;
go-webring = import modules/go-webring.nix;
};
lib = {
panoptikon = import lib/panoptikon.nix;
};
nixOnDroidConfigurations = {
moto = nix-on-droid.lib.nixOnDroidConfiguration {
modules = [systems/moto/configuration.nix];
pkgs = import nixpkgs {
system = "aarch64-linux";
overlays = [nix-on-droid.overlays.default];
};
extraSpecialArgs = {
niveumPackages = inputs.self.packages.aarch64-linux;
niveumLib = inputs.self.lib;
inherit inputs;
};
home-manager-path = home-manager.outPath;
};
};
homeConfigurations = {
maakaron = let
system = "x86_64-darwin";
pkgs = nixpkgs.legacyPackages.${system};
in
home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [./systems/maakaron/home.nix];
extraSpecialArgs = {
inherit inputs;
niveumPackages = inputs.self.packages.${system};
};
};
};
nixosConfigurations = let
niveumSpecialArgs = system: {
unstablePackages = import nixpkgs-unstable {
@@ -168,7 +207,7 @@
agenix.nixosModules.default
inputs.self.nixosModules.passport
inputs.self.nixosModules.panoptikon
inputs.self.nixosModules.go-webring
inputs.self.nixosModules.htgen
inputs.stockholm.nixosModules.reaktor2
retiolum.nixosModules.retiolum
nur.modules.nixos.default
@@ -200,7 +239,6 @@
systems/kibbeh/configuration.nix
agenix.nixosModules.default
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
];
};
makanek = nixpkgs.lib.nixosSystem rec {
@@ -210,6 +248,7 @@
modules = [
systems/makanek/configuration.nix
inputs.self.nixosModules.telegram-bot
inputs.self.nixosModules.htgen
inputs.self.nixosModules.passport
agenix.nixosModules.default
retiolum.nixosModules.retiolum
@@ -242,7 +281,6 @@
agenix.nixosModules.default
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.default
nur.modules.nixos.default
stylix.nixosModules.stylix
];
@@ -256,7 +294,6 @@
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
nur.modules.nixos.default
nix-index-database.nixosModules.default
stylix.nixosModules.stylix
];
};
@@ -269,134 +306,142 @@
retiolum.nixosModules.retiolum
home-manager.nixosModules.home-manager
nur.modules.nixos.default
nix-index-database.nixosModules.default
stylix.nixosModules.stylix
];
};
};
packages = eachSupportedSystem (system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [
nur.overlays.default
(self: super: {
mpv = super.mpv.override {scripts = [super.mpvScripts.visualizer super.mpvScripts.mpris];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
})
];
};
wrapScript = {
packages ? [],
name,
script,
}:
pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
in {
# linguistics and ancient world
}
// flake-utils.lib.eachSystem [flake-utils.lib.system.x86_64-linux flake-utils.lib.system.x86_64-darwin flake-utils.lib.system.aarch64-linux] (system: let
pkgs = import nixpkgs {
inherit system;
overlays = [
nur.overlays.default
(self: super: {
mpv = super.mpv.override {scripts = [inputs.self.packages.${system}.mpv-visualizer super.mpvScripts.mpris];};
dmenu = super.writers.writeDashBin "dmenu" ''exec ${pkgs.rofi}/bin/rofi -dmenu "$@"'';
})
];
};
unstablePackages = import nixpkgs-unstable {
inherit system;
};
wrapScript = {
packages ? [],
name,
script,
}:
pkgs.writers.writeDashBin name ''PATH=$PATH:${nixpkgs.lib.makeBinPath (packages ++ [pkgs.findutils pkgs.coreutils pkgs.gnused pkgs.gnugrep])} ${script} "$@"'';
in {
packages = rec {
auc = pkgs.callPackage packages/auc.nix {};
betacode = pkgs.callPackage packages/betacode.nix {};
brassica = pkgs.callPackage packages/brassica.nix {}; # TODO upstream
devanagari = pkgs.callPackage packages/devanagari {};
stardict-tools = pkgs.callPackage packages/stardict-tools.nix {};
heuretes = pkgs.callPackage packages/heuretes.nix {};
ipa = pkgs.writers.writePython3Bin "ipa" {flakeIgnore = ["E501"];} (builtins.readFile packages/ipa.py);
jsesh = pkgs.callPackage packages/jsesh.nix {}; # TODO upstream
kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix {};
polyglot = pkgs.callPackage packages/polyglot.nix {};
tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
closest = pkgs.callPackage packages/closest {};
# lit
random-zeno = pkgs.callPackage packages/random-zeno.nix {};
literature-quote = pkgs.callPackage packages/literature-quote.nix {};
# krebs
brainmelter = pkgs.callPackage packages/brainmelter.nix {};
cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix {};
hc = pkgs.callPackage packages/hc.nix {};
kpaste = pkgs.callPackage packages/kpaste.nix {};
pls = pkgs.callPackage packages/pls.nix {};
untilport = pkgs.callPackage packages/untilport.nix {};
radio-news = pkgs.callPackage packages/radio-news.nix {};
# window manager
swallow = pkgs.callPackage packages/swallow.nix {};
devour = pkgs.callPackage packages/devour.nix {};
brassica = pkgs.callPackage packages/brassica.nix {};
cheat-sh = pkgs.callPackage packages/cheat-sh.nix {};
vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix {}; # TODO upstream
closest = pkgs.callPackage packages/closest {};
cro = pkgs.callPackage packages/cro.nix {};
cyberlocker-tools = pkgs.callPackage packages/cyberlocker-tools.nix {};
default-gateway = pkgs.callPackage packages/default-gateway.nix {};
depp = pkgs.callPackage packages/depp.nix {};
dashboard = pkgs.callPackage packages/dashboard {};
devanagari = pkgs.callPackage packages/devanagari {};
devour = pkgs.callPackage packages/devour.nix {};
dic = pkgs.callPackage packages/dic.nix {};
dirmir = pkgs.callPackage packages/dirmir.nix {};
dmenu-bluetooth = pkgs.callPackage packages/dmenu-bluetooth.nix {};
dmenu-scrot = pkgs.callPackage packages/dmenu-scrot.nix {};
dns-sledgehammer = pkgs.callPackage packages/dns-sledgehammer.nix {};
fkill = pkgs.callPackage packages/fkill.nix {};
fzfmenu = pkgs.callPackage packages/fzfmenu.nix {};
genius = pkgs.callPackage packages/genius.nix {};
gfs-fonts = pkgs.callPackage packages/gfs-fonts.nix {};
git-preview = pkgs.callPackage packages/git-preview.nix {};
gpt35 = pkgs.callPackage packages/gpt.nix {model = "gpt-3.5-turbo";};
gpt4 = pkgs.callPackage packages/gpt.nix {model = "gpt-4";};
hc = pkgs.callPackage packages/hc.nix {};
jq-lsp = pkgs.callPackage packages/jq-lsp.nix {};
stardict-tools = pkgs.callPackage packages/stardict-tools.nix {};
heuretes = pkgs.callPackage packages/heuretes.nix {};
htgen = pkgs.callPackage packages/htgen.nix {};
image-convert-favicon = pkgs.callPackage packages/image-convert-favicon.nix {};
image-convert-tolino = pkgs.callPackage packages/image-convert-tolino.nix {};
infschmv = pkgs.callPackage packages/infschmv.nix {};
iolanguage = pkgs.callPackage packages/iolanguage.nix {};
ipa = pkgs.writers.writePython3Bin "ipa" {flakeIgnore = ["E501"];} (builtins.readFile packages/ipa.py);
ix = pkgs.callPackage packages/ix.nix {};
jsesh = pkgs.callPackage packages/jsesh.nix {};
k-lock = pkgs.callPackage packages/k-lock.nix {};
kirciuoklis = pkgs.callPackage packages/kirciuoklis.nix {};
klem = pkgs.callPackage packages/klem.nix {};
man-pandoc = pkgs.callPackage packages/man/pandoc.nix {}; # TODO upstream
kpaste = pkgs.callPackage packages/kpaste.nix {};
literature-quote = pkgs.callPackage packages/literature-quote.nix {};
mahlzeit = pkgs.haskellPackages.callPackage packages/mahlzeit.nix {};
man-pandoc = pkgs.callPackage packages/man/pandoc.nix {};
man-pdf = pkgs.callPackage packages/man-pdf.nix {};
mansplain = pkgs.callPackage packages/mansplain.nix {};
manual-sort = pkgs.callPackage packages/manual-sort.nix {};
menu-calc = pkgs.callPackage packages/menu-calc.nix {};
meteo = pkgs.callPackage packages/meteo.nix {};
noise-waves = pkgs.callPackage packages/noise-waves.nix {};
mpv-radio = pkgs.callPackage packages/mpv-radio.nix {di-fm-key-file = "/dev/null";};
mpv-tuner = pkgs.callPackage packages/mpv-tuner.nix {di-fm-key-file = "/dev/null";};
mpv-tv = pkgs.callPackage packages/mpv-tv.nix {};
mpv-iptv = pkgs.callPackage packages/mpv-iptv.nix {};
mpv-visualizer = unstablePackages.mpvScripts.visualizer;
new-mac = pkgs.callPackage packages/new-mac.nix {};
nix-git = pkgs.callPackage packages/nix-git.nix {};
nix-index-update = pkgs.callPackage packages/nix-index-update.nix {inherit system;};
notemenu = pkgs.callPackage packages/notemenu.nix {niveumPackages = self.packages.${system};};
opustags = pkgs.callPackage packages/opustags.nix {}; # TODO upstream
opustags = pkgs.callPackage packages/opustags.nix {};
pls = pkgs.callPackage packages/pls.nix {};
polyglot = pkgs.callPackage packages/polyglot.nix {};
q = pkgs.callPackage packages/q.nix {};
qrpaste = pkgs.callPackage packages/qrpaste.nix {};
go-webring = pkgs.callPackage packages/go-webring.nix {}; # TODO upstream
random-zeno = pkgs.callPackage packages/random-zeno.nix {};
rfc = pkgs.callPackage packages/rfc.nix {};
gimp = pkgs.callPackage packages/gimp.nix {};
scanned = pkgs.callPackage packages/scanned.nix {};
text2pdf = pkgs.callPackage packages/text2pdf.nix {}; # TODO upstream
swallow = pkgs.callPackage packages/swallow.nix {};
text2pdf = pkgs.callPackage packages/text2pdf.nix {};
timer = pkgs.callPackage packages/timer.nix {};
trans = pkgs.callPackage packages/trans.nix {}; # TODO upstream
tocharian-font = pkgs.callPackage packages/tocharian-font.nix {};
trans = pkgs.callPackage packages/trans.nix {};
ttspaste = pkgs.callPackage packages/ttspaste.nix {};
unicodmenu = pkgs.callPackage packages/unicodmenu.nix {};
emailmenu = pkgs.callPackage packages/emailmenu.nix {};
stag = pkgs.callPackage packages/stag.nix {}; # TODO upstream
untilport = pkgs.callPackage packages/untilport.nix {};
vg = pkgs.callPackage packages/vg.nix {};
vim = pkgs.callPackage packages/vim.nix {niveumPackages = self.packages.${system};};
obsidian-vim = pkgs.callPackage packages/obsidian-vim.nix {};
vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {}; # TODO upstream
vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {}; # TODO upstream
vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {}; # TODO upstream
vimPlugins-mdwa-nvim = pkgs.callPackage packages/vimPlugins/mdwa-nvim.nix {}; # TODO upstream
vimPlugins-vim-ernest = pkgs.callPackage packages/vimPlugins/vim-ernest.nix {}; # TODO upstream
vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {}; # TODO upstream
vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {}; # TODO upstream
vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {}; # TODO upstream
vimPlugins-vim-fsharp = pkgs.callPackage packages/vimPlugins/vim-fsharp.nix {}; # TODO upstream
vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix {}; # TODO upstream
vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix {}; # TODO upstream
vimPlugins-cheat-sh-vim = pkgs.callPackage packages/vimPlugins/cheat-sh.nix {};
vimPlugins-icalendar-vim = pkgs.callPackage packages/vimPlugins/icalendar-vim.nix {};
vimPlugins-jq-vim = pkgs.callPackage packages/vimPlugins/jq-vim.nix {};
vimPlugins-typst-vim = pkgs.callPackage packages/vimPlugins/typst-vim.nix {};
vimPlugins-vim-256noir = pkgs.callPackage packages/vimPlugins/vim-256noir.nix {};
vimPlugins-vim-colors-paramount = pkgs.callPackage packages/vimPlugins/vim-colors-paramount.nix {};
vimPlugins-vim-fetch = pkgs.callPackage packages/vimPlugins/vim-fetch.nix {};
vimPlugins-vim-fsharp = pkgs.callPackage packages/vimPlugins/vim-fsharp.nix {};
vimPlugins-vim-mail = pkgs.callPackage packages/vimPlugins/vim-mail.nix {};
vimPlugins-vim-reason-plus = pkgs.callPackage packages/vimPlugins/vim-reason-plus.nix {};
vimv = pkgs.callPackage packages/vimv.nix {};
weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix {}; # TODO upstream
weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {}; # TODO upstream
dmenu-randr = pkgs.callPackage packages/dmenu-randr.nix {};
wttr = pkgs.callPackage packages/wttr.nix {}; # TODO upstream
weechat-declarative = pkgs.callPackage packages/weechat-declarative.nix {};
weechatScripts-hotlist2extern = pkgs.callPackage packages/weechatScripts/hotlist2extern.nix {};
wttr = pkgs.callPackage packages/wttr.nix {};
itl = pkgs.callPackage packages/itl.nix {};
itools = pkgs.callPackage packages/itools.nix {itl = itl;};
booksplit = wrapScript {
script = inputs.voidrice.outPath + "/.local/bin/booksplit";
name = "booksplit";
packages = [pkgs.ffmpeg pkgs.glibc.bin];
};
dmenu-randr = pkgs.callPackage packages/dmenu-randr.nix {};
tag = wrapScript {
script = inputs.voidrice.outPath + "/.local/bin/tag";
name = "tag";
packages = [pkgs.ffmpeg];
};
});
};
};
});
}

10
lib/local-network.nix
View File

@@ -1,4 +1,10 @@
{
officejet = "192.168.0.251";
router = "192.168.0.1";
toum = "192.168.178.24";
zaatar = "192.168.178.21";
kabsa = "192.168.178.32";
android = "192.168.178.35";
manakish = "192.168.178.29";
officejet = "192.168.178.27";
fritzbox = "192.168.178.1";
}

282
lib/streams.nix
View File

@@ -85,6 +85,9 @@ let
big-fm-name = name: "${name} | bigFM";
big-fm = name: "https://streams.bigfm.de/bigfm-${name}-128-aac";
rautemusik-name = name: "${name} | rm.fm";
rautemusik = name: "http://${name}-high.rautemusik.fm/";
rte-name = name: "RTÉ ${name}";
rte = name: "https://www.rte.ie/manifests/${name}.m3u8";
@@ -1204,6 +1207,198 @@ in
logo = "https://cdn.schlagerparadies.de/images/rsp_setup/logo-radio-schlagerparadies.svg";
tags = [tags.schlager];
}
{
station = rautemusik-name "Volksmusik";
desc = "Volksmusik, Blasmusik, Schlager";
stream = rautemusik "volksmusik";
tags = [tags.schlager];
}
{
station = rautemusik-name "Study";
stream = rautemusik "study";
desc = "Lo-Fi, Chillout, Easy Listening";
tags = [tags.lofi tags.chill];
}
{
station = rautemusik-name "TechHouse";
stream = rautemusik "techhouse";
desc = "Techhouse, Deephouse, Techno, Minimal";
tags = [tags.party];
}
{
station = rautemusik-name "Goldies";
stream = rautemusik "goldies";
desc = "Oldies, 60s, 70s, 80s";
tags = [tags.vintage];
}
{
station = rautemusik-name "90s";
stream = rautemusik "90s";
desc = "90s, Eurodance, Pop, HipHop";
tags = [tags.vintage];
}
{
station = rautemusik-name "Schlager";
stream = rautemusik "schlager";
desc = "Schlager, Discofox, Deutsch, Pop";
tags = [tags.schlager];
}
{
station = rautemusik-name "Country";
stream = rautemusik "country";
desc = "Country, Western, Americana";
tags = [tags.trad tags.american];
}
{
station = rautemusik-name "Sex";
stream = rautemusik "sex";
desc = "RnB, Pop, Easy Listening";
tags = [tags.chill];
}
{
station = rautemusik-name "LoveHits";
stream = rautemusik "lovehits";
desc = "Lovesongs, Balladen, RnB, Pop";
tags = [tags.pop];
}
{
station = rautemusik-name "Klassik";
stream = rautemusik "klassik";
desc = "Symphonie, Orchester, Klassik";
tags = [tags.classical];
}
{
station = rautemusik-name "Traurig";
stream = rautemusik "traurig";
desc = "Balladen, Pop, Easy Listening";
tags = [tags.pop];
}
{
station = rautemusik-name "Happy";
stream = rautemusik "happy";
desc = "Pop, Dance, Charts";
tags = [tags.pop];
}
{
station = rautemusik-name "Solo Piano";
stream = rautemusik "solopiano";
desc = "Klavier, Instrumental, Easy Listening";
tags = [tags.classical];
}
{
station = rautemusik-name "HappyHardcore";
stream = rautemusik "happyhardcore";
desc = "UK Core, Happy Hardcore, Dance";
tags = [tags.party];
}
{
station = rautemusik-name "HardeR";
stream = rautemusik "harder";
desc = "Hardstyle, Hardcore, Jumpstyle";
tags = [tags.party];
}
{
station = rautemusik-name "BigCityBeats";
stream = rautemusik "bigcitybeats";
desc = "EDM, Dance, House, Electro, Star DJs";
tags = [tags.pop tags.party];
}
{
station = rautemusik-name "Lounge";
stream = rautemusik "lounge";
desc = "Ambient, Jazz, Chillout, Easy Listening";
tags = [tags.chill];
}
{
station = rautemusik-name "Oriental";
stream = rautemusik "oriental";
desc = "Arabisch, Oriental, HipHop";
tags = [tags.arabic];
}
{
station = rautemusik-name "Salsa";
stream = rautemusik "salsa";
desc = "Salsa, Latina, Tropical";
tags = [tags.groovy];
}
{
station = rautemusik-name "Christmas";
stream = rautemusik "christmas";
desc = "Weihnachtslieder, Balladen, Schlager";
tags = [tags.xmas];
}
{
station = rautemusik-name "Christmas Chor";
stream = rautemusik "christmas-chor";
desc = "Chor, Weihnachtslieder, Gesang";
tags = [tags.xmas];
}
{
station = rautemusik-name "Christmas Schlager";
stream = rautemusik "christmas-schlager";
desc = "Schlager, Weihnachtslieder";
tags = [tags.xmas tags.schlager];
}
{
station = rautemusik-name "Weihnachten.FM";
stream = rautemusik "weihnachten";
desc = "Weihnachtslieder, Pop";
tags = [tags.xmas];
}
{
station = rautemusik-name "Top40";
stream = rautemusik "top40";
desc = "Charts, Top40, Dance, Hiphop";
tags = [tags.top40];
}
{
station = rautemusik-name "Rock";
desc = "Rock, Alternative, Punk";
stream = rautemusik "rock";
tags = [tags.rock];
}
{
station = rautemusik-name "PartyHits";
desc = "Karneval, Mallorca, Après Ski, Schlager";
stream = rautemusik "partyhits";
tags = [tags.schlager];
}
{
station = rautemusik-name "Deutschrap Charts";
stream = rautemusik "deutschrap-charts";
desc = "Deutschrap, HipHop, Rap, Charts";
tags = [tags.rap];
}
{
station = rautemusik-name "Deutschrap Classic";
stream = rautemusik "deutschrap-classic";
desc = "Oldschool, Rap, HipHop, Deutschrap";
tags = [tags.rap];
}
{
station = rautemusik-name "ChartHits";
stream = rautemusik "ChartHits";
desc = "House, RnB, Dance, Electro";
tags = [tags.top40];
}
{
station = rautemusik-name "BreakZ.FM";
stream = rautemusik "breakz";
desc = "RnB, House, HipHop, Dance, Mixtapes";
tags = [tags.top40];
}
{
station = rautemusik-name "Bass";
stream = rautemusik "bass";
desc = "DnB, Dubstep, Trap & Bass House";
tags = [tags.party];
}
{
station = rautemusik-name "12punks";
stream = rautemusik "12punks";
desc = "Punk, Punk Rock, Ska, Hardcore";
tags = [tags.rock];
}
{
logo = "https://d3kle7qwymxpcy.cloudfront.net/images/broadcasts/77/a4/13931/1/c175.png";
station = "Raidió Rírá";
@@ -1211,6 +1406,12 @@ in
desc = "Is cairt-staisiún ceoil é Raidió Rí-Rá a bhíonn ag craoladh go hiomlán trí Ghaeilge! Bíonn an ceol ar fad ó na cairteacha le cloisteáil ar an stáisiún, mar aon leis an bpopnuacht, an nuacht spóirt agus an nuacht scannánaíochta is déanaí!";
tags = [tags.top40];
}
{
stream = "http://188.247.86.67:8008";
station = "Rotana Tarab";
logo = "https://liveonlineradio.net/wp-content/uploads/2017/11/Rotana-Tarab-100x47.jpg";
tags = [tags.trad tags.arabic];
}
{
stream = "http://asima.out.airtime.pro:8000/asima_a";
station = "Asima";
@@ -1353,11 +1554,6 @@ in
desc = "Ohne Blatt vor dem Mund! Für alle, die aufwachen wollen.";
tags = [tags.text];
}
{
station = "NIUS";
stream = "https://nius.stream25.radiohost.de/live_mp3-192";
tags = [tags.text];
}
{
station = "Kontrafunk";
stream = "https://icecast.multhielemedia.de/listen/kontrafunk/radio.mp3";
@@ -1453,6 +1649,21 @@ in
station = "ERTU Al Quran Al Kareem";
tags = [tags.arabic tags.text tags.holy];
}
{
stream = "http://149.28.52.216:3344/listen.mp3";
station = "Verse 24/7 Holy Quran";
tags = [tags.arabic tags.text tags.holy];
}
{
stream = "https://s6.voscast.com:9355/stream";
station = "Kilid Herat";
tags = [tags.arabic tags.holy]; # nasheeds
}
{
stream = "https://s6.voscast.com:9355/stream";
station = "Radio Salam Watandar";
tags = [tags.arabic tags.holy];
}
{
stream = "http://onair15.xdevel.com:7064/1/";
station = "Radio Mozart Italia";
@@ -1460,6 +1671,12 @@ in
desc = "Emittente ufficiale delle Associazioni Mozart Italia nel mondo";
tags = [tags.classical];
}
{
stream = "http://onair7.xdevel.com:7126/1/";
station = "Opera Radio Budapest";
logo = "https://www.opera.hu/static/default/asset/img/common/opera-logo.svg";
tags = [tags.classical];
}
{
stream = "http://peacefulpiano.stream.publicradio.org/peacefulpiano.mp3";
station = "Peaceful Piano";
@@ -1629,6 +1846,11 @@ in
stream = "https://playerservices.streamtheworld.com/api/livestream-redirect/KAN_88.mp3";
tags = [tags.hebrew];
}
{
station = "Digital Impulse Classical Channel";
stream = "http://orion.shoutca.st:8978/stream";
tags = [tags.classical];
}
{
station = "Старое радио (детское)";
stream = "http://195.91.237.50:8000/detskoe128";
@@ -1699,23 +1921,18 @@ in
stream = "http://cw.dimebank.com:8080/CNNfast";
tags = [tags.text];
}
{
station = "80s80s | Dark Wave";
stream = "https://streams.80s80s.de/darkwave/mp3-192/homepage/";
tags = [tags.wave];
}
{
station = "80s80s | Wave";
stream = "https://streams.80s80s.de/wave/mp3-192/homepage/";
tags = [tags.wave];
}
{
station = "XXX orchestral";
stream = "http://orion.shoutca.st:8978/stream";
tags = [tags.classical];
}
{
station = "Kral FM Xanthi";
station = "XXX greek";
stream = "http://radio.hostchefs.net:8046/stream?1520818130148";
tags = [tags.greek];
}
{
station = "XXX turkish or greek";
stream = "https://onairmediagroup.live24.gr/kralfm100xanthi";
tags = [tags.greek tags.turkish];
}
@@ -1769,6 +1986,11 @@ in
stream = "http://s2.voscast.com:12312/;";
station = "Bahrain Quran Radio";
}
{
tags = [tags.arabic tags.text tags.holy];
stream = "http://162.244.81.30:8224/;";
station = "Quran Radio Lebanon";
}
{
tags = [tags.arabic tags.text tags.holy];
stream = "http://tijaniyyah.asuscomm.com:8000/stream/2/";
@@ -1779,6 +2001,16 @@ in
station = "Coptic for God";
stream = "http://66.70.249.70:5832/stream";
}
{
stream = "http://stream-025.zeno.fm/5y95pu36sm0uv?";
station = "Hayat FM";
tags = [tags.arabic tags.text tags.holy];
}
{
stream = "http://uk2.internet-radio.com:8151/stream";
station = "The Quran Radio";
tags = [tags.arabic tags.text tags.holy];
}
{
stream = "http://www.radioeins.de/livemp3";
station = "radioeins | RBB";
@@ -1793,25 +2025,9 @@ in
stream = "http://mp3.ffh.de/radioffh/hqlivestream.mp3";
station = "Hitradio FFH";
}
{
stream = "https://mp3.planetradio.de/planetradio/hqlivestream.aac";
station = "planet radio";
}
{ # Lex Fridman's favourite
stream = "av://lavfi:anoisesrc=color=brown";
station = "Brown noise";
}
{
stream = "av://lavfi:anoisesrc=color=pink";
station = "Pink noise";
}
{
stream = "https://st03.sslstream.dlf.de/dlf/03/high/aac/stream.aac";
station = "Deutschlandfunk Nova";
}
{
stream = "https://samaaisb107-itelservices.radioca.st/stream";
station = "Samaa FM 107.4 Pakistan";
station = "Brownian noise";
}
]
++ map (name: {

6
lib/vim/init.lua
View File

@@ -91,7 +91,6 @@ local language_servers = {
-- tsserver = {}, -- typescript-language-server
cssls = {},
elmls = {}, -- elm-language-server
gopls = {}, -- gopls
denols = {}, -- deno built in
bashls = {}, -- bash-language-server
lua_ls = {
@@ -155,11 +154,10 @@ local language_servers = {
}
for server, settings in pairs(language_servers) do
vim.lsp.config(server, {
require('lspconfig')[server].setup{
on_attach = on_attach,
flags = lsp_flags,
settings = settings,
capabilities = capabilities
})
vim.lsp.enable(server)
}
end

12
lib/vim/init.vim
View File

@@ -40,6 +40,8 @@ let g:netrw_banner=0
let g:netrw_browse_split=4
let g:netrw_altv=1 " open splits to the right
let g:netrw_liststyle=3 " tree view
let g:netrw_list_hide=netrw_gitignore#Hide()
let g:netrw_list_hide.=',\(^\|\s\s\)\zs\.\S\+'
let g:netrw_winsize = 25
call matchadd('colorcolumn', '\%101v', 100)
@@ -102,7 +104,6 @@ augroup filetypes
autocmd bufnewfile,bufread urls,config set filetype=conf
autocmd bufnewfile,bufread *.elm packadd elm-vim | set filetype=elm shiftwidth=4
autocmd bufnewfile,bufread *.md packadd vim-pandoc | packadd vim-pandoc-syntax | set filetype=pandoc
autocmd bufnewfile,bufread *.ex,*.exs packadd vim-elixir | set filetype=elixir
autocmd filetype haskell packadd haskell-vim | set keywordprg=hoogle\ -i
autocmd filetype javascript packadd vim-javascript
autocmd filetype make setlocal noexpandtab
@@ -125,12 +126,3 @@ set complete+=kspell
let g:pandoc#syntax#conceal#use = 0
let g:pandoc#modules#disabled = []
let g:pandoc#spell#default_langs = ['en', 'de']
autocmd! User GoyoEnter Limelight
autocmd! User GoyoLeave Limelight!
" Disable Copilot by default
let b:copilot_enabled = v:false
" keymap to toggle it enabled
nnoremap <leader>gc :let b:copilot_enabled = !b:copilot_enabled<CR>

140
modules/go-webring.nix
View File

@@ -1,140 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkPackageOption
mkOption
types
literalExpression
mkIf
;
cfg = config.services.go-webring;
defaultAddress = "127.0.0.1:2857";
in
{
options = {
services.go-webring = {
enable = mkEnableOption "go-webring";
package = mkPackageOption pkgs "go-webring" { };
contactInstructions = mkOption {
type = types.nullOr types.str;
default = null;
description = "Contact instructions for errors";
example = "contact the admin and let them know what's up";
};
host = mkOption {
type = types.str;
description = "Host this webring runs on, primarily used for validation";
example = "my-webri.ng";
};
homePageTemplate = mkOption {
type = types.str;
description = ''
This should be any HTML file with the string "{{ . }}" placed
wherever you want the table of members inserted. This table is
plain HTML so you can style it with CSS.
'';
};
listenAddress = mkOption {
type = types.str;
default = defaultAddress;
description = "Host and port go-webring will listen on";
};
members = mkOption {
type = types.listOf (
types.submodule {
options = {
username = mkOption {
type = types.str;
description = "Member's name";
};
site = mkOption {
type = types.str;
description = "Member's site URL";
};
};
}
);
description = "List of members in the webring";
};
};
};
config = mkIf cfg.enable {
systemd.services.go-webring = {
description = "go-webring service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
requires = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = ''
${lib.getExe cfg.package} \
${lib.optionalString (cfg.contactInstructions != null) ("--contact " + lib.escapeShellArg cfg.contactInstructions)} \
--host ${cfg.host} \
--index ${pkgs.writeText "index.html" cfg.homePageTemplate} \
--listen ${cfg.listenAddress} \
--members ${
pkgs.writeText "list.txt" (
lib.concatMapStrings (member: member.username + " " + member.site + "\n") cfg.members
)
}
'';
User = "go-webring";
DynamicUser = true;
RuntimeDirectory = "go-webring";
WorkingDirectory = "/var/lib/go-webring";
StateDirectory = "go-webring";
RuntimeDirectoryMode = "0750";
Restart = "always";
RestartSec = 5;
# Hardening
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProcSubset = "pid";
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
};
environment.systemPackages = [ cfg.package ];
};
}

47
modules/htgen.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}: let
htgen = pkgs.callPackage ../packages/htgen.nix {};
in {
options.services.htgen = lib.mkOption {
default = {};
type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
options = {
enable = lib.mkEnableOption "htgen-${config._module.args.name}";
port = lib.mkOption {
type = lib.types.int;
};
script = lib.mkOption {
type = lib.types.str;
};
};
}));
};
config = {
systemd.services =
lib.mapAttrs' (
name: cfg:
lib.nameValuePair "htgen-${name}" {
wantedBy = ["multi-user.target"];
after = ["network.target"];
environment = {
HOME = "/var/lib/htgen-${name}";
HTGEN_PORT = toString cfg.port;
HTGEN_SCRIPT = cfg.script;
};
serviceConfig = {
SyslogIdentifier = "htgen-${name}";
DynamicUser = true;
StateDirectory = "htgen-${name}";
PrivateTmp = true;
Restart = "always";
ExecStart = "${htgen}/bin/htgen --serve";
};
}
)
config.services.htgen;
};
}

2
modules/panoptikon.nix
View File

@@ -29,7 +29,7 @@
default = "daily";
};
loadCredential = lib.mkOption {
type = lib.types.listOf lib.types.str;
type = lib.types.listOf lib.types.string;
description = ''
This can be used to pass secrets to the systemd service without adding them to the nix store.
'';

2
packages/cheat-sh.nix
View File

@@ -3,7 +3,7 @@
writers,
curl,
}:
writers.writeDashBin "cht.sh" ''
writers.writeDashBin "so" ''
IFS=+
${curl}/bin/curl -sSL http://cht.sh/"$*"
''

20
packages/cro.nix
View File

@@ -1,10 +1,10 @@
{ coreutils, chromium }:
chromium.override {
commandLineArgs = [
"--disable-sync"
"--no-default-browser-check"
"--no-first-run"
"--user-data-dir=$(${coreutils}/bin/mktemp -d)"
"--incognito"
];
}
{ writers, chromium }:
writers.writeDashBin "cro" ''
${chromium}/bin/chromium \
--disable-sync \
--no-default-browser-check \
--no-first-run \
--user-data-dir="$(mktemp -d)" \
--incognito \
"$@"
''

43
packages/dic.nix Normal file
View File

@@ -0,0 +1,43 @@
{
fetchgit,
lib,
stdenv,
coreutils,
curl,
gnugrep,
gnused,
util-linux,
}:
stdenv.mkDerivation {
name = "dic";
src = fetchgit {
url = https://cgit.ni.krebsco.de/dic;
rev = "refs/tags/v1.1.1";
sha256 = "1gbj967a5hj53fdkkxijqgwnl9hb8kskz0cmpjq7v65ffz3v6vag";
};
phases = [
"unpackPhase"
"installPhase"
];
installPhase = let
path = lib.makeBinPath [
coreutils
curl
gnused
gnugrep
util-linux
];
in ''
mkdir -p $out/bin
sed \
's,^main() {$,&\n PATH=${path}; export PATH,' \
< ./dic \
> $out/bin/dic
chmod +x $out/bin/dic
'';
}

24
packages/dirmir.nix Normal file
View File

@@ -0,0 +1,24 @@
{writers}:
writers.writeDashBin "dirmir" ''
SOURCE="$1"
TARGET="$2"
if [ ! -d "$SOURCE" ] || [ $# -ne 2 ]; then
echo >/dev/stderr "Usage: dirmir SOURCE TARGET"
exit 1
fi
if [ -e "$TARGET" ]; then
echo >/dev/stderr "$TARGET" already exists. Please use a different name.
exit 1
fi
find "$SOURCE" | while read -r entry; do
if [ -d "$entry" ]; then
mkdir -p "$TARGET/$entry"
else
# create a file with the same permissions as $entry
install -m "$(stat -c %a "$entry")" /dev/null "$TARGET/$entry"
fi
done
''

64
packages/dmenu-bluetooth.nix Normal file
View File

@@ -0,0 +1,64 @@
{
writers,
libnotify,
dmenu,
bluez5,
lib,
}:
writers.writeDashBin "dmenu-bluetooth" ''
# UI for connecting to bluetooth devices
set -efu
PATH=$PATH=${lib.makeBinPath [libnotify dmenu bluez5]}
bluetooth_notify() {
notify-send --app-name=" Bluetooth" "$@"
}
chose_device() {
# the output from `bluetoothctl {paired-,}devices` has a first column which always contains `Device` followed by a MAC address and the device name
cut -d ' ' -f2- | dmenu -i -l 5 -p "Bluetooth device"
}
bluetoothctl scan on &
case "$(printf "pair\nconnect\ndisconnect" | dmenu -i)" in
pair)
chosen="$(bluetoothctl devices | chose_device)"
chosen_name="$(echo "$chosen" | cut -d ' ' -f2-)"
bluetooth_notify "$chosen_name" "Pairing ..."
if bluetoothctl pair "$(echo "$chosen" | cut -d ' ' -f1)"; then
bluetooth_notify " $chosen_name" "Paired with device."
else
test "$chosen" && bluetooth_notify " $chosen_name" "Failed to pair with device."
fi
;;
connect)
chosen="$(bluetoothctl paired-devices | chose_device)"
chosen_name="$(echo "$chosen" | cut -d ' ' -f2-)"
bluetooth_notify "$chosen_name" "Trying to connect ..."
if bluetoothctl connect "$(echo "$chosen" | cut -d ' ' -f1)"; then
bluetooth_notify " $chosen_name" "Connected to device."
else # something was selected but it didn't work
test "$chosen" && bluetooth_notify " $chosen_name" "Failed to connect to device."
fi
;;
disconnect)
chosen="$(bluetoothctl paired-devices | chose_device)"
chosen_name="$(echo "$chosen" | cut -d ' ' -f2-)"
bluetooth_notify "$chosen_name" "Disconnecting ..."
if bluetoothctl disconnect "$(echo "$chosen" | cut -d ' ' -f1)"; then
bluetooth_notify " $chosen_name" "Disconnected from device."
else # something was selected but it didn't work
test "$chosen" && bluetooth_notify " $chosen_name" "Failed to disconnect from device."
fi
;;
esac
''

42
packages/dmenu-scrot.nix Normal file
View File

@@ -0,0 +1,42 @@
{
writers,
lib,
dmenu,
scrot,
libnotify,
xclip,
screenshotsDirectory ? "/tmp",
}:
writers.writeDashBin "dmenu-scrot" ''
# ref https://gitlab.com/dwt1/dotfiles/-/blob/master/.dmenu/dmenu-scrot.sh
PATH=$PATH:${lib.makeBinPath [dmenu scrot libnotify xclip]}
APP_NAME="📸 Scrot"
IMG_PATH="${screenshotsDirectory}"
TIME=3000 #Miliseconds notification should remain visible
cmd=$(printf "fullscreen\nsection\nupload_fullscreen\nupload_section\n" | dmenu -p 'Screenshot')
cd "$IMG_PATH" || exit
case ''${cmd%% *} in
fullscreen)
scrot -d 1 \
&& notify-send -u low -t $TIME -a "$APP_NAME" 'Screenshot (full screen) saved.'
;;
section)
scrot -s \
&& notify-send -u low -t $TIME -a "$APP_NAME" 'Screenshot (section) saved.'
;;
upload_fullscreen)
scrot -d 1 -e "kpaste < \$f" | tail --lines=1 | xclip -selection clipboard -in \
&& notify-send -u low -t $TIME -a "$APP_NAME" "Screenshot (full screen) uploaded: $(xclip -selection clipboard -out)"
;;
upload_section)
scrot -s -e "kpaste < \$f" | tail --lines=1 | xclip -selection clipboard -in \
&& notify-send -u low -t $TIME -a "$APP_NAME" "Screenshot (section) uploaded: $(xclip -selection clipboard -out)"
;;
esac
''

7
packages/dns-sledgehammer.nix Normal file
View File

@@ -0,0 +1,7 @@
{
writers,
coreutils,
}:
writers.writeDashBin "dns-sledgehammer" ''
${coreutils}/bin/printf '%s\n' 'nameserver 1.1.1.1' 'options edns0' > /etc/resolv.conf
''

28
packages/genius.nix Normal file
View File

@@ -0,0 +1,28 @@
{
writers,
curl,
coreutils,
gnused,
pandoc,
}:
writers.writeDashBin "genius" ''
${coreutils}/bin/test "$#" -eq 2 || (
echo "usage: $0 <artist> <song>"
exit 1
)
normalize() {
${coreutils}/bin/tr -d -c '0-9A-Za-z ' | ${coreutils}/bin/tr ' ' - | ${coreutils}/bin/tr '[:upper:]' '[:lower:]'
}
ARTIST=$(echo "$1" | normalize | ${gnused}/bin/sed 's/./\U&/')
TITLE=$(echo "$2" | normalize)
GENIUS_URL="https://genius.com/$ARTIST-$TITLE-lyrics"
${curl}/bin/curl -s "$GENIUS_URL" \
| ${gnused}/bin/sed -ne '/class="lyrics"/,/<\/p>/p' \
| ${pandoc}/bin/pandoc -f html -s -t plain \
| ${gnused}/bin/sed 's/^_/\x1b[3m/g;s/_$/\x1b[0m/g;s/^\[/\n\x1b\[1m\[/g;s/\]$/\]\x1b[0m/g'
printf "\n%s\n" "$GENIUS_URL" >/dev/stderr
''

23
packages/git-preview.nix Normal file
View File

@@ -0,0 +1,23 @@
{
coreutils,
git,
writers,
}:
writers.writeDashBin "git-preview" ''
set -efu
head_commit=$(${git}/bin/git log -1 --format=%H)
merge_commit=$1; shift
merge_message='Merge for git-preview'
preview_dir=$(${coreutils}/bin/mktemp --tmpdir -d git-preview.XXXXXXXX)
preview_name=$(${coreutils}/bin/basename "$preview_dir")
${git}/bin/git worktree add --detach -f "$preview_dir" 2>/dev/null
${git}/bin/git -C "$preview_dir" checkout -q "$head_commit"
${git}/bin/git -C "$preview_dir" merge \
''${GIT_PREVIEW_MERGE_STRATEGY+-s "$GIT_PREVIEW_MERGE_STRATEGY"} \
-m "$merge_message" \
-q \
"$merge_commit"
${git}/bin/git -C "$preview_dir" diff "$head_commit.." "$@"
${coreutils}/bin/rm -fR "$preview_dir"
${coreutils}/bin/rm -R .git/worktrees/"$preview_name"
''

21
packages/go-webring.nix
View File

@@ -1,21 +0,0 @@
{ buildGoModule, fetchgit, lib }:
buildGoModule {
pname = "go-webring";
version = "2024-12-18";
src = fetchgit {
url = "https://git.sr.ht/~amolith/go-webring";
rev = "0b5b1bf21ff91119ea2dd042ee9fe94e9d1cd8d4";
hash = "sha256-az6vBOGiZmzfsMjYUacXMHhDeRDmVI/arCKCpHeTcns=";
};
vendorHash = "sha256-3PnXB8AfZtgmYEPJuh0fwvG38dtngoS/lxyx3H+rvFs=";
meta = {
mainProgram = "go-webring";
description = "Simple webring implementation";
homepage = "https://git.sr.ht/~amolith/go-webring";
license = lib.licenses.bsd2; # cc0 as well
maintainers = [ lib.maintainers.kmein ];
};
}

4
packages/hc.nix
View File

@@ -9,7 +9,7 @@
gnugrep,
qrencode,
texlive,
util-linux,
utillinux,
zbar,
}:
stdenv.mkDerivation rec {
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
gnugrep
qrencode
texlive.combined.scheme-full
util-linux
utillinux
zbar
]}
'';

5
packages/heuretes.nix
View File

@@ -1,8 +1,7 @@
{
writers,
fetchurl,
xan,
util-linux,
xsv,
}: let
database = fetchurl {
url = "http://c.krebsco.de/greek.csv";
@@ -10,5 +9,5 @@
};
in
writers.writeDashBin "heuretes" ''
${xan}/bin/xan search -s simple "$*" ${database} | ${util-linux}/bin/column -s, -t
${xsv}/bin/xsv search -s simple "^$*$" ${database} | ${xsv}/bin/xsv table
''

31
packages/htgen.nix Normal file
View File

@@ -0,0 +1,31 @@
{
fetchgit,
lib,
pkgs,
stdenv,
}:
stdenv.mkDerivation rec {
pname = "htgen";
version = "1.3.1";
src = fetchgit {
url = "http://cgit.krebsco.de/htgen";
rev = "refs/tags/${version}";
sha256 = "0ml8kp89bwkrwy6iqclzyhxgv2qn9dcpwaafbmsr4mgcl70zx22r";
};
installPhase = ''
mkdir -p $out/bin
{
echo '#! ${pkgs.dash}/bin/dash'
echo 'export PATH=${lib.makeBinPath [
pkgs.coreutils
pkgs.jq
pkgs.ucspi-tcp
]}''${PATH+":$PATH"}'
sed 's:^Server=htgen$:&/${version}:' htgen
} > $out/bin/htgen
chmod +x $out/bin/htgen
cp -r examples $out
'';
}

13
packages/infschmv.nix Normal file
View File

@@ -0,0 +1,13 @@
{
writers,
pup,
curl,
pandoc,
man,
}:
writers.writeDashBin "InfSchMV" ''
${curl}/bin/curl -sSL https://www.berlin.de/corona/massnahmen/verordnung/ \
| ${pup}/bin/pup .textile \
| ${pandoc}/bin/pandoc -f html -t man -s \
| ${man}/bin/man -l -
''

29
packages/iolanguage.nix Normal file
View File

@@ -0,0 +1,29 @@
{
lib,
stdenv,
cmake,
python3,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {
version = "2017.09.06";
name = "iolanguage-${version}";
src = fetchFromGitHub {
owner = "IoLanguage";
repo = "io";
rev = "${version}";
sha256 = "07rg1zrz6i6ghp11cm14w7bbaaa1s8sb0y5i7gr2sds0ijlpq223";
fetchSubmodules = true;
};
buildInputs = [cmake python3];
preBuild = "mkdir -p build && cd build";
buildPhase = ''
cmake -DCMAKE_INSTALL_PREFIX=$out/ ..
make all
'';
meta = with lib; {
homepage = "https://iolanguage.org/";
description = "Io programming language. Inspired by Self, Smalltalk and LISP.";
license = licenses.bsd3;
};
}

16
packages/ix.nix Normal file
View File

@@ -0,0 +1,16 @@
{
stdenv,
fetchurl,
}:
stdenv.mkDerivation {
name = "ix";
src = fetchurl {
url = "https://ix.io/client";
sha256 = "0xc2s4s1aq143zz8lgkq5k25dpf049dw253qxiav5k7d7qvzzy57";
};
phases = ["installPhase"];
installPhase = ''
mkdir -p $out/bin
install $src $out/bin/ix
'';
}

16
packages/jq-lsp.nix Normal file
View File

@@ -0,0 +1,16 @@
{
buildGoModule,
fetchFromGitHub,
lib,
}:
buildGoModule {
name = "jq-lsp";
version = "unstable-2023-09-08";
src = fetchFromGitHub {
owner = "wader";
repo = "jq-lsp";
rev = "85edf1adbe5e6c91b37c67b6a4bf85eda1e49f2f";
hash = "sha256-ItLKRSbGZ8UqFEHCoh96KwhSpuKZ3l+2ZXnBkHEZL0M=";
};
vendorHash = "sha256-ppQ81uERHBgOr/bm/CoDSWcK+IqHwvcL6RFi0DgoLuw=";
}

12
packages/literature-quote.nix
View File

@@ -1,31 +1,31 @@
{
writers,
lib,
xan,
xsv,
curl,
gnused,
}:
writers.writeDashBin "literature-quote" ''
PATH=$PATH:${lib.makeBinPath [xan curl gnused]}
PATH=$PATH:${lib.makeBinPath [xsv curl gnused]}
ROW=$(curl -Ls http://kmein.github.io/logotheca/quotes.csv | shuf -n1)
(
QUOTE="$(echo "$ROW" | xan select 3)"
QUOTE="$(echo "$ROW" | xsv select 4)"
echo "$QUOTE" | sed 's/^"//;s/"$//;s/\s*||\s*/\n\n/g;s/\s*|\s*/\n/g'
echo
AUTHOR="$(echo "$ROW" | xan select 0)"
AUTHOR="$(echo "$ROW" | xsv select 1)"
# Prepare the output
ATTRIBUTION="($AUTHOR"
SOURCE="$(echo "$ROW" | xan select 1)"
SOURCE="$(echo "$ROW" | xsv select 2)"
# Add SOURCE if it's not empty
if [ -n "$SOURCE" ]; then
ATTRIBUTION="$ATTRIBUTION: $SOURCE"
fi
LOC="$(echo "$ROW" | xan select 2 | sed 's/""//;s/-//g')"
LOC="$(echo "$ROW" | xsv select 3 | sed 's/""//;s/-//g')"
# Add LOC if it's not empty
if [ -n "$LOC" ]; then
ATTRIBUTION="$ATTRIBUTION, $LOC"

63
packages/mahlzeit.nix Normal file
View File

@@ -0,0 +1,63 @@
{
lib,
fetchFromGitHub,
mkDerivation,
ansi-terminal,
base,
directory,
doctest,
filepath,
megaparsec,
optparse-applicative,
prettyprinter,
process,
raw-strings-qq,
stdenv,
tasty,
tasty-hunit,
text,
yaml,
}:
mkDerivation {
pname = "mahlzeit";
version = "0.1.0";
src = fetchFromGitHub {
owner = "kmein";
repo = "mahlzeit";
rev = "954c0fb3f45815999bc65d003794af6a850b069c";
sha256 = "046yrr40hjmxkjmwzcvmwb39fxx2v2i6hgdxrjfiwilzvhikarrg";
};
isLibrary = true;
isExecutable = true;
libraryHaskellDepends = [
ansi-terminal
base
directory
filepath
megaparsec
prettyprinter
text
yaml
];
executableHaskellDepends = [
ansi-terminal
base
directory
filepath
optparse-applicative
process
text
yaml
];
testHaskellDepends = [
base
doctest
megaparsec
raw-strings-qq
tasty
tasty-hunit
];
homepage = "https://github.com/kmein/mahlzeit";
description = "Recipe toolkit";
license = lib.licenses.mit;
}

89
packages/meteo.nix Normal file
View File

@@ -0,0 +1,89 @@
{
writers,
lib,
jq,
curl,
xdotool,
nsxiv,
gnused,
defaultStation ? 103840,
}:
writers.writeDashBin "meteo" ''
# usage: meteo --list
# usage: meteo --update
# usage: meteo STATION
set -efu
PATH=$PATH:${lib.makeBinPath [jq curl xdotool nsxiv gnused]}
# TODO XDG
CONFIG_DIR=$HOME/.config/wetter
STATIONS_FILE=$CONFIG_DIR/stations.json
case ''${1-} in
--list)
sed -n 's/^\s*\(--[^)]\+\))$/\1/p' "$0"
jq -r -n \
--slurpfile stations_file "$STATIONS_FILE" \
'
$stations_file[0] as $known_stations |
$known_stations | keys[]
'
exit
;;
--update)
mkdir -p "$(dirname "$STATIONS_FILE")"
exec >"$STATIONS_FILE"
curl -fsSL http://wetterstationen.meteomedia.de/ |
jq -Rrs '
def decodeHTML:
gsub("&auml;";"ä") |
gsub("&ouml;";"ö") |
gsub("&uuml;";"ü") |
gsub("&Auml;";"Ä") |
gsub("&Ouml;";"Ö") |
gsub("&Uuml;";"Ü") |
gsub("&szlig;";"ß")
;
[
match(".*<option value=\"/\\?map=Deutschland&station=(?<station>[0-9]+)\">(?<name>[^<]+)</option>";"g")
.captures |
map({"\(.name)":(.string)}) |
add |
{"\(.name|decodeHTML)":(.station|tonumber)}
] |
add
'
exit
;;
esac
# set -x
station=''${1-${toString defaultStation}}
station=$(jq -e -n \
--arg station "$station" \
--slurpfile stations_file "$STATIONS_FILE" \
'
$stations_file[0] as $known_stations |
$station |
if test("^[0-9]+$") then
tonumber
else
$known_stations[.]
end
')
cache="/tmp/''${LOGNAME}_wetter_$station.png"
curl -sSL \
"http://wetterstationen.meteomedia.de/messnetz/vorhersagegrafik/$station.png" \
-o "$cache"
if window_id=$(xdotool search --name "^nsxiv - $cache$"); then
xdotool key --window "$window_id" r
else
nsxiv "$cache" &
fi
''

13
packages/nix-index-update.nix Normal file
View File

@@ -0,0 +1,13 @@
{
writers,
wget,
system,
}:
writers.writeDashBin "nix-index-update" ''
filename="index-${system}"
mkdir -p ~/.cache/nix-index
cd ~/.cache/nix-index
# -N will only download a new version if there is an update.
${wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename
ln -f $filename files
''

2
packages/obsidian-vim.nix
View File

@@ -22,7 +22,7 @@ neovim.override {
\ 'path': '${obsidiantVaultDirectory}',
\ 'syntax': 'markdown',
\ 'ext': '.md',
\ 'diary_rel_path': '.',
\ 'diary_rel_path' '.',
\}]
let NERDTreeSortOrder = ['[[-timestamp]]']

5
packages/pls.nix
View File

@@ -1,7 +1,6 @@
{
lib,
writers,
yt-dlp,
miller,
gnused,
curl,
@@ -96,10 +95,6 @@
"ich kann damit leben"
"es ist was es ist"
];
download = writers.writeDash "download" ''
${yt-dlp}/bin/yt-dlp --add-metadata --audio-format mp3 --audio-quality 0 -xic "$@"
'';
in
writers.writeDashBin "pls" ''
case "$1" in

47
packages/radio-news.nix
View File

@@ -1,47 +0,0 @@
{ writers, lib, gnused, curl, jq, yq }:
writers.writeBashBin "radio-news" ''
set -efu
PATH=$PATH:${lib.makeBinPath [gnused curl jq yq]}
EVENTS=$(
curl https://www.goodnewsnetwork.org/feed/ \
| xq '
.rss.channel.item
| map(select((.pubDate|strptime("%a, %d %b %Y %H:%M:%S %z")) as $date | ($date | mktime) > (now - (60 * 60 * 24))) | {title, description})
'
)
SYSTEM_PROMPT=$(cat <<EOF
You are a news anchor writing a short news digest for a radio broadcast.
Summarize the following news headlines into a cohesive, engaging script under 400 words.
Keep it professional, concise as possible, and easy to follow.
Please no unnecessary explanations why the news is good.
Begin the digest with: "Here's your good news update."
EOF
)
REQUEST=$(cat <<EOF
{
"system_instruction": {
"parts": [
{
"text": $(jq -Rs <<< "$SYSTEM_PROMPT")
}
]
},
"contents": [
{
"parts": [
{
"text": $(jq -Rs <<< "$EVENTS")
}
]
}
]
}
EOF
)
echo "$REQUEST" | curl "https://generativelanguage.googleapis.com/v1beta/models/gemini-1.5-flash-8b:generateContent?key=$GEMINI_API_KEY" -s -H "Content-Type: application/json" -d @-
''

2
packages/rfc.nix
View File

@@ -1,8 +1,10 @@
{
writers,
curl,
pup,
gawk,
gnused,
gnugrep,
less,
fzf,
}:

4
packages/scanned.nix
View File

@@ -2,12 +2,8 @@
{
writers,
imagemagick,
ghostscript,
lib
}:
writers.writeDashBin "scanned" ''
export PATH=${lib.makeBinPath [ imagemagick ghostscript ]}:$PATH
[ $# -eq 1 -a -f "$1" -a -r "$1" ] || exit 1
${imagemagick}/bin/convert \

45
packages/stag.nix
View File

@@ -1,45 +0,0 @@
{
lib,
stdenv,
fetchFromGitHub,
ncurses,
taglib,
zlib,
}:
stdenv.mkDerivation rec {
pname = "stag";
version = "1.0";
src = fetchFromGitHub {
owner = "smabie";
repo = "stag";
rev = "v${version}";
hash = "sha256-IWb6ZbPlFfEvZogPh8nMqXatrg206BTV2DYg7BMm7R4=";
};
buildInputs = [
ncurses
taglib
zlib
];
buildPhase = ''
make all
'';
installPhase = ''
mkdir -p $out/bin
cp stag $out/bin/
mkdir -p $out/man/man1
mv stag.1 $out/man/man1/
'';
meta = {
description = "public domain utf8 curses based audio file tagger";
homepage = "https://github.com/smabie/stag";
license = lib.licenses.publicDomain;
maintainers = [ lib.maintainers.kmein ];
platforms = lib.platforms.unix;
source = src;
};
}

8
packages/vim.nix
View File

@@ -40,13 +40,6 @@
editorconfig-vim
copilot-vim
goyo
limelight-vim
niveumPackages.vimPlugins-mdwa-nvim
niveumPackages.vimPlugins-vim-ernest
fzf-vim
fzfWrapper
supertab
@@ -81,7 +74,6 @@
dhall-vim
elm-vim
emmet-vim
vim-elixir
haskell-vim
niveumPackages.vimPlugins-icalendar-vim
niveumPackages.vimPlugins-jq-vim

2
packages/vimPlugins/cheat-sh.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix {
pname = "cheat.sh-vim";
version = "826219d1";
src = fetchFromGitHub {

2
packages/vimPlugins/icalendar-vim.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix {
pname = "icalendar.vim";
version = "542fff45";
src = fetchFromGitHub {

2
packages/vimPlugins/jq-vim.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "jq.vim";
version = "5baf8ed1";
src = fetchFromGitHub {

13
packages/vimPlugins/mdwa-nvim.nix
View File

@@ -1,13 +0,0 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
pname = "mdwa.nvim";
version = "9f37270";
src = fetchFromGitHub {
owner = "tihawk";
repo = "mdwa.nvim";
rev = "9f3727037e0d85fd0930334b91b9687a5a880192";
hash = "sha256-h2jy2E+pN2Ma/5n9Eq2oXr9xHma2OxxVvx9EJ+bIYxA=";
};
})

2
packages/vimPlugins/typst-vim.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "typst.vim";
version = "2882f21";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-256noir.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "vim-256noir";
version = "e8668a18";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-colors-paramount.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-colors-paramount";
version = "a5601d36";
src = fetchFromGitHub {

14
packages/vimPlugins/vim-ernest.nix
View File

@@ -1,14 +0,0 @@
{
vimUtils,
fetchFromGitHub,
lib,
}: (vimUtils.buildVimPlugin {
pname = "vim-ernest";
version = "4b99bc3";
src = fetchFromGitHub {
owner = "lgalke";
repo = "vim-ernest";
rev = "4b99bc3fe3deb7bb958ad2f64cad93569eeb50d7";
hash = "sha256-AUuRnnZU39XUerBxNelEqVyDAalRm3VGNUQb15fjXjM=";
};
})

2
packages/vimPlugins/vim-fetch.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix rec {
pname = "vim-fetch";
version = "76c08586";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-fsharp.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "vim-fsharp";
version = "627db7d7";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-mail.nix
View File

@@ -2,7 +2,7 @@
vimUtils,
fetchFromGitHub,
}:
vimUtils.buildVimPlugin {
vimUtils.buildVimPluginFrom2Nix {
pname = "vim-mail";
version = "acdbb5bd";
src = fetchFromGitHub {

2
packages/vimPlugins/vim-reason-plus.nix
View File

@@ -1,7 +1,7 @@
{
vimUtils,
fetchFromGitHub,
}: (vimUtils.buildVimPlugin {
}: (vimUtils.buildVimPluginFrom2Nix {
pname = "vim-reason-plus";
version = "c11a2940";
src = fetchFromGitHub {

7
packages/weechat-declarative.nix
View File

@@ -1,6 +1,7 @@
{
pkgs,
lib,
unstablePackages,
...
} @ args: let
# config cannot be declared in the input attribute set because that would
@@ -136,7 +137,7 @@
))
);
weechatPkg = pkgs.weechat.override {
weechat = unstablePackages.weechat.override {
configure = _: {
init = "/exec -oc cat ${setFile}";
@@ -162,14 +163,14 @@
cfg.files
)
}
exec ${weechatPkg}/bin/weechat "$@"
exec ${weechat}/bin/weechat "$@"
'';
in
pkgs.symlinkJoin {
name = "weechat-configured";
paths = [
wrapper
weechatPkg
unstablePackages.weechat
];
postBuild = ''
ln -s ${setFile} $out/weechat.set

2
secrets

Submodule secrets updated: 3f3a8d1334...e14a3170cc

4
secrets.txt
View File

@@ -1,11 +1,8 @@
secrets/alertmanager-token-reporters.age
secrets/brevo-key.age
secrets/cifs-credentials-zodiac.age
secrets/copecart-ipn.age
secrets/di-fm-key.age
secrets/email-password-cock.age
secrets/email-password-fysi.age
secrets/email-password-ical-ephemeris.age
secrets/email-password-letos.age
secrets/email-password-meinhak99.age
secrets/email-password-posteo.age
@@ -79,7 +76,6 @@ secrets/telegram-token-proverb.age
secrets/telegram-token-reverse.age
secrets/telegram-token-streaming-link.age
secrets/weechat-sec.conf.age
secrets/wifi.age
secrets/zaatar-moodle-dl-basicAuth.age
secrets/zaatar-moodle-dl-tokens.json.age
secrets/zaatar-retiolum-privateKey-ed25519.age

3
systems/fatteh/configuration.nix
View File

@@ -9,7 +9,6 @@ in {
./hardware-configuration.nix
../../configs/networkmanager.nix
../../configs/default.nix
../../configs/gaming.nix
# ../../configs/gnome.nix
];
@@ -41,6 +40,8 @@ in {
wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
networking.hostName = "fatteh";
networking.retiolum = retiolumAddresses.fatteh;

64
systems/ful/configuration.nix
View File

@@ -12,10 +12,7 @@ in {
./radio.nix
./panoptikon.nix
./hledger.nix
./go-webring.nix
./gemini.nix
./wallabag.nix
./nethack.nix
./alew.nix
../../configs/monitoring.nix
../../configs/mycelium.nix
../../configs/tor.nix
@@ -71,6 +68,65 @@ in {
];
};
users.users.servant = {
isSystemUser = true;
group = "servant";
};
users.groups.servant = {};
systemd.services.servant = {
enable = true;
environment.PORT = toString 18987;
environment.VIRTUAL_HOST = "https://openapiaiapi.kmein.de";
serviceConfig.ExecStart = pkgs.writers.writeHaskell "server" {
libraries = with pkgs.haskellPackages; [
servant
servant-server
servant-openapi3
servant-swagger-ui
servant-client
aeson
text
warp
uuid
lens
];
ghcArgs = ["-O3" "-threaded"];
} ./servant-openapi.hs;
serviceConfig.User = "servant";
serviceConfig.Group = "servant";
};
services.htgen.openapi-conversion = {
port = 18988;
script = ''. ${pkgs.writers.writeDash "openapi-conversion" ''
case "$Method $Request_URI" in
"GET /openapi-3.1.json")
schema=$(mktemp -d)
trap 'rm -rf $schema' EXIT
${pkgs.wget}/bin/wget http://127.0.0.1:${toString 18987}/openapi.json -O "$schema"/openapi.json
cat "$schema"/openapi.json >&2
PATH=${lib.makeBinPath [pkgs.bashInteractive pkgs.nodejs]} ${pkgs.nodejs}/bin/npx --yes openapi-format "$schema"/openapi.json --convertTo "3.1" -o "$schema"/openapi-new.json
printf 'HTTP/1.1 200 OK\r\n'
printf 'Content-Type: %s\r\n' "$(${pkgs.file}/bin/file -ib "$schema"/openapi-new.json)"
printf 'Server: %s\r\n' "$Server"
printf 'Connection: close\r\n'
printf 'Content-Length: %d\r\n' $(${pkgs.coreutils}/bin/wc -c < "$schema"/openapi-new.json)
printf '\r\n'
cat "$schema"/openapi-new.json
exit
;;
esac
''}'';
};
services.nginx.virtualHosts."openapiaiapi.kmein.de" = {
enableACME = true;
forceSSL = true;
locations."/openapi-3.1.json".proxyPass = "http://127.0.0.1:${toString 18988}";
locations."/".proxyPass = "http://127.0.0.1:${toString 18987}";
};
networking = {
firewall.allowedTCPPorts = [80 443];
hostName = "ful";

15
systems/ful/gemini.nix
View File

@@ -1,15 +0,0 @@
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [ 1965 ];
services.agate = {
enable = true;
addresses = [ "0.0.0.0:1965" ];
hostnames = [ "kmein.de" ];
language = "de";
};
services.restic.backups.niveum.paths = [
config.services.agate.contentDir
config.services.agate.certificatesDir
];
}

39
systems/ful/go-webring.nix
View File

@@ -1,39 +0,0 @@
{ config, niveumPackages ,... }:
let
port = 2857;
in
{
services.go-webring = {
enable = true;
host = "dichtungsring.kmein.de";
listenAddress = "127.0.0.1:${toString port}";
package = niveumPackages.go-webring;
members = [
{ username = "meteora"; site = "meteora.xn--kiern-0qa.de"; }
{ username = "huldra"; site = "huldras-halbtraum.com"; }
];
homePageTemplate = ''
<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Dichtungsring</title>
</head>
<body>
<h1>Willkommen beim Dichtungs-Ring</h1>
<p>Ein <a href="https://de.wikipedia.org/wiki/Webring">Webring</a> für die Dichtung.</p>
<section id="members">
<table><tbody>{{ . }}</tbody></table>
</section>
</body>
</html>
'';
};
services.nginx.virtualHosts."dichtungsring.kmein.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.go-webring.listenAddress}";
};
}

2
systems/ful/hledger.nix
View File

@@ -14,7 +14,7 @@
};
systemd.services.hledger-backup = {
enable = false;
enable = true;
startAt = "hourly";
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];

2
systems/ful/matomo.nix
View File

@@ -21,7 +21,7 @@ in {
nginx = {
serverName = "matomo.kmein.de";
};
package = pkgs.matomo;
package = pkgs.matomo_5;
};
services.mysql = {

60
systems/ful/nethack.nix
View File

@@ -1,60 +0,0 @@
{
networking.firewall.allowedTCPPorts = [ 22 ];
containers.nethack = {
autoStart = true;
forwardPorts = [
{
containerPort = 22;
hostPort = 22;
}
];
config =
{ pkgs, ... }:
{
system.stateVersion = "25.11";
networking.hostName = "nethack";
services.openssh.enable = true;
environment.systemPackages = [ pkgs.nethack ];
programs.tmux.enable = true;
programs.tmux.extraConfig = ''
set -g mouse on
set -g allow-rename off
set -g detach-on-destroy off
unbind-key C-b
set -g prefix None
'';
users.users.nethack = {
isNormalUser = true;
home = "/home/nethack";
createHome = true;
shell = pkgs.bash;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAA...yourkey"
"ssh-ed25519 AAAA...friendkey"
];
};
services.openssh.settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
services.openssh.extraConfig = ''
Match User nethack
ForceCommand ${pkgs.tmux}/bin/tmux attach -t nethack || \
${pkgs.tmux}/bin/tmux new -s nethack ${pkgs.nethack}/bin/nethack
AllowTcpForwarding no
X11Forwarding no
PermitTTY yes
'';
};
};
}

119
systems/ful/servant-openapi.hs Normal file
View File

@@ -0,0 +1,119 @@
{-# LANGUAGE DataKinds #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE TypeOperators #-}
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE OverloadedStrings #-}
module Main where
import Data.Aeson (ToJSON, FromJSON)
import GHC.Generics (Generic)
import Data.String (IsString(..))
import Network.Wai (Application)
import Network.Wai.Handler.Warp (run)
import Servant
import Servant.Client (HasClient (..))
import Servant.OpenApi (HasOpenApi(..), toOpenApi)
import qualified Data.Version as Version
import Servant.Swagger.UI (SwaggerSchemaUI, swaggerSchemaUIServer)
import Data.OpenApi (ToSchema, servers, license, info, description, version, title)
import qualified Data.OpenApi as OpenApi
import Control.Concurrent.MVar (MVar, newMVar, modifyMVar, readMVar)
import System.Environment (getEnv)
import Control.Monad.IO.Class (liftIO)
import Control.Lens
import qualified Data.Text as T
import GHC.Generics
import GHC.TypeLits
import Data.UUID (UUID)
import Data.UUID.V4 (nextRandom)
import qualified Data.UUID as UUID
-- Define a simple data type
data User = User
{ userId :: UUID
, name :: String
, age :: Int
} deriving (Generic, Show)
instance ToJSON User
instance FromJSON User
instance ToSchema User
-- Define the API type
type API = "users" :> OperationId "getUsers" :> Get '[JSON] [User]
:<|> "users" :> OperationId "insertUser" :> ReqBody '[JSON] User :> Post '[JSON] User
:<|> "users" :> OperationId "updateUser" :> Capture "id" UUID :> ReqBody '[JSON] User :> Put '[JSON] User
:<|> "users" :> OperationId "deleteUser" :> Capture "id" UUID :> Delete '[JSON] NoContent
-- Define the API with Swagger endpoints
type APIWithSwagger = API
:<|> SwaggerSchemaUI "swagger-ui" "openapi.json"
data OperationId (name :: Symbol)
instance HasServer subApi ctx => HasServer (OperationId name :> subApi) ctx where
type ServerT (OperationId name :> subApi) m = ServerT subApi m
route _ = route (Proxy @subApi)
hoistServerWithContext _ = hoistServerWithContext (Proxy @subApi)
instance (HasOpenApi subApi, KnownSymbol name) => HasOpenApi (OperationId name :> subApi) where
toOpenApi _ = toOpenApi (Proxy @subApi) & OpenApi.allOperations . OpenApi.operationId ?~ apiName
where
apiName = T.pack $ symbolVal (Proxy @name)
instance HasClient m api => HasClient m (OperationId name :> api) where
type Client m (OperationId name :> api) = Client m api
clientWithRoute pm Proxy = clientWithRoute pm (Proxy :: Proxy api)
hoistClientMonad pm _ = hoistClientMonad pm (Proxy :: Proxy api)
-- Handlers for the API
getUsers :: MVar [User] -> Handler [User]
getUsers usersVar = liftIO $ readMVar usersVar
addUser :: MVar [User] -> User -> Handler User
addUser usersVar newUser = liftIO $ do
newId <- nextRandom
let userWithId = newUser { userId = newId }
modifyMVar usersVar $ \users -> return (userWithId : users, userWithId)
updateUser :: MVar [User] -> UUID -> User -> Handler User
updateUser usersVar uid updatedUser = liftIO $ do
modifyMVar usersVar $ \users ->
let newUsers = map (\user -> if userId user == uid then updatedUser { userId = uid } else user) users
in return (newUsers, updatedUser { userId = uid })
deleteUser :: MVar [User] -> UUID -> Handler NoContent
deleteUser usersVar uid = liftIO $ do
modifyMVar usersVar $ \users ->
let newUsers = filter (\user -> userId user /= uid) users
in return (newUsers, NoContent)
-- Implement the server
server :: OpenApi.Server -> MVar [User] -> Server APIWithSwagger
server virtualHost usersVar = (getUsers usersVar
:<|> addUser usersVar
:<|> updateUser usersVar
:<|> deleteUser usersVar)
:<|> swaggerSchemaUIServer (toOpenApi (Proxy :: Proxy API)
& info.title .~ "OpenAPI AI API"
& info.version .~ "1.0"
& info.description ?~ "This is an API for AI with OpenAPI"
& info.license ?~ "MIT"
& servers .~ [virtualHost])
-- Create the application
app :: OpenApi.Server -> MVar [User] -> Application
app virtualHost usersVar = serve (Proxy :: Proxy APIWithSwagger) (server virtualHost usersVar)
-- Main entry point
main :: IO ()
main = do
initialUsers <- mapM (\(name, age) -> nextRandom >>= \uid -> return (User uid name age)) [("Alice", 30), ("Bob", 25)]
usersVar <- newMVar initialUsers
virtualHost <- getEnv "VIRTUAL_HOST"
port <- read <$> getEnv "PORT" -- Assuming PORT is a number
run port (app (fromString virtualHost) usersVar)

44
systems/ful/wallabag.nix
View File

@@ -1,44 +0,0 @@
{ pkgs, config, ... }:
let
domain = "pocket.kmein.de";
port = "8088";
dataPath = "/var/lib/wallabag";
in
{
services.nginx.virtualHosts.${domain} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${port}";
proxyWebsockets = true;
};
extraConfig = ''
client_body_timeout 3000s;
client_header_timeout 3000s;
keepalive_timeout 3000s;
proxy_read_timeout 3000s;
proxy_connect_timeout 3000s;
proxy_send_timeout 3000s;
'';
};
services.restic.backups.niveum.paths = [ dataPath ];
virtualisation.oci-containers.containers."${domain}" = {
autoStart = true;
image = "wallabag/wallabag:2.6.12";
ports = [ "${port}:80" ];
volumes = [
"${dataPath}/data:/var/www/wallabag/data"
"${dataPath}/images:/var/www/wallabag/web/assets/images"
];
environment = {
SYMFONY__ENV__DOMAIN_NAME = "https://${domain}";
SYMFONY__ENV__FOSUSER_CONFIRMATION = "false";
PHP_MEMORY_LIMIT = "512M";
SYMFONY__ENV__SERVER_NAME = "Wallabag";
};
extraOptions = [ "--pull=always" ];
};
}

2
systems/kabsa/configuration.nix
View File

@@ -45,6 +45,8 @@ in {
wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
};
networking.wg-quick.interfaces.aether.address = ["192.168.178.203/24"];
environment.systemPackages = [pkgs.zeroad];
networking = {

2
systems/kibbeh/configuration.nix
View File

@@ -14,6 +14,7 @@
../../configs/sound.nix
../../configs/printing.nix
../../configs/nix.nix
../../configs/flix.nix
../../configs/fonts.nix
../../configs/mycelium.nix
../../configs/retiolum.nix
@@ -79,6 +80,7 @@
niveumPackages.mpv-tv
telegram-desktop
(niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
niveumPackages.meteo
spotify
];
};

103
systems/maakaron/home.nix Normal file
View File

@@ -0,0 +1,103 @@
{
config,
pkgs,
lib,
inputs,
niveumPackages,
...
}: let
system = "x86_64-darwin";
nextcloud = "${config.home.homeDirectory}/Nextcloud/ZODIAC";
hora = pkgs.callPackage ../../packages/hora.nix {
timeLedger = "${nextcloud}/hora.timeclock";
};
adminEssentials = import ../../configs/admin-essentials.nix {
inherit pkgs niveumPackages lib system;
};
stardict = import ../../configs/stardict.nix {
inherit pkgs lib inputs;
};
git = import ../../configs/git.nix {
inherit pkgs lib inputs system;
};
in {
home.packages =
[
hora
niveumPackages.vim
pkgs.ghc
pkgs.python3
]
++ adminEssentials.environment.systemPackages
++ git.environment.systemPackages;
#++ stardict.environment.systemPackages;
home.shellAliases =
adminEssentials.environment.shellAliases
// git.environment.shellAliases;
programs.git = git.home-manager.users.me.programs.git;
programs.zsh = let
promptColours = {
success = "green";
failure = "red";
};
in {
autocd = true;
defaultKeymap = "viins";
enableAutosuggestions = true;
enableCompletion = true;
enable = true;
historySubstringSearch.enable = true;
syntaxHighlighting.enable = true;
syntaxHighlighting.highlighters = ["main" "brackets" "pattern" "line"];
initExtra = ''
# ref https://gist.github.com/meeech/0b97a86f235d10bc4e2a1116eec38e7e
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ];
then
. '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
precmd () {
if [[ -n $IN_NIX_SHELL ]]; then
PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})λ%f '
else
PROMPT='%B%~%b %(?.%F{${promptColours.success}}.%F{${promptColours.failure}})%#%f '
fi
print -Pn "\e]2;%n@%M:%~\a" # title bar prompt
}
zle-keymap-select zle-line-init () {
case $KEYMAP in
vicmd) print -n '\e]12;green\a';;
viins|main) print -n '\e]12;gray\a';;
esac
}
zle -N zle-line-init
zle -N zle-keymap-select
'';
};
home.sessionVariables.EDITOR = "${niveumPackages.vim}/bin/nvim";
home.file."Local Applications".source = pkgs.symlinkJoin {
name = "local-applications";
paths = [pkgs.anki-bin pkgs.dbeaver pkgs.vscode pkgs.stellarium];
};
home.stateVersion = "23.11";
home.username = "xm7234fu";
home.homeDirectory = "/Users/${config.home.username}";
nixpkgs.config.allowUnfree = true;
nix.package = pkgs.nixVersions.stable;
nix.extraOptions = "experimental-features = nix-command flakes";
}
/*
hora register -p weekly --depth 1 --empty
*/

21
systems/makanek/configuration.nix
View File

@@ -13,7 +13,7 @@ in {
./menstruation.nix
./moinbot.nix
./monitoring
# ./names.nix
./names.nix
./nextcloud.nix
../../configs/mycelium.nix
./radio-news.nix
@@ -48,7 +48,7 @@ in {
config.services.grafana.dataDir
config.services.gitea.stateDir
config.services.weechat.root
config.services.nginx.virtualHosts."www.kmein.de".locations."/".root
config.services.nginx.virtualHosts."www.kmein.de".root
"/var/lib/weechat"
"/var/lib/codimd"
];
@@ -121,22 +121,7 @@ in {
services.nginx.virtualHosts."www.kmein.de" = {
addSSL = true;
enableACME = true;
locations."/" = {
root = "/var/www/kmein.de";
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
# Handle preflight requests
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
return 204; # No Content
}
'';
};
root = "/var/www/kmein.de";
};
environment.systemPackages = [

37
systems/makanek/gitea.nix
View File

@@ -1,47 +1,20 @@
{ config, ... }:
let
inherit (import ../../lib) sshPort;
domain = "code.kmein.de";
domain = "https://code.kmein.de";
in {
services.anubis = {
defaultOptions.settings = {
USER_DEFINED_DEFAULT = true;
};
instances = let instance = "gitea"; in {
${instance}.settings = {
BIND = "/run/anubis/anubis-${instance}/anubis.sock";
METRICS_BIND = "/run/anubis/anubis-${instance}/anubis-metrics.sock";
TARGET = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
USER_DEFINED_INSTANCE = true;
OG_PASSTHROUGH = true;
SERVE_ROBOTS_TXT = true;
};
};
};
users.users.nginx.extraGroups = [ config.services.anubis.instances."gitea".group ];
services.gitea = {
enable = true;
appName = domain;
appName = "code.kmein.de";
settings = {
server.ROOT_URL = "https://${domain}";
server.DOMAIN = domain;
server.ROOT_URL = domain;
server.SSH_PORT = sshPort;
service.DISABLE_REGISTRATION = true;
};
};
services.nginx.virtualHosts.${domain} = {
services.nginx.virtualHosts."code.kmein.de" = {
forceSSL = true;
enableACME = true;
# locations."/".extraConfig = "proxy_pass http://localhost:3000;";
locations = {
"/" = {
proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.BIND}";
proxyWebsockets = true;
};
"/metrics".proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.METRICS_BIND}";
};
locations."/".extraConfig = "proxy_pass http://localhost:3000;";
};
niveum.passport.services = [

351
systems/makanek/monitoring/default.nix
View File

@@ -3,13 +3,11 @@
config,
pkgs,
...
}:
let
}: let
lokiConfig = import ./loki.nix;
blackboxConfig = import ./blackbox.nix;
inherit (import ../../../lib) restic;
in
{
in {
services.grafana = {
enable = true;
settings = {
@@ -82,150 +80,143 @@ in
}
];
services.prometheus.rules =
let
diskFreeThreshold = 10;
in
[
(builtins.toJSON {
groups = [
{
name = "niveum";
rules = [
{
alert = "HostSystemdServiceCrashed";
expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
annotations = {
description = "{{$labels.name}} failed on {{$labels.instance}}";
};
}
{
alert = "RootPartitionFull";
for = "10m";
expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
annotations = {
description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
};
}
{
alert = "RootPartitionFullWeek";
for = "1h";
expr =
''node_filesystem_free_bytes{mountpoint="/"} ''
+ ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
annotations = {
description = "{{$labels.instance}} running out of space in 7 days";
};
}
{
alert = "HighLoad";
expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
for = "10m";
annotations = {
description = "{{$labels.instance}} running on high load: {{$value}}";
};
}
{
alert = "HostUnusualNetworkThroughputIn";
expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualNetworkThroughputOut";
expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskReadRate";
expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "5m";
annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskWriteRate";
expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "2m";
annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
}
{
alert = "HostOutOfInodes";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
for = "2m";
annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
}
{
alert = "HostInodesWillFillIn24Hours";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
for = "2m";
annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
}
{
alert = "HighRAM";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
for = "1h";
annotations.description = "{{$labels.instance}} using lots of RAM";
}
{
alert = "UptimeMonster";
expr = "time() - node_boot_time_seconds > 2592000";
annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
}
{
alert = "HostDown";
expr = ''up == 0'';
for = "5m";
annotations = {
description = "{{ $labels.instance }} seeming down since 5 minutes";
};
}
{
alert = "Reboot";
expr = "time() - node_boot_time_seconds < 300";
annotations.description = "{{$labels.instance}} rebooted";
}
{
alert = "Mastodon";
expr = ''probe_success{instance="https://social.krebsco.de"} == 0'';
for = "5m";
annotations.description = "Mastodon instance {{$labels.instance}} is down";
}
{
alert = "ProbeFailed";
expr = "probe_success == 0";
for = "5m";
annotations.description = "HTTP probe failed for {{$labels.instance}}";
}
{
alert = "SlowProbe";
expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
for = "5m";
annotations.description = "HTTP probe slow for {{$labels.instance}}";
}
{
alert = "HttpStatusCode";
expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
for = "5m";
annotations.description = "status code {{$value}} for {{$labels.instance}}";
}
{
alert = "SslExpirySoon";
expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
}
{
alert = "SslExpiry";
expr = "probe_ssl_earliest_cert_expiry - time() <= 0";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} has expired";
}
];
}
];
})
];
services.prometheus.rules = let
diskFreeThreshold = 10;
in [
(builtins.toJSON {
groups = [
{
name = "niveum";
rules = [
{
alert = "HostSystemdServiceCrashed";
expr = ''(node_systemd_unit_state{state="failed"} == 1) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}'';
annotations = {
description = "{{$labels.name}} failed on {{$labels.instance}}";
};
}
{
alert = "RootPartitionFull";
for = "10m";
expr = ''(node_filesystem_free_bytes{mountpoint="/"} * 100) / node_filesystem_size_bytes{mountpoint="/"} < ${toString diskFreeThreshold}'';
annotations = {
description = ''{{ $labels.instance }} running out of space: {{ $value | printf "%.2f" }}% < ${toString diskFreeThreshold}%'';
};
}
{
alert = "RootPartitionFullWeek";
for = "1h";
expr =
''node_filesystem_free_bytes{mountpoint="/"} ''
+ ''and predict_linear(node_filesystem_free_bytes{mountpoint="/"}[2d], 7*24*3600) <= 0'';
annotations = {
description = "{{$labels.instance}} running out of space in 7 days";
};
}
{
alert = "HighLoad";
expr = ''node_load15 / on(job) count(node_cpu_seconds_total{mode="system"}) by (job) >= 1.0'';
for = "10m";
annotations = {
description = "{{$labels.instance}} running on high load: {{$value}}";
};
}
{
alert = "HostUnusualNetworkThroughputIn";
expr = ''(rate(node_network_receive_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput in (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualNetworkThroughputOut";
expr = ''(rate(node_network_transmit_bytes_total[2m])) / 1024 / 1024 > 100'';
for = "5m";
annotations.description = "Host unusual network throughput out (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskReadRate";
expr = ''(rate(node_disk_read_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "5m";
annotations.description = "Host unusual disk read rate (instance {{ $labels.instance }})";
}
{
alert = "HostUnusualDiskWriteRate";
expr = ''(rate(node_disk_written_bytes_total[2m])) / 1024 / 1024 > 50'';
for = "2m";
annotations.description = "Host unusual disk write rate (instance {{ $labels.instance }})";
}
{
alert = "HostOutOfInodes";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0'';
for = "2m";
annotations.description = "Host out of inodes (instance {{ $labels.instance }})";
}
{
alert = "HostInodesWillFillIn24Hours";
expr = ''node_filesystem_files_free{fstype!="msdosfs"} / node_filesystem_files{fstype!="msdosfs"} * 100 < 10 and predict_linear(node_filesystem_files_free{fstype!="msdosfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly{fstype!="msdosfs"} == 0'';
for = "2m";
annotations.description = "Host inodes will fill in 24 hours (instance {{ $labels.instance }})";
}
{
alert = "HighRAM";
expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.1";
for = "1h";
annotations.description = "{{$labels.instance}} using lots of RAM";
}
{
alert = "UptimeMonster";
expr = "time() - node_boot_time_seconds > 2592000";
annotations.description = "uptime monster {{$labels.instance}} up for more than 30 days";
}
{
alert = "HostDown";
expr = ''up == 0'';
for = "5m";
annotations = {
description = "{{ $labels.instance }} seeming down since 5 minutes";
};
}
{
alert = "Reboot";
expr = "time() - node_boot_time_seconds < 300";
annotations.description = "{{$labels.instance}} rebooted";
}
{
alert = "ProbeFailed";
expr = "probe_success == 0";
for = "5m";
annotations.description = "HTTP probe failed for {{$labels.instance}}";
}
{
alert = "SlowProbe";
expr = "avg_over_time(probe_http_duration_seconds[1m]) > 1";
for = "5m";
annotations.description = "HTTP probe slow for {{$labels.instance}}";
}
{
alert = "HttpStatusCode";
expr = "probe_http_status_code != 0 AND (probe_http_status_code <= 199 OR probe_http_status_code >= 400)";
for = "5m";
annotations.description = "status code {{$value}} for {{$labels.instance}}";
}
{
alert = "SslExpirySoon";
expr = "probe_ssl_earliest_cert_expiry - time() < 86400 * 30";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} expires in 30 days";
}
{
alert = "SslExpiry";
expr = "probe_ssl_earliest_cert_expiry - time() <= 0";
for = "5m";
annotations.description = "SSL certificate for {{$labels.instance}} has expired";
}
];
}
];
})
];
# ref https://github.com/Mic92/dotfiles/blob/f44bac5dd6970ed3fbb4feb906917331ec3c2be5/machines/eva/modules/prometheus/default.nix
systemd.services.matrix-hook = {
@@ -255,33 +246,6 @@ in
};
};
systemd.services.matrix-hook-lassulus = {
description = "Matrix Hook";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
HTTP_ADDRESS = "[::1]";
HTTP_PORT = "9089";
MX_HOMESERVER = "https://matrix.4d2.org";
MX_ID = "@lakai:4d2.org";
MX_ROOMID = "!MJAGqBAOKZGMywzwkI:lassul.us";
MX_MSG_TEMPLATE = "${pkgs.matrix-hook}/message.html.tmpl";
};
serviceConfig = {
EnvironmentFile = [
# format: MX_TOKEN=<token>
config.age.secrets.matrix-token-lakai-env.path
];
Type = "simple";
ExecStart = "${pkgs.matrix-hook}/bin/matrix-hook";
Restart = "always";
RestartSec = "10";
DynamicUser = true;
User = "matrix-hook";
Group = "matrix-hook";
};
};
age.secrets = {
matrix-token-lakai-env.file = ../../../secrets/matrix-token-lakai-env.age;
};
@@ -296,23 +260,8 @@ in
group_wait = "30s";
repeat_interval = "24h";
receiver = "matrix";
routes = [
{
receiver = "lassulus";
matchers = [ "alertname = \"Mastodon\"" ];
}
];
};
receivers = [
{
name = "lassulus";
webhook_configs = [
{
url = "http://localhost:9089/alert";
max_alerts = 5;
}
];
}
{
name = "matrix";
webhook_configs = [
@@ -357,21 +306,13 @@ in
{
scheme = "http";
path_prefix = "/";
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.alertmanager.port}" ]; }
];
static_configs = [{targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"];}];
}
];
# otherwise bearer_token_file will fail
services.prometheus.checkConfig = "syntax-only";
services.prometheus.extraFlags = [
"--storage.tsdb.retention.time=7d"
"--storage.tsdb.retention.size=2GB"
"--storage.tsdb.wal-compression"
];
services.prometheus.scrapeConfigs = [
{
job_name = "makanek";
@@ -387,14 +328,14 @@ in
scrape_interval = "5m";
job_name = "blackbox";
metrics_path = "/probe";
params.module = [ "http_2xx" ];
params.module = ["http_2xx"];
relabel_configs = [
{
source_labels = [ "__address__" ];
source_labels = ["__address__"];
target_label = "__param_target";
}
{
source_labels = [ "__param_target" ];
source_labels = ["__param_target"];
target_label = "instance";
}
{
@@ -452,7 +393,7 @@ in
scrape_interval = "60s";
metrics_path = "/api/prometheus";
scheme = "http";
static_configs = [ { targets = [ "zaatar.r:8123" ]; } ];
static_configs = [{targets = ["zaatar.r:8123"];}];
bearer_token_file = config.age.secrets.home-assistant-token.path;
}
{
@@ -469,7 +410,7 @@ in
services.prometheus.exporters.blackbox = {
enable = true;
configFile = (pkgs.formats.yaml { }).generate "blackbox.yaml" blackboxConfig;
configFile = (pkgs.formats.yaml {}).generate "blackbox.yaml" blackboxConfig;
};
networking.firewall.allowedTCPPorts = [
@@ -478,6 +419,6 @@ in
services.loki = {
enable = true;
configFile = (pkgs.formats.yaml { }).generate "loki.yaml" lokiConfig;
configFile = (pkgs.formats.yaml {}).generate "loki.yaml" lokiConfig;
};
}

54
systems/makanek/radio-news.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
lib,
niveumPackages,
...
}: let
inherit (import ../../lib) serveHtml;
@@ -23,14 +22,55 @@ in {
];
startAt = "*:50";
script = ''
PATH=$PATH:${lib.makeBinPath [pkgs.gnused pkgs.curl pkgs.jq]}
set -efu
PATH=$PATH:${lib.makeBinPath [pkgs.w3m pkgs.gnused pkgs.curl pkgs.jq]}
GEMINI_API_KEY="$(cat "$CREDENTIALS_DIRECTORY/gemini-api-key")" ${niveumPackages.radio-news}/bin/radio-news | jq --arg from "$(date -u -Is | sed 's/+00:00/Z/')" --arg to "$(date -u -Is -d 'now + 30 minutes' | sed 's/+00:00/Z/')" '
export GEMINI_API_KEY="$(cat "$CREDENTIALS_DIRECTORY/gemini-api-key")"
WIKI_URL="https://en.wikipedia.org/wiki/Portal:Current_events"
EVENTS=$(w3m -dump "$WIKI_URL" | sed -n "/$(date -I)/,/$(date -I -d yesterday)/p" | head -n -1)
SYSTEM_PROMPT=$(cat <<EOF
You are a news anchor writing a short news digest for a radio broadcast.
Summarize the following news headlines into a cohesive, engaging script under 400 words.
Keep it professional, concise, and easy to follow.
Begin the digest with: "Here's your news update for $(date -u +"%B %d, %Y")."
EOF
)
REQUEST=$(cat <<EOF
{
from: $from,
to: $to,
text: .candidates[].content.parts[].text
}' | curl -s -X POST http://radio-news.r -H "Content-Type: application/json" -d @-
"system_instruction": {
"parts": [
{
"text": $(jq -Rs <<< "$SYSTEM_PROMPT")
}
]
},
"contents": [
{
"parts": [
{
"text": "Current events (from Wikipedia): $(echo "$EVENTS")"
}
]
}
]
}
EOF
)
RESPONSE=$(echo "$REQUEST" | curl "https://generativelanguage.googleapis.com/v1beta/models/gemini-1.5-flash-8b:generateContent?key=$GEMINI_API_KEY" -s -H "Content-Type: application/json" -d @-)
echo "$RESPONSE" | jq --arg from "$(date -u -Is | sed 's/+00:00/Z/')" --arg to "$(date -u -Is -d 'now + 30 minutes' | sed 's/+00:00/Z/')" '
{
from: $from,
to: $to,
text: .candidates[].content.parts[].text
}' | curl -s -X POST http://radio-news.r -H "Content-Type: application/json" -d @-
'';
};

Some files were not shown because too many files have changed in this diff Show More