feat: add configurationLimit for manakish and makanek

Flake lock file updates:

• Updated input 'flake-utils':
    'github:numtide/flake-utils/12806d31a381e7cd169a6bac35590e7b36dc5fe5' (2022-05-14)
  → 'github:numtide/flake-utils/04c1b180862888302ddfb2e3ad9eaa63afc60cf8' (2022-05-17)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/79385ae0aacf7e02871cc8af0623123419dd7884' (2022-05-13)
  → 'github:NixOS/nixpkgs/cbd40c72b2603ab54e7208f99f9b35fc158bc009' (2022-05-20)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/437fd89069be470fba34ef7c7f5abc55fe20e328' (2022-05-20)
  → 'github:NixOS/nixpkgs/af0bcde689ed5263e9a0df36116f7583163eb032' (2022-05-22)
• Updated input 'stockholm':
    'git+https://cgit.lassul.us/stockholm?ref=master&rev=c87ba30c0c1cf344c7cc090d73a2ba44140f15d9' (2022-05-11)
  → 'git+https://cgit.lassul.us/stockholm?ref=master&rev=5befc5a6f260e2283863212b39749d5ed05afb63' (2022-05-19)

ci.nix

@@ -36,6 +36,7 @@
     "mail/gmail/amroplay"
     "mail/gmail/kieran.meinhardt"
     "mail/meinhaki"
+    "mail/dslalewa"
     "mail/posteo"
     "nextcloud-fysi/password"
     "nextcloud/password"
@@ -73,6 +74,7 @@
           "telegram/menstruation.token"
           "telegram/cool_village.token"
           "telegram/kmein.token"
+          "telegram/krebs.token"
           "telegram/prometheus.token"
           "weechat/relay"
         ]

configs/cloud.nix

@@ -3,7 +3,9 @@
   lib,
   pkgs,
   ...
-}: {
+}: let
+  inherit (import <niveum/lib>) tmpfilesConfig;
+in {
   imports = [
     <niveum/modules/dropbox.nix>
   ];
@@ -12,17 +14,45 @@
     dropbox.enable = false;
   };
 
-  system.activationScripts.home-symlinks = ''
-    ln -sfn ${config.users.users.me.home}/cloud/syncthing/common/mahlzeit ${config.users.users.me.home}/mahlzeit
-    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Wiki ${config.users.users.me.home}/notes
-    ln -sfn ${config.users.users.me.home}/cloud/Seafile/Uni ${config.users.users.me.home}/uni
-  '';
+  systemd.tmpfiles.rules = map tmpfilesConfig [
+    {
+      type = "L+";
+      user = config.users.users.me.name;
+      group = "users";
+      mode = "0755";
+      argument = "${config.users.users.me.home}/cloud/Seafile/Wiki";
+      path = "${config.users.users.me.home}/notes";
+    }
+    {
+      type = "L+";
+      user = config.users.users.me.name;
+      group = "users";
+      mode = "0755";
+      argument = "${config.users.users.me.home}/cloud/Seafile/Uni";
+      path = "${config.users.users.me.home}/uni";
+    }
+    {
+      type = "L+";
+      user = config.users.users.me.name;
+      group = "users";
+      mode = "0755";
+      argument = "${config.users.users.me.home}/cloud/syncthing/common/mahlzeit";
+      path = "${config.users.users.me.home}/mahlzeit";
+    }
+  ];
 
   home-manager.users.me = {
+    services.gnome-keyring.enable = true;
     services.nextcloud-client = {
       enable = true;
       startInBackground = true;
     };
+    systemd.user.services.nextcloud-client = {
+      Unit = {
+        Wants = ["gnome-keyring.service"];
+        After = ["gnome-keyring.service"];
+      };
+    };
   };
 
   environment.systemPackages = [

configs/default.nix

@@ -30,6 +30,7 @@ in {
             tocharian-font = pkgs.callPackage <niveum/packages/tocharian-font.nix> {};
             iolanguage = pkgs.callPackage <niveum/packages/iolanguage.nix> {};
             ix = pkgs.callPackage <niveum/packages/ix.nix> {};
+            unstable = import <nixpkgs-unstable> {inherit (config.nixpkgs) config;};
           };
         };
         overlays = [
@@ -144,8 +145,8 @@ in {
         wcd = "source ${wcd}";
         im = "${pkgs.openssh}/bin/ssh weechat@makanek -t tmux attach-session -t IM";
         where = "source ${where}";
-        yt = "${pkgs.youtube-dl}/bin/youtube-dl --add-metadata -ic"; # Download video link
-        yta = "${pkgs.youtube-dl}/bin/youtube-dl --add-metadata -xic"; # Download with audio
+        yt = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -ic"; # Download video link
+        yta = "${pkgs.yt-dlp}/bin/yt-dlp --add-metadata -xic"; # Download with audio
       };
     }
     {i18n.defaultLocale = "en_DK.UTF-8";}
@@ -170,13 +171,15 @@ in {
     {
       security.wrappers = {
         pmount = {
+          setuid = true;
           owner = "root";
-          group = "users";
+          group = "root";
           source = "${pkgs.pmount}/bin/pmount";
         };
         pumount = {
+          setuid = true;
           owner = "root";
-          group = "users";
+          group = "root";
           source = "${pkgs.pmount}/bin/pumount";
         };
       };
@@ -262,5 +265,6 @@ in {
     ./vscode.nix
     ./watson.nix
     ./zsh.nix
+    ./tor.nix
   ];
 }

configs/fonts.nix

@@ -1,42 +1,55 @@
 {pkgs, ...}: {
   nixpkgs.config.joypixels.acceptLicense = true;
-
   fonts = {
     enableDefaultFonts = true;
     fontDir.enable = true;
     fonts = with pkgs; [
       alegreya
       alegreya-sans
+      amiri
+      unstable.annapurna-sil
+      cantarell-fonts
+      charis-sil
       corefonts
+      crimson
       eb-garamond
+      etBook
+      unstable.ezra-sil
       fira
       font-awesome-ttf
+      unstable.galatia-sil
+      gentium
+      gfs-fonts
+      gyre-fonts
+      ia-writer-duospace
       ibm-plex
-      inconsolata
-      iosevka
-      libertine
+      jetbrains-mono
+      joypixels
+      libertinus
+      libre-bodoni
       lmodern
-      noto-fonts
-      noto-fonts-cjk
-      noto-fonts-emoji
+      merriweather
+      ocr-a
       roboto
       roboto-mono
       roboto-slab
+      scheherazade-new
       source-code-pro
-      source-serif-pro
       source-sans-pro
-      ubuntu_font_family
-      gfs-fonts
-      jetbrains-mono
-      twemoji-color-font
-      joypixels
+      source-serif-pro
+      theano
       tocharian-font
-    ];
-    fontconfig.defaultFonts = {
-      monospace = ["JetBrains Mono" "JoyPixels"];
-      serif = ["Roboto Slab"];
-      sansSerif = ["Roboto" "Noto Sans"];
-      emoji = ["JoyPixels"];
+      vistafonts
+      vollkorn
+      zilla-slab
+    ]; # google-fonts league-of-moveable-type
+    fontconfig.defaultFonts = let
+      emojiFont = "JoyPixels";
+    in {
+      monospace = ["JetBrains Mono" emojiFont];
+      serif = ["Merriweather"];
+      sansSerif = ["Cantarell" emojiFont];
+      emoji = [emojiFont];
     };
   };
 }

configs/hledger.nix

@@ -5,6 +5,17 @@
 }: {
   imports = [<niveum/modules/hledger.nix>];
 
+  environment.systemPackages = let
+    timeLedger = "$HOME/projects/ledger/time.timeclock";
+  in [
+    (pkgs.writers.writeDashBin "hora-edit" ''
+      $EDITOR + "${timeLedger}" && ${pkgs.git}/bin/git -C "$(${pkgs.coreutils}/bin/dirname ${timeLedger})" commit --all --message "$(${pkgs.coreutils}/bin/date -Im)"
+    '')
+    (pkgs.writers.writeDashBin "hora" ''
+      ${pkgs.hledger}/bin/hledger -f "${timeLedger}" "$@"
+    '')
+  ];
+
   niveum.hledger = {
     enable = true;
     ledgerFile = "$HOME/projects/ledger/all.journal";

configs/i3.nix

@@ -34,6 +34,7 @@
       "devanagari" = pkgs.writers.writeDash "devanagari" ''
         ${pkgs.scripts.devanagari}/bin/devanagari
       '';
+      "avesta" = pkgs.writeScript "avesta" (builtins.readFile <niveum/packages/scripts/avesta.sed>);
       "curl" = pkgs.writers.writeDash "curl" ''
         ${pkgs.curl}/bin/curl -fSs "$(${pkgs.coreutils}/bin/cat)"
       '';

configs/keyboard.nix

@@ -4,10 +4,20 @@
   ...
 }: let
   commaSep = builtins.concatStringsSep ",";
+  languages = {
+    de = "T3";
+    gr = "polytonic";
+    ru = "phonetic";
+    ara = "buckwalter";
+  };
+  defaultLanguage = "de";
 in {
+  # man 7 xkeyboard-config
   services.xserver = {
-    layout = commaSep ["de" "gr"];
-    xkbVariant = commaSep ["T3" "polytonic"];
+    layout = commaSep (builtins.attrNames languages);
+    # T3: https://upload.wikimedia.org/wikipedia/commons/a/a9/German-Keyboard-Layout-T3-Version1-large.png
+    # buckwalter: http://www.qamus.org/transliteration.htm
+    xkbVariant = commaSep (builtins.attrValues languages);
     xkbOptions =
       commaSep ["compose:caps" "terminate:ctrl_alt_bksp" "grp:ctrls_toggle"];
     libinput.enable = true;
@@ -15,6 +25,25 @@ in {
 
   console.keyMap = "de";
 
+  environment.systemPackages =
+    lib.mapAttrsToList
+    (language: variant:
+      pkgs.writers.writeDashBin "kb-${language}" ''
+        ${pkgs.xlibs.setxkbmap}/bin/setxkbmap ${defaultLanguage},${language} ${languages.${defaultLanguage}},${variant}
+      '')
+    languages;
+
   # improve held key rate
   services.xserver.displayManager.sessionCommands = "${pkgs.xorg.xset}/bin/xset r rate 300 50";
+
+  systemd.user.services.gxkb = {
+    wantedBy = ["graphical-session.target"];
+    serviceConfig = {
+      SyslogIdentifier = "gxkb";
+      ExecStart = "${pkgs.gxkb}/bin/gxkb";
+      Restart = "always";
+      RestartSec = "15s";
+      StartLimitBurst = 0;
+    };
+  };
 }

configs/mpv.nix

@@ -18,8 +18,10 @@ in {
     programs.mpv = {
       enable = true;
       config = {
+        ytdl-format = "bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best";
         ytdl-raw-options = lib.concatStringsSep "," [''sub-lang="de,en"'' "write-sub=" "write-auto-sub="];
         screenshot-template = "%F-%wH%wM%wS-%#04n";
+        script-opts = "ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp";
       };
       bindings = {
         "Alt+RIGHT" = "add video-rotate 90";

configs/neomutt.nix

@@ -47,6 +47,20 @@
     };
   };
 
+  accounts.work-admin = {
+    user = "dslalewa";
+    password = lib.strings.fileContents <secrets/mail/dslalewa>;
+    address = "admin.alew.vglsprwi@hu-berlin.de";
+    imap = "mailbox.cms.hu-berlin.de";
+    smtp = "mailhost.cms.hu-berlin.de";
+    smtpSettings = smtp: "smtp://${smtp}";
+    folders = {
+      drafts = "Drafts";
+      sent = "Sent";
+      trash = "Trash";
+    };
+  };
+
   accounts.work-fysi = rec {
     user = "kieran@fysi.tech";
     address = user;
@@ -131,6 +145,7 @@ in {
         application/pdf; ${pkgs.zathura}/bin/zathura %s ;
         application/pgp-encrypted; ${pkgs.gnupg}/bin/gpg -d '%s'; copiousoutput;
         application/pgp-keys; ${pkgs.gnupg}/bin/gpg --import '%s'; copiousoutput;
+        application/vnd.openxmlformats*; ${pkgs.libreoffice}/bin/soffice '%s';
       ''
     }:$mailcap_path
 

configs/newsboat.nix

@@ -5,7 +5,7 @@
 }: let
   ytdl-format = "'bestvideo[height<=?720][fps<=?30][vcodec!=?vp9]+bestaudio/best'";
 
-  youtube-download = "${pkgs.ts}/bin/ts ${pkgs.youtube-dl}/bin/youtube-dl -f ${ytdl-format} --add-metadata";
+  youtube-download = "${pkgs.ts}/bin/ts ${pkgs.yt-dlp}/bin/yt-dlp -f ${ytdl-format} --add-metadata";
 
   newsboat-home = "${config.users.users.me.home}/cloud/Seafile/Documents/newsboat";
   linkhandler-bin = "${pkgs.scripts.linkhandler}/bin/linkhandler";

configs/packages.nix

@@ -8,8 +8,6 @@
   menstruation = pkgs.callPackage <menstruation-backend> {};
   pandoc-doc = pkgs.callPackage <niveum/packages/man/pandoc.nix> {};
 
-  nixpkgs-unstable = import <nixpkgs-unstable> {config.allowUnfree = true;};
-
   zoteroStyle = {
     name,
     sha256,
@@ -35,7 +33,7 @@
     })
   ];
 
-  astrolog = nixpkgs-unstable.astrolog.overrideAttrs (old:
+  astrolog = pkgs.unstable.astrolog.overrideAttrs (old:
     old
     // {
       installPhase = ''
@@ -124,10 +122,10 @@ in {
     electrum
     inkscape
     astrolog
-    anki # flashcards
+    unstable.anki # flashcards
     jbofihe # lojbanic software
-    nixpkgs-unstable.zoom-us # video conferencing
-    nixpkgs-unstable.alejandra # nix formatter
+    unstable.zoom-us # video conferencing
+    unstable.alejandra # nix formatter
     pdfgrep # search in pdf
     pdftk # pdf toolkit
     mupdf
@@ -136,7 +134,7 @@ in {
     xournalpp # for annotating pdfs
     pdfpc # presenter console for pdf slides
     hc # print files as qr codes
-    youtubeDL
+    yt-dlp
     espeak
     bc # calculator
     pari # gp -- better calculator
@@ -161,7 +159,7 @@ in {
     scripts.vimv
     scripts.swallow # window swallowing
     scripts.literature-quote
-    scripts.nav # json navigation
+    jless # less(1) for json
     scripts.notetags
     scripts.booksplit
     scripts.dmenurandr
@@ -175,7 +173,6 @@ in {
     scripts.fkill
     scripts.wttr
     scripts.unicodmenu
-    scripts.horoscope
     scripts.closest
     scripts.trans
     scripts.mpv-radio

configs/ssh.nix

@@ -25,6 +25,11 @@ in {
         port = sshPort;
       };
       makanek = {
+        hostname = "88.99.83.173";
+        user = "root";
+        port = sshPort;
+      };
+      "makanek.r" = {
         hostname = "makanek.r";
         user = "root";
         port = sshPort;
@@ -57,9 +62,15 @@ in {
         hostname = "135.181.85.233";
         user = "root";
       };
-      oracle = {
-        hostname = "130.61.171.199";
-        user = "ubuntu";
+      "ful.r" = {
+        hostname = "ful.r";
+        user = "root";
+        port = sshPort;
+      };
+      ful = {
+        hostname = "130.61.217.114";
+        user = "root";
+        port = sshPort;
       };
     };
   };

configs/telegram-bots/astrology.nix

@@ -3,7 +3,6 @@
   lib,
   ...
 }: let
-  nixpkgs-unstable = import <nixpkgs-unstable> {};
   toSymbols = pkgs.writers.writeDash "to-symbols" ''
     ${pkgs.gnused}/bin/sed '
       s/\bTri\b/△/;
@@ -42,7 +41,7 @@
   '';
 in {
   niveum.telegramBots.transits = {
-    enable = true;
+    enable = false;
     time = "*:0/1";
     token = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
     chatIds = ["-1001796440545"];
@@ -50,8 +49,8 @@ in {
       now=$(${pkgs.coreutils}/bin/date +%_H:%M | ${pkgs.gnused}/bin/sed 's/^\s*//')
       date=$(${pkgs.coreutils}/bin/date +'%m %d %Y')
       {
-        ${nixpkgs-unstable.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node"
-        ${nixpkgs-unstable.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
+        ${pkgs.unstable.astrolog}/bin/astrolog -qd $date -zN Berlin -Yt -Yd -d -R Uranus Neptune Pluto "North Node"
+        ${pkgs.unstable.astrolog}/bin/astrolog -Yt -Yd -q 10 22 1999 6:32 -zN Kassel -td $date -R Uranus Neptune Pluto "North Node"
       } | ${toSymbols} | ${pkgs.coreutils}/bin/sort -n | ${pkgs.gnugrep}/bin/grep "^$now" || :
     '');
   };

configs/telegram-bots/autorenkalender.nix

@@ -20,4 +20,12 @@ in {
     parseMode = "Markdown";
     command = "${autorenkalender}/bin/autorenkalender";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Autorenkalender";
+      description = "sends <a href=\"https://www.projekt-gutenberg.org/\">Projekt Gutenberg</a>'s anniversary information to Telegram.";
+      link = "https://t.me/Autorenkalender";
+    }
+  ];
 }

configs/telegram-bots/default.nix

@@ -26,6 +26,24 @@ in {
       inherit path;
     }) [reverseDirectory proverbDirectory];
 
+  niveum.passport.services = [
+    {
+      title = "Rückwarts-Bot";
+      link = "https://t.me/RueckwaertsBot";
+      description = "reverses things on Telegram.";
+    }
+    {
+      title = "BetaCode-Bot";
+      link = "https://t.me/BetaCodeBot";
+      description = "converts <a href=\"https://en.wikipedia.org/wiki/Beta_Code\">beta code</a> to polytonic Greek on Telegram.";
+    }
+    {
+      title = "Sprichwortgenerator-Bot";
+      link = "https://t.me/SprichwortGeneratorBot";
+      description = "generates useless German proverbs with optional stock photo background on Telegram.";
+    }
+  ];
+
   systemd.services.telegram-reverse = {
     wantedBy = ["multi-user.target"];
     description = "Telegram reverse bot";

configs/telegram-bots/literature-quote.nix

@@ -14,4 +14,11 @@ in {
     command = "${literature-quote}/bin/literature-quote";
     parseMode = "Markdown";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Literature quote bot";
+      description = "sends me and my friends three <a href=\"https://logotheca.xn--kiern-0qa.de/\">logotheca</a> quotes a day.";
+    }
+  ];
 }

configs/telegram-bots/nachtischsatan.nix

@@ -34,4 +34,12 @@ in {
     });
     serviceConfig.Restart = "always";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Nachtischsatan-Bot";
+      link = "https://t.me/NachtischsatanBot";
+      description = "*flubberflubber*";
+    }
+  ];
 }

configs/telegram-bots/tlg-wotd.nix

@@ -17,4 +17,12 @@
     '');
     parseMode = "Markdown";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Thesaurus Linguae Graecae Word of the Day";
+      description = "sends <a href=\"https://stephanus.tlg.uci.edu/\">TLG</a>'s word of the day to Telegram.";
+      link = "https://t.me/tlgwotd";
+    }
+  ];
 }

configs/tor.nix

@@ -1,4 +1,4 @@
-{
+{pkgs, ...}: {
   services.tor.enable = true;
-  services.tor.torsocks.enable = true;
+  environment.systemPackages = [pkgs.tor];
 }

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "flake-utils": {
       "locked": {
-        "lastModified": 1648297722,
-        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
+        "lastModified": 1652776076,
+        "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
+        "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8",
         "type": "github"
       },
       "original": {
@@ -22,11 +22,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1647175256,
-        "narHash": "sha256-7H+veXPM7IwdN1DoZqliwb9sghlN56koV5dnCu1kpsc=",
+        "lastModified": 1651519540,
+        "narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a8d00f5c038cf7ec54e7dac9c57b171c1217f008",
+        "rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0",
         "type": "github"
       },
       "original": {
@@ -62,11 +62,11 @@
     "menstruation-backend": {
       "flake": false,
       "locked": {
-        "lastModified": 1634573652,
-        "narHash": "sha256-FIj8oCOJO+Wqxr2o5MMqIShvzMJud4iUq3o8y4NIRvw=",
+        "lastModified": 1649545504,
+        "narHash": "sha256-TVm3246ML7gWPeGm+bdb+Qo8o/7nve7sQ2hBdCZm3z8=",
         "owner": "kmein",
         "repo": "menstruation.rs",
-        "rev": "dd405fe2acf32441e8ac56e488e689bb1c4bea82",
+        "rev": "d9f3c6d53542fd7c7ed191e37cf4e342d4a47bcb",
         "type": "github"
       },
       "original": {
@@ -109,11 +109,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1647992509,
-        "narHash": "sha256-AG40Nt5OWz0LBs5p457emOuwLKOvTtcv/2fUdnEN3Ws=",
+        "lastModified": 1653087707,
+        "narHash": "sha256-zfno3snrzZTWQ2B7K53QHrGZwrjnJLTRPalymrSsziU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d2caa9377539e3b5ff1272ac3aa2d15f3081069f",
+        "rev": "cbd40c72b2603ab54e7208f99f9b35fc158bc009",
         "type": "github"
       },
       "original": {
@@ -125,11 +125,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1648337267,
-        "narHash": "sha256-8DRg8UDvs63iaIaHEbWG7/lnD9ImQlMNsTZMY3PvFLc=",
+        "lastModified": 1653180606,
+        "narHash": "sha256-dYJLG7fgp4/SAhOM5d725KZtCVZuEMS6tSI098n7SA0=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6de161729c81dc98e844793cc9c8fda29d5ef62a",
+        "rev": "af0bcde689ed5263e9a0df36116f7583163eb032",
         "type": "github"
       },
       "original": {
@@ -158,11 +158,11 @@
     "retiolum": {
       "flake": false,
       "locked": {
-        "lastModified": 1647444524,
-        "narHash": "sha256-N4T1UXLkYJMQqk65LkTDpW70ujXXeZ9xe5k+LOpznAI=",
+        "lastModified": 1653077783,
+        "narHash": "sha256-GiL82w4BVSZZV5gIQSoEf+KoJaIkUv+29vZmmWlKb6I=",
         "owner": "krebs",
         "repo": "retiolum",
-        "rev": "de6d7dc9bd671e65f2ee3004b6807625e7553e84",
+        "rev": "1b5154c3ed9f3cb751afc3e306a1b20e3358ffe5",
         "type": "github"
       },
       "original": {
@@ -194,11 +194,11 @@
     "scripts": {
       "flake": false,
       "locked": {
-        "lastModified": 1648314795,
-        "narHash": "sha256-hGIXkAcGiJnVXnl8kigZpI3VFrLmAr2+yr85hi5JwP0=",
+        "lastModified": 1650993582,
+        "narHash": "sha256-cKcdHzyy6Y4H9+KcnCgk/Tt1Zqd8lhfiXv4LClcETLc=",
         "owner": "kmein",
         "repo": "scripts",
-        "rev": "d1d525b92a34e55b1ad886807c284106e58716b2",
+        "rev": "c1aaeb4339e9c41057d362667554835a0f49850f",
         "type": "github"
       },
       "original": {
@@ -210,11 +210,11 @@
     "stockholm": {
       "flake": false,
       "locked": {
-        "lastModified": 1648214990,
-        "narHash": "sha256-rptATGq+jcpL+P+Cr6d3OajV6zYkbHPWlt3aQNZI2TY=",
+        "lastModified": 1652980569,
+        "narHash": "sha256-LJcveSM7m3YBzF7F9jpfQtEbkuHX86QdE0DDdPiX0Yg=",
         "ref": "master",
-        "rev": "ae9c0b12710b5361d0d45510eb401eebfc1b3fb0",
-        "revCount": 10497,
+        "rev": "5befc5a6f260e2283863212b39749d5ed05afb63",
+        "revCount": 10545,
         "type": "git",
         "url": "https://cgit.lassul.us/stockholm"
       },
@@ -242,11 +242,11 @@
     "tinc-graph": {
       "flake": false,
       "locked": {
-        "lastModified": 1639820904,
-        "narHash": "sha256-d4s2PulBGIIQXtX7blZz+Wnmij5dK/IrBcilNGjqZC4=",
+        "lastModified": 1653080212,
+        "narHash": "sha256-BcfppAuVNp0hMcrMG/ZxE4juSrdQbJSUIA0eHS1/Wxo=",
         "owner": "kmein",
         "repo": "tinc-graph",
-        "rev": "1b9c69ffdbdab82d30a23e44f739feea63d94163",
+        "rev": "ea0ef2e5542684d1d8e34a626cb9295dec33e70d",
         "type": "github"
       },
       "original": {

flake.nix

@@ -119,7 +119,10 @@
           type = "app";
           program = deployScriptFor {
             inherit name;
-            host = "${name}.r";
+            host =
+              if name != "ful"
+              then "${name}.r"
+              else "130.61.217.114";
           };
         };
       });

lib/default.nix

@@ -28,7 +28,7 @@ rec {
   serveHtml = file: pkgs: ''
     default_type "text/html";
     root ${
-      pkgs.linkFarm "fahrplan" [
+      pkgs.linkFarm "www" [
         {
           name = "index.html";
           path = file;

lib/retiolum-network.nix

@@ -4,6 +4,11 @@
     ipv6 = "42:0:3c46:861f:a118:8e9a:82c9:3d";
   };
 
+  ful = {
+    ipv4 = "10.243.2.107";
+    ipv6 = "42:0:3c46:2c8b:a564:1213:9fb4:1bc4";
+  };
+
   zaatar = {
     ipv4 = "10.243.2.34";
     ipv6 = "42:0:3c46:156e:10b6:3bd6:6e82:b2cd";

modules/passport.nix

@@ -0,0 +1,135 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.niveum.passport;
+  sortOn = a: lib.sort (as1: as2: lib.lessThan (lib.getAttr a as1) (lib.getAttr a as2));
+  css = ''
+    body {
+      margin: 0;
+      font-family: "Fira Sans Condensed", sans-serif;
+    }
+
+    main {
+      margin: 0 auto;
+      display: grid;
+      grid-template-columns: 1fr 3fr;
+      grid-gap: 2em;
+    }
+    @media only screen and (max-width: 768px) {
+      main {
+        grid-template-columns: 1fr;
+      }
+    }
+
+    footer, section {
+      padding: 1em;
+    }
+
+    footer {
+      text-align: center;
+    }
+
+    dl {
+      border: 3px double #ccc;
+      padding: 0.5em;
+    }
+    dt {
+      float: left;
+      clear: left;
+      width: 200px;
+      text-align: right;
+      font-weight: bold;
+      margin-right: 1em;
+      margin-bottom: 1em;
+    }
+    dd {
+      margin: 0 0 0 110px;
+      padding: 0 0 0.5em 0;
+      margin-bottom: 1em;
+    }
+  '';
+in
+  with lib; {
+    options.niveum.passport = {
+      enable = mkEnableOption "server passport";
+
+      introductionHTML = mkOption {type = types.str;};
+
+      virtualHost = mkOption {
+        type = types.str;
+      };
+
+      services = mkOption {
+        type = types.listOf (types.submodule {
+          options = {
+            title = mkOption {type = types.str;};
+            link = mkOption {
+              type = types.nullOr types.str;
+              default = null;
+            };
+            description = mkOption {
+              type = types.str;
+              default = "";
+            };
+          };
+        });
+        default = [];
+      };
+    };
+
+    config = mkIf cfg.enable {
+      services.nginx.enable = true;
+
+      services.nginx.virtualHosts."${cfg.virtualHost}".locations."/passport".extraConfig = ''
+        default_type "text/html";
+        root ${
+          pkgs.linkFarm "www" [
+            {
+              name = "passport/index.html";
+              path = pkgs.writeText "index.html" ''
+                <!doctype html>
+                <head>
+                  <meta charset="utf-8">
+                  <meta name="viewport" content="width=device-width, initial-scale=1">
+                  <title>${config.networking.hostName} passport</title>
+                  <style>${css}</style>
+                </head>
+                <body>
+                  <main>
+                    <section id="server">
+                    <h1>${config.networking.hostName}</h1>
+                    ${cfg.introductionHTML}
+                    </section>
+
+                    <section id="services">
+                    <h2>Services</h2>
+                    <dl>
+                    ${lib.strings.concatMapStringsSep "\n" (service: ''
+                  <dt>
+                  ${lib.optionalString (service.link != null) "<a href=\"${service.link}\">"}
+                  ${service.title}
+                  ${lib.optionalString (service.link != null) "</a>"}
+                  </dt>
+                  <dd>
+                  ${service.description}
+                  </dd>
+                '') (sortOn "title" cfg.services)}
+                    </dl>
+                    </section>
+                  </main>
+
+                  <footer>
+                    <tt>${config.networking.hostName}</tt> is part of the <i><a href="https://github.com/kmein/niveum/tree/master/systems/${config.networking.hostName}">niveum</a></i> network.
+                  </footer>
+                </body>
+              '';
+            }
+          ]
+        };
+        index index.html;
+      '';
+    };
+  }

packages/gfs-fonts.nix

@@ -39,5 +39,15 @@ in
       GFS_Pyrsos = "0y0dv7y3n01bbhhnczflx1zcc7by56cffmr2xqixj2rd1nvchx0j";
       GFS_Solomos = "1mpx9mw566awvfjdfx5sbz3wz5gbnjjw56gz30mk1lw06vxf0dxz";
       GFS_Theokritos = "0haasx819x8c8yvna6pqywgi4060av2570jm34cddnz1fgnhv1b8";
+      # Heraklit
+      # Galatea
+      # Georgiou
+      # Ambrosia
+      # Fleischman
+      # Eustace
+      # Nicefore
+      # Jackson
+      # Garaldus
+      # Ignacio
     };
   }

packages/scripts/avesta.sed

@@ -0,0 +1,54 @@
+#!/usr/bin/env -S sed -f
+s/ā̊/𐬃/g
+s/t̰/𐬝/g
+s/ṣ̌/𐬴/g
+s/š́/𐬳/g
+s/ą̄/𐬅/g
+s/ŋᵛ/𐬤/g
+s/ə̄/𐬇/g
+s/ŋ́/𐬣/g
+s/x́/𐬒/g
+s/xᵛ/𐬓/g
+s/a/𐬀/g
+s/ā/𐬁/g
+s/å/𐬂/g
+s/ą/𐬄/g
+s/ə/𐬆/g
+s/e/𐬈/g
+s/ē/𐬉/g
+s/o/𐬊/g
+s/ō/𐬋/g
+s/i/𐬌/g
+s/ī/𐬍/g
+s/u/𐬎/g
+s/ū/𐬏/g
+s/k/𐬐/g
+s/x/𐬑/g
+s/g/𐬔/g
+s/ġ/𐬕/g
+s/γ/𐬖/g
+s/c/𐬗/g
+s/j/𐬘/g
+s/t/𐬙/g
+s/θ/𐬚/g
+s/d/𐬛/g
+s/δ/𐬜/g
+s/p/𐬞/g
+s/f/𐬟/g
+s/b/𐬠/g
+s/β/𐬡/g
+s/ŋ/𐬢/g
+s/n/𐬥/g
+s/ń/𐬦/g
+s/ṇ/𐬧/g
+s/m/𐬨/g
+s/m̨/𐬩/g
+s/ẏ/𐬪/g
+s/y/𐬫/g
+s/v/𐬬/g
+s/r/𐬭/g
+s/s/𐬯/g
+s/z/𐬰/g
+s/š/𐬱/g
+s/ž/𐬲/g
+s/h/𐬵/g

packages/scripts/default.nix

@@ -307,16 +307,11 @@ in
       packages = [pkgs.xdo];
     };
 
-    ipa =
-      pkgs.writers.writeHaskellBin "ipa" {
-        libraries = with pkgs; [haskellPackages.text haskellPackages.ipa];
-      } ''
-        import Data.Maybe (fromJust)
-        import Language.IPA
-        import qualified Data.Text as T
-        import qualified Data.Text.IO as T
-        main = T.interact (T.unwords . map (unIPA . fromJust . (xSampaToIpa =<<) . mkXSampa) . T.words)
-      '';
+    ipa = wrapScript {
+      script = ./ipa.py;
+      name = "ipa";
+      packages = [pkgs.python3];
+    };
 
     default-gateway = pkgs.writers.writeDashBin "default-gateway" ''
       ${pkgs.iproute}/bin/ip -json route | ${pkgs.jq}/bin/jq --raw-output '.[0].gateway'

packages/scripts/unicodmenu.nix

@@ -75,8 +75,9 @@
 in
   # ref https://github.com/LukeSmithxyz/voidrice/blob/9fe6802122f6e0392c7fe20eefd30437771d7f8e/.local/bin/dmenuunicode
   writers.writeDashBin "unicodmenu" ''
+    history_file=$HOME/.cache/unicodmenu
     PATH=${lib.makeBinPath [coreutils dmenu gnused libnotify xclip xdotool]}
-    chosen=$(cat ${kaomoji-file} ${unicode-file} | dmenu -p unicode -i -l 10 | sed "s/    .*//")
+    chosen=$(cat "$history_file" ${kaomoji-file} ${unicode-file} | dmenu -p unicode -i -l 10 | tee --append "$history_file" | sed "s/    .*//")
 
     [ "$chosen" != "" ] || exit
 

systems/ful/configuration.nix

@@ -0,0 +1,48 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (import <niveum/lib>) kieran retiolumAddresses;
+in {
+  imports = [
+    ./hardware-configuration.nix
+    # <niveum/configs/monitoring.nix>
+    <niveum/configs/nix.nix>
+    <niveum/configs/save-space.nix>
+    <niveum/configs/spacetime.nix>
+    <niveum/configs/sshd.nix>
+    <niveum/modules/retiolum.nix>
+  ];
+
+  nix.nixPath = ["/var/src"];
+
+  networking = {
+    firewall.allowedTCPPorts = [80 443];
+    hostName = "ful";
+    interfaces.enp0s3.useDHCP = true;
+    retiolum = retiolumAddresses.ful;
+    useDHCP = false;
+  };
+
+  system.stateVersion = "21.11";
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    email = kieran.email;
+  };
+
+  users.users.root.passwordFile = toString <system-secrets/root.password>;
+
+  environment.systemPackages = [pkgs.vim pkgs.git pkgs.tmux pkgs.python3];
+}

systems/ful/hardware-configuration.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [<nixpkgs/nixos/modules/profiles/qemu-guest.nix>];
+
+  boot = {
+    loader = {
+      systemd-boot = {
+        enable = true;
+        configurationLimit = 1;
+      };
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = ["virtio_pci" "usbhid"];
+      kernelModules = ["bochs_drm"];
+    };
+    kernelModules = [
+      "console=ttyS0"
+      "console=tty1"
+      "nvme.shutdown_timeout=10"
+      "libiscsi.debug_libiscsi_eh=1"
+    ];
+    extraModulePackages = [];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9bf751c7-cf32-49fb-9354-17694c7a46e0";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/7817-285D";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+}

systems/makanek/configuration.nix

@@ -31,6 +31,7 @@ in {
     <niveum/configs/sshd.nix>
     <niveum/configs/telegram-bots>
     <niveum/modules/retiolum.nix>
+    <niveum/modules/passport.nix>
   ];
 
   services.restic.backups.niveum = {
@@ -52,6 +53,30 @@ in {
     ];
   };
 
+  niveum.passport = {
+    enable = true;
+    introductionHTML = ''
+      <p>
+      The machine <tt>makanek</tt> is named after a Levantine type of <a href="https://en.wikipedia.org/wiki/Makanek">sausage</a> (مقانق <i>maqāniq</i>).
+      </p>
+      <p>
+      It runs on <a href="https://www.hetzner.com/cloud">Hetzner cloud</a>.
+      </p>
+      <figure>
+        <img width="200" src="https://www.albawaba.com/sites/default/files/2019-08/makanek-BeFunky-project.jpg" alt="Makanek sausages"/>
+        <figcaption>Makanek</figcaption>
+      </figure>
+    '';
+    virtualHost = "makanek.r";
+
+    services = [
+      {
+        title = "restic backup";
+        description = "This machine backups its state via restic backup.";
+      }
+    ];
+  };
+
   nix.nixPath = ["/var/src"];
 
   networking = {
@@ -62,6 +87,10 @@ in {
     useDHCP = false;
   };
 
+  nixpkgs.config.packageOverrides = pkgs: {
+    unstable = import <nixpkgs-unstable> {inherit (config.nixpkgs) config;};
+  };
+
   system.stateVersion = "20.03";
 
   services.nginx = {

systems/makanek/gitea.nix

@@ -1,13 +1,25 @@
-{
+let
+  inherit (import <niveum/lib>) sshPort;
+  domain = "https://code.kmein.de";
+in {
   services.gitea = {
     enable = true;
     disableRegistration = true;
-    rootUrl = "https://code.kmein.de";
+    rootUrl = domain;
     appName = "code.kmein.de";
+    ssh.clonePort = sshPort;
   };
   services.nginx.virtualHosts."code.kmein.de" = {
     forceSSL = true;
     enableACME = true;
     locations."/".extraConfig = "proxy_pass http://localhost:3000;";
   };
+
+  niveum.passport.services = [
+    {
+      link = domain;
+      title = "Gitea";
+      description = "hosts a couple of <tt>git</tt> repos. Registration is disabled.";
+    }
+  ];
 }

systems/makanek/hardware-configuration.nix

@@ -17,6 +17,7 @@
       enable = true;
       version = 2;
       devices = ["/dev/sda"];
+      configurationLimit = 3;
     };
   };
 

systems/makanek/hedgedoc.nix

@@ -5,11 +5,9 @@
 }: let
   backupLocation = "/var/lib/codimd-backup";
   stateLocation = "/var/lib/codimd/state.sqlite";
-  nixpkgs-unstable = import <nixpkgs-unstable> {};
   domain = "pad.kmein.de";
+  inherit (import <niveum/lib>) tmpfilesConfig;
 in {
-  imports = [<stockholm/krebs/3modules/permown.nix>];
-
   services.nginx.virtualHosts.${domain} = {
     enableACME = true;
     forceSSL = true;
@@ -49,16 +47,28 @@ in {
     };
   };
 
-  krebs.permown.${backupLocation} = {
-    owner = "codimd";
-    group = "codimd";
-    umask = "0002";
-  };
+  niveum.passport.services = [
+    {
+      title = "Hedgedoc";
+      link = "https://${domain}";
+      description = "lets you collaborate on Markdown documents.";
+    }
+  ];
+
+  systemd.tmpfiles.rules = [
+    (tmpfilesConfig {
+      user = "codimd";
+      group = "codimd";
+      mode = "0755";
+      type = "d";
+      path = backupLocation;
+    })
+  ];
 
   systemd.services.hedgedoc-backup = {
     description = "Hedgedoc backup service";
     script = ''
-      ${nixpkgs-unstable.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
+      ${pkgs.unstable.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
       | ${
         pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" {} ''
           import json

systems/makanek/matterbridge.nix

@@ -4,16 +4,16 @@
   ...
 }: {
   services.matterbridge = {
-    enable = true;
+    enable = false;
     configPath = let
-      bridgeBotToken = lib.strings.fileContents <system-secrets/telegram/kmein.token>;
+      bridgeBotToken = lib.strings.fileContents <system-secrets/telegram/krebs.token>;
     in
       toString ((pkgs.formats.toml {}).generate "config.toml" {
         general = {
           RemoteNickFormat = "[{NICK}] ";
           Charset = "utf-8";
         };
-        telegram.kmein.Token = bridgeBotToken;
+        telegram.krebs.Token = bridgeBotToken;
         irc = let
           Nick = "ponte";
         in {
@@ -38,7 +38,7 @@
                 channel = "#krebs";
               }
               {
-                account = "telegram.kmein";
+                account = "telegram.krebs";
                 channel = "-330372458";
               }
               {

systems/makanek/menstruation.nix

@@ -11,6 +11,14 @@ in {
 
   environment.systemPackages = [pkgs.redis];
 
+  niveum.passport.services = [
+    {
+      title = "Tischlein, deck dich!";
+      description = "serves you with Berlin canteen menus via Telegram.";
+      link = "https://t.me/TischleinDeckDichBot";
+    }
+  ];
+
   systemd.services.menstruation-telegram = {
     wants = [
       "network-online.target"

systems/makanek/moinbot.nix

@@ -12,5 +12,12 @@
     serviceConfig.DynamicUser = true;
   };
 
+  niveum.passport.services = [
+    {
+      title = "moinbot";
+      description = "greets #hsmr:hackint.org daily.";
+    }
+  ];
+
   systemd.timers.moinbot.timerConfig.RandomizedDelaySec = "14h";
 }

systems/makanek/monitoring/default.nix

@@ -22,6 +22,26 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      title = "Prometheus";
+      description = "collects metrics from devices in the <i>niveum</i> network, blackbox monitors some websites.";
+    }
+    {
+      title = "Loki";
+      description = "aggregates logs of the <i>niveum</i> network.";
+    }
+    {
+      title = "Grafana";
+      link = "http://${config.services.grafana.domain}";
+      description = "displays metrics from devices in the <i>niveum</i> network.";
+    }
+    {
+      title = "Alertmanager bot";
+      description = "notifies me when something goes wrong.";
+    }
+  ];
+
   services.prometheus.rules = let
     diskFreeThreshold = 10;
   in [
@@ -220,7 +240,7 @@ in {
             "tarot.kmein.de"
             "cloud.xn--kiern-0qa.de"
             "grafana.kmein.r"
-            "names.kmein.r"
+            # "names.kmein.r"
             "rrm.r"
             "graph.r"
           ];
@@ -238,16 +258,6 @@ in {
         }
       ];
     }
-    {
-      job_name = "tahina";
-      static_configs = [
-        {
-          targets = [
-            "tahina.r:${toString config.services.prometheus.exporters.node.port}"
-          ];
-        }
-      ];
-    }
   ];
 
   services.prometheus.exporters.blackbox = {

systems/makanek/moodle-dl-borsfaye.nix

@@ -12,6 +12,13 @@
 in {
   imports = [<niveum/modules/moodle-dl.nix>];
 
+  niveum.passport.services = [
+    {
+      title = "MoodleDL";
+      description = "notifies about changes on Moodle.";
+    }
+  ];
+
   services.moodle-dl = {
     enable = true;
     startAt = "hourly";

systems/makanek/names.nix

@@ -4,8 +4,8 @@
   ...
 }: let
   port = 5703;
-  geogen-src = "${<scripts>}/onomastics";
-  geogen = pkgs.callPackage geogen-src {};
+  onomap-src = "${<scripts>}/onomastics-ng";
+  onomap = pkgs.haskellPackages.callCabal2nix "onomap" onomap-src {};
 in {
   systemd.services.names = {
     wants = ["network-online.target"];
@@ -13,12 +13,11 @@ in {
     description = "Better clone of geogen.stoepel.net";
     serviceConfig = {
       DynamicUser = true;
+      ExecStart = "${onomap}/bin/onomap-web";
+      Restart = "on-failure";
+      RestartSec = "15s";
     };
-    script = ''
-      cd $(mktemp -d)
-      ln -s "${geogen-src}/wsgi.py" wsgi.py
-      ${geogen.dependencyEnv}/bin/gunicorn wsgi:app -b :${toString port}
-    '';
+    environment.PORT = toString port;
   };
 
   services.nginx = {
@@ -29,6 +28,14 @@ in {
     recommendedTlsSettings = true;
   };
 
+  niveum.passport.services = [
+    {
+      link = "http://names.kmein.r";
+      title = "Onomap";
+      description = "maps surnames within Germany.";
+    }
+  ];
+
   services.nginx.virtualHosts."names.kmein.r" = {
     locations."/".proxyPass = "http://127.0.0.1:${toString port}";
   };

systems/makanek/nextcloud.nix

@@ -1,5 +1,6 @@
 {
   pkgs,
+  config,
   lib,
   ...
 }: let
@@ -33,6 +34,14 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      title = "Nextcloud";
+      link = "https://${config.services.nextcloud.hostName}";
+      description = "manages calendars, to-do lists, files, and recipes.";
+    }
+  ];
+
   services.postgresql = {
     enable = true;
     ensureDatabases = ["nextcloud"];

systems/makanek/radio-news.nix

@@ -8,6 +8,14 @@
 in {
   services.nginx.virtualHosts."redaktion.r".locations."/".extraConfig = serveHtml <niveum/lib/radio-news.html> pkgs;
 
+  niveum.passport.services = [
+    {
+      title = "Retiolum Radio News";
+      link = "http://redaktion.r";
+      description = "supplies git history news to radio lassulus and lets you enter your own.";
+    }
+  ];
+
   systemd.services.stockholm-history = {
     startAt = "hourly";
     script = ''

systems/makanek/radio.nix

@@ -126,4 +126,12 @@ in {
     forceSSL = true;
     locations."/".proxyPass = "http://127.0.0.1:${toString config.services.icecast.listen.port}";
   };
+
+  niveum.passport.services = [
+    {
+      title = "Radio";
+      link = "https://radio.kmein.de";
+      description = "broadcasts a few little (and mostly useless) web-radio stations.";
+    }
+  ];
 }

systems/makanek/retiolum-map.nix

@@ -44,6 +44,19 @@ in {
     };
   };
 
+  niveum.passport.services = [
+    {
+      link = "http://graph.r";
+      title = "Retiolum Realtime Map";
+      description = "displays geographical information about the retiolum network. <a href=\"http://graph.r/graph.html\">Graph</a> info also available.";
+    }
+    {
+      link = "http://c.r/${geo-ip-database}";
+      title = "GeoIP";
+      description = "shares MaxMind's GeoIP database with the krebs world. Updated weekly.";
+    }
+  ];
+
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
@@ -57,6 +70,7 @@ in {
 
   systemd.services.geoip-share = {
     after = ["geoipupdate.service"];
+    wantedBy = ["geoipupdate.service"];
     script = let
       cyberlocker-tools = pkgs.callPackage <stockholm/krebs/5pkgs/simple/cyberlocker-tools> {};
     in "${cyberlocker-tools}/bin/cput ${geo-ip-database} < ${geo-ip-database-path}";

systems/makanek/tarot.nix

@@ -48,6 +48,14 @@ in {
       }'';
   };
 
+  niveum.passport.services = [
+    rec {
+      link = "https://tarot.kmein.de";
+      title = "Tarot";
+      description = "draws Tarot cards for you. See <a href=\"${link}/files/key.pdf\">here</a> for information on how to interpret them.";
+    }
+  ];
+
   services.nginx.virtualHosts."tarot.kmein.de" = {
     enableACME = true;
     forceSSL = true;

systems/makanek/urlwatch.nix

@@ -204,4 +204,11 @@ in {
       Type = "oneshot";
     };
   };
+
+  niveum.passport.services = [
+    {
+      description = "keeps me up-to-date on sites that have no RSS feed (shame be upon them!).";
+      title = "urlwatch";
+    }
+  ];
 }

systems/makanek/weechat.nix

@@ -143,6 +143,11 @@ in {
               tags = ["nick_gitlab"];
               regex = "*";
             };
+            people = {
+              buffer = "irc.*.*";
+              tags = map (name: "nick_${name}") ["mod_p[matrix-fli"];
+              regex = "*";
+            };
           };
         };
         extraCommands = ''/matrix connect nibbana'';
@@ -180,4 +185,11 @@ in {
     isSystemUser = true;
     packages = [pkgs.tmux];
   };
+
+  niveum.passport.services = [
+    {
+      title = "weechat bouncer";
+      description = "keeps me logged in on IRC.";
+    }
+  ];
 }

systems/manakish/hardware-configuration.nix

@@ -21,6 +21,7 @@
       efiSupport = true;
       efiInstallAsRemovable = true;
       device = "/dev/sda";
+      configurationLimit = 5;
     };
   };
 

systems/tahina/configuration.nix

@@ -11,23 +11,22 @@ in {
     <niveum/configs/spacetime.nix>
     <niveum/modules/retiolum.nix>
     <niveum/configs/sshd.nix>
-    {
-      console.keyMap = "de";
-      i18n.defaultLocale = "de_DE.UTF-8";
-      services.xserver = {
-        layout = "de";
-        libinput.enable = true;
-      };
-    }
-    {
-      nix.nixPath = ["/var/src"];
-    }
   ];
 
+  nix.nixPath = ["/var/src"];
+
+  console.keyMap = "de";
+  i18n.defaultLocale = "de_DE.UTF-8";
+  services.xserver = {
+    layout = "de";
+    libinput.enable = true;
+  };
+
   users.users.xenos = {
     name = "xenos";
     password = "xenos";
     isNormalUser = true;
+    extraGroups = ["networkmanager"];
   };
 
   services.xserver = {

systems/tahina/hardware-configuration.nix

@@ -26,17 +26,23 @@
     extraModulePackages = [];
   };
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
-    fsType = "xfs";
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/e9a8bd34-61eb-4317-888d-bd7d6248a906";
+      fsType = "xfs";
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/9B2F-31E1";
+      fsType = "vfat";
+    };
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/9B2F-31E1";
-    fsType = "vfat";
-  };
-
-  swapDevices = [];
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 2048;
+    }
+  ];
 
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }

systems/zaatar/moodle-dl-meinhark.nix

@@ -69,6 +69,16 @@ in {
         108283 # Digital Classicist
         109211 # Altlitauisch
         109185 # Etymologie
+
+        # SS 2022
+        112606 # Avestisch
+        111761 # Griechische Wissenschaftsliteratur
+        111515 # H. Furens
+        110914 # Apostelgeschichte
+        112225 # Gr. Paläographie
+        113275 # ALEW
+        112783 # Akzent und Silbenstruktur
+        113493 # Papyrologie
       ];
       download_submissions = true;
       download_descriptions = true;

systems/zaatar/tuna.nix

@@ -5,6 +5,7 @@
   ...
 }: let
   firewall = (import <niveum/lib>).firewall lib;
+  inherit (import <niveum/lib>) tmpfilesConfig;
 
   streams = import <niveum/lib/streams.nix> {
     di-fm-key = lib.strings.fileContents <secrets/di.fm/key>;
@@ -71,13 +72,31 @@ in {
     extraStopCommands = firewall.removeRules rules;
   };
 
-  system.activationScripts.mpd-playlists = let
-    playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
-  in ''
-    rm -rf /var/lib/mpd/playlists
-    install -d /var/lib/mpd/playlists
-    ln -sfn "${toString playlistFile}" "/var/lib/mpd/playlists/radio.m3u"
-  '';
+  systemd.tmpfiles.rules = let
+    tags = lib.lists.unique (lib.concatMap ({tags ? [], ...}: tags) streams);
+    tagStreams = tag: lib.filter ({tags ? [], ...}: lib.elem tag tags) streams;
+    makePlaylist = name: streams: pkgs.writeText "${name}.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
+  in
+    map (tag:
+      tmpfilesConfig {
+        type = "L+";
+        path = "/var/lib/mpd/playlists/${tag}.m3u";
+        mode = "0644";
+        user = "mpd";
+        group = "mpd";
+        argument = makePlaylist tag (tagStreams tag);
+      })
+    tags
+    ++ [
+      (tmpfilesConfig {
+        type = "L+";
+        mode = "0644";
+        user = "mpd";
+        group = "mpd";
+        path = "/var/lib/mpd/playlist/all.m3u";
+        argument = makePlaylist "all" streams;
+      })
+    ];
 
   services.tuna = {
     enable = true;
@@ -87,33 +106,15 @@ in {
       logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
       stream,
       station,
+      ...
     }: {inherit id desc logo stream station;})
     streams;
-    webPort = 8080;
+    webPort = 7044;
   };
 
-  systemd.services.tuna-stations = let
-    stations = lib.lists.imap0 (id: {
-      desc ? "",
-      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
-      stream,
-      station,
-    }: {inherit id desc logo stream station;})
-    streams;
-    stationsJson = (pkgs.formats.json {}).generate "stations.json" stations;
-  in {
-    enable = false;
-    wantedBy = ["tuna.service"];
-    startAt = "hourly";
-    script = ''
-      mkdir -p /etc/tuna
-      antenne_asb_url=$(
-        ${pkgs.curl}/bin/curl -sS 'https://www.caster.fm/widgets/em_player.php?jsinit=true&uid=529295&t=blue&c=' \
-          | grep streamUrl \
-          | sed ${lib.escapeShellArg "s/^.*'\\([^']*\\)'.*/\\1/"}
-      )
-      ${pkgs.jq}/bin/jq "map(if .station == \"Antenne ASB\" then .stream |= \"$antenne_asb_url\" else . end)" < ${stationsJson} > /etc/tuna/stations.json
-    '';
+  services.ympd = {
+    enable = true;
+    mpd.port = config.services.mpd.network.port;
   };
 
   services.nginx = {
@@ -125,7 +126,7 @@ in {
     virtualHosts."radio.kmein.r" = {
       basicAuth.dj = password;
       locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.tuna.webPort}";
+        proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}";
         proxyWebsockets = true;
       };
     };