diff options
46 files changed, 91 insertions, 159 deletions
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 481564719..951450200 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -12,6 +12,7 @@ let in { users.users.muell_mail = { inherit home; + isSystemUser = true; createHome = true; }; systemd.services.muell_mail = { diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index e894b9394..b032b4299 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -13,6 +13,7 @@ let in { users.users.muellshack = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."muell.shack" = { diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 4a981ea87..2e69d5aaa 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -14,6 +14,7 @@ in { networking.firewall.allowedUDPPorts = [ 2342 ]; users.users.node-light = { inherit home; + isSystemUser = true; createHome = true; }; services.nginx.virtualHosts."lounge.light.shack" = { diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index cc3692e85..43c743587 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -14,7 +14,10 @@ let in { # receive response from light.shack / standby.shack networking.firewall.allowedUDPPorts = [ 11111 ]; - users.users.powermeter.extraGroups = [ "dialout" ]; + users.users.powermeter = { + extraGroups = [ "dialout" ]; + isSystemUser = true; + }; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index f3ea67f79..0ce8a8786 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -14,6 +14,7 @@ in { users.users.s3_power = { inherit home; createHome = true; + isSystemUser = true; }; systemd.services.s3-power = { startAt = "daily"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 807bb7e65..c9cdfd24b 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,6 +30,7 @@ in { users.users.shackDNS = { inherit home; createHome = true; + isSystemUser = true; }; services.nginx.virtualHosts."leases.shack" = { locations."/" = { diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index d8d65d309..3eb30964e 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser group = "share"; description = "smb guest user"; home = "/home/share"; diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 56fb31795..0ac9d3350 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -268,6 +268,7 @@ let uid = genid "airdcpp"; home = cfg.stateDir; createHome = true; + isSystemUser = true; inherit (cfg) extraGroups; }; groups.airdcpp.gid = genid "airdcpp"; diff --git a/krebs/3modules/urlwatch.nix b/krebs/3modules/urlwatch.nix index 0b7a71db5..6a159a5b2 100644 --- a/krebs/3modules/urlwatch.nix +++ b/krebs/3modules/urlwatch.nix @@ -193,6 +193,7 @@ let inherit (user) uid; home = cfg.dataDir; createHome = true; + isSystemUser = true; }; }; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 763d36841..1cfa8e4a4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -126,6 +126,9 @@ in { <stockholm/makefu/2configs/wireguard/server.nix> <stockholm/makefu/2configs/wireguard/wiregrill.nix> + { # recent changes mediawiki bot + networking.firewall.allowedUDPPorts = [ 5005 5006 ]; + } # Removed until move: no extra mails # <stockholm/makefu/2configs/urlwatch> # Removed until move: avoid letsencrypt ban diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 13918a9b1..6afe792ec 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -43,7 +43,6 @@ in { <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/mobility.nix> - { environment.systemPackages = [ pkgs.esniper ]; } #<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/share-user-sftp.nix> @@ -97,7 +96,7 @@ in { <stockholm/makefu/2configs/home/airsonic.nix> <stockholm/makefu/2configs/home/photoprism.nix> - <stockholm/makefu/2configs/home/metube.nix> + # <stockholm/makefu/2configs/home/metube.nix> <stockholm/makefu/2configs/home/ham> <stockholm/makefu/2configs/home/zigbee2mqtt> { @@ -141,6 +140,7 @@ in { ]; makefu.full-populate = true; nixpkgs.config.allowUnfree = true; + users.users.share.isNormalUser = true; users.groups.share = { gid = (import <stockholm/lib>).genid "share"; members = [ "makefu" "misa" ]; @@ -152,6 +152,7 @@ in { users.users.misa = { uid = 9002; name = "misa"; + isNormalUser = true; }; zramSwap.enable = true; diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index f0d663ee9..ea557bbef 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -8,7 +8,7 @@ <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough # <stockholm/makefu/2configs/hw/tpm.nix> <stockholm/makefu/2configs/hw/ssd.nix> - <stockholm/makefu/2configs/hw/xmm7360.nix> + # <stockholm/makefu/2configs/hw/xmm7360.nix> ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix index adfebbf96..d6b99df41 100644 --- a/makefu/1systems/x/x13/zfs.nix +++ b/makefu/1systems/x/x13/zfs.nix @@ -13,6 +13,7 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + boot.zfs.enableUnstable = true; # required for 21.05 fileSystems."/" = { device = "zroot/root/nixos"; fsType = "zfs"; diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 4abc7d345..6ce0606a8 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -22,6 +22,7 @@ in { uid = genid "auphonic"; group = "nginx"; useDefaultShell = true; + isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8dc..56d319e39 100644 --- a/makefu/2configs/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix @@ -41,8 +41,8 @@ in services.tor = { enable = true; hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } + { port = 80; } + # { port = 443; toHost = "blog.binaergewitter.de"; } ]; }; } diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 669754caf..46bf05963 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -6,7 +6,7 @@ in { imports = [ ./ota.nix ./comic-updater.nix - ./puppy-proxy.nix + # ./puppy-proxy.nix ./zigbee2mqtt diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index fbbce1f09..d9a2869cc 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -33,10 +33,11 @@ let uhubDir = "/var/lib/uhub"; in { - users.extraUsers."${ddclientUser}" = { + users.users."${ddclientUser}" = { uid = genid "ddclient"; description = "ddclient daemon user"; home = stateDir; + isSystemUser = true; createHome = true; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index be64e402e..52206c380 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,6 +23,7 @@ with import <stockholm/lib>; group = "users"; home = "/home/makefu"; createHome = true; + isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 86bd4b524..0593cf7fc 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -75,7 +75,7 @@ in { }; }; services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; + systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index a7ada9395..098ffcdd5 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -7,6 +7,11 @@ in { virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "python2.7-Pillow-6.2.2" + ]; + systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 70c0320a1..abbdcbbb2 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -6,7 +6,7 @@ let in { users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; }; diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 0c57fc760..b24f6445d 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -19,8 +19,8 @@ let [ { service = "notify.signal_home"; - data = { - message= "${name} seit ${toString min} Minuten offen\nBitte einmal checken ob das ok ist :)"; + data_template = { + message = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; }; } { diff --git a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix index 3aaa57bd6..32a373edc 100644 --- a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix +++ b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix @@ -5,22 +5,22 @@ let }; notify_home = message: { service = "notify.signal_home"; - data.message = message; + data_template.message = message; }; in { services.home-assistant.config.automation = [ - { - alias = "Pflanzen Giessen Erinnerung Daily"; - trigger = { - platform = "time"; - at = "12:15:00"; - }; - action = [ - (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") - ]; - } + #{ + # alias = "Pflanzen Giessen Erinnerung Daily"; + # trigger = { + # platform = "time"; + # at = "12:15:00"; + # }; + # action = [ + # (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") + # ]; + #} { alias = "Pflanzen Giessen Erinnerung Weekly"; trigger = { @@ -32,7 +32,11 @@ in weekday = [ "sat" ]; }; action = [ - (notify_home "Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen.") + (notify_home + ''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen. + Die Wettervorhersage: {{states.sensor.dark_sky_summary.state}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. + Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte. + Der UV Index liegt bei {{states.sensor.dark_sky_uv_index.state}}'') ]; } ]; diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 11894906e..79f26a053 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -180,7 +180,8 @@ in { frontend = { }; http = { use_x_forwarded_for = true; - server_host = "127.0.0.1"; + #server_host = "127.0.0.1"; + server_host = "0.0.0.0"; trusted_proxies = [ "127.0.0.1" ]; #trusted_proxies = [ "192.168.1.0/24" ]; }; diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index 50646d210..e6008d475 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -26,7 +26,10 @@ in ]; user = "metube"; }; - users.users.metube.uid = uid; + users.users.metube = { + uid = uid; + isSystemUser = true; + }; systemd.services.docker-metube.serviceConfig = { StandardOutput = lib.mkForce "journal"; diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 95ee56835..1c4582ed5 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -20,7 +20,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 4176d7b35..0bd29497d 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser description = "smb guest user"; home = "/data/lanparty"; createHome = true; diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index cfa6193c6..2f8f4acc4 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -34,6 +34,7 @@ in { description = "ddclient daemon user"; home = stateDir; createHome = true; + isSystemUser = true; }; systemd.services = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 0227f512a..039698f1d 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,12 @@ {config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { - name = "nixBuild"; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; + name = "nixBuild"; + isNormalUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey + ]; + }; } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix index 2c93143ec..26f1d3ba3 100644 --- a/makefu/2configs/share-user-sftp.nix +++ b/makefu/2configs/share-user-sftp.nix @@ -5,6 +5,7 @@ share = { uid = 9002; home = "/var/empty"; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index 27e0c638b..fd81f28ca 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -11,7 +11,10 @@ in { # home = "/var/empty"; # }; environment.systemPackages = [ pkgs.samba ]; - users.users.download.uid = genid "download"; + users.users.download = { + uid = genid "download"; + isNormalUser = true; + }; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index ac0eaa978..56beb5b42 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -9,7 +9,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 9695751ff..f2c36b551 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e96daa038..c8ccbfbb9 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -23,6 +23,7 @@ in { uid = genid "arafetch"; inherit home; createHome = true; + isSystemUser = true; }; systemd.services.ara2mqtt = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/s |