diff options
26 files changed, 110 insertions, 42 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f9fa037d..30d90bf2 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -187,6 +187,7 @@ in { maps.work.euer IN A ${nets.internet.ip4.addr} play.work.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} + bw.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 83fbd8f8..862dfb53 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -104,7 +104,8 @@ in { # sharing <stockholm/makefu/2configs/share/gum.nix> # samba sahre <stockholm/makefu/2configs/torrent.nix> - <stockholm/makefu/2configs/sickbeard> + # <stockholm/makefu/2configs/sickbeard> + <stockholm/makefu/2configs/bitwarden.nix> { nixpkgs.config.allowUnfree = true; } #<stockholm/makefu/2configs/retroshare.nix> @@ -117,7 +118,9 @@ in { <stockholm/makefu/2configs/vpn/openvpn-server.nix> # <stockholm/makefu/2configs/vpn/vpnws/server.nix> <stockholm/makefu/2configs/binary-cache/server.nix> + { makefu.backup.server.repo = "/var/backup/borg"; } <stockholm/makefu/2configs/backup/server.nix> + <stockholm/makefu/2configs/backup/state.nix> <stockholm/makefu/2configs/iodined.nix> <stockholm/makefu/2configs/bitlbee.nix> <stockholm/makefu/2configs/wireguard/server.nix> diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index d44980ce..13918a9b 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -32,6 +32,8 @@ in { <stockholm/makefu/2configs/backup/state.nix> + + { makefu.backup.server.repo = "/media/cryptX/backup/borg"; } <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/exim-retiolum.nix> # <stockholm/makefu/2configs/smart-monitor.nix> diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub index ed203d54..52d56d95 100644 --- a/makefu/2configs/backup/ssh/gum.pub +++ b/makefu/2configs/backup/ssh/gum.pub @@ -1 +1 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/bgt/backup.nix b/makefu/2configs/bgt/backup.nix index 3b9baade..dc326026 100644 --- a/makefu/2configs/bgt/backup.nix +++ b/makefu/2configs/bgt/backup.nix @@ -2,6 +2,7 @@ # Manual steps: # 1. ssh-copy-id root ssh-key to the remotes you want to back up # 2. run `rsnapshot hourly` manually as root to check if everything works + services.rsnapshot = { enable = true; cronIntervals = { @@ -11,7 +12,7 @@ extraConfig = '' retain hourly 5 retain daily 365 -snapshot_root /var/backup +snapshot_root /var/backup/bgt backup root@binaergewitter.jit.computer:/opt/isso jit backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md index e53bad7e..d30cb49e 100644 --- a/makefu/2configs/bgt/template.md +++ b/makefu/2configs/bgt/template.md @@ -2,16 +2,16 @@ 0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) 1. `eine` Person anrufen (den Host): - - markus 6407eb63@studio-link.de - - Felix1 f3d394f4ab@studio.link - - L33tFelix 842f85eb@studio-link.de - - Ingo 5c37dbab52@studio.link -2. studio-link aufnehmen drücken, schauen ob file local.flac größer wird (wichtig) -3. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig) -3. alternative parecord: + - markus 162dcbf89f@studio.link + - Felix1 makefu@studio.link + - L33tFelix l33tname@studio.link + - Ingo ingo@studio.link +2. Jitis an machen! https://meet.jit.cloud/bgt (mittel) +3. studio-link aufnehmen drücken, schauen ob file local.flac größer wird (wichtig) +4. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig) +4. alternative parecord: `$ pacmd list-sources | grep -e device.string -e 'name:' # keins der "monitor" devices` `$ parecord --channels=1 -d alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo bgt.wav` -4. OBS starten und aufnehmen drücken (eher unwichtig) 5. darkice starten (wichtig) 6. klatschen 7. Hallihallo und Herzlich Willkommen diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix new file mode 100644 index 00000000..7e317e59 --- /dev/null +++ b/makefu/2configs/bitwarden.nix @@ -0,0 +1,46 @@ +{ pkgs, ... }: +let + port = 8812; +in { + services.bitwarden_rs = { + enable = true; + dbBackend = "postgresql"; + config.signups_allowed = false; + config.rocketPort = port; + config.domain = "https://bw.euer.krebsco.de"; + #config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden"; + config.databaseUrl = "postgresql:///bitwarden"; + config.websocket_enabled = true; + }; + + systemd.services.bitwarden_rs.after = [ "postgresql.service" ]; + + services.postgresql = { + enable = true; + ensureDatabases = [ "bitwarden" ]; + ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ]; + #initialScript = pkgs.writeText "postgresql-init.sql" '' + # CREATE DATABASE bitwarden; + # CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}'; + # GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser; + #''; + }; + + services.nginx.virtualHosts."bw.euer.krebsco.de" ={ + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://localhost:8812"; + proxyWebsockets = true; + }; + locations."/notifications/hub" = { + proxyPass = "http://localhost:3012"; + proxyWebsockets = true; + }; + locations."/notifications/hub/negotiate" = { + proxyPass = "http://localhost:8812"; + proxyWebsockets = true; + }; + }; +} diff --git a/makefu/2configs/bureautomation/automation/philosophische-tuer.nix b/makefu/2configs/bureautomation/automation/philosophische-tuer.nix index 8c3fed6d..780ba176 100644 --- a/makefu/2configs/bureautomation/automation/philosophische-tuer.nix +++ b/makefu/2configs/bureautomation/automation/philosophische-tuer.nix @@ -18,7 +18,9 @@ let samples = user: lib.mapAttrsToList (file: _: ''"${prefix}/${user}/${file}"'') (builtins.readDir (toString ( recordrepo+ "/recordings/${user}"))); - random_tuerspruch = ''{{'' + (lib.concatStringsSep "," ((samples "Felix") ++ (samples "Sofia") ++ (samples "Markus"))) + ''| random}}''; # TODO read from derivation + random_tuerspruch = ''{{['' + (lib.concatStringsSep "," ( + (samples "Felix") ++ (samples "Sofia") ++ (samples "Markus") + )) + ''] | random}}''; # TODO read from derivation in { systemd.services.copy-philosophische-tuersounds = { diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 7eb29787..aa13b62b 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -12,7 +12,7 @@ in { # hass config ## complex configs - ./multi/daily-standup.nix + # ./multi/daily-standup.nix ./multi/aramark.nix ./multi/matrix.nix ./multi/frosch.nix diff --git a/makefu/2configs/deployment/docker/archiveteam-warrior.nix b/makefu/2configs/deployment/docker/archiveteam-warrior.nix index 8eef27a2..0069e453 100644 --- a/makefu/2configs/deployment/docker/archiveteam-warrior.nix +++ b/makefu/2configs/deployment/docker/archiveteam-warrior.nix @@ -21,7 +21,7 @@ in { }; in foldl' mergeAttrs {} (map proxy instances); - docker-containers = let + virtualisation.oci-containers.containers = let container = ident: { "archiveteam-warrior${toString ident}" = { image = "archiveteam/warrior-dockerfile"; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 571e5627..86bd4b52 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -36,10 +36,20 @@ in { forceSSL = true; enableACME = true; }; - state = [ "${config.services.nextcloud.home}/config" ]; + services.postgresqlBackup = { + enable = true; + databases = [ config.services.nextcloud.config.dbname ]; + }; + + state = [ + # services.postgresql.dataDir + # "${config.services.nextcloud.home}/config" + config.services.postgresqlBackup.location + ]; + services.nextcloud = { enable = true; - package = pkgs.nextcloud20; + package = pkgs.nextcloud21; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index 4be56f32..a7ada939 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -9,7 +9,13 @@ in { }; systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; - state = [ config.services.postgresql.dataDir ]; + state = [ config.services.postgresqlBackup.location ]; + + services.postgresqlBackup = { + enable = true; + databases = [ config.services.tt-rss.database.name ]; + }; + services.nginx.virtualHosts."${fqdn}" = { enableACME = true; forceSSL = true; diff --git a/makefu/2configs/home/airsonic.nix b/makefu/2configs/home/airsonic.nix index 15e77438..c6112be2 100644 --- a/makefu/2configs/home/airsonic.nix +++ b/makefu/2configs/home/airsonic.nix @@ -1,6 +1,6 @@ { config, ... }: let - internal-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; port = 4040; in { diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 33e406e0..ee3b6242 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -5,7 +5,7 @@ ## let prefix = (import ./lib).prefix; - firetv_stick = "192.168.1.24"; + firetv_stick = "192.168.111.24"; hassdir = "/var/lib/hass"; unstable = import <nixpkgs-unstable> {}; @@ -17,7 +17,7 @@ in { ./signal-rest # hass config - ../zigbee2mqtt/hass.nix + ./zigbee2mqtt.nix # ./multi/flurlicht.nix ./multi/kurzzeitwecker.nix ./multi/the_playlist.nix @@ -48,8 +48,7 @@ in { })).override { extraPackages = p: [ (p.callPackage ./deps/dwdwfsapi.nix {}) - (p.callPackage ./deps/pykodi.nix {}) - p.APScheduler ]; + (p.callPackage ./deps/pykodi.nix {}) ]; }; config = { @@ -92,7 +91,7 @@ in { } ]; api = {}; - esphome = {}; + esphome = {}; # fails camera = []; #telegram_bot = [ # # secrets file: { diff --git a/makefu/2configs/home/ham/device_tracker/openwrt.nix b/makefu/2configs/home/ham/device_tracker/openwrt.nix index 0a34f702..c2b0353c 100644 --- a/makefu/2configs/home/ham/device_tracker/openwrt.nix +++ b/makefu/2configs/home/ham/device_tracker/openwrt.nix @@ -2,7 +2,7 @@ services.home-assistant.config.device_tracker = [ { platform = "luci"; - host = "192.168.1.5"; + host = "192.168.111.5"; username = "root"; password = import <secrets/hass/router.nix>; interval_seconds = 30; # instead of 12seconds diff --git a/makefu/2configs/home/ham/nginx.nix b/makefu/2configs/home/ham/nginx.nix index e166b2a4..cd99c073 100644 --- a/makefu/2configs/home/ham/nginx.nix +++ b/makefu/2configs/home/ham/nginx.nix @@ -1,5 +1,5 @@ let - internal-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; in { services.nginx.recommendedProxySettings = true; services.nginx.virtualHosts."hass" = { diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index c872bea0..50646d21 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -5,7 +5,7 @@ let port = "2348"; dl-dir = "/media/cryptX/youtube/music"; uid = 20421; - internal-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; in { systemd.tmpfiles.rules = [ diff --git a/makefu/2configs/home/photoprism.nix b/makefu/2configs/home/photoprism.nix index ef420057..ea15f645 100644 --- a/makefu/2configs/home/photoprism.nix +++ b/makefu/2configs/home/photoprism.nix @@ -18,7 +18,7 @@ let photodir = "/media/cryptX/photos"; statedir = "/media/cryptX/lib/photoprism/appsrv"; db-dir = "/media/cryptX/lib/photoprism/mysql"; - internal-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; sec = import <secrets/photoprism.nix>; in { diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 6ccf8b24..873699e3 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -3,7 +3,7 @@ let dataDir = "/var/lib/zigbee2mqtt"; sec = import <secrets/zigbee2mqtt.nix>; - internal-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; webport = 8521; in { diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 7e29b1c6..89b5e057 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -24,7 +24,7 @@ in { netConf = # drucker.lan SCX-3205W '' - 192.168.1.16'' + 192.168.111.16'' # uhrenkind.shack magicolor 1690mf + '' 10.42.20.30''; diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index d9e22ad7..308142f0 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; let hostname = config.krebs.build.host.name; # TODO local-ip from the nets config - local-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr; in { diff --git a/makefu/2configs/shiori.nix b/makefu/2configs/shiori.nix index fd6bc9aa..cbccdc1f 100644 --- a/makefu/2configs/shiori.nix +++ b/makefu/2configs/shiori.nix @@ -3,7 +3,7 @@ let web_port = 9011; statedir = "/var/lib/shiori"; in { - state = [ statedir ]; + state = [ "/var/lib/private/shiori" ]; # when using dynamicUser systemd.services.shiori = { description = "Shiori Server"; after = [ "network-online.target" ]; diff --git a/makefu/2configs/storj/client.nix b/makefu/2configs/storj/client.nix index 5e675340..d4831983 100644 --- a/makefu/2configs/storj/client.nix +++ b/makefu/2configs/storj/client.nix @@ -1,7 +1,7 @@ { lib, ... }: let port = "14002"; -internal-ip = "192.168.1.11"; + internal-ip = "192.168.111.11"; in { networking.firewall.allowedTCPPorts = [ 28967 ]; diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index 3229d14f..47709de1 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -8,18 +8,15 @@ host = "irc.freenode.net"; port = 6667; }; + notifyErrors = false; bots = { r-systemdultras-rss = { feed = "https://www.reddit.com/r/systemdultras/.rss"; delay = 136; - channels = [ "#systemdultras" ]; - notifyErrors = false; }; r-systemd-rss = { feed = "https://www.reddit.com/r/systemd/.rss"; delay = 172; - channels = [ "#systemdultras" ]; - notifyErrors = false; }; }; }; diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 2acdcf69..ac6d91e8 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -13,7 +13,8 @@ gi flashrom mosquitto - esphome + # esphome # broken + # nix related nix-index nix-review diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix index 2b7eca25..02680aa7 100644 --- a/makefu/2configs/workadventure/workadventure.nix +++ b/makefu/2configs/workadventure/workadventure.nix @@ -60,7 +60,7 @@ in { }; virtualisation.oci-containers.backend = "docker"; - + security.acme.certs."${domain}".extraDomainNames = [ apiURL frontURL pusherURL uploaderURL ]; services.nginx.virtualHosts."${domain}" = { enableACME = true; forceSSL = true; @@ -82,7 +82,7 @@ in { extraOptions = [ "--network=workadventure" ]; }; services.nginx.virtualHosts."${frontURL}" = { - enableACME = true; + useACMEHost = domain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; }; }; @@ -99,7 +99,7 @@ in { extraOptions = [ "--network=workadventure" ]; }; services.nginx.virtualHosts."${pusherURL}" = { - enableACME = true; + useACMEHost = domain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString pusherPort}"; @@ -123,7 +123,7 @@ in { extraOptions = [ "--network=workadventure" ]; }; services.nginx.virtualHosts."${apiURL}" = { - enableACME = true; + useACMEHost = domain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; }; }; @@ -134,7 +134,7 @@ in { extraOptions = [ "--network=workadventure" ]; }; services.nginx.virtualHosts."${uploaderURL}" = { - enableACME = true; + useACMEHost = domain; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString uploaderPort}"; |