summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix1
-rw-r--r--makefu/1systems/gum/config.nix5
-rw-r--r--makefu/1systems/omo/config.nix2
-rw-r--r--makefu/2configs/backup/ssh/gum.pub2
-rw-r--r--makefu/2configs/bgt/backup.nix3
-rw-r--r--makefu/2configs/bgt/template.md16
-rw-r--r--makefu/2configs/bitwarden.nix46
-rw-r--r--makefu/2configs/bureautomation/automation/philosophische-tuer.nix4
-rw-r--r--makefu/2configs/bureautomation/default.nix2
-rw-r--r--makefu/2configs/deployment/docker/archiveteam-warrior.nix2
-rw-r--r--makefu/2configs/deployment/owncloud.nix14
-rw-r--r--makefu/2configs/deployment/rss.euer.krebsco.de.nix8
-rw-r--r--makefu/2configs/home/airsonic.nix2
-rw-r--r--makefu/2configs/home/ham/default.nix9
-rw-r--r--makefu/2configs/home/ham/device_tracker/openwrt.nix2
-rw-r--r--makefu/2configs/home/ham/nginx.nix2
-rw-r--r--makefu/2configs/home/metube.nix2
-rw-r--r--makefu/2configs/home/photoprism.nix2
-rw-r--r--makefu/2configs/home/zigbee2mqtt/default.nix2
-rw-r--r--makefu/2configs/printer.nix2
-rw-r--r--makefu/2configs/share/omo.nix2
-rw-r--r--makefu/2configs/shiori.nix2
-rw-r--r--makefu/2configs/storj/client.nix2
-rw-r--r--makefu/2configs/systemdultras/ircbot.nix5
-rw-r--r--makefu/2configs/tools/dev.nix3
-rw-r--r--makefu/2configs/workadventure/workadventure.nix10
26 files changed, 110 insertions, 42 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index f9fa037d3..30d90bf2b 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -187,6 +187,7 @@ in {
maps.work.euer IN A ${nets.internet.ip4.addr}
play.work.euer IN A ${nets.internet.ip4.addr}
ul.work.euer IN A ${nets.internet.ip4.addr}
+ bw.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 83fbd8f83..862dfb53e 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -104,7 +104,8 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
<stockholm/makefu/2configs/torrent.nix>
- <stockholm/makefu/2configs/sickbeard>
+ # <stockholm/makefu/2configs/sickbeard>
+ <stockholm/makefu/2configs/bitwarden.nix>
{ nixpkgs.config.allowUnfree = true; }
#<stockholm/makefu/2configs/retroshare.nix>
@@ -117,7 +118,9 @@ in {
<stockholm/makefu/2configs/vpn/openvpn-server.nix>
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
<stockholm/makefu/2configs/binary-cache/server.nix>
+ { makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
+ <stockholm/makefu/2configs/backup/state.nix>
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index d44980ce7..13918a9b1 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -32,6 +32,8 @@ in {
<stockholm/makefu/2configs/backup/state.nix>
+
+ { makefu.backup.server.repo = "/media/cryptX/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/exim-retiolum.nix>
# <stockholm/makefu/2configs/smart-monitor.nix>
diff --git a/makefu/2configs/backup/ssh/gum.pub b/makefu/2configs/backup/ssh/gum.pub
index ed203d544..52d56d956 100644
--- a/makefu/2configs/backup/ssh/gum.pub
+++ b/makefu/2configs/backup/ssh/gum.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCJe7DQkKbL58pL78ImO+nVI/aaNFP8Zyqgo8EbNhW makefu@x
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/bgt/backup.nix b/makefu/2configs/bgt/backup.nix
index 3b9baadef..dc3260266 100644
--- a/makefu/2configs/bgt/backup.nix
+++ b/makefu/2configs/bgt/backup.nix
@@ -2,6 +2,7 @@
# Manual steps:
# 1. ssh-copy-id root ssh-key to the remotes you want to back up
# 2. run `rsnapshot hourly` manually as root to check if everything works
+
services.rsnapshot = {
enable = true;
cronIntervals = {
@@ -11,7 +12,7 @@
extraConfig = ''
retain hourly 5
retain daily 365
-snapshot_root /var/backup
+snapshot_root /var/backup/bgt
backup root@binaergewitter.jit.computer:/opt/isso jit
backup root@binaergewitter.jit.computer:/etc/systemd/system/isso.service jit
backup root@binaergewitter.jit.computer:/etc/nginx/conf.d/isso.conf jit
diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md
index e53bad7e8..d30cb49eb 100644
--- a/makefu/2configs/bgt/template.md
+++ b/makefu/2configs/bgt/template.md
@@ -2,16 +2,16 @@
0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher)
1. `eine` Person anrufen (den Host):
- - markus 6407eb63@studio-link.de
- - Felix1 f3d394f4ab@studio.link
- - L33tFelix 842f85eb@studio-link.de
- - Ingo 5c37dbab52@studio.link
-2. studio-link aufnehmen drücken, schauen ob file local.flac größer wird (wichtig)
-3. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig)
-3. alternative parecord:
+ - markus 162dcbf89f@studio.link
+ - Felix1 makefu@studio.link
+ - L33tFelix l33tname@studio.link
+ - Ingo ingo@studio.link
+2. Jitis an machen! https://meet.jit.cloud/bgt (mittel)
+3. studio-link aufnehmen drücken, schauen ob file local.flac größer wird (wichtig)
+4. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig)
+4. alternative parecord:
`$ pacmd list-sources | grep -e device.string -e 'name:' # keins der "monitor" devices`
`$ parecord --channels=1 -d alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo bgt.wav`
-4. OBS starten und aufnehmen drücken (eher unwichtig)
5. darkice starten (wichtig)
6. klatschen
7. Hallihallo und Herzlich Willkommen
diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix
new file mode 100644
index 000000000..7e317e596
--- /dev/null
+++ b/makefu/2configs/bitwarden.nix
@@ -0,0 +1,46 @@
+{ pkgs, ... }:
+let
+ port = 8812;
+in {
+ services.bitwarden_rs = {
+ enable = true;
+ dbBackend = "postgresql";
+ config.signups_allowed = false;
+ config.rocketPort = port;
+ config.domain = "https://bw.euer.krebsco.de";
+ #config.databaseUrl = "postgresql://bitwardenuser:${dbPassword}@localhost/bitwarden";
+ config.databaseUrl = "postgresql:///bitwarden";
+ config.websocket_enabled = true;
+ };
+
+ systemd.services.bitwarden_rs.after = [ "postgresql.service" ];
+
+ services.postgresql = {
+ enable = true;
+ ensureDatabases = [ "bitwarden" ];
+ ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ];
+ #initialScript = pkgs.writeText "postgresql-init.sql" ''
+ # CREATE DATABASE bitwarden;
+ # CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}';
+ # GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser;
+ #'';
+ };
+
+ services.nginx.virtualHosts."bw.euer.krebsco.de" ={
+ forceSSL = true;
+ enableACME = true;
+
+ locations."/" = {
+ proxyPass = "http://localhost:8812";
+ proxyWebsockets = true;
+ };
+ locations."/notifications/hub" = {
+ proxyPass = "http://localhost:3012";
+ proxyWebsockets = true;
+ };
+ locations."/notifications/hub/negotiate" = {
+ proxyPass = "http://localhost:8812";
+ proxyWebsockets = true;
+ };
+ };
+}
diff --git a/makefu/2configs/bureautomation/automation/philosophische-tuer.nix b/makefu/2configs/bureautomation/automation/philosophische-tuer.nix
index 8c3fed6de..780ba1765 100644
--- a/makefu/2configs/bureautomation/automation/philosophische-tuer.nix
+++ b/makefu/2configs/bureautomation/automation/philosophische-tuer.nix
@@ -18,7 +18,9 @@ let
samples = user: lib.mapAttrsToList
(file: _: ''"${prefix}/${user}/${file}"'')
(builtins.readDir (toString ( recordrepo+ "/recordings/${user}")));
- random_tuerspruch = ''{{'' + (lib.concatStringsSep "," ((samples "Felix") ++ (samples "Sofia") ++ (samples "Markus"))) + ''| random}}''; # TODO read from derivation
+ random_tuerspruch = ''{{['' + (lib.concatStringsSep "," (
+ (samples "Felix") ++ (samples "Sofia") ++ (samples "Markus")
+ )) + ''] | random}}''; # TODO read from derivation
in
{
systemd.services.copy-philosophische-tuersounds = {
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 7eb297879..aa13b62b7 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -12,7 +12,7 @@ in {
# hass config
## complex configs
- ./multi/daily-standup.nix
+ # ./multi/daily-standup.nix
./multi/aramark.nix
./multi/matrix.nix
./multi/frosch.nix
diff --git a/makefu/2configs/deployment/docker/archiveteam-warrior.nix b/makefu/2configs/deployment/docker/archiveteam-warrior.nix
index 8eef27a20..0069e4530 100644
--- a/makefu/2configs/deployment/docker/archiveteam-warrior.nix
+++ b/makefu/2configs/deployment/docker/archiveteam-warrior.nix
@@ -21,7 +21,7 @@ in {
};
in
foldl' mergeAttrs {} (map proxy instances);
- docker-containers = let
+ virtualisation.oci-containers.containers = let
container = ident:
{ "archiveteam-warrior${toString ident}" = {
image = "archiveteam/warrior-dockerfile";
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 571e56277..86bd4b524 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -36,10 +36,20 @@ in {
forceSSL = true;
enableACME = true;
};
- state = [ "${config.services.nextcloud.home}/config" ];
+ services.postgresqlBackup = {
+ enable = true;
+ databases = [ config.services.nextcloud.config.dbname ];
+ };
+
+ state = [
+ # services.postgresql.dataDir
+ # "${config.services.nextcloud.home}/config"
+ config.services.postgresqlBackup.location
+ ];
+
services.nextcloud = {
enable = true;
- package = pkgs.nextcloud20;
+ package = pkgs.nextcloud21;
hostName = "o.euer.krebsco.de";
# Use HTTPS for links
https = true;
diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix
index 4be56f323..a7ada9395 100644
--- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix
+++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix
@@ -9,7 +9,13 @@ in {
};
systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php";
services.postgresql.package = pkgs.postgresql_9_6;
- state = [ config.services.postgresql.dataDir ];
+ state = [ config.services.postgresqlBackup.location ];
+
+ services.postgresqlBackup = {
+ enable = true;
+ databases = [ config.services.tt-rss.database.name ];
+ };
+
services.nginx.virtualHosts."${fqdn}" = {
enableACME = true;
forceSSL = true;
diff --git a/makefu/2configs/home/airsonic.nix b/makefu/2configs/home/airsonic.nix
index 15e77438d..c6112be26 100644
--- a/makefu/2configs/home/airsonic.nix
+++ b/makefu/2configs/home/airsonic.nix
@@ -1,6 +1,6 @@
{ config, ... }:
let
- internal-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
port = 4040;
in
{
diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix
index 33e406e0b..ee3b62428 100644
--- a/makefu/2configs/home/ham/default.nix
+++ b/makefu/2configs/home/ham/default.nix
@@ -5,7 +5,7 @@
##
let
prefix = (import ./lib).prefix;
- firetv_stick = "192.168.1.24";
+ firetv_stick = "192.168.111.24";
hassdir = "/var/lib/hass";
unstable = import <nixpkgs-unstable> {};
@@ -17,7 +17,7 @@ in {
./signal-rest
# hass config
- ../zigbee2mqtt/hass.nix
+ ./zigbee2mqtt.nix
# ./multi/flurlicht.nix
./multi/kurzzeitwecker.nix
./multi/the_playlist.nix
@@ -48,8 +48,7 @@ in {
})).override {
extraPackages = p: [
(p.callPackage ./deps/dwdwfsapi.nix {})
- (p.callPackage ./deps/pykodi.nix {})
- p.APScheduler ];
+ (p.callPackage ./deps/pykodi.nix {}) ];
};
config = {
@@ -92,7 +91,7 @@ in {
}
];
api = {};
- esphome = {};
+ esphome = {}; # fails
camera = [];
#telegram_bot = [
# # secrets file: {
diff --git a/makefu/2configs/home/ham/device_tracker/openwrt.nix b/makefu/2configs/home/ham/device_tracker/openwrt.nix
index 0a34f702a..c2b0353c6 100644
--- a/makefu/2configs/home/ham/device_tracker/openwrt.nix
+++ b/makefu/2configs/home/ham/device_tracker/openwrt.nix
@@ -2,7 +2,7 @@
services.home-assistant.config.device_tracker =
[
{ platform = "luci";
- host = "192.168.1.5";
+ host = "192.168.111.5";
username = "root";
password = import <secrets/hass/router.nix>;
interval_seconds = 30; # instead of 12seconds
diff --git a/makefu/2configs/home/ham/nginx.nix b/makefu/2configs/home/ham/nginx.nix
index e166b2a4b..cd99c0739 100644
--- a/makefu/2configs/home/ham/nginx.nix
+++ b/makefu/2configs/home/ham/nginx.nix
@@ -1,5 +1,5 @@
let
- internal-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
in {
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."hass" = {
diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix
index c872bea08..50646d210 100644
--- a/makefu/2configs/home/metube.nix
+++ b/makefu/2configs/home/metube.nix
@@ -5,7 +5,7 @@ let
port = "2348";
dl-dir = "/media/cryptX/youtube/music";
uid = 20421;
- internal-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
in
{
systemd.tmpfiles.rules = [
diff --git a/makefu/2configs/home/photoprism.nix b/makefu/2configs/home/photoprism.nix
index ef4200576..ea15f645a 100644
--- a/makefu/2configs/home/photoprism.nix
+++ b/makefu/2configs/home/photoprism.nix
@@ -18,7 +18,7 @@ let
photodir = "/media/cryptX/photos";
statedir = "/media/cryptX/lib/photoprism/appsrv";
db-dir = "/media/cryptX/lib/photoprism/mysql";
- internal-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
sec = import <secrets/photoprism.nix>;
in
{
diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix
index 6ccf8b241..873699e3f 100644
--- a/makefu/2configs/home/zigbee2mqtt/default.nix
+++ b/makefu/2configs/home/zigbee2mqtt/default.nix
@@ -3,7 +3,7 @@
let
dataDir = "/var/lib/zigbee2mqtt";
sec = import <secrets/zigbee2mqtt.nix>;
- internal-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
webport = 8521;
in
{
diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix
index 7e29b1c6f..89b5e0579 100644
--- a/makefu/2configs/printer.nix
+++ b/makefu/2configs/printer.nix
@@ -24,7 +24,7 @@ in {
netConf =
# drucker.lan SCX-3205W
''
- 192.168.1.16''
+ 192.168.111.16''
# uhrenkind.shack magicolor 1690mf
+ ''
10.42.20.30'';
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index d9e22ad71..308142f03 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
# TODO local-ip from the nets config
- local-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
# local-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in {
diff --git a/makefu/2configs/shiori.nix b/makefu/2configs/shiori.nix
index fd6bc9aad..cbccdc1f5 100644
--- a/makefu/2configs/shiori.nix
+++ b/makefu/2configs/shiori.nix
@@ -3,7 +3,7 @@ let
web_port = 9011;
statedir = "/var/lib/shiori";
in {
- state = [ statedir ];
+ state = [ "/var/lib/private/shiori" ]; # when using dynamicUser
systemd.services.shiori = {
description = "Shiori Server";
after = [ "network-online.target" ];
diff --git a/makefu/2configs/storj/client.nix b/makefu/2configs/storj/client.nix
index 5e6753403..d48319838 100644
--- a/makefu/2configs/storj/client.nix
+++ b/makefu/2configs/storj/client.nix
@@ -1,7 +1,7 @@
{ lib, ... }:
let
port = "14002";
-internal-ip = "192.168.1.11";
+ internal-ip = "192.168.111.11";
in
{
networking.firewall.allowedTCPPorts = [ 28967 ];
diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix
index 3229d14f2..47709de1e 100644
--- a/makefu/2configs/systemdultras/ircbot.nix
+++ b/makefu/2configs/systemdultras/ircbot.nix
@@ -8,18 +8,15 @@
host = "irc.freenode.net";
port = 6667;
};
+ notifyErrors = false;
bots = {
r-systemdultras-rss = {
feed = "https://www.reddit.com/r/systemdultras/.rss";
delay = 136;
- channels = [ "#systemdultras" ];
- notifyErrors = false;
};
r-systemd-rss = {
feed = "https://www.reddit.com/r/systemd/.rss";
delay = 172;
- channels = [ "#systemdultras" ];
- notifyErrors = false;
};
};
};
diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix
index 2acdcf69c..ac6d91e85 100644
--- a/makefu/2configs/tools/dev.nix
+++ b/makefu/2configs/tools/dev.nix
@@ -13,7 +13,8 @@
gi
flashrom
mosquitto
- esphome
+ # esphome # broken
+
# nix related
nix-index
nix-review
diff --git a/makefu/2configs/workadventure/workadventure.nix b/makefu/2configs/workadventure/workadventure.nix
index 2b7eca250..02680aa77 100644
--- a/makefu/2configs/workadventure/workadventure.nix
+++ b/makefu/2configs/workadventure/workadventure.nix
@@ -60,7 +60,7 @@ in {
};
virtualisation.oci-containers.backend = "docker";
-
+ security.acme.certs."${domain}".extraDomainNames = [ apiURL frontURL pusherURL uploaderURL ];
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
@@ -82,7 +82,7 @@ in {
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${frontURL}" = {
- enableACME = true;
+ useACMEHost = domain;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString frontPort}"; };
};
@@ -99,7 +99,7 @@ in {
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${pusherURL}" = {
- enableACME = true;
+ useACMEHost = domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString pusherPort}";
@@ -123,7 +123,7 @@ in {
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${apiURL}" = {
- enableACME = true;
+ useACMEHost = domain;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString apiPort}"; };
};
@@ -134,7 +134,7 @@ in {
extraOptions = [ "--network=workadventure" ];
};
services.nginx.virtualHosts."${uploaderURL}" = {
- enableACME = true;
+ useACMEHost = domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString uploaderPort}";