summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/2configs/news.nix2
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/external/kmein.nix1
-rw-r--r--krebs/3modules/makefu/default.nix43
-rw-r--r--krebs/3modules/makefu/retiolum/latte.pub8
-rw-r--r--krebs/3modules/makefu/retiolum/latte_ed25519.pub1
-rw-r--r--krebs/3modules/rtorrent.nix348
-rw-r--r--krebs/3modules/tinc.nix12
-rw-r--r--krebs/nixpkgs-unstable.json8
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--lass/2configs/bitcoin.nix9
-rw-r--r--lass/2configs/radio-news.nix53
-rw-r--r--makefu/0tests/data/secrets/hetzner.smb0
-rw-r--r--makefu/1systems/gum/config.nix34
-rw-r--r--makefu/1systems/latte/1blu/default.nix50
-rw-r--r--makefu/1systems/latte/1blu/network.nix32
-rw-r--r--makefu/1systems/latte/config.nix90
-rw-r--r--makefu/1systems/latte/source.nix1
-rw-r--r--makefu/1systems/omo/config.nix7
-rw-r--r--makefu/1systems/x/config.nix12
-rw-r--r--makefu/2configs/backup/ssh/latte.pub1
-rw-r--r--makefu/2configs/home/ps4srv.nix17
-rw-r--r--makefu/2configs/share/default.nix29
-rw-r--r--makefu/2configs/share/hetzner-client.nix12
-rw-r--r--makefu/2configs/share/omo.nix6
-rw-r--r--makefu/2configs/torrent.nix73
-rw-r--r--makefu/2configs/torrent/rtorrent.nix48
27 files changed, 400 insertions, 506 deletions
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 9ea4cbf8d..1f966bf24 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -184,7 +184,7 @@
exit 1
fi
twitter_nick=$(echo "$1" | ${pkgs.jq}/bin/jq -Rr '[match("(\\S+)\\s*";"g").captures[].string][0]')
- echo "brockman: add tw_$twitter_nick http://rss.r/?action=display&bridge=Twitch&channel=$twitter_nick&type=all&format=Atom"
+ echo "brockman: add tw_$twitter_nick http://rss.r/?action=display&bridge=Twitter&context=By+username&u=$twitter_nick&norep=on&noretweet=on&nopinned=on&nopic=on&format=Atom"
'';
search.filename = pkgs.writeDash "search" ''
set -euf
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index fc57d8188..2d73da884 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -46,7 +46,6 @@ let
./realwallpaper.nix
./repo-sync.nix
./retiolum-bootstrap.nix
- ./rtorrent.nix
./secret.nix
./setuid.nix
./shadow.nix
diff --git a/krebs/3modules/external/kmein.nix b/krebs/3modules/external/kmein.nix
index 1e4a68057..4605fbdf0 100644
--- a/krebs/3modules/external/kmein.nix
+++ b/krebs/3modules/external/kmein.nix
@@ -63,6 +63,7 @@ in
"names.kmein.r"
"graph.r"
"rrm.r"
+ "redaktion.r"
];
ip4.addr = "10.243.2.84";
tinc.pubkey = ''
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index f87802b45..68484a102 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -148,6 +148,46 @@ in {
};
};
};
+ latte = rec {
+ ci = true;
+ extraZones = {
+ "krebsco.de" = ''
+ latte.euer IN A ${nets.internet.ip4.addr}
+ rss.euer IN A ${nets.internet.ip4.addr}
+ '';
+ };
+ cores = 4;
+ nets = rec {
+ internet = {
+ ip4.addr = "178.254.30.202";
+ ip6.addr = "2a00:6800:3:18c::2";
+ aliases = [
+ "latte.i"
+ ];
+ };
+ #wiregrill = {
+ # via = internet;
+ # ip4.addr = "10.244.245.1";
+ # ip6.addr = w6 "1";
+ # wireguard.port = 51821;
+ # wireguard.subnets = [
+ # (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
+ # "10.244.245.0/24" # required for routing directly to gum via rockit
+ # ];
+ #};
+ retiolum = {
+ via = internet;
+ ip4.addr = "10.243.0.214";
+ # never connect via gum (he eats your packets!)
+ #tinc.weight = 9001;
+
+ aliases = [
+ "latte.r"
+ "torrent.latte.r"
+ ];
+ };
+ };
+ };
gum = rec {
ci = true;
extraZones = {
@@ -173,7 +213,6 @@ in {
feed.euer IN A ${nets.internet.ip4.addr}
board.euer IN A ${nets.internet.ip4.addr}
etherpad.euer IN A ${nets.internet.ip4.addr}
- rss.euer IN A ${nets.internet.ip4.addr}
mediengewitter IN CNAME over.dose.io.
mon.euer IN A ${nets.internet.ip4.addr}
netdata.euer IN A ${nets.internet.ip4.addr}
@@ -220,7 +259,7 @@ in {
via = internet;
ip4.addr = "10.243.0.213";
# never connect via gum (he eats your packets!)
- tinc.weight = 9001;
+ #tinc.weight = 9001;
aliases = [
"gum.r"
diff --git a/krebs/3modules/makefu/retiolum/latte.pub b/krebs/3modules/makefu/retiolum/latte.pub
new file mode 100644
index 000000000..17fca2b40
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/latte.pub
@@ -0,0 +1,8 @@
+-----BEGIN RSA PUBLIC KEY-----
+MIIBCgKCAQEAx70gmNoP4RYeF3ShddEMsbNad9L5ezegwxJTZA7XTfF+/cwr/QwU
+5BL0QXTwBnKzS0gun5NXmhwPzvOdvfczAxtJLk8/NjVHFeE39CiTHGgIxkZFgnbo
+r2Rj6jJb89ZPaTr+hl0+0WQQVpl9NI7MTCUimvFBaD6IPmBh5wTySu6mYBs0mqmf
+43RrvS42ieqQJAvVPkIzxxJeTS/M3NXmjbJ3bdx/2Yzd7INdfPkMhOONHcQhTKS4
+GSXJRTytLYZEah8lp8F4ONggN6ixlhlcQAotToFP4s8c+KqYfIZrtP+pRj7W72Y6
+vhnobLDJwBbAsW1RQ6FHcw10TrP2H+haewIDAQAB
+-----END RSA PUBLIC KEY-----
diff --git a/krebs/3modules/makefu/retiolum/latte_ed25519.pub b/krebs/3modules/makefu/retiolum/latte_ed25519.pub
new file mode 100644
index 000000000..7974bb6e5
--- /dev/null
+++ b/krebs/3modules/makefu/retiolum/latte_ed25519.pub
@@ -0,0 +1 @@
+ILtT9Y5pGBtc5/wR56RYzzYeZMvmmutaC6IED6I1oTI
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
deleted file mode 100644
index 4a96f6203..000000000
--- a/krebs/3modules/rtorrent.nix
+++ /dev/null
@@ -1,348 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with import <stockholm/lib>;
-let
- cfg = config.krebs.rtorrent;
- webcfg = config.krebs.rtorrent.web;
- rucfg = config.krebs.rtorrent.rutorrent;
-
- nginx-user = config.services.nginx.user;
- nginx-group = config.services.nginx.group;
- fpm-socket = config.services.phpfpm.pools.rutorrent.socket;
-
- webdir = rucfg.webdir;
- systemd-logfile = cfg.workDir + "/rtorrent-systemd.log";
-
- # rutorrent requires a couple of binaries to be available to either the
- # rtorrent process or to phpfpm
-
- rutorrent-deps = with pkgs; [ curl php coreutils procps ffmpeg mediainfo ] ++
- (if (config.nixpkgs.config.allowUnfree or false) then
- trace "enabling unfree packages for rutorrent" [ unrar unzip ] else
- trace "not enabling unfree packages for rutorrent because allowUnfree is unset" []);
-
- configFile = pkgs.writeText "rtorrent-config" ''
- # THIS FILE IS AUTOGENERATED
- ${optionalString (cfg.listenPort != null) ''
- port_range = ${toString cfg.listenPort}-${toString cfg.listenPort}
- port_random = no
- ''}
-
- ${optionalString (cfg.watchDir != null) ''
- directory.watch.added = "${cfg.watchDir}", load.start_verbose
- ''}
-
- directory = ${cfg.downloadDir}
- session = ${cfg.sessionDir}
-
- ${optionalString (cfg.enableXMLRPC ) ''
- # prepare socket and set permissions. rtorrent user is part of group nginx
- # TODO: configure a shared torrent group
- execute.nothrow = rm,${cfg.xmlrpc-socket}
- scgi_local = ${cfg.xmlrpc-socket}
- schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}"
- ''}
-
- system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"}
-
- # Prepare systemd logging
- log.open_file = "rtorrent-systemd", ${systemd-logfile}
- log.add_output = "warn", "rtorrent-systemd"
- log.add_output = "notice", "rtorrent-systemd"
- log.add_output = "info", "rtorrent-systemd"
- # log.add_output = "debug", "rtorrent-systemd"
- ${cfg.extraConfig}
- '';
-
- out = {
- options.krebs.rtorrent = api;
- # This only works because none of the attrsets returns the same key
- config = with lib; mkIf cfg.enable (lib.mkMerge [
- (lib.mkIf webcfg.enable rpcweb-imp)
- # only build rutorrent-imp if webcfg is enabled as well
- (lib.mkIf (webcfg.enable && rucfg.enable) rutorrent-imp)
- imp
- ]);
- };
-
- api = {
- enable = mkEnableOption "rtorrent";
-
- web = {
- # configure NGINX to provide /RPC2 for listen address
- # authentication also applies to rtorrent.rutorrent
- enable = mkEnableOption "rtorrent nginx web RPC";
-
- addr = mkOption {
- type = types.addr4;
- default = "0.0.0.0";
- description = ''
- the address to listen on
- default is 0.0.0.0
- '';
- };
-
- port = mkOption {
- type = types.nullOr types.int;
- description =''
- nginx listen port for rtorrent
- '';
- default = 8006;
- };
-
- basicAuth = mkOption {
- type = types.attrsOf types.str ;
- description = ''
- basic authentication to be used. If unset, no authentication will be
- enabled.
-
- Refer to `services.nginx.virtualHosts.‹name›.basicAuth`
- '';
- default = {};
- };
- };
-
- rutorrent = {
- enable = mkEnableOption "rutorrent"; # requires rtorrent.web.enable
-
- package = mkOption {
- type = types.package;
- description = ''
- path to rutorrent package. When using your own ruTorrent package,
- scgi_port and scgi_host will be patched on startup.
- '';
- default = pkgs.rutorrent;
- };
-
- webdir = mkOption {
- type = types.path;
- description = ''
- rutorrent php files will be written to this folder.
- when using nginx, be aware that the the folder should be readable by nginx.
- because rutorrent does not hold mutable data in a separate folder
- these files must be writable.
- '';
- default = "/var/lib/rutorrent";
- };
-
- };
-
- package = mkOption {
- type = types.package;
- default = pkgs.rtorrent;
- };
-
- # TODO: enable xmlrpc with web.enable
- enableXMLRPC = mkEnableOption "rtorrent xmlrpc via socket";
- xmlrpc-socket = mkOption {
- type = types.str;
- description = ''
- enable xmlrpc at given socket. Required for web-interface.
-
- for documentation see:
- https://github.com/rakshasa/rtorrent/wiki/RPC-Setup-XMLRPC
- '';
- default = cfg.workDir + "/rtorrent.sock";
- };
-
- preAllocate = mkOption {
- type = types.bool;
- description = ''
- Pre-Allocate torrent files
- '';
- default = true;
- };
-
- downloadDir = mkOption {
- type = types.path;
- description = ''
- directory where torrents are stored
- '';
- default = cfg.workDir + "/downloads";
- };
-
- sessionDir = mkOption {
- type = types.path;
- description = ''
- directory where torrent progress is stored
- '';
- default = cfg.workDir + "/rtorrent-session";
- };
-
- watchDir = mkOption {
- type = with types; nullOr str;
- description = ''
- directory to watch for torrent files.
- If unset, no watch directory will be configured
- '';
- default = null;
- };
-
- listenPort = mkOption {
- type = with types; nullOr int;
- description =''
- listening port. if you want multiple ports, use extraConfig port_range
- '';
- };
-
- extraConfig = mkOption {
- type = types.lines;
- description = ''
- config to be placed into ${cfg.workDir}/.rtorrent.rc
-
- see ${cfg.package}/share/doc/rtorrent/rtorrent.rc
- '';
- example = literalExample ''
- log.execute = ${cfg.workDir}/execute.log
- log.xmlrpc = ${cfg.workDir}/xmlrpc.log
- '';
- default = "";
- };
-
- user = mkOption {
- description = ''
- user which will run rtorrent. if kept default a new user will be created
- '';
- type = types.str;
- default = "rtorrent";
- };
-
- workDir = mkOption {
- description = ''
- working directory. rtorrent will search in HOME for `.rtorrent.rc`
- '';
- type = types.str;
- default = "/var/lib/rtorrent";
- };
-
- };
-
- imp = {
- systemd.services = {
- rtorrent-daemon = {
- description = "rtorrent headless";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- restartIfChanged = true;
- serviceConfig = {
- Type = "forking";
- ExecStartPre = pkgs.writeDash "prepare-folder" ''
- mkdir -p ${cfg.workDir} ${cfg.sessionDir}
- chmod 770 ${cfg.workDir} ${cfg.sessionDir}
- touch ${systemd-logfile}
- cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc
- '';
- ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
- Restart = "always";
- RestartSec = "10";
-
- ## you can simply sudo -u rtorrent tmux a if privateTmp is set to false
- ## otherwise the tmux session is stored in some private folder in /tmp
- PrivateTmp = false;
-
- WorkingDirectory = cfg.workDir;
- User = "${cfg.user}";
- };
- };
- rtorrent-log = {
- after = [ "rtorrent-daemon.service" ];
- bindsTo = [ "rtorrent-daemon.service" ];
- wantedBy = [ "rtorrent-daemon.service" ];
- serviceConfig = {
- ExecStart = "${pkgs.coreutils}/bin/tail -f ${systemd-logfile}";
- User = "${cfg.user}";
- };
- };
- } // (optionalAttrs webcfg.enable {
- rutorrent-prepare = {
- after = [ "rtorrent-daemon.service" ];
- wantedBy = [ "rtorrent-daemon.service" ];
- serviceConfig = {
- Type = "oneshot";
- # we create the folder and set the permissions to allow nginx
- # TODO: update files if the version of rutorrent changed
- ExecStart = pkgs.writeDash "create-webconfig-dir" ''
- if [ ! -e ${webdir} ];then
- echo "creating webconfiguration directory for rutorrent: ${webdir}"
- cp -vr ${rucfg.package} ${webdir}
- echo "setting permissions for webdir to ${cfg.user}:${nginx-group}"
- chown -R ${cfg.user}:${nginx-group} ${webdir}
- chmod -R 770 ${webdir}
- else
- echo "not overwriting ${webdir}"
-
- fi
- echo "updating xmlrpc-socket with unix://${cfg.xmlrpc-socket}"
- sed -i -e 's#^\s*$scgi_port.*#$scgi_port = 0;#' \
- -e 's#^\s*$scgi_host.*#$scgi_host = "unix://${cfg.xmlrpc-socket}";#' \
- "${webdir}/conf/config.php"
- '';
- };
- };
- })
- // (optionalAttrs rucfg.enable { });
-
- users = lib.mkIf (cfg.user == "rtorrent") {
- users.rtorrent = {
- uid = genid "rtorrent";
- home = cfg.workDir;
- group = nginx-group; # required for rutorrent to work
- shell = "/bin/sh"; #required for tmux
- isSystemUser = true;
- createHome = true;
- };
- groups.rtorrent.gid = genid "rtorrent";
- };
- };
-
- rpcweb-imp = {
- services.nginx.enable = mkDefault true;
- services.nginx.virtualHosts.rtorrent = {
- default = mkDefault true;
- inherit (webcfg) basicAuth;
- root = optionalString rucfg.enable webdir;
- listen = [ { inherit (webcfg) addr port; } ];
-
- locations = {
- "/RPC2".extraConfig = ''
- include ${pkgs.nginx}/conf/scgi_params;
- scgi_param SCRIPT_NAME /RPC2;
- scgi_pass unix:${cfg.xmlrpc-socket};
- '';
- } // (optionalAttrs rucfg.enable {
- "~ \.php$".extraConfig = ''
- client_max_body_size 200M;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:${fpm-socket};
- try_files $uri =404;
- fastcgi_index index.php;
- include ${pkgs.nginx}/conf/fastcgi_params;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- ''; }
- );
- };
- };
-
- rutorrent-imp = {
- services.phpfpm = {
- pools.rutorrent = {
- user = nginx-user;
- group = nginx-group;
- phpEnv.PATH = makeBinPath rutorrent-deps;
-
- settings = {
- "listen.owner" = nginx-user;
- "pm" = "dynamic";
- "pm.max_children" = 5;
- "pm.start_servers" = 2;
- "pm.min_spare_servers" = 1;
- "pm.max_spare_servers" = 3;
- "chdir" = "/";
- "php_admin_value[error_log]" = "stderr";
- "php_admin_flag[log_errors]" = "on";
- "catch_workers_output" = "yes";
- };
- };
- };
- };
-in out
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index bc85aa0a6..1b28628d6 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -19,13 +19,15 @@ with import <stockholm/lib>;
"hosts" = tinc.config.hostsPackage;
"tinc.conf" = pkgs.writeText "${netname}-tinc.conf" ''
Name = ${tinc.config.host.name}
+ LogLevel = ${toString tinc.config.logLevel}
Interface = ${netname}
Broadcast = no
${concatMapStrings (c: "ConnectTo = ${c}\n") tinc.config.connectTo}
Port = ${toString tinc.config.host.nets.${netname}.tinc.port}
${tinc.config.extraConfig}
'';
- "tinc-up" = pkgs.writeDash "${netname}-tinc-up" ''
+ "tinc-up" = pkgs.writeScript "${netname}-tinc-up" ''
+ #!/bin/sh
ip link set ${netname} up
${tinc.config.tincUp}
'';
@@ -192,6 +194,14 @@ with import <stockholm/lib>;
'';
};
+ logLevel = mkOption {
+ type = types.int;
+ description = ''
+ LogLevel in tinc.conf
+ '';
+ default = 3;
+ };
+
user = mkOption {
type = types.user;
default = {
diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json
index 12afe0e9c..71367c2f1 100644
--- a/krebs/nixpkgs-unstable.json
+++ b/krebs/nixpkgs-unstable.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "60c52a73f1d5858020ac4f161cd5bf1c9650f8b8",
- "date": "2022-02-07T23:59:33+00:00",
- "path": "/nix/store/5w1yn77d2b44wq0w7b8cqqqfap2897n2-nixpkgs",
- "sha256": "1xyi4xag084ikcbis3iixpvfsmlfm2s105j58770x7k24mkrif7n",
+ "rev": "7f9b6e2babf232412682c09e57ed666d8f84ac2d",
+ "date": "2022-02-21T09:47:16+01:00",
+ "path": "/nix/store/4vd9z4b2s4jfn96ypdfavizy6908l71h-nixpkgs",
+ "sha256": "03nb8sbzgc3c0qdr1jbsn852zi3qp74z4qcy7vrabvvly8rbixp2",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 22d465b27..c9b40c10f 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "521e4d7d13b09bc0a21976b9d19abd197d4e3b1e",
- "date": "2022-02-07T00:29:53+00:00",
- "path": "/nix/store/pvmrsiy8k37nwg18g7230g5kasbsf132-nixpkgs",
- "sha256": "156b4wnm6y6lg0gz09mp48rd0mhcdazr5s888c4lbhlpn3j8h042",
+ "rev": "4275a321beab5a71872fb7a5fe5da511bb2bec73",
+ "date": "2022-02-23T13:42:45-08:00",
+ "path": "/nix/store/g521qhbql6116naa3fjgga6dm0r24ynx-nixpkgs",
+ "sha256": "1p3pn7767ifbg08nmgjd93iqk0z87z4lv29ypalj9idwd3chsm69",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index 9aa97a8ce..de6562cbc 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -5,15 +5,6 @@ let
in {
users.extraUsers = {
- bch = {
- name = "bch";
- description = "user for bch stuff";
- home = "/home/bch";
- useDefaultShell = true;
- createHome = true;
- packages = [ pkgs.electron-cash ];
- isNormalUser = true;
- };
bitcoin = {
name = "bitcoin";
description = "user for bitcoin stuff";
diff --git a/lass/2configs/radio-news.nix b/lass/2configs/radio-news.nix
index a4e28c1b1..eb7d3bd9a 100644
--- a/lass/2configs/radio-news.nix
+++ b/lass/2configs/radio-news.nix
@@ -1,8 +1,8 @@
-{ config, pkgs, ... }: with pkgs.stockholm.lib;
+{ config, lib, pkgs, ... }:
let
weather_report = pkgs.writers.writeDashBin "weather_report" ''
set -efu
- ${pkgs.curl}/bin/curl -sSL https://wttr.in/''${1-}?format=j1 \
+ ${pkgs.curl}/bin/curl -fsSL https://wttr.in/''${1-}?format=j1 \
| ${pkgs.jq}/bin/jq -r '
[.nearest_area[0] | "Weather report for \(.areaName[0].value), \(.country[0].value)."]
+ [.current_condition[0] | "Currently it is \(.weatherDesc[0].value) outside with a temperature of \(.temp_C) degrees."]
@@ -14,11 +14,25 @@ let
${pkgs.libshout}/bin/shout --format ogg --host localhost --port 1338 --mount /live
'';
+ gc_news = pkgs.writers.writeDashBin "gc_news" ''
+ set -xefu
+ ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -cs 'map(select((.to|fromdateiso8601) > now)) | .[]' > $HOME/bla-news.tmp
+ ${pkgs.coreutils}/bin/mv $HOME/bla-news.tmp $HOME/news
+ '';
+
+ get_current_news = pkgs.writers.writeDashBin "get_current_news" ''
+ set -xefu
+ ${pkgs.coreutils}/bin/cat $HOME/news | ${pkgs.jq}/bin/jq -rs 'map(select(((.to | fromdateiso8601) > now) and (.from|fromdateiso8601) < now) | .text) | .[]'
+ '';
+
newsshow = pkgs.writers.writeDashBin "newsshow" /* sh */ ''
echo "
hello crabpeople!
$(${pkgs.ddate}/bin/ddate | sed 's/YOLD/Year of Discord/')!
It is $(date --utc +%H) o clock UTC.
+ todays news:
+ $(get_current_news)
+ $(gc_news)
$(weather_report berlin)
$(weather_report 70173)
$(weather_report munich)
@@ -30,6 +44,8 @@ in
path = [
newsshow
send_to_radio
+ gc_news
+ get_current_news
weather_report
pkgs.curl
pkgs.retry
@@ -37,10 +53,41 @@ in
script = ''
set -efu
retry -t 5 -d 10 -- newsshow |
- retry -t 5 -d 10 -- curl -SsG http://tts.r/api/tts --data-urlencode 'text@-' |
+ retry -t 5 -d 10 -- curl -fSsG http://tts.r/api/tts --data-urlencode 'text@-' |
retry -t 5 -d 10 -- send_to_radio
'';
startAt = "*:00:00";
+ serviceConfig = {
+ User = "radio-news";
+ };
+ };
+
+ krebs.iptables.tables.filter.INPUT.rules = [
+ { predicate = "-p tcp --dport 7999"; target = "ACCEPT"; }
+ ];
+
+ krebs.htgen.news = {
+ port = 7999;
+ user = {
+ name = "radio-news";
+ };
+ script = ''. ${pkgs.writers.writeDash "htgen-news" ''
+ set -xefu
+ case "$Method $Request_URI" in
+ "POST /")
+ payload=$(head -c "$req_content_length" \
+ | sed 's/+/ /g;s/%\(..\)/\\x\1/g;' \
+ | xargs -0 echo -e \
+ )
+ echo "$payload" | jq 'has("from") and has("to") and has("text")' >&2
+ echo "$payload" | jq -c '{ from: (.from | fromdate | todate), to: (.to | fromdate | todate), text: .text }' >> $HOME/news
+ printf 'HTTP/1.1 200 OK\r\n'
+ printf 'Connection: close\r\n'
+ printf '\r\n'
+ exit
+ ;;
+ esac
+ ''}'';
};
## debug
diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/hetzner.smb
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a9d9b661f..089fc8e9f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -23,11 +23,12 @@ in {
}
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/support-nixos.nix>
- <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
<stockholm/makefu/2configs/nix-community/supervision.nix>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/share>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
# <stockholm/makefu/2configs/stats/netdata-server.nix>
<stockholm/makefu/2configs/headless.nix>
@@ -56,13 +57,13 @@ in {
<stockholm/makefu/2configs/tinc/retiolum.nix>
{ # bonus retiolum config for connecting more hosts
krebs.tinc.retiolum = {
- extraConfig = lib.mkForce ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- StrictSubnets = yes
- LocalDiscovery = no
- '';
+ #extraConfig = lib.mkForce ''
+ # ListenAddress = ${external-ip} 53
+ # ListenAddress = ${external-ip} 655
+ # ListenAddress = ${external-ip} 21031
+ # StrictSubnets = yes
+ # LocalDiscovery = no
+ #'';
connectTo = [
"prism" "ni" "enklave" "eve" "dishfire"
];
@@ -106,7 +107,7 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
- <stockholm/makefu/2configs/torrent.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
# <stockholm/makefu/2configs/sickbeard>
<stockholm/makefu/2configs/bitwarden.nix>
@@ -114,7 +115,7 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/sync>
+ # <stockholm/makefu/2configs/sync>
# <stockholm/makefu/2configs/opentracker.nix>
@@ -125,9 +126,8 @@ in {
{ makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/backup/state.nix>
- <stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
- <stockholm/makefu/2configs/wireguard/wiregrill.nix>
+ # <stockholm/makefu/2configs/wireguard/wiregrill.nix>
{ # recent changes mediawiki bot
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
@@ -150,13 +150,12 @@ in {
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
- <stockholm/makefu/2configs/deployment/owncloud.nix>
+ #<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
- <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/gecloudpad>
- <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
+ #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
@@ -182,14 +181,15 @@ in {
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
+ # <stockholm/makefu/2configs/virtualisation/docker.nix>
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
# krebs infrastructure services
# <stockholm/makefu/2configs/stats/server.nix>
];
- makefu.dl-dir = "/var/download";
+ # makefu.dl-dir = "/var/download";
+ makefu.dl-dir = "/media/cloud/download";
services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix
new file mode 100644
index 000000000..50cd9204d
--- /dev/null
+++ b/makefu/1systems/latte/1blu/default.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+
+ imports =
+ [ ./network.nix
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ # Disk
+ boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "tank/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" =
+ { device = "tank/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/nix" =
+ { device = "tank/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/AEF3-A486";
+ fsType = "vfat";