diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/daedalus/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/mors/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/neoprism/config.nix | 25 | ||||
| -rw-r--r-- | lass/1systems/neoprism/disk.nix | 116 | ||||
| -rw-r--r-- | lass/1systems/neoprism/physical.nix | 42 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 2 | ||||
| -rw-r--r-- | lass/1systems/yellow/config.nix | 21 | ||||
| -rw-r--r-- | lass/2configs/autotether.nix | 16 | ||||
| -rw-r--r-- | lass/2configs/c-base.nix | 188 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/libvirt.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/mumble-reminder.nix | 107 | ||||
| -rw-r--r-- | lass/2configs/radio/default.nix | 250 | ||||
| -rw-r--r-- | lass/2configs/radio/news.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/radio/radio.liq | 112 | ||||
| -rw-r--r-- | lass/2configs/radio/shell.nix | 7 | ||||
| -rw-r--r-- | lass/2configs/radio/weather.nix | 6 | ||||
| -rw-r--r-- | lass/2configs/radio/weather_for_ips.py | 5 | ||||
| -rw-r--r-- | lass/2configs/retiolum.nix | 9 | ||||
| -rw-r--r-- | lass/2configs/websites/util.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/wiregrill.nix | 7 | ||||
| -rw-r--r-- | lass/5pkgs/install-system/default.nix | 26 | ||||
| -rw-r--r-- | lass/5pkgs/l-gen-secrets/default.nix | 103 |
23 files changed, 733 insertions, 319 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index d6943c110..9ef858e28 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -53,6 +53,7 @@ with import <stockholm/lib>; services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.plasma5.enable = true; + services.tlp.enable = lib.mkForce false; services.xserver.layout = "de"; } { diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index dd479f267..6d0d177ec 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -41,6 +41,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/ppp/umts-stick.nix> # <stockholm/lass/2configs/remote-builder/morpheus.nix> # <stockholm/lass/2configs/remote-builder/prism.nix> + <stockholm/lass/2configs/autotether.nix> { krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix new file mode 100644 index 000000000..e4f9d2560 --- /dev/null +++ b/lass/1systems/neoprism/config.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/libvirt.nix> + { # TODO make new hfos.nix out of this vv + users.users.riot = { + uid = pkgs.stockholm.lib.genid_uint31 "riot"; + isNormalUser = true; + extraGroups = [ "libvirtd" ]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; + }; + # krebs.iptables.tables.filter.FORWARD.rules = [ + # { v6 = false; precedence = 1000; predicate = "--destination 95.216.1.130"; target = "ACCEPT"; } + # { v6 = false; precedence = 1000; predicate = "--source 95.216.1.130"; target = "ACCEPT"; } + # ]; + } + ]; + + krebs.build.host = config.krebs.hosts.neoprism; +} diff --git a/lass/1systems/neoprism/disk.nix b/lass/1systems/neoprism/disk.nix new file mode 100644 index 000000000..cf9a8cef4 --- /dev/null +++ b/lass/1systems/neoprism/disk.nix @@ -0,0 +1,116 @@ +{ lib, ... }: +{ + disk = (lib.genAttrs [ "/dev/nvme0n1" "/dev/nvme1n1" ] (disk: { + type = "disk"; + device = disk; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + type = "partition"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + type = "partition"; + name = "ESP"; + start = "1M"; + end = "1GiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "mdraid"; + name = "boot"; + }; + } + { + type = "partition"; + name = "zfs"; + start = "1GiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + })) // { + hdd1 = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + }; + mdadm = { + boot = { + type = "mdadm"; + level = 1; + metadata = "1.0"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = "mirror"; + mountpoint = "/"; + rootFsOptions = { + }; + datasets.reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + }; + tank = { + type = "zpool"; + datasets = { + reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + containers = { + zfs_type = "filesystem"; + mountpoint = "/var/lib/containers"; + }; + home = { + zfs_type = "filesystem"; + mountpoint = "/home"; + }; + srv = { + zfs_type = "filesystem"; + mountpoint = "/srv"; + }; + libvirt = { + zfs_type = "filesystem"; + mountpoint = "/var/lib/libvirt"; + }; + # encrypted = { + # zfs_type = "filesystem"; + # options = { + # mountpoint = "none"; + # encryption = "aes-256-gcm"; + # keyformat = "passphrase"; + # keylocation = "prompt"; + # }; + # }; + + # "encrypted/download" = { + # zfs_type = "filesystem"; + # mountpoint = "/var/download"; + # }; + }; + }; + }; +} diff --git a/lass/1systems/neoprism/physical.nix b/lass/1systems/neoprism/physical.nix new file mode 100644 index 000000000..4ffb749f1 --- /dev/null +++ b/lass/1systems/neoprism/physical.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +{ + + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + disko.devices = import ./disk.nix; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ]; + boot.kernelModules = [ "kvm-amd" ]; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # networking config + boot.kernelParams = [ "net.ifnames=0" ]; + networking.bridges."ext-br".interfaces = [ "eth0" ]; + networking = { + hostId = "2283aaae"; + defaultGateway = "95.217.192.1"; + defaultGateway6 = { address = "fe80::1"; interface = "ext-br"; }; + # Use google's public DNS server + nameservers = [ "8.8.8.8" ]; + interfaces.ext-br.ipv4.addresses = [ + { + address = "95.217.192.59"; + prefixLength = 26; + } + ]; + interfaces.ext-br.ipv6.addresses = [ + { + address = "2a01:4f9:4a:4f1a::1"; + prefixLength = 64; + } + ]; + }; + +} diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 7bffc39aa..594a21c02 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -111,6 +111,8 @@ with import <stockholm/lib>; <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> + <stockholm/lass/2configs/mumble-reminder.nix> + <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { enable = true; diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 52d7a0f1f..ecf0337ed 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -1,6 +1,6 @@ -with import <stockholm/lib>; -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: let + vpnIp = "85.202.81.161"; +in { imports = [ <stockholm/lass> <stockholm/lass/2configs> @@ -11,6 +11,8 @@ with import <stockholm/lib>; users.groups.download.members = [ "transmission" ]; + networking.useHostResolvConf = false; + networking.useNetworkd = true; systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ]; systemd.services.transmission.after = [ "openvpn-nordvpn.service" ]; services.transmission = { @@ -167,13 +169,24 @@ with import <stockholm/lib>; { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p tcp --dport 8096"; target = "ACCEPT"; } # jellyfin ]; + tables.filter.OUTPUT = { + policy = "DROP"; + rules = [ + { v6 = false; predicate = "-d ${vpnIp}/32"; target = "ACCEPT"; } + { predicate = "-o tun0"; target = "ACCEPT"; } + { predicate = "-o retiolum"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; } + { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; } + ]; + }; }; services.openvpn.servers.nordvpn.config = '' client dev tun proto udp - remote 194.110.84.106 1194 + remote ${vpnIp} 1194 resolv-retry infinite remote-random nobind diff --git a/lass/2configs/autotether.nix b/lass/2configs/autotether.nix new file mode 100644 index 000000000..98712303e --- /dev/null +++ b/lass/2configs/autotether.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: +{ + systemd.services.usb_tether = { + script = '' + ${pkgs.android-tools}/bin/adb -s QV770FAMEK wait-for-device + ${pkgs.android-tools}/bin/adb -s QV770FAMEK shell svc usb setFunctions rndis + ''; + }; + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="fce/320d/510", TAG+="systemd", ENV{SYSTEMD_WANTS}="usb_tether.service" + ''; + systemd.network.networks.android = { + matchConfig.Name = "enp0s20u1"; + DHCP = "yes"; + }; +} diff --git a/lass/2configs/c-base.nix b/lass/2configs/c-base.nix index 3e533fb74..a8dd3dd1d 100644 --- a/lass/2configs/c-base.nix +++ b/lass/2configs/c-base.nix @@ -1,97 +1,115 @@ { config, lib, pkgs, ... }: let - inherit (import <stockholm/lib>) genid; - in { - users.extraUsers = { - cbasevpn = rec { - name = "cbasevpn"; - uid = genid "cbasevpn"; - description = "user for running c-base openvpn"; - home = "/home/${name}"; - }; - }; - - users.extraGroups.cbasevpn.gid = genid "cbasevpn"; - environment.systemPackages = [ pkgs.cifs-utils ]; - services.openvpn.servers = { - c-base = { - config = '' - client - dev tap - proto tcp - remote vpn.ext.c-base.org 1194 - resolv-retry infinite - nobind - user cbasevpn - group cbasevpn - persist-key - persist-tun - - auth-nocache - #auth-user-pass - auth-user-pass ${toString <secrets/cbase.txt>} - - comp-lzo - verb 3 - - #script-security 2 - #up /etc/openvpn/update-resolv-conf - #down /etc/openvpn/update-resolv-conf - - <ca> - -----BEGIN CERTIFICATE----- - MIIDUjCCArugAwIBAgIJAOOk8EXgjsf5MA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV - BAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZj - LWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJ - ARYQYWRtYXhAYy1iYXNlLm9yZzAeFw0wOTAyMTMwOTE1MzdaFw0xOTAyMTEwOTE1 - MzdaMHoxCzAJBgNVBAYTAkRFMQswCQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGlu - MQ8wDQYDVQQKEwZjLWJhc2UxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEf - MB0GCSqGSIb3DQEJARYQYWRtYXhAYy1iYXNlLm9yZzCBnzANBgkqhkiG9w0BAQEF - AAOBjQAwgYkCgYEAt3wEgXbqFKxs8z/E4rv13hkRi6J+QdshNzntm7rTOmUsXKE7 - IEwoJSglrmsDPv4UqE86A7bjW7YYSFjhzxFRkTEHJanyOCF48ZPItVl7Eq7T81co - uR+6lAhxnLDrwnPJCC83NzAa6lw8U1DsQRDkayKlrQrtZq6++pFFEvZvt1cCAwEA - AaOB3zCB3DAdBgNVHQ4EFgQUqkSbdXS90+HtqXDeAI+PcyTSSHEwgawGA1UdIwSB - pDCBoYAUqkSbdXS90+HtqXDeAI+PcyTSSHGhfqR8MHoxCzAJBgNVBAYTAkRFMQsw - CQYDVQQIEwJERTEPMA0GA1UEBxMGQmVybGluMQ8wDQYDVQQKEwZjLWJhc2UxGzAZ - BgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhA - Yy1iYXNlLm9yZ4IJAOOk8EXgjsf5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF - BQADgYEAOBANG1H4uEEWk3sbeQoSMeA3LFG1+6MgFGk2WAdeHYuV9GKYBq6/PLP5 - ffw+FNkiDjLSeSQO88vHYJr2V1v8n/ZoCIT+1VBcDWXTpGz0YxDI1iBauO3tUPzK - wGs46RA/S0YwiZw64MaUHd88ZVadjKy9kNoO3w6/vpAS6s/Mh+o= - -----END CERTIFICATE----- - </ca> - key-direction 1 - <tls-auth> - # - # 2048 bit OpenVPN static key - # - -----BEGIN OpenVPN Static key V1----- - 5d49aa8c9cec18de7ab6e0b5cd09a368 - d3f1b8b77e055e448804fa0e14f487cb - 491681742f96b54a23fb8639aa9ed14e - c40b86a5546b888c4f3873f23c956e87 - 169076ec869127ffc85353fd5928871c - da19776b79f723abb366fae6cdfe4ad6 - 7ef667b7d05a7b78dfd5ea1d2da276dc - 5f6c82313fe9c1178c7256b8d1d081b0 - 4c80bc8f21add61fbc52c158579edc1d - bbde230afb9d0e531624ce289a17098a - 3261f9144a9a2a6f0da4250c9eed4086 - 187ec6fa757a454de743a349e32af193 - e9f8b49b010014bdfb3240d992f2f234 - 581d0ce05d4e07a2b588ad9b0555b704 - 9d5edc28efde59226ec8942feed690a1 - 2acd0c8bc9424d6074d0d495391023b6 - -----END OpenVPN Static key V1----- - </tls-auth> - ''; + systemd.network.networks.c-base = { + matchConfig.Name = "c-base"; + networkConfig = { + IgnoreCarrierLoss = "3s"; + KeepConfiguration = "static"; + DNS = "10.0.1.254"; + Domains = "cbrp3.c-base.org"; }; + routes = [ + { routeConfig = { + Destination = "10.0.1.0/24"; + Gateway = "172.31.77.1"; + };} + { routeConfig = { + Destination = "91.102.9.99/32"; # vorstand.c-base.org + Gateway = "172.31.77.1"; + };} + ]; + }; + services.openvpn.servers.c-base = { + config = '' + remote vpn.ext.c-base.org 1194 + verify-x509-name vpn.ext.c-base.org name + client + proto udp + dev-type tun + dev c-base + resolv-retry infinite + nobind + # user openvpn + # group openvpn + persist-key + persist-tun + comp-lzo + # register-dns + # block-outside-dns + script-security 2 + auth-user-pass ${toString <secrets/cbase.txt>} + #auth-user-pass + key-direction 1 + <tls-auth> + # + # 2048 bit OpenVPN static key + # + -----BEGIN OpenVPN Static key V1----- + 54a66ed1048bed7508703347e89d68d6 + 5586e6a5d1218cf8675941031d540be6 + 993e07200a16ad3b770b659932ee71e5 + f8080b5c9fa2acb3893abd40fad2552c + fdaf17565e617ae450efcccf5652dca5 + a16419509024b075941098731eb25ac0 + a64f963ece3dca1d2a64a9c5e17839d7 + 5b5080165a9b2dc90ef111879d7d3173 + 2d1027ae42d869394aca08da4472a9d0 + 6b724b4ed43a957feef7d6dfc86da241 + 74828fa0e1240941586f0d937cac32fc + 13cc81e7bed58817353d6afaff7e6a26 + 4f9cc086af79c1cdca660d86e18cff96 + 69dd3d392caf09a468894a8504f4cc7c + 7ae0072e6d9ad90b166ad13a39c57b3c + 3a869e27a1d89deb161c255227551713 + -----END OpenVPN Static key V1----- + </tls-auth> + <ca> + -----BEGIN CERTIFICATE----- + MIIGsDCCBJigAwIBAgIJAPkM1l2zA306MA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD + VQQGEwJERTEPMA0GA1UEBxMGQmVybGluMRswGQYDVQQLExJ2cG4uZXh0LmMtYmFz + ZS5vcmcxGzAZBgNVBAMTEnZwbi5leHQuYy1iYXNlLm9yZzEbMBkGA1UEKRMSdnBu + LmV4dC5jLWJhc2Uub3JnMR8wHQYJKoZIhvcNAQkBFhBhZG1heEBjLWJhc2Uub3Jn + MB4XDTE2MDcwOTE4MjkyMFoXDTI2MDcxMDE4MjkyMFowgZYxCzAJBgNVBAYTAkRF + MQ8wDQYDVQQHEwZCZXJsaW4xGzAZBgNVBAsTEnZwbi5leHQuYy1iYXNlLm9yZzEb + MBkGA1UEAxMSdnBuLmV4dC5jLWJhc2Uub3JnMRswGQYDVQQpExJ2cG4uZXh0LmMt + YmFzZS5vcmcxHzAdBgkqhkiG9w0BCQEWEGFkbWF4QGMtYmFzZS5vcmcwggIiMA0G + CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXEs+uWCXLNmm+lgP9x7u3FqWa4pPI + h64c6EWIULMATrhEw+Ej4fpCXwU9otFaO04fAeJmZGkDcnAYdBDiCeI0luOSdj44 + Bg9KecSei/TskqjhDVnEBp65hiz0rZE6c1baPdLYmD5xrXWb3i0zrlBYFawuL6C2 + lwVCEm3cadvkDJ2DleMuu3NblV8ViIDN0HZqzJNP72g1I0MgohkpetACXlf7MzQV + PFHfzvb04Rj2lJ8BDhceQ0WmjtVV/Ag6nka5oi954OeHMujRuH+rZYiQZDZpJLHK + Kh1KWTVlWPRy+AvCi9lweDWSmLccq7Ug4xMtDF4I5qW3tjCd0xqpZ21Xmo2JyKtY + 4h8wEDPqiJvgwvkXsH17GLn5ZxiMcQuRJQYZqJephkzR9uccJeWSS76kwm/vLqG3 + +eORlYnyjiNXtiMIhmAEFjpWUrGH8v4CijpUNP6E63ynGrRVXK684YQXkqL+xPAt + t6dsMBUwf94a2S1o2kgvuRCim1wlHvf1QsHrO/Hwgpzc8no/daWL+Z9Rq9okTHNK + nc1G5dv8TkmxIDYnLm07QMzzBoOT36BcGtkEBA+0xhQlX5PyQdM5/jnZVhdSBmoP + MbZXPoU/gJAIuuBuwdTlgCzYf44/9/YU/AnW8eLrbhm9KtMtoMpatrWorKqk/GPv + /lGNRQuNffrbiQIDAQABo4H+MIH7MB0GA1UdDgQWBBTf5cYbK+KCF9u9aobFlLbu + ilwX4jCBywYDVR0jBIHDMIHAgBTf5cYbK+KCF9u9aobFlLbuilwX4qGBnKSBmTCB + ljELMAkGA1UEBhMCREUxDzANBgNVBAcTBkJlcmxpbjEbMBkGA1UECxMSdnBuLmV4 + dC5jLWJhc2Uub3JnMRswGQYDVQQDExJ2cG4uZXh0LmMtYmFzZS5vcmcxGzAZBgNV + BCkTEnZwbi5leHQuYy1iYXNlLm9yZzEfMB0GCSqGSIb3DQEJARYQYWRtYXhAYy1i + YXNlLm9yZ4IJAPkM1l2zA306MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD + ggIBAMs1moiS7UZ4neOivQjqwKrBbm1j3tgmPLhDfNMmXYarGhnBGAlLxLAQWtG+ + Fnbx8KcsJnrsWcGfZcst1z45S4a5oBdVNKOfgkMOG0glZorIDO8Odrb51rpyzU0v + 0wcNumMNWhkFuo2OTBHPnnJIWEAFwwCCSCL0I0hQxxoaV36kphjuIwzrMJhd+XAT + 24En58cNp6sPRDd+FzOH08uFINevyzKWYxkMgVj+e3fbuiyOB8RqvndKvtfBBcpB + cCO86lGnj/ETMDciTczUShxaMn9wV1zr1KH1xvT3ohUeOcQZGbGTcjG4mxlns8ZO + U5J3Yrcd1eMfJq9Bwd3zPsTLnT8LwIS8vfYRav9b34XdqcBG73dhrjsicMK0Qy0z + Qz7vKJzcvrEnKuaMyB3mCxz/UvbNc2Bupwm4FmzN5eFjDs+7paYFdfOzqMjoRP+8 + bcXSqDN5P2eUd7cdsZXaFNcsf1FkWlE3GudVBOmNJqz9zBab/T5J+l4Z90Pd6OUX + GNozEvLhcJkvPKA526TegHTGC8hMquxKc9tpOzNRqZJMFa+UG1mgMrMepRmM/B3s + QrKI1C11iCVYfb9J0tQUkfENHMx4J7mG2DZAhnKWQDU2awM41qU4A7aBYaJvDPnQ + RRcbaT0D794lKUQwH/mZuyKzF22oZNk1o1TV2SaFXqgX5tDt + -----END CERTIFICATE----- + </ca> + ''; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 49a04e9c2..e649c0dea 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -69,7 +69,6 @@ with import <stockholm/lib>; ]; networking.hostName = config.krebs.build.host.name; - nix.maxJobs = config.krebs.build.host.cores; krebs = { enable = true; diff --git a/lass/2configs/libvirt.nix b/lass/2configs/libvirt.nix index 78d5ae0e9..d391e0d7b 100644 --- a/lass/2configs/libvirt.nix +++ b/lass/2configs/libvirt.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: { - users.users.mainUser.extraGroups = [ "libvirtd" ]; virtualisation.libvirtd.enable = true; + security.polkit.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ { v6 = false; predicate = "-i virbr0 -p udp -m udp --dport 53"; target = "ACCEPT"; } diff --git a/lass/2configs/mumble-reminder.nix b/lass/2configs/mumble-reminder.nix new file mode 100644 index 000000000..fe75a96a6 --- /dev/null +++ b/lass/2configs/mumble-reminder.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: let + write_to_irc = chan: pkgs.writeDash "write_to_irc" '' + ${pkgs.curl}/bin/curl -fsSv --unix-socket '${lib.removePrefix "unix:" config.krebs.reaktor2.mumble-reminder.API.listen}' http://z/ \ + -H content-type:application/json \ + -d "$(${pkgs.jq}/bin/jq -n \ + --arg text "$1" '{ + command:"PRIVMSG", + params:["${chan}",$text] + }' + )" + ''; + animals = '' + Erdferkel + Paviane + Raupen + Australischen Wildhunde + Emus + Flundern + Gorillas + Kolibris + Schwarzfersenantilopen + Quallen + Kois + Faulaffen + Schraubenziegen + Nachtigalle + Okapis + Stachelschweine + Kurzschwanzkängurus + Waschbären + ''; + systemPlugin = { + plugin = "system"; + config = { + hooks.PRIVMSG = [ + { + pattern = "^erriner mich$"; + activate = "match"; + command = { + filename = pkgs.writeDash "add_remind" '' + echo "$_from" >> /var/lib/reaktor2-mumble-reminder/users + sort /var/lib/reaktor2-mumble-reminder/users | uniq > /var/lib/reaktor2-mumble-reminder/users.tmp + mv /var/lib/reaktor2-mumble-reminder/users.tmp /var/lib/reaktor2-mumble-reminder/users + echo "Ich werde $_from in zukunft an das meetup errinern" + ''; + }; + } + { + pattern = "^nerv nicht$"; + activate = "match"; + command = { + filename = pkgs.writeDash "add_remind" '' + ${pkgs.gnused}/bin/sed -i "/$_from/d" /var/lib/reaktor2-mumble-reminder/users + echo "okok, Ich werde $_from nich mehr errinern" + ''; + }; + } + ]; + }; + }; + +in { + krebs.reaktor2.mumble-reminder = { + hostname = "irc.hackint.org"; + nick = "lassulus__"; + API.listen = "unix:/var/lib/reaktor2-mumble-reminder/reaktor_hackint.sock"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#krebs" + "#nixos" + ]; + }; + } + systemPlugin + ]; + port = "6697"; + }; + systemd.services.mumble-reminder-nixos = { + description = "weekly reminder for nixos mumble"; + startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "mumble_reminder" '' + animals=' + ${animals} + ' + ${write_to_irc "#nixos"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#nixos"} "kommt auf mumble://lassul.us" + ''; + }; + }; + systemd.services.mumble-reminder-krebs = { + description = "weekly reminder for nixos mumble"; + startAt = "Thu *-*-* 19:00:00 Europe/Berlin"; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "mumble_reminder" '' + animals=' + ${animals} + ' + ${write_to_irc "#krebs"} "Es ist Donnerstag meine $(echo "$animals" | grep -v '^$' | shuf -n1 )!" + ${write_to_irc "#krebs"} "$(cat /var/lib/reaktor2-mumble-reminder/users | ${pkgs.findutils}/bin/xargs echo) : mumble?" + ''; + }; + }; +} diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix index 2f503eae9..dfb3d7e0b 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/radio/default.nix @@ -1,85 +1,54 @@ -{ config, pkgs, ... }: -with pkgs.stockholm.lib; +{ config, pkgs, lib, ... }: let name = "radio"; music_dir = "/home/radio/music"; - add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.findutils}/bin/find "${music_dir}/the_playlist" \ - | grep -Ev '/other/|/.graveyard/' \ - | grep '\.ogg$' \ - | shuf -n1 \ - | sed 's,${music_dir}/,,' \ - )" - ''; - - get_current_track_position = pkgs.writeDash "get_current_track_position" '' - ${pkgs.mpc_cli}/bin/mpc status | ${pkgs.gawk}/bin/awk '/^\[playing\]/ { sub(/\/.+/,"",$3); split($3,a,/:/); print a[1]*60+a[2] }' - ''; - - skip_track = pkgs.writeBashBin "skip_track" '' + skip_track = pkgs.writers.writeBashBin "skip_track" '' set -eu - ${add_random}/bin/add_random - music_dir=${escapeShellArg music_dir} - current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%) - track_infos=$(${print_current}/bin/print_current) - skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$music_dir"/"$current_track" || echo 0) - if [[ "$current_track" =~ ^the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then - skip_count=$((skip_count+1)) - ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$music_dir"/"$current_track" - echo skipping: "$track_infos" skip_count: "$skip_count" - else - mkdir -p "$music_dir"/the_playlist/.graveyard/ - mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/.graveyard/ - echo killing: "$track_infos" - fi - ${pkgs.mpc_cli}/bin/mpc -q next + # TODO come up with new rating, without moving files + # current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) + # track_infos=$(${print_current}/bin/print_current) + # skip_count=$(${pkgs.attr}/bin/getfattr -n user.skip_count --only-values "$current_track" || echo 0) + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]] && [ "$skip_count" -le 2 ]; then + # skip_count=$((skip_count+1)) + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v "$skip_count" "$current_track" + # echo skipping: "$track_infos" skip_count: "$skip_count" + # else + # mkdir -p "$music_dir"/the_playlist/.graveyard/ + # mv "$current_track" "$music_dir"/the_playlist/.graveyard/ + # echo killing: "$track_infos" + # fi + ${pkgs.curl}/bin/curl -fSs -X POST http://localhost:8002/skip | + ${pkgs.jq}/bin/jq -r '.filename' ''; good_track = pkgs.writeBashBin "good_track" '' set -eu - music_dir=${escapeShellArg music_dir} - current_track=$(${pkgs.mpc_cli}/bin/mpc current -f %file%) + current_track=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | ${pkgs.jq}/bin/jq -r .filename) track_infos=$(${print_current}/bin/print_current) - if [[ "$current_track" =~ ^the_playlist/music/.* ]]; then - ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$music_dir"/"$current_track" - else - mv "$music_dir"/"$current_track" "$music_dir"/the_playlist/music/ || : - fi + # TODO come up with new rating, without moving files + # if [[ "$current_track" =~ .*/the_playlist/music/.* ]]; then + # ${pkgs.attr}/bin/setfattr -n user.skip_count -v 0 "$current_track" + # else + # mv "$current_track" "$music_dir"/the_playlist/music/ || : + # fi echo good: "$track_infos" ''; - track_youtube_link = pkgs.writeDash "track_youtube_link" '' - ${pkgs.mpc_cli}/bin/mpc current -f %file% \ - | ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://www.youtube.com/watch?v=\1@' - ''; - print_current = pkgs.writeDashBin "print_current" '' - echo "$(${pkgs.mpc_cli}/bin/mpc current -f %file%) \ - $(${track_youtube_link})" - ''; - - print_current_json = pkgs.writeDashBin "print_current_json" '' - ${pkgs.jq}/bin/jq -n -c \ - --arg name "$(${pkgs.mpc_cli}/bin/mpc current)" \ - --arg artist "$(${pkgs.mpc_cli}/bin/mpc current -f %artist%)" \ - --arg title "$(${pkgs.mpc_cli}/bin/mpc current -f %title%)" \ - --arg filename "$(${pkgs.mpc_cli}/bin/mpc current -f %file%)" \ - --arg position "$(${get_current_track_position})" \ - --arg length "$(${pkgs.mpc_cli}/bin/mpc current -f %time%)" \ - --arg youtube "$(${track_youtube_link})" '{ - name: $name, - artist: $artist, - title: $title, - filename: $filename, - position: $position, - length: $length, - youtube: $youtube - }' + file=$(${pkgs.curl}/bin/curl -fSs http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's,^${music_dir},,' + ) + link=$(${pkgs.curl}/bin/curl http://localhost:8002/current | + ${pkgs.jq}/bin/jq -r '.filename' | + ${pkgs.gnused}/bin/sed 's@.*\(.\{11\}\)\.ogg@https://youtu.be/\1@' + ) + echo "$file": "$link" ''; set_irc_topic = pkgs.writeDash "set_irc_topic" '' @@ -113,15 +82,14 @@ in { users.users = { "${name}" = rec { inherit name; - createHome = mkForce false; + createHome = lib.mkForce false; group = name; - uid = genid_uint31 name; + uid = pkgs.stockholm.lib.genid_uint31 name; description = "radio manager"; home = "/home/${name}"; useDefaultShell = true; openssh.authorizedKeys.keys = with config.krebs.users; [ lass.pubkey - lass-mors.pubkey ]; }; }; @@ -131,50 +99,35 @@ in { }; krebs.per-user.${name}.packages = with pkgs; [ - add_random good_track skip_track print_current - print_current_json - ncmpcpp - mpc_cli ]; - services.mpd = { - enable = true; - user = "radio"; - musicDirectory = "${music_dir}"; - dataDir = "/home/radio/state"; # TODO create this somwhere - extraConfig = '' - log_level "default" - auto_update "yes" - volume_normalization "yes" - - audio_output { - type "httpd" - name "raw radio" - encoder "wave" - port "7900" - format "44100:16:2" - always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. - tags "yes |