diff options
Diffstat (limited to 'lass')
47 files changed, 550 insertions, 240 deletions
diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index b08919802..d6943c110 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -43,7 +43,7 @@ with import <stockholm/lib>; libreoffice audacity zathura - skype + skypeforlinux wine geeqie vlc @@ -56,22 +56,32 @@ with import <stockholm/lib>; services.xserver.layout = "de"; } { - krebs.per-user.bitcoin.packages = [ - pkgs.electrum - pkgs.electron-cash - pkgs.litecoin - ]; - users.extraUsers = { - bitcoin = { - name = "bitcoin"; - description = "user for bitcoin stuff"; - home = "/home/bitcoin"; - isNormalUser = true; - useDefaultShell = true; - createHome = true; - extraGroups = [ "audio" ]; + users = { + groups.plugdev = {}; + users = { + bitcoin = { + name = "bitcoin"; + description = "user for bitcoin stuff"; + home = "/home/bitcoin"; + isNormalUser = true; + useDefaultShell = true; + createHome = true; + extraGroups = [ + "audio" + "networkmanager" + "plugdev" + ]; + packages = let + unstable = import <nixpkgs-unstable> { config.allowUnfree = true; }; + in [ + pkgs.electrum + pkgs.electron-cash + unstable.ledger-live-desktop + ]; + }; }; }; + hardware.ledger.enable = true; security.sudo.extraConfig = '' bubsy ALL=(bitcoin) NOPASSWD: ALL ''; diff --git a/lass/1systems/lasspi/physical.nix b/lass/1systems/lasspi/physical.nix index 80c459a95..868bafad5 100644 --- a/lass/1systems/lasspi/physical.nix +++ b/lass/1systems/lasspi/physical.nix @@ -25,7 +25,6 @@ version = 4; }; boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; # Required for the Wireless firmware hardware.enableRedistributableFirmware = true; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index d174e6057..62c6f0b71 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -124,6 +124,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/container-networking.nix> <stockholm/lass/2configs/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> + <stockholm/lass/2configs/bgt-bot> { services.tor = { enable = true; diff --git a/lass/1systems/xerxes/config.nix b/lass/1systems/xerxes/config.nix index bf818a9b2..6972567d7 100644 --- a/lass/1systems/xerxes/config.nix +++ b/lass/1systems/xerxes/config.nix @@ -47,7 +47,7 @@ wantedBy = [ "multi-user.target" ]; script = '' ${pkgs.xboxdrv.overrideAttrs(o: { - patches = [ (pkgs.fetchurl { + patches = o.patches ++ [ (pkgs.fetchurl { url = "https://patch-diff.githubusercontent.com/raw/xboxdrv/xboxdrv/pull/251.patch"; sha256 = "17784y20mxqrlhgvwvszh8lprxrvgmb7ah9dknmbhj5jhkjl8wq5"; }) ]; diff --git a/lass/2configs/IM.nix b/lass/2configs/IM.nix index 5b8cebf5c..8567def02 100644 --- a/lass/2configs/IM.nix +++ b/lass/2configs/IM.nix @@ -1,38 +1,23 @@ with (import <stockholm/lib>); { config, lib, pkgs, ... }: let weechat = pkgs.weechat.override { - configure = { availablePlugins, ... }: with pkgs.weechatScripts; { - plugins = lib.attrValues (availablePlugins // { - python = availablePlugins.python.withPackages (_: [ weechat-matrix ]); - }); - scripts = [ weechat-matrix ]; + configure = { availablePlugins, ... }: { + scripts = with pkgs.weechatScripts; [ + weechat-matrix + ]; }; }; - tmux = pkgs.writeDashBin "tmux" '' - exec ${pkgs.tmux}/bin/tmux -f ${pkgs.writeText "tmux.conf" '' - set-option -g prefix ` - unbind-key C-b - bind ` send-prefix - - set-option -g status off - set-option -g default-terminal screen-256color - - #use session instead of windows - bind-key c new-session - bind-key p switch-client -p - bind-key n switch-client -n - bind-key C-s switch-client -l - ''} "$@" - ''; + tmux = "/run/current-system/sw/bin/tmux"; in { imports = [ ./bitlbee.nix ]; - environment.systemPackages = [ tmux weechat ]; + environment.systemPackages = [ weechat ]; systemd.services.chat = { description = "chat environment setup"; + environment.WEECHAT_HOME = "\$HOME/.weechat"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -46,8 +31,8 @@ in { User = "lass"; RemainAfterExit = true; Type = "oneshot"; - ExecStart = "${tmux}/bin/tmux -2 new-session -d -s IM ${weechat}/bin/weechat"; - ExecStop = "${tmux}/bin/tmux kill-session -t IM"; # TODO run save in weechat + ExecStart = "${tmux} -2 new-session -d -s IM ${weechat}/bin/weechat"; + ExecStop = "${tmux} kill-session -t IM"; # TODO run save in weechat }; }; } diff --git a/lass/2configs/alacritty.nix b/lass/2configs/alacritty.nix index a57dc7c25..903ddf6cc 100644 --- a/lass/2configs/alacritty.nix +++ b/lass/2configs/alacritty.nix @@ -89,9 +89,40 @@ in { }; }; "themes/dark/alacritty.yaml".text = alacritty-cfg { - colors.primary = { - background = "#000000"; - foreground = "#ffffff"; + colors = { + # Default colors + primary = { + background = "0x000000"; + foreground = "0xffffff"; + }; + cursor = { + text = "0xF81CE5"; + cursor = "0xffffff"; + }; + + # Normal colors + normal = { + black = "0x000000"; + red = "0xfe0100"; + green = "0x33ff00"; + yellow = "0xfeff00"; + blue = "0x0066ff"; + magenta = "0xcc00ff"; + cyan = "0x00ffff"; + white = "0xd0d0d0"; + }; + + # Bright colors + bright = { + black = "0x808080"; + red = "0xfe0100"; + green = "0x33ff00"; + yellow = "0xfeff00"; + blue = "0x0066ff"; + magenta = "0xcc00ff"; + cyan = "0x00ffff"; + white = "0xFFFFFF"; + }; }; }; }; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 22a3037d7..e94cbbd2c 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -16,7 +16,7 @@ in { ./xmonad.nix ./themes.nix { - krebs.per-user.lass.packages = [ + users.users.mainUser.packages = [ pkgs.sshuttle ]; security.sudo.extraConfig = '' @@ -46,7 +46,7 @@ in { } ]; - users.users.mainUser.extraGroups = [ "audio" "video" ]; + users.users.mainUser.extraGroups = [ "audio" "pipewire" "video" ]; time.timeZone = "Europe/Berlin"; @@ -64,7 +64,7 @@ in { font-size fzfmenu gimp - gitAndTools.hub + gitAndTools.gh git-crypt git-preview dconf @@ -79,11 +79,13 @@ in { ponymix powertop rxvt_unicode-with-plugins + sshvnc sxiv taskwarrior termite transgui wirelesstools + x11vnc xclip xephyrify xorg.xhost diff --git a/lass/2configs/bgt-bot/bgt-check.sh b/lass/2configs/bgt-bot/bgt-check.sh new file mode 100644 index 000000000..30185ba18 --- /dev/null +++ b/lass/2configs/bgt-bot/bgt-check.sh @@ -0,0 +1,57 @@ +#!/bin/sh +# needs in path: +# curl gnugrep jq +# creates and manages $PWD/state +set -xeuf + +send_reaktor(){ + # usage: send_reaktor "text" + echo "send_reaktor: $1" + curl -fsS "http://localhost:$REAKTOR_PORT" \ + -H content-type:application/json \ + -d "$(jq -n \ + --arg text "$1" \ + --arg channel "$IRC_CHANNEL" \ + '{ + command:"PRIVMSG", + params:[$channel,$text] + }' + )" +} + +live=$(shuf -n1 <<EOF +Binärgewitter Liveshow hat begonnen! http://stream.radiotux.de:8000/binaergewitter.mp3 +EOF +) + +offline=$(shuf -n1 <<EOF +Live stream vorbei +EOF +) +error=$(shuf -n1 <<EOF +something went wrong +EOF +) + +if curl -Ss http://stream.radiotux.de:8000 | grep -q 'Mount Point /binaergewitter'; then + state='live' +else + state='offline' +fi +prevstate=$(cat state ||:) + +if test "$state" == "$(cat state)";then + #echo "current and last state is the same ($state), doing nothing" + : +else + echo "API state and last state differ ( '$state' != '$prevstate')" + if test "$state" == 'live';then + send_reaktor "$live" + elif test "$state" == 'offline';then + send_reaktor "$offline" + else + send_reaktor "$error" + fi + echo 'updating state' + printf "%s" "$state" > state +fi diff --git a/lass/2configs/bgt-bot/default.nix b/lass/2configs/bgt-bot/default.nix new file mode 100644 index 000000000..6f9e33704 --- /dev/null +++ b/lass/2configs/bgt-bot/default.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: +let + + bot_port = "7654"; + irc_channel = "#binaergewitter"; +in +{ + krebs.reaktor2.bgt-announce = { + hostname = "irc.libera.chat"; + port = "6697"; + nick = "bgt-announce"; + API.listen = "inet://127.0.0.1:${bot_port}"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + irc_channel + ]; + }; + } + ]; + }; + systemd.services.check_bgt_show = { + startAt = "*:0/5"; + environment = { + IRC_CHANNEL = irc_channel; + REAKTOR_PORT = bot_port; + }; + path = with pkgs; [ + curl + gnugrep + jq + ]; + script = builtins.readFile ./bgt-check.sh; + serviceConfig = { + DynamicUser = true; + StateDirectory = "bgt-announce"; + WorkingDirectory = "/var/lib/bgt-announce"; + PrivateTmp = true; + }; + }; +} + diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix index de6562cbc..e9dd055f9 100644 --- a/lass/2configs/bitcoin.nix +++ b/lass/2configs/bitcoin.nix @@ -28,7 +28,6 @@ in { }; }; security.sudo.extraConfig = '' - ${mainUser.name} ALL=(bch) ALL ${mainUser.name} ALL=(bitcoin) ALL ${mainUser.name} ALL=(monero) ALL ''; diff --git a/lass/2configs/bitlbee.nix b/lass/2configs/bitlbee.nix index b84221155..84f06e587 100644 --- a/lass/2configs/bitlbee.nix +++ b/lass/2configs/bitlbee.nix @@ -11,7 +11,7 @@ with (import <stockholm/lib>); pkgs.bitlbee-discord ]; libpurple_plugins = [ - pkgs.telegram-purple + # pkgs.telegram-purple # pkgs.tdlib-purple # pkgs.purple-gowhatsapp ]; diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index 28c7d640d..2698f67e0 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -8,7 +8,6 @@ with (import <stockholm/lib>); ]; environment.systemPackages = with pkgs; [ - ag dic nmap git-preview diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index 6e0a2385c..273a9c963 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -46,4 +46,6 @@ with import <stockholm/lib>; ]; }; + users.users.mainUser.extraGroups = [ "scanner" "lp" ]; + } diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 271dcfca4..b3bf1b761 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -28,6 +28,10 @@ in { params.hedgedoc = {}; }; + systemd.services.hedgedoc.environment = { + CMD_COOKIE_POLICY = "none"; + CMD_CSP_ALLOW_FRAMING = "true"; + }; services.hedgedoc = { enable = true; configuration.allowOrigin = [ domain ]; @@ -47,6 +51,7 @@ in { sslCertPath = "/var/lib/acme/${domain}/cert.pem"; sslKeyPath = "/var/lib/acme/${domain}/key.pem"; dhParamPath = config.security.dhparams.params.hedgedoc.path; + }; }; } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index f03d8b568..e8ac55988 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -10,6 +10,8 @@ with import <stockholm/lib>; ./htop.nix <stockholm/krebs/2configs/security-workarounds.nix> ./wiregrill.nix + ./tmux.nix + ./tor-ssh.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) @@ -122,6 +124,9 @@ with import <stockholm/lib>; q rs untilport + (pkgs.writeDashBin "urgent" '' + printf '\a' + '') usbutils logify goify diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix index 829773b87..26707f1f0 100644 --- a/lass/2configs/games.nix +++ b/lass/2configs/games.nix @@ -61,7 +61,7 @@ in { name = "games"; description = "user playing games"; home = "/home/games"; - extraGroups = [ "audio" "video" "input" "loot" ]; + extraGroups = [ "audio" "video" "input" "loot" "pipewire" ]; createHome = true; useDefaultShell = true; packages = with pkgs; [ diff --git a/lass/2configs/git-brain.nix b/lass/2configs/git-brain.nix index 1c6f92fcd..f4d1a27cd 100644 --- a/lass/2configs/git-brain.nix +++ b/lass/2configs/git-brain.nix @@ -28,7 +28,7 @@ let # TODO: get the list of all krebsministers - krebsminister = with config.krebs.users; [ makefu tv ]; + krebsminister = with config.krebs.users; [ makefu tv kmein ]; krebs-rules = repo: set-owners repo [ config.krebs.users.lass ] ++ set-ro-access repo krebsminister; diff --git a/lass/2configs/git.nix b/lass/2configs/git.nix index e6c77f64b..891aefcfd 100644 --- a/lass/2configs/git.nix +++ b/lass/2configs/git.nix @@ -122,12 +122,6 @@ let cgit.section = "configuration"; }; } // mapAttrs make-public-repo-silent { - nixos-aws = { - collaborators = [ { - name = "fabio"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFst8DvnfOu4pQJYxcwdf//jWTvP+jj0iSrOdt59c9Gbujm/8K1mBXhcSQhHj/GBRC1Qc1wipf9qZsWnEHMI+SRwq6tDr8gqlAcdWmHAs1bU96jJtc8EgmUKbXTFG/VmympMPi4cEbNUtH93v6NUjQKwq9szvDhhqSW4Y8zE32xLkySwobQapNaUrGAtQp3eTxu5Lkx+cEaaartaAspt8wSosXjUHUJktg0O5/XOP+CiWAx89AXxbQCy4XTQvUExoRGdw9sdu0lF0/A0dF4lFF/dDUS7+avY8MrKEcQ8Fwk8NcW1XrKMmCdNdpvou0whL9aHCdTJ+522dsSB1zZWh63Si4CrLKlc1TiGKCXdvzmCYrD+6WxbPJdRpMM4dFNtpAwhCm/dM+CBXfDkP0s5veFiYvp1ri+3hUqV/sep9r5/+d+5/R1gQs8WDNjWqcshveFbD5LxE6APEySB4QByGxIrw7gFbozE+PNxtlVP7bq4MyE6yIzL6ofQgO1e4THquPcqSCfCvyib5M2Q1phi5DETlMemWp84AsNkqbhRa4BGRycuOXXrBzE+RgQokcIY7t3xcu3q0xJo2+HxW/Lqi72zYU1NdT4nJMETEaG49FfIAnUuoVaQWWvOz8mQuVEmmdw2Yzo2ikILYSUdHTp1VPOeo6aNPvESkPw1eM0xDRlQ== ada"; - } ]; - }; }; restricted-repos = mapAttrs make-restricted-repo ( diff --git a/lass/2configs/home-media.nix b/lass/2configs/home-media.nix index 7e10aed34..f250ca8d8 100644 --- a/lass/2configs/home-media.nix +++ b/lass/2configs/home-media.nix @@ -4,10 +4,10 @@ with import <stockholm/lib>; users.users.media = { isNormalUser = true; uid = genid_uint31 "media"; - extraGroups = [ "video" "audio" ]; + extraGroups = [ "video" "audio" "pipewire" ]; }; - services.xserver.displayManager.lightdm.autoLogin = { + services.xserver.displayManager.autoLogin = { enable = true; user = "media"; }; diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix index 1435ccb5c..fa41f6634 100644 --- a/lass/2configs/jitsi.nix +++ b/lass/2configs/jitsi.nix @@ -7,10 +7,13 @@ config = { enableWelcomePage = true; requireDisplayName = true; + analytics.disabled = true; }; interfaceConfig = { SHOW_JITSI_WATERMARK = false; SHOW_WATERMARK_FOR_GUESTS = false; + DISABLE_PRESENCE_STATUS = true; + GENERATE_ROOMNAMES_ON_WELCOME_PAGE = false; }; }; diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 4682865c6..b874695a8 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -144,15 +144,7 @@ let set sort=threads - set index_format="${pkgs.writeDash "mutt-index" '' - # http://www.mutt.org/doc/manual/#formatstrings - recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" - # output to mutt - # V - echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" - # args to mutt-index dash script - # V - ''} %r |" + set index_format="%4C %Z %?GI?%GI& ? %[%y-%m-%d] %-20.20a %?M?(%3M)& ? %s %> %r %g" virtual-mailboxes "Unread" "notmuch://?query=tag:unread" virtual-mailboxes "INBOX" "notmuch://?query=tag:inbox" diff --git a/lass/2configs/minecraft.nix b/lass/2configs/minecraft.nix index d2a3672c5..34da3047e 100644 --- a/lass/2configs/minecraft.nix +++ b/lass/2configs/minecraft.nix @@ -11,6 +11,5 @@ in { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 25565"; target = "ACCEPT"; } { predicate = "-p udp --dport 25565"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } ]; } diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index 854af3eb5..f88d0d91d 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -76,15 +76,43 @@ let mp.add_key_binding('S', "download_subs", download) ''; + mpvInput = pkgs.writeText "mpv.input" '' + : script-binding console/enable + ''; + + mpvConfig = pkgs.writeText "mpv.conf" '' + osd-font-size=20 + ''; + mpv = pkgs.symlinkJoin { name = "mpv"; paths = [ (pkgs.writeDashBin "mpv" '' - exec ${pkgs.mpv}/bin/mpv \ + set -efu + if [ -n "''${DISPLAY+x}" ]; then + Y_RES=$(${pkgs.xorg.xrandr}/bin/xrandr | + ${pkgs.jc}/bin/jc --xrandr | + ${pkgs.jq}/bin/jq '.screens[0].current_width' + ) + else + Y_RES=1000 + fi + # we need to disable sponsorblock local database because of + # https://github.com/po5/mpv_sponsorblock/issues/31 + exec ${pkgs.mpv.override { + scripts = with pkgs.mpvScripts; [ + sponsorblock + youtube-quality + ]; + }}/bin/mpv \ -vo=gpu \ --no-config \ + --input-conf=${mpvInput} \ + --include=${mpvConfig} \ --script=${autosub} \ + --ytdl-format="best[height<$Y_RES]" \ --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \ + --script-opts-append=sponsorblock-local_database=no \ "$@" '') pkgs.mpv diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 68a55c71c..affc35307 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -57,10 +57,8 @@ with import <stockholm/lib>; addSSL = true; serverAliases = [ "p.krebsco.de" ]; locations."/".extraConfig = '' - if ($request_method != GET) { - return 403; - } proxy_set_header Host $host; + proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:${toString config.krebs.htgen.paste.port}; ''; locations."/image".extraConfig = '' diff --git a/lass/2configs/programs.nix b/lass/2configs/programs.nix index 0a4b4fd9b..0997b41a8 100644 --- a/lass/2configs/programs.nix +++ b/lass/2configs/programs.nix @@ -4,9 +4,11 @@ { environment.systemPackages = with pkgs; [ aria2 + generate-secrets gnupg1compat htop i3lock + l-gen-secrets mosh pass pavucontrol @@ -18,18 +20,41 @@ transmission wget xsel - youtube-dl + yt-dlp + (pkgs.writeDashBin "youtube-dl" '' + exec ${pkgs.yt-dlp}/bin/yt-dlp "$@" + '') (pkgs.writeDashBin "tether-on" '' adb shell svc usb setFunctions rndis '') (pkgs.writeDashBin "tether-off" '' adb shell svc usb setFunctions '') - (pkgs.writeDashBin "dl-movie" '' - ${pkgs.transmission}/bin/transmission-remote yellow.r -w /var/download/finished/sorted/movies -a "$@" + (pkgs.writeDashBin "deploy" '' + set -eu + export SYSTEM="$1" + $(nix-build $HOME/sync/stockholm/lass/krops.nix --no-out-link --argstr name "$SYSTEM" -A deploy) + '') + (pkgs.writeDashBin "krebsco.de" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "lassul.us" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.pass}/bin/ |