diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/green/source.nix | 13 | ||||
| -rw-r--r-- | lass/1systems/prism/config.nix | 11 | ||||
| -rw-r--r-- | lass/1systems/styx/config.nix | 80 | ||||
| -rw-r--r-- | lass/1systems/styx/physical.nix | 34 | ||||
| -rw-r--r-- | lass/2configs/default.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/hass/default.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/hass/rooms/bett.nix | 62 | ||||
| -rw-r--r-- | lass/2configs/hass/rooms/essen.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/hass/rooms/nass.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/hass/zigbee.nix | 58 | ||||
| -rw-r--r-- | lass/2configs/jitsi.nix | 21 | ||||
| -rw-r--r-- | lass/2configs/radio.nix | 61 | ||||
| -rw-r--r-- | lass/2configs/tv.nix | 160 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 2 | ||||
| -rw-r--r-- | lass/3modules/default.nix | 1 | ||||
| -rw-r--r-- | lass/3modules/hass.nix | 51 |
16 files changed, 384 insertions, 177 deletions
diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index 21f3a8bd5..48499c9db 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,14 +1,5 @@ { lib, pkgs, ... }: { - nixpkgs = lib.mkForce { - file = { - path = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); - useChecksum = true; - }; - }; + nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; + nixpkgs.git.shallow = true; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 944a68beb..f63c6a05a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/libvirt.nix> + <stockholm/lass/2configs/tv.nix> { services.nginx.enable = true; imports = [ @@ -120,6 +121,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/jitsi.nix> { # quasi bepasty.nix imports = [ <stockholm/lass/2configs/bepasty.nix> @@ -392,6 +394,15 @@ with import <stockholm/lib>; ]; } { + users.users.shannan = { + uid = genid_uint31 "shannan"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.shannan.pubkey + ]; + }; + } + { nix.trustedUsers = [ "mic92" ]; users.users.mic92 = { uid = genid_uint31 "mic92"; diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix new file mode 100644 index 000000000..4c3ae1411 --- /dev/null +++ b/lass/1systems/styx/config.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/mouse.nix> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/nfs-dl.nix> + # <stockholm/lass/2configs/gg23.nix> + # <stockholm/lass/2configs/hass> + # <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/home-media.nix> + # <stockholm/lass/2configs/syncthing.nix> + # <stockholm/lass/2configs/sync/sync.nix> + # <stockholm/lass/2configs/idc.nix> + ]; + + krebs.build.host = config.krebs.hosts.styx; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; } + ]; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = top + title = top + + + Local + menu = Local + title = Local Network + ++ LocalMachine + menu = Local Machine + title = This host + host = localhost + + + Internet + menu = internet + title = internet + + ++ CloudflareDNS + menu = Cloudflare DNS + title = Cloudflare DNS server + host = 1.1.1.1 + + ++ GoogleDNS + menu = Google DNS + title = Google DNS server + host = 8.8.8.8 + + + retiolum + menu = retiolum + title = retiolum + + ++ gum + menu = gum.r + title = gum.r + host = gum.r + + ++ ni + menu = ni.r + title = ni.r + host = ni.r + + ++ prism + menu = prism.r + title = prism.r + host = prism.r + ''; + }; +} + diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix new file mode 100644 index 000000000..a3899f87d --- /dev/null +++ b/lass/1systems/styx/physical.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; + boot.loader.grub.efiInstallAsRemovable = true; + + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EAA5-88A9"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index babcb51de..1cf421fed 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -222,4 +222,5 @@ with import <stockholm/lib>; # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; + system.stateVersion = mkDefault "20.03"; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 66d430cd1..78379ba1c 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -26,7 +26,7 @@ with import ./lib.nix { inherit lib; }; lovelaceConfigWritable = true; }; - lass.hass.config = let + services.home-assistant.config = let tasmota_s20 = name: topic: { platform = "mqtt"; inherit name; diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index 16227fcb6..48a1f72d7 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -2,38 +2,38 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; - lass.hass.love = { - resources = [{ - url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; - type = "js"; - }]; - views = [{ - title = "bett"; - cards = [ - { - type = "markdown"; - title = "hello world"; - content = "This is just a test"; - } - { - type = "light"; - entity = "light.${lights.bett}"; - } - { - type = "custom:light-entity-card"; - entity = "light.${lights.bett}"; - } - { - type = "history-graph"; - entities = [ - "light.${lights.bett}" - ]; - } - ]; - }]; - }; + # lass.hass.love = { + # resources = [{ + # url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + # type = "js"; + # }]; + # views = [{ + # title = "bett"; + # cards = [ + # { + # type = "markdown"; + # title = "hello world"; + # content = "This is just a test"; + # } + # { + # type = "light"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "custom:light-entity-card"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "history-graph"; + # entities = [ + # "light.${lights.bett}" + # ]; + # } + # ]; + # }]; + # }; } diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix index f74996154..eeb3d30d2 100644 --- a/lass/2configs/hass/rooms/essen.nix +++ b/lass/2configs/hass/rooms/essen.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.essen lights.essen 10) (lightswitch switches.dimmer.essen lights.essen) ]; diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix index 163f4fc48..7e6298738 100644 --- a/lass/2configs/hass/rooms/nass.nix +++ b/lass/2configs/hass/rooms/nass.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.nass lights.nass 100) (lightswitch switches.dimmer.nass lights.nass) ]; diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix index 6d091066e..789a7fb92 100644 --- a/lass/2configs/hass/zigbee.nix +++ b/lass/2configs/hass/zigbee.nix @@ -1,41 +1,43 @@ {config, pkgs, lib, ...}: let - zigbee2mqtt_cfg = pkgs.writeText "zigbee2mqtt.json" (builtins.toJSON { - homeassistant = true; - permit_join = false; - mqtt = { - discovery = true; - base_topic = "zigbee"; - server = "mqtt://10.42.0.1"; - user = "gg23"; - password = "gg23-mqtt"; - }; - serial.port = "/dev/cc2531"; - }); + unstable-pkgs = import <nixpkgs-unstable> {}; in { # symlink the zigbee controller services.udev.extraRules = '' - SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dailout" - ''; - - system.activationScripts.installZigbee = '' - install -d /var/lib/zigbee2mqtt - install ${zigbee2mqtt_cfg} /var/lib/zigbee2mqtt/configuration.yaml + SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout" + SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="cc2652", MODE="0660", GROUP="dialout" ''; - # hack to restart docker container on config change - systemd.services.docker-zigbee2mqtt.environment.cfg = zigbee2mqtt_cfg; + # needed to use unstable package + systemd.services.zigbee2mqtt.environment.ZIGBEE2MQTT_DATA = "/var/lib/zigbee2mqtt"; - docker-containers.zigbee2mqtt = { - image = "koenkk/zigbee2mqtt"; - extraDockerOptions = [ - "--device=/dev/cc2531:/dev/cc2531" - ]; - volumes = ["/var/lib/zigbee2mqtt:/app/data"]; + services.zigbee2mqtt = { + enable = true; + package = unstable-pkgs.zigbee2mqtt; + config = { + homeassistant = true; + frontend.port = 1337; + experimental.new_api = true; + permit_join = false; + mqtt = { + discovery = true; + base_topic = "zigbee"; + server = "mqtt://10.42.0.1"; + user = "gg23"; + password = "gg23-mqtt"; + }; + serial = { + port = "/dev/cc2652"; + # disable_led = true; + }; + advanced = { + pan_id = 4222; + }; + }; }; - lass.hass.config = { + services.home-assistant.config = { sensor = [ # Sensor for monitoring the bridge state { @@ -93,7 +95,6 @@ in { { id = "zigbee_join_enabled"; alias = ""; - hide_entity = "true"; trigger = { platform = "state"; entity_id = "switch.zigbee2mqtt_join"; @@ -107,7 +108,6 @@ in { # Automation to stop timer when switch turned off and turn off switch when timer finished { id = "zigbee_join_disabled"; - hide_entity = "true"; trigger = [ { platform = "event"; diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix new file mode 100644 index 000000000..1435ccb5c --- /dev/null +++ b/lass/2configs/jitsi.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 3e8d12381..8c95b535d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -6,9 +6,6 @@ let name = "radio"; mainUser = config.users.extraUsers.mainUser; - admin-password = import <secrets/icecast-admin-pw>; - source-password = import <secrets/icecast-source-pw>; - music_dir = "/home/radio/music"; add_random = pkgs.writeDashBin "add_random" '' @@ -138,54 +135,19 @@ in { auto_update "yes" audio_output { - type "shout" - encoding "lame" - name "the_playlist_mp3" - host "localhost" - port "8000" - mount "/radio.mp3" - password "${source-password}" - bitrate "128" - - format "44100:16:2" - - user "source" - genre "good music" - } - audio_output { - type "shout" - encoding "ogg" - name "the_playlist_ogg" - host "localhost" - port "8000" - mount "/radio.ogg" - password "${source-password}" - bitrate "128" - - format "44100:16:2" - - user "source" - genre "good music" + type "httpd" + name "lassulus radio" + encoder "vorbis" # optional + port "8000" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. } ''; }; - services.icecast = { - enable = true; - hostname = "radio.lassul.us"; - admin.password = admin-password; - extraConf = '' - <mount> - <mount-name>/radio.mp3</mount-name> - <password>${source-password}</password> - </mount> - <mount> - <mount-name>/radio.ogg</mount-name> - <password>${source-password}</password> - </mount> - ''; - }; - krebs.iptables = { tables = { filter.INPUT.rules = [ @@ -206,7 +168,7 @@ in { systemd.services.radio = let autoAdd = pkgs.writeDash "autoAdd" '' - LIMIT=$1 #in secconds + LIMIT=$1 #in seconds timeLeft () { playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') @@ -238,8 +200,7 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read track; do - listeners=$(${pkgs.curl}/bin/curl 'http://localhost:8000/status-json.xsl' \ - | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add') + listeners=$(${pkgs.iproute}/bin/ss -Hno state established '( sport = :8000 )' | wc -l) echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE" echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" ${write_to_irc} "playing: $track listeners: $listeners" diff --git a/lass/2configs/tv.nix b/lass/2configs/tv.nix new file mode 100644 index 000000000..8e208d5e5 --- /dev/null +++ b/lass/2configs/tv.nix @@ -0,0 +1,160 @@ +{ config, pkgs, ... }: with import <stockholm/lib>; let + +nginxCfg = pkgs.writeText "nginx.conf" '' + daemon off; + pid /var/lib/rtmp/nginx.pid; + events { + use epoll; + worker_connections 128; + } + error_log stderr info; + http { + client_body_temp_path /var/lib/rtmp/nginx_cache_client_body; + proxy_temp_path /var/lib/rtmp/nginx_cache_proxy; + fastcgi_temp_path /var/lib/rtmp/nginx_cache_fastcgi; + uwsgi_temp_path /var/lib/rtmp/nginx_cache_uwsgi; + scgi_temp_path /var/lib/rtmp/nginx_cache_scgi; + + server { + listen 8080; + root /var/lib/rtmp; + access_log stderr; + error_log stderr; + + # This URL provides RTMP statistics in XML + location /stat { + rtmp_stat all; + } + + location /hls { + # Serve HLS fragments + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + root /tmp; + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + } + + location /dash { + # Serve DASH fragments + types { + application/dash+xml mpd; + video/mp4 mp4; + } + root /tmp; + add_header Cache-Control no-cache; + + # CORS setup + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Expose-Headers' 'Content-Length'; + + # Allow CORS preflight requests + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + } + + location "/dash.all.min.js" { + default_type "text/javascript"; + alias ${pkgs.fetchurl { + url = "http://cdn.dashjs.org/v3.2.0/dash.all.min.js"; + sha256 = "16f0b40gdqsnwqi01s5sz9f1q86dwzscgc3m701jd1sczygi481c"; + }}; + } + + location /player { + default_type "text/html"; + alias ${pkgs.writeText "player.html" '' + <!DOCTYPE html> + <html lang="en"> + <head> + <meta charset="utf-8"> + <title>lassulus livestream</title> + </head> + <body> + <div> + <video id="player" controls></video> + </video> + </div> + <script src="/dash.all.min.js"></script> + <script> + (function(){ + var url = "http://lassul.us:8080/dash/nixos.mpd"; + var player = dashjs.MediaPlayer().create(); + player.initialize(document.querySelector("#player"), url, true); + })(); + </script> + </body> + </html> + ''}; + } + } + } + + rtmp { + server { + access_log stderr; + listen 1935; + ping 30s; + notify_method get; + + application stream { + live on; + + hls on; + hls_path /tmp/hls; + + dash on; + dash_path /tmp/dash; + } + } + } +''; + +in { + users.users.rtmp = { + home = "/var/lib/rmtp"; + uid = genid_uint31 "rtmp"; + isNormalUser = true; + createHome = true; + }; + + systemd.services.nginx-rtmp = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartIfChanged = true; + script = '' + ${pkgs.nginx.override { + modules = [ + pkgs.nginxModules.rtmp + ]; + }}/bin/nginx -c ${nginxCfg} -p /var/lib/rtmp + ''; + serviceConfig = { + User = "rtmp"; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 1935"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 8080"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index ac7db10f5..f3beb9eb9 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -91,7 +91,7 @@ in { services.nextcloud = { enable = true; hostName = "o.xanf.org"; - package = pkgs.nextcloud19; + package = pkgs.nextcloud20; config = { adminpassFile = toString <secrets> + "/nextcloud_pw"; overwriteProtocol = "https"; diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 335658ed8..c3c73bdcb 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -4,7 +4,6 @@ _: ./dnsmasq.nix ./ejabberd ./folderPerms.nix - ./hass.nix ./hosts.nix ./klem.nix ./mysql-backup.nix diff --git a/lass/3modules/hass.nix b/lass/3modules/hass.nix deleted file mode 100644 index 96521aaa9..000000000 --- a/lass/3modules/hass.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, lib, pkgs, ... }: -with import <stockholm/lib>; -let - - cfg = config.lass.hass; - -in { - options.lass.hass = { - config = mkOption { - default = {}; - type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = "Yaml value"; - emptyValue.value = {}; - }; - in valueType; - }; - love = mkOption { - default = {}; - type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = "Yaml value"; - emptyValue.value = {}; - }; - in valueType; - }; - }; - - config = - assert versionOlder version "20.09"; - mkIf (cfg.config != {}) - { - services.home-assistant.config = cfg.config; - # services.home-assistant.lovelaceConfig = cfg.love; - }; -} - |