diff options
Diffstat (limited to 'makefu/2configs')
43 files changed, 736 insertions, 326 deletions
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6ce0606a8..1cf21f213 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -5,22 +5,37 @@ let ident = (builtins.readFile ./auphonic.pub); bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; + + # TODO: only when the data is stored somewhere else + wwwdir = "/var/www/binaergewitter"; + storedir = "/media/cloud/www/binaergewitter"; in { + fileSystems."${wwwdir}" = { + device = storedir; + options = [ "bind" ]; + }; + services.openssh = { allowSFTP = true; sftpFlags = [ "-l VERBOSE" ]; extraConfig = '' + HostkeyAlgorithms +ssh-rsa + Match User auphonic ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no PasswordAuthentication no + PubkeyAcceptedAlgorithms +ssh-rsa + ''; }; users.users.auphonic = { uid = genid "auphonic"; group = "nginx"; + # for storedir + extraGroups = [ "download" ]; useDefaultShell = true; isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md index fdc0e2585..8413e0b8b 100644 --- a/makefu/2configs/bgt/template.md +++ b/makefu/2configs/bgt/template.md @@ -1,31 +1,25 @@ # <SENDUNGSNUMMER> -0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) (wichtig) +0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) 1. `eine` Person anrufen (den Host): - markus 162dcbf89f@studio.link - Felix1 makefu@studio.link - L33tFelix l33tname@studio.link - Ingo ingo@studio.link -2. Jitis an machen! https://meet.jit.cloud/bgt (mittel) -3. studio-link aufnehmen drücken, schauen ob file local.flac größer wird (wichtig) +2. Jitis an machen https://meet.ffmuc.net/bgt (mittel) +3. studio-link aufnehmen drücken (wichtig) 4. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig) 4. alternative parecord: `$ pacmd list-sources | grep -e device.string -e 'name:' # keins der "monitor" devices` `$ parecord --channels=1 -d alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo bgt.wav` 5. darkice starten (wichtig) -5. chapter-marker starten (wichtig) +6. Ingo daran erinnern, dass er die Überschriften richtig aussprechen muss 7. klatschen 8. Hallihallo und Herzlich Willkommen -9. ctrl-u auf "H" von "Halli" Felix auf jeden fall erinnern (wichtig) -10. Ctrl-j drücken für neuen Eintrag - ggf. Felix erinnern (wichtig) ## Vorschläge ### Backlog von Picks und Lesefoo aus der letzten Woche -die Nachfolgenden 3 Striche sind sehr wichtig, bitte nicht löschen. Nachdem -chapter-marker gestartet wurde kann die reihenfolge nicht mer angepasst werden, -das ist der preis, den man zahlt - --- ## Blast from the Past diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index e955384d6..52b5d68a5 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -1,8 +1,9 @@ {pkgs, ... }: -# state: /var/lib/bitlbee { services.bitlbee = { enable = true; libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; }; + users.users.makefu.packages = with pkgs; [ weechat tmux ]; + state = [ "/var/lib/bitlbee" ]; } diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix index 92c1c4e0e..d57badd1c 100644 --- a/makefu/2configs/bitwarden.nix +++ b/makefu/2configs/bitwarden.nix @@ -23,6 +23,12 @@ in { { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ]; }; + services.postgresqlBackup = { + enable = true; + databases = [ "bitwarden" ]; + }; + systemd.services.postgresqlBackup-bitwarden.serviceConfig.SupplementaryGroups = [ "download" ]; + services.nginx.virtualHosts."bw.euer.krebsco.de" ={ forceSSL = true; diff --git a/makefu/2configs/bureautomation/comic-updater.nix b/makefu/2configs/bureautomation/comic-updater.nix index 1e2440939..5804d66d2 100644 --- a/makefu/2configs/bureautomation/comic-updater.nix +++ b/makefu/2configs/bureautomation/comic-updater.nix @@ -11,8 +11,9 @@ in { path = with pkgs; [ wget xmlstarlet ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = "hass"; - WorkingDirectory = config.services.home-assistant.configDir; + # User = "hass"; + #WorkingDirectory = config.services.home-assistant.configDir; + WorkingDirectory = "/var/lib/homeassistant-docker"; ExecStart = pkgs.writeDash "update-comics" '' set -euf mkdir -p www/ diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 46bf05963..44690271d 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -2,6 +2,7 @@ let kodi-host = "192.168.8.11"; unstable = import <nixpkgs-unstable> {}; + confdir = "/var/lib/homeassistant-docker"; in { imports = [ ./ota.nix @@ -13,169 +14,188 @@ in { # hass config ## complex configs # ./multi/daily-standup.nix - ./multi/aramark.nix - ./multi/matrix.nix - ./multi/frosch.nix - ./multi/mittagessen.nix - ./multi/10h_timers.nix + #./multi/aramark.nix + #./multi/matrix.nix + #./multi/frosch.nix + #./multi/mittagessen.nix + #./multi/10h_timers.nix - ./switch/tasmota_switch.nix - ./switch/rfbridge.nix + #./switch/tasmota_switch.nix + #./switch/rfbridge.nix - ./light/statuslight.nix - ./light/buzzer.nix + #./light/statuslight.nix + #./light/buzzer.nix - ./script/multi_blink.nix + #./script/multi_blink.nix - ./binary_sensor/buttons.nix - ./binary_sensor/motion.nix + #./binary_sensor/buttons.nix + #./binary_sensor/motion.nix - # ./sensor/pollen.nix requires dwd_pollen - ./sensor/espeasy.nix - ./sensor/airquality.nix - ./sensor/outside.nix - ./sensor/tasmota_firmware.nix + ## ./sensor/pollen.nix requires dwd_pollen + #./sensor/espeasy.nix + #./sensor/airquality.nix + #./sensor/outside.nix + #./sensor/tasmota_firmware.nix - ./camera/verkehrskamera.nix - ./camera/comic.nix - ./camera/stuttgart.nix - ./automation/bureau-shutdown.nix - ./automation/nachtlicht.nix - ./automation/schlechteluft.nix - ./automation/philosophische-tuer.nix - ./automation/hass-restart.nix - ./device_tracker/openwrt.nix - ./person/team.nix + #./camera/verkehrskamera.nix + #./camera/comic.nix + #./camera/stuttgart.nix + #./automation/bureau-shutdown.nix + #./automation/nachtlicht.nix + #./automation/schlechteluft.nix + #./automation/philosophische-tuer.nix + #./automation/hass-restart.nix + #./device_tracker/openwrt.nix + #./person/team.nix ]; networking.firewall.allowedTCPPorts = [ 8123 ]; state = [ "/var/lib/hass/known_devices.yaml" ]; - - services.home-assistant = { - enable = true; - package = (unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - })).override { - extraPackages = p: [ - # TODO: put somewhere else - (p.callPackage <stockholm/makefu/2configs/home/ham/deps/dwdwfsapi.nix> {}) - # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/pykodi.nix> {}) - p.APScheduler ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + #user = "${toString config.users.users.kiosk.uid}:${toString config.users.groups.kiosk.gid}"; + #user = "${toString config.users.users.kiosk.uid}:root"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.kiosk.uid; + PGID = toString config.users.groups.kiosk.gid; + UMASK = "007"; }; - autoExtraComponents = true; - config = { - config = {}; - discovery = {}; - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "legacy_api_password"; - api_password = "sistemas"; - } - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "192.168.8.0/24" - "::1/128" - "fd00::/8" - ]; - # allow_bypass_login = true; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "hass"; - tags = { - instance = "wbob"; - source = "hass"; - }; - }; - mqtt = { - discovery = true; - discovery_prefix = "homeassistant"; - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - birth_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - notify = [ - { - platform = "kodi"; - name = "wbob-kodi"; - host = kodi-host; - } - #{ - # platform = "telegram"; - # name = "telegrambot"; - # chat_id = builtins.elemAt - # (builtins.fromJSON (builtins.readFile - # <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; - #} - ]; - media_player = [ - { platform = "kodi"; - host = kodi-host; - } - { platform = "mpd"; - host = "127.0.0.1"; - } - ]; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + "d ${confdir} 0770 kiosk kiosk - -" + ]; + #services.home-assistant = { + # enable = true; + # package = (unstable.home-assistant.overrideAttrs (old: { + # doInstallCheck = false; + # })).override { + # extraPackages = p: [ + # # TODO: put somewhere else + # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/dwdwfsapi.nix> {}) + # # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/pykodi.nix> {}) + # p.APScheduler ]; + # }; + # autoExtraComponents = true; + # config = { + # config = {}; + # discovery = {}; + # homeassistant = { + # name = "Bureautomation"; + # time_zone = "Europe/Berlin"; + # latitude = "48.8265"; + # longitude = "9.0676"; + # elevation = 303; + # auth_providers = [ + # { type = "homeassistant";} + # { type = "legacy_api_password"; + # api_password = "sistemas"; + # } + # { type = "trusted_networks"; + # trusted_networks = [ + # "127.0.0.1/32" + # "192.168.8.0/24" + # "::1/128" + # "fd00::/8" + # ]; + # # allow_bypass_login = true; + # } + # ]; + # }; + # # https://www.home-assistant.io/components/influxdb/ + # influxdb = { + # database = "hass"; + # tags = { + # instance = "wbob"; + # source = "hass"; + # }; + # }; + # mqtt = { + # discovery = true; + # discovery_prefix = "homeassistant"; + # broker = "localhost"; + # port = 1883; + # client_id = "home-assistant"; + # keepalive = 60; + # protocol = 3.1; + # birth_message = { + # topic = "/bam/hass/tele/LWT"; + # payload = "Online"; + # qos = 1; + # retain = true; + # }; + # will_message = { + # topic = "/bam/hass/tele/LWT"; + # payload = "Offline"; + # qos = 1; + # retain = true; + # }; + # }; + # notify = [ + # { + # platform = "kodi"; + # name = "wbob-kodi"; + # host = kodi-host; + # } + # #{ + # # platform = "telegram"; + # # name = "telegrambot"; + # # chat_id = builtins.elemAt + # # (builtins.fromJSON (builtins.readFile + # # <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; + # #} + # ]; + # media_player = [ + # { platform = "kodi"; + # host = kodi-host; + # } + # { platform = "mpd"; + # host = "127.0.0.1"; + # } + # ]; - # sensor = [{ platform = "version"; }]; # pyhaversion + # # sensor = [{ platform = "version"; }]; # pyhaversion - frontend = { }; - http = { - # TODO: https://github.com/home-assistant/home-assistant/issues/16149 - # base_url = "http://192.168.8.11:8123"; - }; - conversation = {}; - history = {}; - logbook = {}; - tts = [ - { platform = "google_translate"; - language = "de"; - time_memory = 57600; - service_name = "google_say"; - } - { platform = "voicerss"; - api_key = builtins.readFile <secrets/hass/voicerss.apikey>; - language = "de-de"; - } - #{ platform = "picotts"; - # language = "de-DE"; - #} - ]; - recorder = {}; - sun = {}; - #telegram_bot = [ - # (builtins.fromJSON - # (builtins.readFile <secrets/hass/telegram-bot.json>)) - #]; - # only for automation - # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; - # we don't use imports because the expressions do not merge in - # home-assistant - }; - }; + # frontend = { }; + # http = { + # # TODO: https://github.com/home-assistant/home-assistant/issues/16149 + # # base_url = "http://192.168.8.11:8123"; + # }; + # conversation = {}; + # history = {}; + # logbook = {}; + # tts = [ + # { platform = "google_translate"; + # language = "de"; + # time_memory = 57600; + # service_name = "google_say"; + # } + # { platform = "voicerss"; + # api_key = builtins.readFile <secrets/hass/voicerss.apikey>; + # language = "de-de"; + # } + # #{ platform = "picotts"; + # # language = "de-DE"; + # #} + # ]; + # recorder = {}; + # sun = {}; + # #telegram_bot = [ + # # (builtins.fromJSON + # # (builtins.readFile <secrets/hass/telegram-bot.json>)) + # #]; + # # only for automation + # # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + # # we don't use imports because the expressions do not merge in + # # home-assistant + # }; + #}; } diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index ad62babc3..60ed6826d 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -8,7 +8,7 @@ hubs."krebshub" = { Nick = "makefu-${config.krebs.build.host.name}"; Password = builtins.readFile <secrets/krebshub.pw>; - Server = "adcs://hub.nsupdate.info:411"; + Server = "adcs://hub.nsupdate.info:1511"; AutoConnect = true; }; dcpp = { diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index 5a88f5ef8..f0aac3f32 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -95,6 +95,7 @@ in { enableTLS = true; settings = { server_port = 1511; + server_bind_addr = "any"; hub_name = "krebshub"; tls_certificate = "${uhubDir}/uhub.crt"; tls_private_key = "${uhubDir}/uhub.key"; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 610ba75fe..e5c7e48de 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -20,6 +20,12 @@ let dbpw = "/run/secret/nextcloud-db-pw"; in { + fileSystems."/var/lib/nextcloud/data" = { + device = "/media/cloud/nextcloud-data"; + options = [ "bind" ]; + }; + + krebs.secret.files.nextcloud-db-pw = { path = dbpw; owner.name = "nextcloud"; @@ -40,16 +46,18 @@ in { enable = true; databases = [ config.services.nextcloud.config.dbname ]; }; - +systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = [ "download" ]; + state = [ # services.postgresql.dataDir # "${config.services.nextcloud.home}/config" config.services.postgresqlBackup.location ]; + users.users.nextcloud.extraGroups = [ "download" ]; services.nextcloud = { enable = true; - package = pkgs.nextcloud22; + package = pkgs.nextcloud23; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; @@ -59,10 +67,11 @@ in { autoUpdateApps.startAt = "05:00:00"; caching.redis = true; - # caching.memcached = true; + caching.apcu = true; config = { # Further forces Nextcloud to use HTTPS overwriteProtocol = "https"; + defaultPhoneRegion = "DE"; # Nextcloud PostegreSQL database configuration, recommended over using SQLite dbtype = "pgsql"; @@ -71,7 +80,7 @@ in { dbname = "nextcloud"; dbpassFile = dbpw; adminpassFile = adminpw; - adminuser = "admin"; + adminuser = "root"; }; }; services.redis.enable = true; diff --git a/makefu/2configs/deployment/rss/ebk.yml b/makefu/2configs/deployment/rss/ebk.yml new file mode 100644 index 000000000..3248f5c4e --- /dev/null +++ b/makefu/2configs/deployment/rss/ebk.yml @@ -0,0 +1,59 @@ +regex: https://www.ebay\-kleinanzeigen.de/s\-.* +selectors: + httpsettings: + cookie: {} + header: {} + useragent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) + Chrome/90.0.4430.72 Safari/537.36 + insecure: false + feed: + title: title + authorname: "" + authoremail: "" + item: + container: ul[id='srchrslt-adtable'] li[class='ad-listitem lazyload-item '] + title: | + title = sel:find("h2.text-module-begin"):first():text():gsub("^%s*(.-)%s*$", "%1") + print(title) + link: | + link = sel:find("a"):first():attr("href") + print("https://www.ebay-kleinanzeigen.de" .. link) + created: |- + created = "" + sel:find("div.aditem-main--top--right"):each(function(i, s) + created = s:text():gsub("^%s*(.-)%s*$", "%1") + end) + if created:match("Heute") then + time = created:gsub("^.*,", "") + print(os.date("%d.%m.%Y") .. time .. " CET") + return + end + if created:match("Gestern") then + time = created:gsub("^.*,", "") + print(os.date("%d.%m.%Y", os.time()-24*60*60) .. time .. " CET") + return + end + if created:match("\.") then + print(created .. " 00:00 CET") + return + end + createdformat: 02.01.2006 15:04 MST + description: |- + description = sel:find(".aditem-main--middle"):html() + place = sel:find(".aditem-main--top--left"):html() + print(description .. place) + content: "" + image: | + img = sel:find("div.imagebox"):first():attr("data-imgsrc") + if img ~= "" then + -- prepend host if needed + if not(img:match("https*:\/\/.*")) then + img = "https://www.ebay-kleinanzeigen.de" .. img + end + print(img) + end + nextpage: | + nextpage = sel:find("link[rel=next]"):attr("href") + print("https://www.ebay-kleinanzeigen.de" .. nextpage) + nextpagecount: 5 + sort: "" diff --git a/makefu/2configs/deployment/rss/ratt-hourly.sh b/makefu/2configs/deployment/rss/ratt-hourly.sh new file mode 100755 index 000000000..67f2529bd --- /dev/null +++ b/makefu/2configs/deployment/rss/ratt-hourly.sh @@ -0,0 +1,28 @@ +#!/bin/sh +set -eu +URLS=${1?must provide URLS file} +OUTFILE=${2:-all.xml} + +echo "init, writing to $OUTFILE" + +cat > "$OUTFILE" <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/"> + <channel> + <title>makefu Ebay Kleinanzeigen</title> + <link>https://www.ebay-kleinanzeigen.de/</link> + <description>Feed for all kleinanzeigen</description> + <pubDate>$(date '+%a, %d %b %Y %H:%M:%S %z')</pubDate> +EOF +echo "looping through $URLS" +cat "$URLS" | while read line;do + echo "fetching $line" + ratt auto "$line" | \ + xmlstarlet sel -t -c "//item" >> "$OUTFILE" || : +done + +echo "close" +cat >> "$OUTFILE" <<EOF + </channel> +</rss> +EOF diff --git a/makefu/2configs/deployment/rss/ratt.nix b/makefu/2configs/deployment/rss/ratt.nix new file mode 100644 index 000000000..2e7ecb45d --- /dev/null +++ b/makefu/2configs/deployment/rss/ratt.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, ... }: +let + fqdn = "rss.euer.krebsco.de"; + ratt-path = "/var/lib/ratt/"; + out-path = "${ratt-path}/all.xml"; +in { + systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ]; + systemd.services.run-ratt = { + enable = true; + path = with pkgs; [ ratt xmlstarlet ]; + script = builtins.readFile ./ratt-hourly.sh; + scriptArgs = "${./urls} ${out-path}"; + + preStart = "install -v -m750 ${./ebk.yml} ${ratt-path}/ebk.yml"; # ratt requires the config file in the cwd + serviceConfig.User = "nginx"; + serviceConfig.WorkingDirectory= ratt-path; + startAt = "00/3:07"; # every 3 hours, fetch latest + }; + + services.nginx.virtualHosts."${fqdn}" = { + locations."=/ratt/all.xml" = { + alias = out-path; + }; + }; +} + diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix index 19f20f50f..7e077d7e4 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix @@ -1,24 +1,30 @@ { pkgs, lib, config, ... }: let fqdn = "rss.euer.krebsco.de"; + ratt-path = "/var/lib/ratt/"; in { + systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ]; services.tt-rss = { enable = true; virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; - services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; services.postgresqlBackup = { enable = true; databases = [ config.services.tt-rss.database.name ]; }; + systemd.services.postgresqlBackup-tt_rss.serviceConfig.SupplementaryGroups = [ "download" ]; services.nginx.virtualHosts."${fqdn}" = { |