From 72cd01d104bb61b5a5e28c2c10e0bd2bd55ce681 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 11 Apr 2019 15:43:25 +0200 Subject: l domsen: increment duckdns domain --- lass/2configs/websites/domsen.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index b5848477..5bd5a7ca 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -237,8 +237,8 @@ in { krebs.on-failure.plans.restic-backups-domsen = {}; services.restic.backups.domsen = { initialize = true; - extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; - repository = "sftp:efOVcMWSZ@wilhelmstr.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; + extraOptions = [ "sftp.command='ssh efOVcMWSZ@wilhelmstr2.duckdns.org -S none -v -p 52222 -i ${toString + "/ssh.id_ed25519"} -s sftp'" ]; + repository = "sftp:efOVcMWSZ@wilhelmstr2.duckdns.org:/mnt/UBIK-9TB-Pool/BACKUP/XXXX-MAX-UND-ANDERES"; passwordFile = toString + "/domsen_backup_pw"; timerConfig = { OnCalendar = "00:05"; RandomizedDelaySec = "5h"; }; paths = [ -- cgit v1.2.3 From d03c70bb86ef1fb3e88a2dc9143faf34240feec0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 14:48:26 +0200 Subject: l hw x220: disable lid via new api --- lass/2configs/hw/x220.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/hw/x220.nix b/lass/2configs/hw/x220.nix index f5651da1..5649041f 100644 --- a/lass/2configs/hw/x220.nix +++ b/lass/2configs/hw/x220.nix @@ -30,8 +30,7 @@ }; }; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; } -- cgit v1.2.3 From 167f19018d856d233cd405612e215869ffc925b4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 13 Apr 2019 16:37:21 +0200 Subject: l syncthing: set configDir to 18.09 default --- lass/2configs/syncthing.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index 842abc19..d8b3c9f9 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -4,6 +4,7 @@ with import ; services.syncthing = { enable = true; group = "syncthing"; + configDir = "/var/lib/syncthing"; }; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 22000"; target = "ACCEPT";} -- cgit v1.2.3 From a224e77dfbb8dc88119891c492651458cfacd39a Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 13 Apr 2019 21:41:58 +0200 Subject: lass paste: add p.krebsco.de --- lass/2configs/paste.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/paste.nix b/lass/2configs/paste.nix index 293691c0..3c3d8e63 100644 --- a/lass/2configs/paste.nix +++ b/lass/2configs/paste.nix @@ -10,6 +10,16 @@ with import ; proxy_pass http://localhost:9081; ''; }; + services.nginx.virtualHosts.paste-readonly = { + serverAliases = [ "p.krebsco.de" ]; + locations."/".extraConfig = '' + if ($request_method != GET) { + return 403; + } + proxy_set_header Host $host; + proxy_pass http://localhost:9081; + ''; + }; krebs.htgen.paste = { port = 9081; script = toString [ -- cgit v1.2.3 From ff86e4a137ff28b0a3ef2279d7397aa81cea1c03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:12:47 +0200 Subject: l shodan.r & icarus.r: decrypt via ssh --- lass/2configs/ssh-cryptsetup.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 lass/2configs/ssh-cryptsetup.nix (limited to 'lass/2configs') diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix new file mode 100644 index 00000000..c5e1c592 --- /dev/null +++ b/lass/2configs/ssh-cryptsetup.nix @@ -0,0 +1,17 @@ +{ config, ... }: +{ + boot.initrd = { + network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = with config.krebs.users; [ + config.krebs.users.lass-mors.pubkey + config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-shodan.pubkey + config.krebs.users.lass-icarus.pubkey + ]; + }; + }; + }; +} -- cgit v1.2.3 From f6e73456d0a3acbd8c59fdfde2faf930ec085bf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 19:41:33 +0200 Subject: l: add green-host.nix --- lass/2configs/green-host.nix | 83 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 lass/2configs/green-host.nix (limited to 'lass/2configs') diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 00000000..860d7c11 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + imports = [ + + + { #hack for already defined + systemd.services."container@green".reloadIfChanged = mkForce false; + systemd.services."container@green".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' + ''; + systemd.services."container@green".postStop = '' + set -x + ${pkgs.umount}/bin/umount /var/lib/containers/green + ls -la /dev/mapper/control + ${pkgs.devicemapper}/bin/dmsetup ls + ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img + ''; + } + ]; + + lass.ensure-permissions = [ + { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; } + ]; + + krebs.syncthing.folders = [ + { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; } + ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + + containers.green = { + config = { ... }: { + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.15"; + localAddress = "10.233.2.16"; + }; + + environment.systemPackages = [ + (pkgs.writeDashBin "start-green" '' + set -fu + CONTAINER='green' + IMAGE='/var/lib/sync-containers/green.img' + + ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null + if [ "$?" -ne 0 ]; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" + fi + + mkdir -p /var/lib/containers/"$CONTAINER" + + ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " + if [ "$?" -ne 0 ]; then + ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + fi + + STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + if [ "$STATE" = 'down' ]; then + ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + fi + ping -c1 green.r + if [ "$?" -ne 0 ]; then + ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + fi + + '') + ]; +} -- cgit v1.2.3 From bfff3b0a698bd5a7ea1f90511c2578bdb4828b97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:00:06 +0200 Subject: l: reorganize syncs --- lass/2configs/sync/decsync.nix | 8 ++++++++ lass/2configs/sync/weechat.nix | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 lass/2configs/sync/decsync.nix create mode 100644 lass/2configs/sync/weechat.nix (limited to 'lass/2configs') diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix new file mode 100644 index 00000000..94569c94 --- /dev/null +++ b/lass/2configs/sync/decsync.nix @@ -0,0 +1,8 @@ +{ + krebs.syncthing.folders = [ + { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; } + ]; +} diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix new file mode 100644 index 00000000..d10177b1 --- /dev/null +++ b/lass/2configs/sync/weechat.nix @@ -0,0 +1,8 @@ +{ + krebs.syncthing.folders = [ + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } + ]; +} -- cgit v1.2.3 From d06a5ce073133f74de8d5513d457e2c470d1eaa2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:12:01 +0200 Subject: l: add xdg-open settings --- lass/2configs/baseX.nix | 1 + lass/2configs/xdg-open.nix | 66 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 lass/2configs/xdg-open.nix (limited to 'lass/2configs') diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 26d6622a..5003d227 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix + ./xdg-open.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix new file mode 100644 index 00000000..824c36dc --- /dev/null +++ b/lass/2configs/xdg-open.nix @@ -0,0 +1,66 @@ +{ config, pkgs, lib, ... }: with import ; let + + xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' + /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + ''; + + xdg-open = pkgs.writeBash "xdg-open" '' + set -e + FILE="$1" + mime= + + case "$FILE" in + http://*|https://*) + mime=text/html + ;; + mailto:*) + mime=special/mailaddress + ;; + magnet:*) + mime=application/x-bittorrent + ;; + irc:*) + mime=x-scheme-handler/irc + ;; + *) + # it’s a file + + # strip possible protocol + FILE=''${FILE#file://} + mime=''$(file -E --brief --mime-type "$FILE") \ + || (echo "$mime" 1>&2; exit 1) + # ^ echo the error message of file + ;; + esac + + case "$mime" in + special/mailaddress) + urxvtc --execute vim "$FILE" ;; + ${optionalString (hasAttr "browser" config.lass) '' + text/html) + ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + text/xml) + ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + ''} + text/*) + urxvtc --execute vim "$FILE" ;; + image/*) + sxiv "$FILE" ;; + application/x-bittorrent) + env DISPLAY=:0 transgui "$FILE" ;; + application/pdf) + zathura "$FILE" ;; + inode/directory) + sudo -u lass -i urxvtc --execute mc "$FILE" ;; + *) + # open dmenu and ask for program to open with + $(dmenu_path | dmenu) "$FILE";; + esac + ''; +in { + environment.systemPackages = [ xdg-open-wrapper ]; + + security.sudo.extraConfig = '' + cr ALL=(lass) NOPASSWD: ${xdg-open} * + ''; +} -- cgit v1.2.3 From cc986ff84ba2893b8f68b95842b46fb65987e437 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:12:38 +0200 Subject: l: add more emails --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index aec59261..4216bd67 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -100,6 +100,9 @@ with import ; { from = "box@lassul.us"; to = lass.mail; } { from = "paloalto@lassul.us"; to = lass.mail; } { from = "subtitles@lassul.us"; to = lass.mail; } + { from = "lobsters@lassul.us"; to = lass.mail; } + { from = "fysitech@lassul.us"; to = lass.mail; } + { from = "threema@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 5e4e3fb82edee271204021cc9d44624a2fb3ff26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:13:10 +0200 Subject: l mail: remove deprecated notmuch fix --- lass/2configs/mail.nix | 4 ---- 1 file changed, 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 0803846a..6de111ba 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -233,8 +233,4 @@ in { tag-new-mails tag-old-mails ]; - - nixpkgs.config.packageOverrides = opkgs: { - notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; })); - }; } -- cgit v1.2.3 From 32664bdbd53f1989169278d9196ecabf350cddf2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:14:06 +0200 Subject: l radio: reduce journal spam --- lass/2configs/radio.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index f88b2627..f14b2821 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -59,6 +59,9 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + log_level "default" + auto_update "yes" + audio_output { type "shout" encoding "lame" -- cgit v1.2.3 From c48e24665017cce5a1a859799f7060bbad8ccc83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:14:36 +0200 Subject: l prism-share: set export to ro --- lass/2configs/prism-share.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix index 70e616ec..aa3eb541 100644 --- a/lass/2configs/prism-share.nix +++ b/lass/2configs/prism-share.nix @@ -21,7 +21,7 @@ with import ; shares = { incoming = { path = "/mnt/prism"; - "read only" = "no"; + "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; -- cgit v1.2.3 From f35ccc7529427e543044998549104191b5bdbb06 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:15:07 +0200 Subject: l radio: sync the_playlist folder --- lass/2configs/radio.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index f14b2821..d67d970f 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -248,4 +248,10 @@ in { alias ${html}; ''; }; + krebs.syncthing.folders = [ + { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; } + ]; } -- cgit v1.2.3 From 47c4919a066b9ac06b822d9f4111b4e06f9ad17b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:15:38 +0200 Subject: l syncthing: share sync with shodan --- lass/2configs/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index d8b3c9f9..fc10b2cb 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -16,7 +16,7 @@ with import ; key = toString ; peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); folders = [ - { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; } ]; }; -- cgit v1.2.3 From 24d7e2fa03a4533368a8ec90599211366feb1510 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:16:06 +0200 Subject: l domsen: run verify_arg as root --- lass/2configs/websites/domsen.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5bd5a7ca..2131c7c6 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -119,7 +119,7 @@ in { authenticators.PLAIN = '' driver = plaintext public_name = PLAIN - server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} + server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} ''; authenticators.LOGIN = '' driver = plaintext -- cgit v1.2.3 From 2a89d6587d5ee5d3151b5e5be05e152a539e78d0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Apr 2019 10:16:02 +0200 Subject: l syncs: use permown, use attrs --- lass/2configs/green-host.nix | 13 ++++++------- lass/2configs/radio.nix | 15 +++++++++------ lass/2configs/sync/decsync.nix | 15 +++++++++------ lass/2configs/sync/weechat.nix | 12 ++++++------ lass/2configs/syncthing.nix | 20 ++++++++++---------- 5 files changed, 40 insertions(+), 35 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix index 860d7c11..1421eede 100644 --- a/lass/2configs/green-host.nix +++ b/lass/2configs/green-host.nix @@ -20,13 +20,12 @@ with import ; } ]; - lass.ensure-permissions = [ - { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; } - ]; - - krebs.syncthing.folders = [ - { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; } - ]; + krebs.syncthing.folders."/var/lib/sync-containers".peers = [ "icarus" "skynet" "littleT" "shodan" ]; + krebs.permown."/var/lib/sync-containers" = { + owner = "root"; + group = "syncthing"; + umask = "0007"; + }; system.activationScripts.containerPermissions = '' mkdir -p /var/lib/containers diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index d67d970f..521b3c05 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -248,10 +248,13 @@ in { alias ${html}; ''; }; - krebs.syncthing.folders = [ - { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; } - ]; + krebs.syncthing.folders."the_playlist" = { + path = "/home/radio/music/the_playlist"; + peers = [ "mors" "phone" "prism" ]; + }; + krebs.permown."/home/radio/music/the_playlist" = { + owner = "radio"; + group = "syncthing"; + umask = "0007"; + }; } diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix index 94569c94..c3f6511c 100644 --- a/lass/2configs/sync/decsync.nix +++ b/lass/2configs/sync/decsync.nix @@ -1,8 +1,11 @@ { - krebs.syncthing.folders = [ - { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; } - ]; + krebs.syncthing.folders.decsync = { + path = "/home/lass/decsync"; + peers = [ "mors" "blue" "green" "phone" ]; + }; + krebs.permown."/home/lass/decsync" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix index d10177b1..30c7b262 100644 --- a/lass/2configs/sync/weechat.nix +++ b/lass/2configs/sync/weechat.nix @@ -1,8 +1,8 @@ { - krebs.syncthing.folders = [ - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; + krebs.syncthing.folders."/home/lass/.weechat".peers = [ "blue" "green" "mors" ]; + krebs.permown."/home/lass/.weechat" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index fc10b2cb..48f2625c 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -1,6 +1,6 @@ -{ config, pkgs, ... }: -with import ; -{ +{ config, pkgs, ... }: with import ; let + peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); +in { services.syncthing = { enable = true; group = "syncthing"; @@ -14,17 +14,17 @@ with import ; enable = true; cert = toString ; key = toString ; - peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); - folders = [ - { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; } - ]; + peers = peers; + folders."/home/lass/sync".peers = attrNames peers; }; system.activationScripts.syncthing-home = '' ${pkgs.coreutils}/bin/chmod a+x /home/lass ''; - lass.ensure-permissions = [ - { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; } - ]; + krebs.permown."/home/lass/sync" = { + owner = "lass"; + group = "syncthing"; + umask = "0007"; + }; } -- cgit v1.2.3 From da336abf88d620648580a8e0a25e2b31c7d110ff Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Apr 2019 13:39:00 +0200 Subject: l radio: set new music directory --- lass/2configs/radio.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 521b3c05..b26237c6 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -10,7 +10,7 @@ let source-password = import ; add_random = pkgs.writeDashBin "add_random" '' - ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls | shuf -n1)" + ${pkgs.mpc_cli}/bin/mpc add "$(${pkgs.mpc_cli}/bin/mpc ls the_playlist/music | grep '\.ogg$' | shuf -n1)" ''; skip_track = pkgs.writeDashBin "skip_track" '' @@ -57,7 +57,7 @@ in { services.mpd = { enable = true; group = "radio"; - musicDirectory = "/home/radio/the_playlist/music"; + musicDirectory = "/home/radio/music"; extraConfig = '' log_level "default" auto_update "yes" -- cgit v1.2.3 From 8b3030a08d69317404470b96f097635b39be2027 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 18 Apr 2019 13:39:54 +0200 Subject: l radio: grant mpd access to music dir --- lass/2configs/radio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index b26237c6..88899c55 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -255,6 +255,6 @@ in { krebs.permown."/home/radio/music/the_playlist" = { owner = "radio"; group = "syncthing"; - umask = "0007"; + umask = "0002"; }; } -- cgit v1.2.3