From 023a9749fced678f6108991170df510a518fdcec Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Dec 2021 08:48:36 +0100 Subject: ma music: cleanup, use navidrome --- makefu/2configs/home/airsonic.nix | 29 ----------------------------- makefu/2configs/home/music.nix | 31 +++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 29 deletions(-) delete mode 100644 makefu/2configs/home/airsonic.nix create mode 100644 makefu/2configs/home/music.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/home/airsonic.nix b/makefu/2configs/home/airsonic.nix deleted file mode 100644 index c6112be2..00000000 --- a/makefu/2configs/home/airsonic.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, ... }: -let - internal-ip = "192.168.111.11"; - port = 4040; -in -{ - # networking.firewall.allowedTCPPorts = [ 4040 ]; - services.airsonic = { - enable = true; - listenAddress = "0.0.0.0"; - inherit port; - }; - state = [ config.services.airsonic.home ]; - services.nginx.virtualHosts."airsonic" = { - serverAliases = [ - "airsonic.lan" - "music" "music.lan" - "musik" "musik.lan" - ]; - - locations."/".proxyPass = "http://localhost:${toString port}"; - locations."/".proxyWebsockets = true; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; -} diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix new file mode 100644 index 00000000..59f6d917 --- /dev/null +++ b/makefu/2configs/home/music.nix @@ -0,0 +1,31 @@ +{ config, ... }: +let + internal-ip = "192.168.111.11"; + port = 4533; +in +{ + services.navidrome.enable = true; + services.navidrome.settings = { + MusicFolder = "/media/cryptX/music"; + Address = "0.0.0.0"; + }; + + state = [ "/var/lib/navidrome" ]; + # networking.firewall.allowedTCPPorts = [ 4040 ]; + # state = [ config.services.airsonic.home ]; + services.nginx.virtualHosts."navidrome" = { + serverAliases = [ + "navidrome.lan" + "music" "music.lan" + "musik" "musik.lan" + ]; + + locations."/".proxyPass = "http://localhost:${toString port}"; + locations."/".proxyWebsockets = true; + extraConfig = '' + if ( $server_addr != "${internal-ip}" ) { + return 403; + } + ''; + }; +} -- cgit v1.2.3 From ca36cf99ac38b35b748ad7d191ef58bfe05ebdeb Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Dec 2021 08:48:58 +0100 Subject: ma home/mqtt: fix acl --- makefu/2configs/home/ham/mqtt.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index c90afff4..5e668e7a 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -12,15 +12,15 @@ omitPasswordAuth = false; users.sensor = { hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "topic readwrite #" ]; + acl = [ "readwrite #" ]; }; users.hass = { hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "topic readwrite #" ]; + acl = [ "readwrite #" ]; }; users.stats = { hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "topic read #" ]; + acl = [ "read #" ]; }; settings = { allow_anonymous = false; -- cgit v1.2.3 From 9fe5862fa8098cd66de1827d253ff73f9999309e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Dec 2021 08:57:22 +0100 Subject: ma brockman: do not restart on a daily basis --- makefu/2configs/bgt/social-to-irc.nix | 6 ------ makefu/2configs/systemdultras/ircbot.nix | 7 ------- 2 files changed, 13 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix index e0898193..e7f8548d 100644 --- a/makefu/2configs/bgt/social-to-irc.nix +++ b/makefu/2configs/bgt/social-to-irc.nix @@ -1,12 +1,6 @@ { pkgs, ... }: { systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG"; - systemd.services.restart-brockman = { - after = [ "brockman.service" ]; - wantedBy = [ "multi-user.target" ]; - startAt = "daily"; - script = "${pkgs.systemd}/bin/systemctl try-restart brockman.service"; - }; krebs.brockman = { enable = true; config = { diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index 65583b9a..21aa28b6 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -7,13 +7,6 @@ virtualHost = "rss.makefu.r"; }; - systemd.services.restart-brockman = { - after = [ "brockman.service" ]; - wantedBy = [ "multi-user.target" ]; - startAt = "daily"; - script = "${pkgs.systemd}/bin/systemctl try-restart brockman.service"; - }; - krebs.brockman = { enable = true; config = { -- cgit v1.2.3 From d424c3f6af7c505d5ad64210d0a1b59af7483916 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 13 Dec 2021 08:59:23 +0100 Subject: ma social-bridges: up timeouts --- makefu/2configs/bgt/social-to-irc.nix | 2 +- makefu/2configs/systemdultras/ircbot.nix | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix index e7f8548d..9d9640a9 100644 --- a/makefu/2configs/bgt/social-to-irc.nix +++ b/makefu/2configs/bgt/social-to-irc.nix @@ -28,7 +28,7 @@ bgt-twitter = { feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=binaergewitter&format=Atom"; #extraChannels = [ "#binaergewitter" ]; - delay = 180; + delay = 280; }; }; }; diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix index 21aa28b6..df9741d9 100644 --- a/makefu/2configs/systemdultras/ircbot.nix +++ b/makefu/2configs/systemdultras/ircbot.nix @@ -20,11 +20,11 @@ bots = { r-systemdultras-rss = { feed = "https://www.reddit.com/r/systemdultras/.rss"; - delay = 136; + delay = 236; }; r-systemd-rss = { feed = "https://www.reddit.com/r/systemd/.rss"; - delay = 172; + delay = 272; }; r-pid_eins-twitter = { feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=pid_eins&format=Atom"; -- cgit v1.2.3 From de442ba8ada44d26db9203f96560f077cc10ab17 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 17 Dec 2021 18:54:10 +0100 Subject: ma binary-cache server: use key without secret.service --- makefu/2configs/binary-cache/server.nix | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix index 2e05fd52..c1ae16e2 100644 --- a/makefu/2configs/binary-cache/server.nix +++ b/makefu/2configs/binary-cache/server.nix @@ -6,22 +6,9 @@ services.nix-serve = { enable = true; port = 5001; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + secretKeyFile = toString + "/nix-serve.key"; }; - systemd.services.nix-serve = { - after = [ - config.krebs.secret.files.nix-serve-key.service - ]; - partOf = [ - config.krebs.secret.files.nix-serve-key.service - ]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString + "/nix-serve.key"; - }; services.nginx = { enable = true; virtualHosts."cache.euer.krebsco.de" = { -- cgit v1.2.3 From 2f85a4ae5975f608431fcf95cd6282d35418f885 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 17 Dec 2021 21:10:42 +0100 Subject: ma uhub: update plugin settings --- makefu/2configs/dcpp/hub.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index b8ca49b7..5a88f5ef 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -63,8 +63,11 @@ in { networking.firewall.extraCommands = '' iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 ''; - systemd.services.uhub.serviceConfig = { + systemd.services.uhub-home.serviceConfig = { PrivateTmp = true; + DynamicUser = lib.mkForce false; + User = "uhub"; + WorkingDirectory = uhubDir; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' cp -f ${toString } ${uhubDir}/uhub.crt @@ -86,6 +89,7 @@ in { group = "uhub"; }; users.groups.uhub = {}; + services.uhub.home = { enable = true; enableTLS = true; @@ -103,13 +107,12 @@ in { } { plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; - settings.motd = "shareit"; - settings.rules = "1. Don't be an asshole"; + settings.motd = toString (pkgs.writeText "motd" "shareit"); + settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole"); } { - plugin = "${pkgs.uhub}/plugins/mod_history.so"; - settings.motd = "shareit"; - settings.rules = "1. Don't be an asshole"; + plugin = "${pkgs.uhub}/plugins/mod_chat_history.so"; + settings = {}; } ]; }; -- cgit v1.2.3 From f58d9d52ad665b1150e9914d7178190895fed361 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 17 Dec 2021 21:11:01 +0100 Subject: ma owncloud: update to 22 --- makefu/2configs/deployment/owncloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 0593cf7f..610ba75f 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -49,7 +49,7 @@ in { services.nextcloud = { enable = true; - package = pkgs.nextcloud21; + package = pkgs.nextcloud22; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; -- cgit v1.2.3 From 26e0cca2e22fde8ae150354d949d9cfeb8b1833b Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 17 Dec 2021 21:11:21 +0100 Subject: ma bitwarden: finish migration --- makefu/2configs/bitwarden.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix index 7e317e59..92c1c4e0 100644 --- a/makefu/2configs/bitwarden.nix +++ b/makefu/2configs/bitwarden.nix @@ -2,7 +2,7 @@ let port = 8812; in { - services.bitwarden_rs = { + services.vaultwarden = { enable = true; dbBackend = "postgresql"; config.signups_allowed = false; @@ -13,17 +13,15 @@ in { config.websocket_enabled = true; }; - systemd.services.bitwarden_rs.after = [ "postgresql.service" ]; + systemd.services.vaultwarden.after = [ "postgresql.service" ]; services.postgresql = { enable = true; ensureDatabases = [ "bitwarden" ]; - ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ]; - #initialScript = pkgs.writeText "postgresql-init.sql" '' - # CREATE DATABASE bitwarden; - # CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}'; - # GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser; - #''; + ensureUsers = [ + { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } + { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } + ]; }; services.nginx.virtualHosts."bw.euer.krebsco.de" ={ -- cgit v1.2.3