summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-12-22 23:33:05 +0100
committertv <tv@krebsco.de>2021-12-22 23:33:05 +0100
commit448cd3b9af9e39980676f8ade7e5fb80dbb58b9f (patch)
treead3b7ccfb7107b0053ad2a80cbc2dd97a018e7a6 /makefu/2configs
parent2656cbf2a91f1f350e29e2ee2faa0bbe90f9b717 (diff)
parent576c05cf3a0ceddefa29c2d0073108177c3cfa52 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/bgt/social-to-irc.nix8
-rw-r--r--makefu/2configs/binary-cache/server.nix15
-rw-r--r--makefu/2configs/bitwarden.nix14
-rw-r--r--makefu/2configs/dcpp/hub.nix15
-rw-r--r--makefu/2configs/deployment/owncloud.nix2
-rw-r--r--makefu/2configs/home/ham/mqtt.nix6
-rw-r--r--makefu/2configs/home/music.nix (renamed from makefu/2configs/home/airsonic.nix)20
-rw-r--r--makefu/2configs/systemdultras/ircbot.nix11
8 files changed, 34 insertions, 57 deletions
diff --git a/makefu/2configs/bgt/social-to-irc.nix b/makefu/2configs/bgt/social-to-irc.nix
index e0898193b..9d9640a9f 100644
--- a/makefu/2configs/bgt/social-to-irc.nix
+++ b/makefu/2configs/bgt/social-to-irc.nix
@@ -1,12 +1,6 @@
{ pkgs, ... }:
{
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
- systemd.services.restart-brockman = {
- after = [ "brockman.service" ];
- wantedBy = [ "multi-user.target" ];
- startAt = "daily";
- script = "${pkgs.systemd}/bin/systemctl try-restart brockman.service";
- };
krebs.brockman = {
enable = true;
config = {
@@ -34,7 +28,7 @@
bgt-twitter = {
feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=binaergewitter&format=Atom";
#extraChannels = [ "#binaergewitter" ];
- delay = 180;
+ delay = 280;
};
};
};
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
index 2e05fd52e..c1ae16e29 100644
--- a/makefu/2configs/binary-cache/server.nix
+++ b/makefu/2configs/binary-cache/server.nix
@@ -6,22 +6,9 @@
services.nix-serve = {
enable = true;
port = 5001;
- secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ secretKeyFile = toString <secrets> + "/nix-serve.key";
};
- systemd.services.nix-serve = {
- after = [
- config.krebs.secret.files.nix-serve-key.service
- ];
- partOf = [
- config.krebs.secret.files.nix-serve-key.service
- ];
- };
- krebs.secret.files.nix-serve-key = {
- path = "/run/secret/nix-serve.key";
- owner.name = "nix-serve";
- source-path = toString <secrets> + "/nix-serve.key";
- };
services.nginx = {
enable = true;
virtualHosts."cache.euer.krebsco.de" = {
diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix
index 7e317e596..92c1c4e0e 100644
--- a/makefu/2configs/bitwarden.nix
+++ b/makefu/2configs/bitwarden.nix
@@ -2,7 +2,7 @@
let
port = 8812;
in {
- services.bitwarden_rs = {
+ services.vaultwarden = {
enable = true;
dbBackend = "postgresql";
config.signups_allowed = false;
@@ -13,17 +13,15 @@ in {
config.websocket_enabled = true;
};
- systemd.services.bitwarden_rs.after = [ "postgresql.service" ];
+ systemd.services.vaultwarden.after = [ "postgresql.service" ];
services.postgresql = {
enable = true;
ensureDatabases = [ "bitwarden" ];
- ensureUsers = [ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ];
- #initialScript = pkgs.writeText "postgresql-init.sql" ''
- # CREATE DATABASE bitwarden;
- # CREATE USER bitwardenuser WITH PASSWORD '${dbPassword}';
- # GRANT ALL PRIVILEGES ON DATABASE bitwarden TO bitwardenuser;
- #'';
+ ensureUsers = [
+ { name = "bitwarden_rs"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }
+ { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; }
+ ];
};
services.nginx.virtualHosts."bw.euer.krebsco.de" ={
diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
index b8ca49b74..5a88f5ef8 100644
--- a/makefu/2configs/dcpp/hub.nix
+++ b/makefu/2configs/dcpp/hub.nix
@@ -63,8 +63,11 @@ in {
networking.firewall.extraCommands = ''
iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
'';
- systemd.services.uhub.serviceConfig = {
+ systemd.services.uhub-home.serviceConfig = {
PrivateTmp = true;
+ DynamicUser = lib.mkForce false;
+ User = "uhub";
+ WorkingDirectory = uhubDir;
PermissionsStartOnly = true;
ExecStartPre = pkgs.writeDash "uhub-pre" ''
cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
@@ -86,6 +89,7 @@ in {
group = "uhub";
};
users.groups.uhub = {};
+
services.uhub.home = {
enable = true;
enableTLS = true;
@@ -103,13 +107,12 @@ in {
}
{
plugin = "${pkgs.uhub}/plugins/mod_welcome.so";
- settings.motd = "shareit";
- settings.rules = "1. Don't be an asshole";
+ settings.motd = toString (pkgs.writeText "motd" "shareit");
+ settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole");
}
{
- plugin = "${pkgs.uhub}/plugins/mod_history.so";
- settings.motd = "shareit";
- settings.rules = "1. Don't be an asshole";
+ plugin = "${pkgs.uhub}/plugins/mod_chat_history.so";
+ settings = {};
}
];
};
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 0593cf7fc..610ba75fe 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -49,7 +49,7 @@ in {
services.nextcloud = {
enable = true;
- package = pkgs.nextcloud21;
+ package = pkgs.nextcloud22;
hostName = "o.euer.krebsco.de";
# Use HTTPS for links
https = true;
diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix
index c90afff4a..5e668e7a0 100644
--- a/makefu/2configs/home/ham/mqtt.nix
+++ b/makefu/2configs/home/ham/mqtt.nix
@@ -12,15 +12,15 @@
omitPasswordAuth = false;
users.sensor = {
hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg==";
- acl = [ "topic readwrite #" ];
+ acl = [ "readwrite #" ];
};
users.hass = {
hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA==";
- acl = [ "topic readwrite #" ];
+ acl = [ "readwrite #" ];
};
users.stats = {
hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA==";
- acl = [ "topic read #" ];
+ acl = [ "read #" ];
};
settings = {
allow_anonymous = false;
diff --git a/makefu/2configs/home/airsonic.nix b/makefu/2configs/home/music.nix
index c6112be26..59f6d9170 100644
--- a/makefu/2configs/home/airsonic.nix
+++ b/makefu/2configs/home/music.nix
@@ -1,19 +1,21 @@
{ config, ... }:
let
internal-ip = "192.168.111.11";
- port = 4040;
+ port = 4533;
in
{
- # networking.firewall.allowedTCPPorts = [ 4040 ];
- services.airsonic = {
- enable = true;
- listenAddress = "0.0.0.0";
- inherit port;
+ services.navidrome.enable = true;
+ services.navidrome.settings = {
+ MusicFolder = "/media/cryptX/music";
+ Address = "0.0.0.0";
};
- state = [ config.services.airsonic.home ];
- services.nginx.virtualHosts."airsonic" = {
+
+ state = [ "/var/lib/navidrome" ];
+ # networking.firewall.allowedTCPPorts = [ 4040 ];
+ # state = [ config.services.airsonic.home ];
+ services.nginx.virtualHosts."navidrome" = {
serverAliases = [
- "airsonic.lan"
+ "navidrome.lan"
"music" "music.lan"
"musik" "musik.lan"
];
diff --git a/makefu/2configs/systemdultras/ircbot.nix b/makefu/2configs/systemdultras/ircbot.nix
index 65583b9ac..df9741d9c 100644
--- a/makefu/2configs/systemdultras/ircbot.nix
+++ b/makefu/2configs/systemdultras/ircbot.nix
@@ -7,13 +7,6 @@
virtualHost = "rss.makefu.r";
};
- systemd.services.restart-brockman = {
- after = [ "brockman.service" ];
- wantedBy = [ "multi-user.target" ];
- startAt = "daily";
- script = "${pkgs.systemd}/bin/systemctl try-restart brockman.service";
- };
-
krebs.brockman = {
enable = true;
config = {
@@ -27,11 +20,11 @@
bots = {
r-systemdultras-rss = {
feed = "https://www.reddit.com/r/systemdultras/.rss";
- delay = 136;
+ delay = 236;
};
r-systemd-rss = {
feed = "https://www.reddit.com/r/systemd/.rss";
- delay = 172;
+ delay = 272;
};
r-pid_eins-twitter = {
feed = "http://rss.makefu.r/?action=display&bridge=Twitter&context=By+username&u=pid_eins&format=Atom";
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 15:39:10 +0000