diff options
23 files changed, 339 insertions, 130 deletions
diff --git a/kartei/lass/prism.nix b/kartei/lass/prism.nix index 029216f88..cfc05b636 100644 --- a/kartei/lass/prism.nix +++ b/kartei/lass/prism.nix @@ -70,7 +70,6 @@ rec { "c.r" "p.r" "search.r" - "radio-news.r" ]; tinc = { pubkey = '' diff --git a/kartei/lass/radio.nix b/kartei/lass/radio.nix new file mode 100644 index 000000000..808245312 --- /dev/null +++ b/kartei/lass/radio.nix @@ -0,0 +1,40 @@ +{ r6, w6, ... }: +{ + nets = { + retiolum = { + ip4.addr = "10.243.0.11"; + ip6.addr = r6 "4d10"; + aliases = [ + "radio.r" + "radio-news.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAx08urv4sl22+pLchD6W6kprJ1JZBiG9/MVA50PqYAJmvTpYyDUCR + Dwgt7pR8n/zbbof98QS5D67J5rZPcrLI6PY2bBzlXFFKHZEj2AVwUjUbyvEvQqtf + yJM+AxFy1/CaXmDvYM9UF/Wh6rb/ZeUxFtbaIVfMPox0Zln0THEsOmCWvNzxMvjZ + rjouZGzrH+er3yxJVovxD/JT32COmK0R20DLDoofBdtBkFlB/VkrbxYfX/cWXX1K + WQVJuQ/H1xP9m4c4S8g/nM63rLUBOIkn06TcXyI/mEgRecEUDgC02PNXc5BDgB4A + seXx+BiLC/f6+64KOWODHEEm/iHjCyrOSZtdA2EbPCATfOHrj0EG5Y4V6d1Iw4WP + kiOIQByHMbOzRwm91yd/gM1DTxdy3j5nqaMhCzrM/QeOhSf5FXkWpARawUsChwh+ + eCuSZDg218u/NkzCrTvCPTdY1q+MZ5d5qgID4VQrenjBJq4AZxsw74Zd2G2uRWlF + paZ2pSCyAey19A/or2iG10tqNpXJzZy0HNhh7q/gKhQKKTh+ggzgOrRe2ZaxlbEy + P45JQKcR9/WJAohnYQ8uZJ6oin5EsEdVkapdYu60aReRGeyTmq3RLnu3Zn5MR5RH + 1r+W03KQcQzmmpE5YrxKSZL6OriXQYEPTa9/mSZT6TEUIvRT8W5jGQ0CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "DmiyfmRsWd8Qg6M/ZsAd5lFM+vnkwRTfnMH/jCFwWFF"; + }; + wiregrill = { + ip6.addr = w6 "4d10"; + aliases = [ + "radio.w" + ]; + wireguard.pubkey = '' + iCe1O9qeziw18AlGuFt5tIxm6SIBtNpwO/6OZm9Bn30= + ''; + }; + }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsvyWrMN2lupBmjI8nW+NUSJIDPkr8c90Z4BcuZ7Myi"; + syncthing.id = "KMDPLE5-7FBYYXH-PF5LEET-G2AWR33-7XAPZJU-5S3VOB7-ZX5Q74V-PZKI6QN"; +} diff --git a/kartei/lass/yellow.nix b/kartei/lass/yellow.nix index a62c6167c..bb0b1f09b 100644 --- a/kartei/lass/yellow.nix +++ b/kartei/lass/yellow.nix @@ -7,6 +7,8 @@ aliases = [ "yellow.r" "jelly.r" + "radar.r" + "sonar.r" ]; tinc = { pubkey = '' diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index bf49a1766..b79a91967 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -145,6 +145,7 @@ in { telex.nets.wiregrill = { aliases = ["telex.w"]; ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + ip4.addr = "10.244.245.4"; }; latte = rec { diff --git a/lass/1systems/coaxmetal/config.nix b/lass/1systems/coaxmetal/config.nix index dd8308bbd..2c88b68cc 100644 --- a/lass/1systems/coaxmetal/config.nix +++ b/lass/1systems/coaxmetal/config.nix @@ -16,7 +16,7 @@ <stockholm/lass/2configs/steam.nix> <stockholm/lass/2configs/wine.nix> <stockholm/lass/2configs/fetchWallpaper.nix> - <stockholm/lass/2configs/prism-mounts/samba.nix> + <stockholm/lass/2configs/yellow-mounts/samba.nix> <stockholm/lass/2configs/pass.nix> <stockholm/lass/2configs/mail.nix> <stockholm/lass/2configs/bitcoin.nix> diff --git a/lass/1systems/neoprism/config.nix b/lass/1systems/neoprism/config.nix index f203abc07..8e5a60c36 100644 --- a/lass/1systems/neoprism/config.nix +++ b/lass/1systems/neoprism/config.nix @@ -4,8 +4,13 @@ imports = [ <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> + + # sync-containers <stockholm/lass/2configs/consul.nix> <stockholm/lass/2configs/yellow-host.nix> + <stockholm/lass/2configs/radio/container-host.nix> + + # other containers <stockholm/lass/2configs/riot.nix> ]; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c2a405759..bcc8c1a08 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -97,9 +97,35 @@ with import <stockholm/lib>; localAddress = "10.233.2.2"; }; } + { + services.nginx.virtualHosts."radio.lassul.us" = { + enableACME = true; + addSSL = true; + locations."/" = { + # recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://radio.r"; + extraConfig = '' + proxy_set_header Host radio.r; + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; + ''; + }; + }; + krebs.htgen.radio-redirect = { + port = 8000; + scriptFile = pkgs.writers.writeDash "redir" '' + printf 'HTTP/1.1 301 Moved Permanently\r\n' + printf "Location: http://radio.lassul.us''${Request_URI}\r\n" + printf '\r\n' + ''; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + ]; + } <stockholm/lass/2configs/exim-smarthost.nix> <stockholm/lass/2configs/privoxy-retiolum.nix> - <stockholm/lass/2configs/radio> <stockholm/lass/2configs/binary-cache/server.nix> <stockholm/lass/2configs/iodined.nix> <stockholm/lass/2configs/paste.nix> diff --git a/lass/1systems/radio/config.nix b/lass/1systems/radio/config.nix new file mode 100644 index 000000000..2fd23a448 --- /dev/null +++ b/lass/1systems/radio/config.nix @@ -0,0 +1,24 @@ +with import <stockholm/lib>; +{ config, lib, pkgs, ... }: +{ + imports = [ + <stockholm/lass> + <stockholm/lass/2configs> + <stockholm/lass/2configs/retiolum.nix> + + <stockholm/lass/2configs/syncthing.nix> + <stockholm/lass/2configs/radio> + ]; + + krebs.build.host = config.krebs.hosts.radio; + + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + + lass.sync-containers3.inContainer = { + enable = true; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvPKdbVwMEFCDMyNAzR8NdVjTbQL2G+03Xomxn6KKFt"; + }; +} diff --git a/lass/1systems/radio/physical.nix b/lass/1systems/radio/physical.nix new file mode 100644 index 000000000..8577daf34 --- /dev/null +++ b/lass/1systems/radio/physical.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./config.nix + ]; + boot.isContainer = true; + networking.useDHCP = true; +} diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ef538f339..5e48c216a 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,7 +16,7 @@ <stockholm/lass/2configs/blue-host.nix> <stockholm/lass/2configs/green-host.nix> <stockholm/krebs/2configs/news-host.nix> - <stockholm/lass/2configs/prism-mounts/samba.nix> + <stockholm/lass/2configs/yellow-mounts/samba.nix> <stockholm/lass/2configs/fetchWallpaper.nix> <stockholm/lass/2configs/consul.nix> <stockholm/lass/2configs/red-host.nix> diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 552dd7f00..06561e9cf 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -34,6 +34,12 @@ in { }; }; + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; package = pkgs.nginx.override { @@ -41,8 +47,10 @@ in { fancyindex ]; }; - virtualHosts.default = { + virtualHosts."yellow.r" = { default = true; + enableACME = true; + addSSL = true; locations."/" = { root = "/var/download"; extraConfig = '' @@ -137,11 +145,29 @@ in { ''; }; virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_pass http://localhost:8096/; proxy_set_header Accept-Encoding ""; ''; }; + virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:7878"; + }; + }; + virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:8989"; + }; + }; }; services.samba = { @@ -215,6 +241,7 @@ in { enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic @@ -222,6 +249,7 @@ in { { predicate = "-p tcp --dport 9696"; target = "ACCEPT"; } # prowlarr { predicate = "-p tcp --dport 8989"; target = "ACCEPT"; } # sonarr { predicate = "-p tcp --dport 7878"; target = "ACCEPT"; } # radarr + { predicate = "-p tcp --dport 6767"; target = "ACCEPT"; } # bazarr # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } @@ -367,13 +395,20 @@ in { services.radarr = { enable = true; + group = "download"; }; services.sonarr = { enable = true; + group = "download"; }; services.prowlarr = { enable = true; }; + + services.bazarr = { + enable = true; + group = "download"; + }; } diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 6bcbd7400..51db9a40a 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -2,37 +2,56 @@ with import <stockholm/lib>; { + systemd.network.networks."50-et0" = { + matchConfig.Name = "et0"; + DHCP = "yes"; + # dhcpV4Config.UseDNS = false; + # dhcpV6Config.UseDNS = false; + linkConfig = { + RequiredForOnline = "routable"; + }; + # networkConfig = { + # LinkLocalAddressing = "no"; + # }; + # dhcpV6Config = { + # PrefixDelegationHint = "::/60"; + # }; + # networkConfig = { + # IPv6AcceptRA = true; + # }; + # ipv6PrefixDelegationConfig = { + # Managed = true; + # }; + }; + systemd.network.networks."50-int0" = { + name = "int0"; + address = [ + "10.42.0.1/24" + ]; + networkConfig = { + IPForward = "yes"; + IPMasquerade = "both"; + ConfigureWithoutCarrier = true; + DHCPServer = "yes"; + # IPv6SendRA = "yes"; + # DHCPPrefixDelegation = "yes"; + }; + }; networking.networkmanager.unmanaged = [ "int0" ]; - networking.interfaces.int0.ipv4.addresses = [{ - address = "10.42.0.1"; - prefixLength = 24; - }]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i int0"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { predicate = "-i int0"; target = "ACCEPT"; } + { predicate = "-o int0"; target = "ACCEPT"; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } + ]; networking.domain = "gg23"; - services.dhcpd4 = { - enable = true; - interfaces = [ "int0" ]; - extraConfig = '' - option subnet-mask 255.255.255.0; - option routers 10.42.0.1; - option domain-name-servers 10.42.0.1; - subnet 10.42.0.0 netmask 255.255.255.0 { - range 10.42.0.100 10.42.0.200; - } - ''; - machines = [ - { ethernetAddress = "a8:a6:48:65:ce:4c"; hostName = "tv"; ipAddress = "10.42.0.3"; } - { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; } - { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-tv"; ipAddress = "10.42.0.10"; } - { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; } - { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-wasch"; ipAddress = "10.42.0.12"; } - { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; } - { ethernetAddress = "ec:b5:fa:07:78:16"; hostName = "hue-bridge"; ipAddress = "10.42.0.21"; } - { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; } - ]; - }; - services.dnsmasq = { enable = true; resolveLocalQueries = false; @@ -45,22 +64,4 @@ with import <stockholm/lib>; interface=int0 ''; }; - - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; } - { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; } - { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ - { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; } - ]; } - diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/radio/container-host.nix new file mode 100644 index 000000000..e32095ffa --- /dev/null +++ b/lass/2configs/radio/container-host.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.radio = { + sshKey = "${toString <secrets>}/radio.sync.key"; + }; + containers.radio = { + bindMounts."/var/music" = { + hostPath = "/var/music"; + isReadOnly = false; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + ]; + krebs.htgen.radio-redirect = { + port = 8000; + scriptFile = pkgs.writers.writeDash "redir" '' + printf 'HTTP/1.1 301 Moved Permanently\r\n' + printf "Location: http://radio.lassul.us''${Request_URI}\r\n" + printf '\r\n' + ''; + }; +} diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix index dfb3d7e0b..a511196fd 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/radio/default.nix @@ -3,7 +3,7 @@ let name = "radio"; - music_dir = "/home/radio/music"; + music_dir = "/var/music"; skip_track = pkgs.writers.writeBashBin "skip_track" '' set -eu @@ -113,7 +113,7 @@ in { LIMIT=1000 #how many tracks to keep in the history HISTORY_FILE=/var/lib/radio/recent - listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl | + listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0) echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE" echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" @@ -128,14 +128,33 @@ in { serviceConfig.User = lib.mkForce "radio"; }; + nixpkgs.config.packageOverrides = opkgs: { + icecast = opkgs.icecast.overrideAttrs (old: rec { + version = "2.5-beta3"; + + src = pkgs.fetchurl { + url = "http://downloads.xiph.org/releases/icecast/icecast-${version}.tar.gz"; + sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8="; + }; + + buildInputs = old.buildInputs ++ [ pkgs.pkg-config ]; + }); + }; services.icecast = { enable = true; hostname = "radio.lassul.us"; admin.password = "hackme"; extraConf = '' <authentication> - <source-password>hackme</source-password> + <source-password>hackme</source-password> + <admin-user>admin</admin-user> + <admin-password>hackme</admin-password> </authentication> + <logging> + <accesslog>-</accesslog> + <errorlog>-</errorlog> + <loglevel>3</loglevel> + </logging> ''; }; @@ -234,18 +253,38 @@ in { ''; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; - virtualHosts."radio.lassul.us" = { - forceSSL = true; - enableACME = true; + virtualHosts."radio.r" = { locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Real-IP $remote_addr; + # https://github.com/aswild/icecast-notes#core-nginx-config proxy_pass http://localhost:8000; + # Disable request size limit, very important for uploading large files + client_max_body_size 0; + + # Enable support `Transfer-Encoding: chunked` + chunked_transfer_encoding on; + + # Disable request and response buffering, minimize latency to/from Icecast + proxy_buffering off; + proxy_request_buffering off; + + # Icecast needs HTTP/1.1, not 1.0 or 2 + proxy_http_version 1.1; + + # Forward all original request headers + proxy_pass_request_headers on; + + # Set some standard reverse proxy headers. Icecast server currently ignores these, + # but may support them in a future version so that access logs are more useful. + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; ''; locations."= /recent".extraConfig = '' default_type "text/plain"; @@ -266,7 +305,7 @@ in { while sleep 1; do mpv \ --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \ - 'http://lassul.us:8000/radio.ogg' + 'http://radio.lassul.us/radio.ogg' done ''; locations."= /controls".extraConfig = '' @@ -278,35 +317,12 @@ in { add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; ''; }; - virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let - html = pkgs.writeText "index.html" '' - <!DOCTYPE html> - <html lang="en"> - <head> - <meta charset="utf-8"> - <title>lassulus playlist</title> - </head> - <body> - <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden"> - <iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe> - </div> - <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;"> - <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio> - </div> - <!-- page content --> - </body> - </html> - ''; - in '' - default_type "text/html"; - alias ${html}; - ''; }; services.syncthing.declarative.folders."the_playlist" = { - path = "/home/radio/music/the_playlist"; - devices = [ "mors" "phone" "prism" "omo" ]; + path = "/var/music/the_playlist"; + devices = [ "mors" "phone" "prism" "omo" "radio" ]; }; - krebs.acl."/home/radio/music/the_playlist"."u:syncthing:X".parents = true; - krebs.acl."/home/radio/music/the_playlist"."u:syncthing:rwX" = {}; - krebs.acl."/home/radio/music/the_playlist"."u:radio:rwX" = {}; + krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true; + krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {}; + krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {}; } diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq index 70d316043..1366287a7 100644 --- a/lass/2configs/radio/radio.liq +++ b/lass/2configs/radio/radio.liq @@ -10,7 +10,7 @@ def stringify_attrs(attrs) = out end -def filter_graveyard(req) = +def filter_music(req) = filename = request.filename(req) if string.match(pattern = '.*/\\.graveyard/.*', filename) then false @@ -27,7 +27,7 @@ end env = environment() port = string.to_int(env["RADIO_PORT"], default = 8000) -all_music = playlist(env["MUSIC"], check_next = filter_graveyard) +all_music = playlist(env["MUSIC"], check_next = filter_music) wishlist = request.queue() tracks = fallback(track_sensitive = true, [wishlist, all_music]) tracks = blank.eat(tracks) @@ -36,7 +36,7 @@ last_metadata = ref([]) def on_metadata(m) = last_metadata := m print("changing tracks") - out = process.read(env["HOOK_TRACK_CHANGE"], env = m) + out = process.read(env["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0) print(out) end tracks.on_metadata(on_metadata) diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix index 704bf7218..dca8a7843 100644 --- a/lass/2configs/radio/weather.nix +++ b/lass/2configs/radio/weather.nix @@ -10,20 +10,25 @@ let export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.curl - pkgs.iproute2 - pkgs.jc pkgs.jq ]}" curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY - ss -no 'sport = :8000' | - jc --ss | jq -r '.[] | - select( - .local_address != "[::ffff:127.0.0.1]" - and .local_address != "[::1]" - ) | .peer_address | gsub("[\\[\\]]"; "") - ' | + ( + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg' + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3' + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus' + ) | jq -rs ' + [ + .[][].source|values|to_entries[].value | + (.listener//[]) [] | + (.useragent | capture("client-ip=(?<ip>[a-f0-9.:]+)")).ip // .ip + ] | + unique[] | + select(. != "127.0.0.1") | + select(. != "::1") + ' | ${weather_for_ips}/bin/weather_for_ips ''; in { diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py index 447c6389b..62206a985 100644 --- a/lass/2configs/radio/weather_for_ips.py +++ b/lass/2configs/radio/weather_for_ips.py @@ -20,26 +20,29 @@ for ip in fileinput.input(): f'The probability of reincarnation is {random.randrange(0, 100)} percent.' ) else: - location = geoip.city(ip.strip()) - if location.city.geoname_id not in seen: - seen[location.city.geoname_id] = True - weather_api_key = os.environ['OPENWEATHER_API_KEY'] - url = ( - f'https://api.openweathermap.org/data/2.5/onecall' - f'?lat={location.location.latitude}' - f'&lon={location.location.longitude}' - f'&appid={weather_api_key}' - f'&units=metric' - ) - resp = requests.get(url) - weather = json.loads(resp.text) - output.append( - f'Weather report for {location.city.name}, {location.country.name}. ' - f'It is {weather["current"]["weather"][0]["description"]} outside ' - f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' - f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' - f'and a humidity of {weather["current"]["humidity"]} percent. ' - f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' - ) + try: + location = geoip.city(ip.strip()) + if location.city.geoname_id not in seen: + seen[location.city.geoname_id] = True + weather_api_key = os.environ['OPENWEATHER_API_KEY'] + url = ( + f'https://api.openweathermap.org/data/2.5/onecall' + f'?lat={location.location.latitude}' + f'&lon={location.location.longitude}' + f'&appid={weather_api_key}' + f'&units=metric' + ) + resp = requests.get(url) + weather = json.loads(resp.text) + output.append( + f'Weather report for {location.city.name}, {location.country.name}. ' + f'It is {weather["current"]["weather"][0]["description"]} outside ' + f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' + f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' + f'and a humidity of {weather["current"]["humidity"]} percent. ' + f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' + ) + except: # noqa E722 + pass print('\n'.join(output)) diff --git a/lass/2configs/riot.nix b/lass/2configs/riot.nix index 37a6298ca..559e7b20d 100644 --- a/lass/2configs/riot.nix +++ b/lass/2configs/riot.nix @@ -7,8 +7,11 @@ pkgs.git pkgs.jq ]; - networking.useDHCP = lib.mkForce true; - networking.firewall.enable = false; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; + networking.defaultGateway = "10.233.1.1"; systemd.services.autoswitch = { environment = { NIX_REMOTE = "daemon"; diff --gi |