summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--krebs/3modules/makefu/default.nix9
-rw-r--r--krebs/nixpkgs.json8
-rw-r--r--makefu/1systems/gum/config.nix30
-rw-r--r--makefu/1systems/gum/hardware-config.nix2
-rw-r--r--makefu/1systems/x/config.nix92
-rw-r--r--makefu/1systems/x/x13/default.nix52
-rw-r--r--makefu/1systems/x/x13/input.nix13
-rw-r--r--makefu/1systems/x/x13/toggle_brightness8
-rw-r--r--makefu/1systems/x/x13/zfs.nix32
-rw-r--r--makefu/1systems/x/x230/default.nix19
-rw-r--r--makefu/2configs/bureautomation/office-radio/default.nix6
-rw-r--r--makefu/2configs/bureautomation/office-radio/mpd.nix58
-rw-r--r--makefu/2configs/bureautomation/office-radio/mpdconfig.nix6
-rw-r--r--makefu/2configs/bureautomation/office-radio/webserver.nix40
-rw-r--r--makefu/2configs/deployment/mycube.connector.one.nix9
-rw-r--r--makefu/2configs/deployment/newsbot.nix18
-rw-r--r--makefu/2configs/deployment/wiki-irc-bot/default.nix19
-rw-r--r--makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch45
-rw-r--r--makefu/2configs/ham/automation/giesskanne.nix2
-rw-r--r--makefu/2configs/ham/automation/moodlight.nix41
-rw-r--r--makefu/2configs/ham/automation/wohnzimmer_rf_fernbedienung.nix82
-rw-r--r--makefu/2configs/home-manager/zsh.nix33
-rw-r--r--makefu/2configs/hw/droidcam.nix4
-rw-r--r--makefu/2configs/share/omo.nix6
-rw-r--r--makefu/2configs/tools/mobility.nix2
-rw-r--r--makefu/2configs/workadventure/default.nix6
-rw-r--r--makefu/2configs/workadventure/jitsi.nix59
-rw-r--r--makefu/2configs/workadventure/workadventure.nix161
-rw-r--r--makefu/5pkgs/kalauerbot/default.nix4
-rw-r--r--makefu/5pkgs/office-radio/default.nix23
30 files changed, 744 insertions, 145 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 2cb70eec4..c8e1e0386 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -197,6 +197,15 @@ in {
wg.euer IN A ${nets.internet.ip4.addr}
wiki.euer IN A ${nets.internet.ip4.addr}
wikisearch IN A ${nets.internet.ip4.addr}
+
+ meet.euer IN A ${nets.internet.ip4.addr}
+ work.euer IN A ${nets.internet.ip4.addr}
+ admin.work.euer IN A ${nets.internet.ip4.addr}
+ push.work.euer IN A ${nets.internet.ip4.addr}
+ api.work.euer IN A ${nets.internet.ip4.addr}
+ maps.work.euer IN A ${nets.internet.ip4.addr}
+ play.work.euer IN A ${nets.internet.ip4.addr}
+ ul.work.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 8;
diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json
index 97afb10f8..b404cb6c9 100644
--- a/krebs/nixpkgs.json
+++ b/krebs/nixpkgs.json
@@ -1,9 +1,9 @@
{
"url": "https://github.com/NixOS/nixpkgs",
- "rev": "a058d005b3cbb370bf171ebce01839dd6ff52222",
- "date": "2021-01-23T17:41:51-05:00",
- "path": "/nix/store/6ps307ghgrp10q3mwgw4lq143pmz0h25-nixpkgs",
- "sha256": "154mpqw0ya31hzgz9hggg1rb26yx8d00rsj9l90ndsdldrssgvbb",
+ "rev": "85abeab48b5feda4b163e5bb32f50aad1164e415",
+ "date": "2021-01-27T09:52:47+01:00",
+ "path": "/nix/store/la9l82nbilyhjjl2x294qpf7ki9lzkc3-nixpkgs",
+ "sha256": "1nslb5p6cf5z691pf52j8bf880sdgav1fcf7bxjk3rad92bniq5g",
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index f65c6672b..2fd99122a 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -65,7 +65,7 @@ in {
};
networking.firewall = {
allowedTCPPorts =
- [
+ [
53
655
21031
@@ -83,6 +83,9 @@ in {
# <stockholm/makefu/2configs/exim-retiolum.nix>
<stockholm/makefu/2configs/git/cgit-retiolum.nix>
+ ### systemdUltras ###
+ <stockholm/makefu/2configs/systemdultras/ircbot.nix>
+
###### Shack #####
# <stockholm/makefu/2configs/shack/events-publisher>
# <stockholm/makefu/2configs/shack/gitlab-runner>
@@ -98,7 +101,7 @@ in {
{ krebs.exim.enable = mkDefault true; }
# sharing
- <stockholm/makefu/2configs/share/gum.nix>
+ <stockholm/makefu/2configs/share/gum.nix> # samba sahre
<stockholm/makefu/2configs/torrent.nix>
<stockholm/makefu/2configs/sickbeard>
@@ -145,7 +148,10 @@ in {
<stockholm/makefu/2configs/deployment/gecloudpad>
<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/docker/etherpad.euer.krebsco.de.nix>
+ # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
+
<stockholm/makefu/2configs/shiori.nix>
+ <stockholm/makefu/2configs/workadventure>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
@@ -177,12 +183,19 @@ in {
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
-
- services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
- forceSSL = true;
- enableACME = true;
- locations."/".proxyPass = "http://localhost/";
- locations."/".extraConfig = ''proxy_set_header Host cgit;'';
+ security.acme.certs."cgit.euer.krebsco.de" = {
+ email = "letsencrypt@syntax-fehler.de";
+ webroot = "/var/lib/acme/acme-challenge";
+ group = "nginx";
+ };
+ services.nginx.virtualHosts."cgit" = {
+ serverAliases = [ "cgit.euer.krebsco.de" ];
+ addSSL = true;
+ sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
+ sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
+ locations."/.well-known/acme-challenge".extraConfig = ''
+ root /var/lib/acme/acme-challenge;
+ '';
};
krebs.build.host = config.krebs.hosts.gum;
@@ -190,6 +203,7 @@ in {
# Network
networking = {
firewall = {
+ allowedTCPPorts = [ 80 443 ];
allowPing = true;
logRefusedConnections = false;
};
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index 2d7efe9cf..1881329ce 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -69,7 +69,7 @@ in {
fsType = "ext4";
options = [ "nofail" ];
};
- fileSystems."/var/www/o.euer.krebsco.de" = {
+ fileSystems."/var/lib/nextcloud/data" = {
device = "/dev/nixos/nextcloud";
fsType = "ext4";
options = [ "nofail" ];
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 4781af357..6c0388e59 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -4,7 +4,30 @@
{ config, pkgs, lib, ... }:
{
imports =
- [ # base
+ [
+ # hardware-dependent
+ # device
+
+
+ ./x13
+ # ./x230
+
+ # Common Hardware Components
+
+ # <stockholm/makefu/2configs/hw/mceusb.nix>
+ # <stockholm/makefu/2configs/hw/rtl8812au.nix>
+ <stockholm/makefu/2configs/hw/network-manager.nix>
+ # <stockholm/makefu/2configs/hw/stk1160.nix>
+ # <stockholm/makefu/2configs/hw/irtoy.nix>
+ # <stockholm/makefu/2configs/hw/malduino_elite.nix>
+ <stockholm/makefu/2configs/hw/switch.nix>
+ # <stockholm/makefu/2configs/hw/rad1o.nix>
+ <stockholm/makefu/2configs/hw/cc2531.nix>
+ <stockholm/makefu/2configs/hw/droidcam.nix>
+ <stockholm/makefu/2configs/hw/smartcard.nix>
+ <stockholm/makefu/2configs/hw/upower.nix>
+
+ # base
<stockholm/makefu>
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/home-manager>
@@ -19,8 +42,37 @@
<stockholm/makefu/2configs/editor/neovim>
<stockholm/makefu/2configs/tools/all.nix>
{ programs.adb.enable = true; }
+ {
+ services.openssh.hostKeys = [
+ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa";}
+ ];
+ }
- { systemd.services.docker.wantedBy = lib.mkForce []; }
+ #{
+ # users.users.makefu.packages = with pkgs;[ mpc_cli ncmpcpp ];
+ # services.ympd.enable = true;
+ # services.mpd = {
+ # enable = true;
+ # extraConfig = ''
+ # log_level "default"
+ # auto_update "yes"
+
+ # audio_output {
+ # type "httpd"
+ # name "lassulus radio"
+ # encoder "vorbis" # optional
+ # port "8000"
+ # quality "5.0" # do not define if bitrate is defined
+ # # bitrate "128" # do not define if quality is defined
+ # format "44100:16:2"
+ # always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ # tags "yes" # httpd supports sending tags to listening streams.
+ # }
+ # '';
+ # };
+ #}
+
+ # { systemd.services.docker.wantedBy = lib.mkForce []; }
<stockholm/makefu/2configs/dict.nix>
# <stockholm/makefu/2configs/legacy_only.nix>
#<stockholm/makefu/3modules/netboot_server.nix>
@@ -59,10 +111,13 @@
# <stockholm/makefu/2configs/deployment/hound>
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/bureautomation/hass.nix>
+ <stockholm/makefu/2configs/bureautomation/office-radio>
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
- # <stockholm/makefu/2configs/share/gum-client.nix>
+ # <stockholm/makefu/2configs/share/anon-ftp.nix>
+ # <stockholm/makefu/2configs/share/anon-sftp.nix>
+ <stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@@ -75,7 +130,7 @@
# Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix>
- <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{
# networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = {
@@ -96,26 +151,10 @@
<stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
- # Hardware
- <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
- # <stockholm/makefu/2configs/hw/mceusb.nix>
- <stockholm/makefu/2configs/hw/tpm.nix>
- # <stockholm/makefu/2configs/hw/rtl8812au.nix>
- <stockholm/makefu/2configs/hw/network-manager.nix>
- # <stockholm/makefu/2configs/hw/stk1160.nix>
- # <stockholm/makefu/2configs/hw/irtoy.nix>
- # <stockholm/makefu/2configs/hw/malduino_elite.nix>
- <stockholm/makefu/2configs/hw/switch.nix>
- # <stockholm/makefu/2configs/hw/rad1o.nix>
- <stockholm/makefu/2configs/hw/cc2531.nix>
- <stockholm/makefu/2configs/hw/smartcard.nix>
- <stockholm/makefu/2configs/hw/upower.nix>
- # Filesystem
- <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
# Security
- <stockholm/makefu/2configs/sshd-totp.nix>
+ # <stockholm/makefu/2configs/sshd-totp.nix>
# temporary
# { services.redis.enable = true; }
@@ -149,7 +188,6 @@
}
];
- makefu.server.primary-itf = "wlp3s0";
nixpkgs.config.allowUnfree = true;
nixpkgs.config.oraclejdk.accept_license = true;
@@ -158,19 +196,13 @@
# configure pulseAudio to provide a HDMI sink as well
networking.firewall.enable = true;
- networking.firewall.allowedUDPPorts = [ 665 26061 ];
- networking.firewall.trustedInterfaces = [ "vboxnet0" ];
+ networking.firewall.allowedUDPPorts = [ 665 26061 1514 ];
+ networking.firewall.trustedInterfaces = [ "vboxnet0" "enp0s25" ];
krebs.build.host = config.krebs.hosts.x;
krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
- # hard dependency because otherwise the device will not be unlocked
- boot.initrd.luks.devices.luksroot =
- {
- device = "/dev/sda2";
- allowDiscards = true;
- };
environment.systemPackages = [ pkgs.passwdqc-utils ];
diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix
new file mode 100644
index 000000000..b0400232e
--- /dev/null
+++ b/makefu/1systems/x/x13/default.nix
@@ -0,0 +1,52 @@
+{ pkgs, lib, ... }:
+# new zfs deployment
+{
+ imports = [
+ ./zfs.nix
+ ./input.nix
+ <stockholm/makefu/2configs/hw/bluetooth.nix>
+ <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough
+ # <stockholm/makefu/2configs/hw/tpm.nix>
+ <stockholm/makefu/2configs/hw/ssd.nix>
+ ];
+ boot.zfs.requestEncryptionCredentials = true;
+ networking.hostId = "f8b8e0a2";
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # services.xserver.enable = lib.mkForce false;
+
+ services.xserver.videoDrivers = [
+ "amdgpu"
+ ];
+ hardware.opengl.extraPackages = [ pkgs.amdvlk ];
+ # is required for amd graphics support ( xorg wont boot otherwise )
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ environment.variables.VK_ICD_FILENAMES =
+ "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
+
+
+ programs.light.enable = true;
+ services.actkbd = {
+ enable = true;
+ bindings = [
+ { keys = [ 225 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -A 10"; }
+ { keys = [ 224 ]; events = [ "key" ]; command = "${pkgs.light}/bin/light -U 10"; }
+ { keys = [ 227 ]; events = [ "key" ]; command = builtins.toString (
+ pkgs.writers.writeDash "toggle_lcdshadow" ''
+ proc=/proc/acpi/ibm/lcdshadow
+ status=$(${pkgs.gawk}/bin/awk '/status:/{print $2}' "$proc")
+ if [ "$status" -eq 0 ];then
+ echo 1 > "$proc"
+ else
+ echo 0 > "$proc"
+ fi
+ '');
+ }
+ ];
+ };
+
+ users.groups.video = {};
+ users.users.makefu.extraGroups = [ "video" ];
+}
+
diff --git a/makefu/1systems/x/x13/input.nix b/makefu/1systems/x/x13/input.nix
new file mode 100644
index 000000000..68b855d8e
--- /dev/null
+++ b/makefu/1systems/x/x13/input.nix
@@ -0,0 +1,13 @@
+{
+ # current issues:
+ # 1. for pressing insert hold shift+fn+Fin
+
+ # scroll by holding middle mouse
+ services.xserver.displayManager.sessionCommands =''
+ xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation" 8 1
+ xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Button" 8 2
+ xinput set-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Axes" 6 7 4 5
+ # configure timeout of pressing and holding middle button
+ # xinput set-int-prop "ETPS/2 Elantech TrackPoint" "Evdev Wheel Emulation Timeout" 8 200
+ '';
+}
diff --git a/makefu/1systems/x/x13/toggle_brightness b/makefu/1systems/x/x13/toggle_brightness
new file mode 100644
index 000000000..dc1436cb6
--- /dev/null
+++ b/makefu/1systems/x/x13/toggle_brightness
@@ -0,0 +1,8 @@
+#!/bin/sh
+proc=/proc/acpi/ibm/lcdshadow
+status=$(awk '/status:/{print $2}' "$proc")
+if [ "$status" -eq 0 ];then
+ echo 1 > "$proc"
+else
+ echo 0 > "$proc"
+fi
diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix
new file mode 100644
index 000000000..adfebbf96
--- /dev/null
+++ b/makefu/1systems/x/x13/zfs.nix
@@ -0,0 +1,32 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "rtsx_pci_sdmmc" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "zroot/root/nixos";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/20BF-2755";
+ fsType = "vfat";
+ };
+
+ fileSystems."/home" =
+ { device = "zroot/root/home";
+ fsType = "zfs";
+ };
+
+ swapDevices = [ ];
+}
diff --git a/makefu/1systems/x/x230/default.nix b/makefu/1systems/x/x230/default.nix
new file mode 100644
index 000000000..c2a635ca7
--- /dev/null
+++ b/makefu/1systems/x/x230/default.nix
@@ -0,0 +1,19 @@
+{
+ imports = [
+ <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
+ <stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
+
+ <stockholm/makefu/2configs/hw/tpm.nix>
+ <stockholm/makefu/2configs/hw/ssd.nix>
+
+ # hard dependency because otherwise the device will not be unlocked
+ {
+ boot.initrd.luks.devices.luksroot =
+ {
+ device = "/dev/sda2";
+ allowDiscards = true;
+ };
+ }
+ { makefu.server.primary-itf = "wlp3s0"; }
+ ];
+}
diff --git a/makefu/2configs/bureautomation/office-radio/default.nix b/makefu/2configs/bureautomation/office-radio/default.nix
new file mode 100644
index 000000000..d1c0f4730
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/default.nix
@@ -0,0 +1,6 @@
+{
+ imports = [
+ ./mpd.nix
+ ./webserver.nix
+ ];
+}
diff --git a/makefu/2configs/bureautomation/office-radio/mpd.nix b/makefu/2configs/bureautomation/office-radio/mpd.nix
new file mode 100644
index 000000000..4fc31fff9
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/mpd.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+
+let
+ mpds = import ./mpdconfig.nix;
+ systemd_mpd = name: value: let
+ path = "/var/lib/mpd-${name}";
+ num = lib.strings.fixedWidthNumber 2 value;
+ mpdconf = pkgs.writeText "mpd-config-${name}" ''
+ music_directory "${path}/music"
+ playlist_directory "${path}/playlists"
+ db_file "${path}/tag_cache"
+ state_file "${path}/state"
+ sticker_file "${path}/sticker.sql"
+
+ bind_to_address "127.0.0.1"
+ port "66${num}"
+ log_level "default"
+ auto_update "yes"
+ audio_output {
+ type "httpd"
+ name "Office Radio ${num} - ${name}"
+ encoder "vorbis" # optional
+ port "280${num}"
+ quality "5.0" # do not define if bitrate is defined
+ # bitrate "128" # do not define if quality is defined
+ format "44100:16:2"
+ always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ tags "yes" # httpd supports sending tags to listening streams.
+ }
+ '';
+in {
+ after = [ "network.target" ];
+ description = "Office Radio MPD ${toString value} - ${name}";
+ wantedBy = ["multi-user.target"];
+ serviceConfig = {
+ #User = "mpd";
+ DynamicUser = true;
+ ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdconf}";
+ LimitRTPRIO = 50;
+ LimitRTTIME = "infinity";
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ StateDirectory = [ "mpd-${name}" ];
+ };
+ };
+in
+ {
+ systemd.services = lib.attrsets.mapAttrs' (name: value:
+ lib.attrsets.nameValuePair
+ ("office-radio-" +name) (systemd_mpd name value))
+ mpds;
+ }
diff --git a/makefu/2configs/bureautomation/office-radio/mpdconfig.nix b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix
new file mode 100644
index 000000000..b48ceb629
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/mpdconfig.nix
@@ -0,0 +1,6 @@
+{
+ "cybertisch1" = 0;
+ "cybertisch2" = 1;
+ "cyberklo" = 2;
+ "baellebad" = 3;
+}
diff --git a/makefu/2configs/bureautomation/office-radio/webserver.nix b/makefu/2configs/bureautomation/office-radio/webserver.nix
new file mode 100644
index 000000000..e2fc6d9e8
--- /dev/null
+++ b/makefu/2configs/bureautomation/office-radio/webserver.nix
@@ -0,0 +1,40 @@
+{ pkgs, ... }:
+let
+ mpds = import ./mpdconfig.nix;
+ pkg = pkgs.office-radio;
+in {
+ systemd.services.office-radio-appsrv = {
+ after = [ "network.target" ];
+ description = "Office Radio Appserver";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/office-radio";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+ systemd.services.office-radio-stopper = {
+ after = [ "network.target" ];
+ description = "Office Radio Script to stop idle streams";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/stop-idle-streams";
+ DynamicUser = true;
+ ProtectSystem = true;
+ NoNewPrivileges = true;
+ ProtectKernelTunables = true;
+ ProtectControlGroups = true;
+ ProtectKernelModules = true;
+ RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
+ RestrictNamespaces = true;
+ Restart = "always";
+ };
+ };
+}
diff --git a/makefu/2configs/deployment/mycube.connector.one.nix b/makefu/2configs/deployment/mycube.connector.one.nix
index 379176f78..aa9ff514c 100644
--- a/makefu/2configs/deployment/mycube.connector.one.nix
+++ b/makefu/2configs/deployment/mycube.connector.one.nix
@@ -1,15 +1,12 @@
{ config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module
-with import <stockholm/lib>;
let
hostname = config.krebs.build.host.name;
external-ip = config.krebs.build.host.nets.internet.ip4.addr;
wsgi-sock = "${config.services.uwsgi.runDir}/uwsgi.sock";
in {
- services.redis = {
- enable = true;
- };
- systemd.services.redis.serviceConfig.LimitNOFILE=10032;
+ services.redis = { enable = true; };
+ systemd.services.redis.serviceConfig.LimitNOFILE=65536;
services.uwsgi = {
enable = true;
@@ -28,7 +25,7 @@ in {
};
services.nginx = {
- enable = mkDefault true;
+ enable = lib.mkDefault true;
virtualHosts."mybox.connector.one" = {
locations = {
"/".extraConfig = ''
diff --git a/makefu/2configs/deployment/newsbot.nix b/makefu/2configs/deployment/newsbot.nix
deleted file mode 100644
index 748803447..000000000
--- a/makefu/2configs/deployment/newsbot.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- newsfile = pkgs.writeText "feeds" ''
- nixoswiki-bot|https://github.com/Mic92/nixos-wiki/wiki.atom|#krebs
- '';
-in {
- environment.systemPackages = [
- pkgs.newsbot-js
- ];
- krebs.newsbot-js = {
- enable = true;
- ircServer = "chat.freenode.net";
- feeds = newsfile;
- urlShortenerHost = "go";
- urlShortenerPort = "80";
- };
-}
diff --git a/makefu/2configs/deployment/wiki-irc-bot/default.nix b/makefu/2configs/deployment/wiki-irc-bot/default.nix
deleted file mode 100644
index 12686efba..000000000
--- a/makefu/2configs/deployment/wiki-irc-bot/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- pkg = pkgs.lib.overrideDerivation pkgs.newsbot-js (original: {
- patches = [ ./wiki-output.patch ];
- });
- newsfile = pkgs.writeText "feeds" ''
- nixoswiki-bot|https://nixos.wiki/api.php?days=7&limit=50&hidecategorization=1&action=feedrecentchanges&feedformat=rss|#krebs
- '';
-in {
- krebs.newsbot-js = {
- enable = true;
- package = pkg;
- ircServer = "chat.freenode.net";
- feeds = newsfile;
- urlShortenerHost = "go";
- urlShortenerPort = "80";
- };
-}
diff --git a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch b/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
deleted file mode 100644
index 6e1e27853..000000000
--- a/makefu/2configs/deployment/wiki-irc-bot/wiki-output.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-diff --git a/newsbot.js b/newsbot.js
-index 42d0666..a284011 100644
---- a/newsbot.js
-+++ b/newsbot.js
-@@ -92,8 +92,9 @@ function create_feedbot (nick, uri, channels) {
- }
-
- function broadcast_new_item (item) {
-+ console.log('Broadcasting item ',item.link)
- return getShortLink(item.link, function (error, shortlink) {
-- return broadcast(item.title + ' ' + shortlink)
-+ return broadcast('"'+ item.title + '" edited by ' + item.author + ' ' + shortlink)
- })
- }
-
-@@ -152,15 +153,18 @@ function create_feedbot (nick, uri, channels) {
-
- if (client.lastItems) {
- items.forEach(function (item) {
-- if (!client.lastItems.hasOwnProperty(item.title)) {
-+
-+ if (!client.lastItems.hasOwnProperty(item.guid)) {
- broadcast_new_item(item)
-+ }else {
-+ console.log("Item already seen:",item.guid)
- }
- })
- }
-
- client.lastItems = {}
- items.forEach(function (item) {
-- client.lastItems[item.title] = true
-+ client.lastItems[item.guid] = true
- })
-
- return continue_loop()
-@@ -199,6 +203,8 @@ function run_command (methodname, params, callback) {
- }
-
- function getShortLink (link, callback) {
-+ callback(null,link)
-+ return
- var form = new FormData()
- try {
- form.append('uri', link)
diff --git a/makefu/2configs/ham/automation/giesskanne.nix b/makefu/2configs/ham/automation/giesskanne.nix
index d89ea595b..4b0fb61dd 100644
--- a/makefu/2configs/ham/automation/giesskanne.nix
+++ b/makefu/2configs/ham/automation/giesskanne.nix
@@ -7,7 +7,7 @@ let
light = "light.espcam_02_light";
seconds = 60; # default shutoff to protect the LED from burning out
};
- seconds = 6;
+ seconds = 60;
pump = "switch.ar