diff options
Diffstat (limited to 'lass/2configs')
-rw-r--r-- | lass/2configs/gg23.nix | 91 | ||||
-rw-r--r-- | lass/2configs/radio/container-host.nix | 23 | ||||
-rw-r--r-- | lass/2configs/radio/default.nix | 96 | ||||
-rw-r--r-- | lass/2configs/radio/radio.liq | 6 | ||||
-rw-r--r-- | lass/2configs/radio/weather.nix | 23 | ||||
-rw-r--r-- | lass/2configs/radio/weather_for_ips.py | 45 | ||||
-rw-r--r-- | lass/2configs/riot.nix | 7 | ||||
-rw-r--r-- | lass/2configs/sync/the_playlist.nix | 2 | ||||
-rw-r--r-- | lass/2configs/yellow-mounts/samba.nix (renamed from lass/2configs/prism-mounts/samba.nix) | 4 |
9 files changed, 174 insertions, 123 deletions
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index 6bcbd7400..51db9a40a 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -2,37 +2,56 @@ with import <stockholm/lib>; { + systemd.network.networks."50-et0" = { + matchConfig.Name = "et0"; + DHCP = "yes"; + # dhcpV4Config.UseDNS = false; + # dhcpV6Config.UseDNS = false; + linkConfig = { + RequiredForOnline = "routable"; + }; + # networkConfig = { + # LinkLocalAddressing = "no"; + # }; + # dhcpV6Config = { + # PrefixDelegationHint = "::/60"; + # }; + # networkConfig = { + # IPv6AcceptRA = true; + # }; + # ipv6PrefixDelegationConfig = { + # Managed = true; + # }; + }; + systemd.network.networks."50-int0" = { + name = "int0"; + address = [ + "10.42.0.1/24" + ]; + networkConfig = { + IPForward = "yes"; + IPMasquerade = "both"; + ConfigureWithoutCarrier = true; + DHCPServer = "yes"; + # IPv6SendRA = "yes"; + # DHCPPrefixDelegation = "yes"; + }; + }; networking.networkmanager.unmanaged = [ "int0" ]; - networking.interfaces.int0.ipv4.addresses = [{ - address = "10.42.0.1"; - prefixLength = 24; - }]; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i int0"; target = "ACCEPT"; } + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { predicate = "-i int0"; target = "ACCEPT"; } + { predicate = "-o int0"; target = "ACCEPT"; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } + ]; networking.domain = "gg23"; - services.dhcpd4 = { - enable = true; - interfaces = [ "int0" ]; - extraConfig = '' - option subnet-mask 255.255.255.0; - option routers 10.42.0.1; - option domain-name-servers 10.42.0.1; - subnet 10.42.0.0 netmask 255.255.255.0 { - range 10.42.0.100 10.42.0.200; - } - ''; - machines = [ - { ethernetAddress = "a8:a6:48:65:ce:4c"; hostName = "tv"; ipAddress = "10.42.0.3"; } - { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; } - { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-tv"; ipAddress = "10.42.0.10"; } - { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; } - { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-wasch"; ipAddress = "10.42.0.12"; } - { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; } - { ethernetAddress = "ec:b5:fa:07:78:16"; hostName = "hue-bridge"; ipAddress = "10.42.0.21"; } - { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; } - ]; - }; - services.dnsmasq = { enable = true; resolveLocalQueries = false; @@ -45,22 +64,4 @@ with import <stockholm/lib>; interface=int0 ''; }; - - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns - ]; - krebs.iptables.tables.filter.FORWARD.rules = [ - { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } - { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; } - { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; } - { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; } - ]; - krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ - { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } - ]; - krebs.iptables.tables.nat.POSTROUTING.rules = [ - { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; } - ]; } - diff --git a/lass/2configs/radio/container-host.nix b/lass/2configs/radio/container-host.nix new file mode 100644 index 000000000..e32095ffa --- /dev/null +++ b/lass/2configs/radio/container-host.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +{ + lass.sync-containers3.containers.radio = { + sshKey = "${toString <secrets>}/radio.sync.key"; + }; + containers.radio = { + bindMounts."/var/music" = { + hostPath = "/var/music"; + isReadOnly = false; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8000"; target = "ACCEPT"; } + ]; + krebs.htgen.radio-redirect = { + port = 8000; + scriptFile = pkgs.writers.writeDash "redir" '' + printf 'HTTP/1.1 301 Moved Permanently\r\n' + printf "Location: http://radio.lassul.us''${Request_URI}\r\n" + printf '\r\n' + ''; + }; +} diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix index dfb3d7e0b..a511196fd 100644 --- a/lass/2configs/radio/default.nix +++ b/lass/2configs/radio/default.nix @@ -3,7 +3,7 @@ let name = "radio"; - music_dir = "/home/radio/music"; + music_dir = "/var/music"; skip_track = pkgs.writers.writeBashBin "skip_track" '' set -eu @@ -113,7 +113,7 @@ in { LIMIT=1000 #how many tracks to keep in the history HISTORY_FILE=/var/lib/radio/recent - listeners=$(${pkgs.curl}/bin/curl -fSs lassul.us:8000/status-json.xsl | + listeners=$(${pkgs.curl}/bin/curl -fSs http://localhost:8000/status-json.xsl | ${pkgs.jq}/bin/jq '[.icestats.source[].listeners] | add' || echo 0) echo "$(${pkgs.coreutils}/bin/date -Is)" "$filename" | ${pkgs.coreutils}/bin/tee -a "$HISTORY_FILE" echo "$(${pkgs.coreutils}/bin/tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE" @@ -128,14 +128,33 @@ in { serviceConfig.User = lib.mkForce "radio"; }; + nixpkgs.config.packageOverrides = opkgs: { + icecast = opkgs.icecast.overrideAttrs (old: rec { + version = "2.5-beta3"; + + src = pkgs.fetchurl { + url = "http://downloads.xiph.org/releases/icecast/icecast-${version}.tar.gz"; + sha256 = "sha256-4FDokoA9zBDYj8RAO/kuTHaZ6jZYBLSJZiX/IYFaCW8="; + }; + + buildInputs = old.buildInputs ++ [ pkgs.pkg-config ]; + }); + }; services.icecast = { enable = true; hostname = "radio.lassul.us"; admin.password = "hackme"; extraConf = '' <authentication> - <source-password>hackme</source-password> + <source-password>hackme</source-password> + <admin-user>admin</admin-user> + <admin-password>hackme</admin-password> </authentication> + <logging> + <accesslog>-</accesslog> + <errorlog>-</errorlog> + <loglevel>3</loglevel> + </logging> ''; }; @@ -234,18 +253,38 @@ in { ''; }; + networking.firewall.allowedTCPPorts = [ 80 ]; services.nginx = { enable = true; - virtualHosts."radio.lassul.us" = { - forceSSL = true; - enableACME = true; + virtualHosts."radio.r" = { locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Real-IP $remote_addr; + # https://github.com/aswild/icecast-notes#core-nginx-config proxy_pass http://localhost:8000; + # Disable request size limit, very important for uploading large files + client_max_body_size 0; + + # Enable support `Transfer-Encoding: chunked` + chunked_transfer_encoding on; + + # Disable request and response buffering, minimize latency to/from Icecast + proxy_buffering off; + proxy_request_buffering off; + + # Icecast needs HTTP/1.1, not 1.0 or 2 + proxy_http_version 1.1; + + # Forward all original request headers + proxy_pass_request_headers on; + + # Set some standard reverse proxy headers. Icecast server currently ignores these, + # but may support them in a future version so that access logs are more useful. + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # get source ip for weather reports + proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr"; ''; locations."= /recent".extraConfig = '' default_type "text/plain"; @@ -266,7 +305,7 @@ in { while sleep 1; do mpv \ --cache-secs=0 --demuxer-readahead-secs=0 --untimed --cache-pause=no \ - 'http://lassul.us:8000/radio.ogg' + 'http://radio.lassul.us/radio.ogg' done ''; locations."= /controls".extraConfig = '' @@ -278,35 +317,12 @@ in { add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; ''; }; - virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let - html = pkgs.writeText "index.html" '' - <!DOCTYPE html> - <html lang="en"> - <head> - <meta charset="utf-8"> - <title>lassulus playlist</title> - </head> - <body> - <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden"> - <iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe> - </div> - <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;"> - <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio> - </div> - <!-- page content --> - </body> - </html> - ''; - in '' - default_type "text/html"; - alias ${html}; - ''; }; services.syncthing.declarative.folders."the_playlist" = { - path = "/home/radio/music/the_playlist"; - devices = [ "mors" "phone" "prism" "omo" ]; + path = "/var/music/the_playlist"; + devices = [ "mors" "phone" "prism" "omo" "radio" ]; }; - krebs.acl."/home/radio/music/the_playlist"."u:syncthing:X".parents = true; - krebs.acl."/home/radio/music/the_playlist"."u:syncthing:rwX" = {}; - krebs.acl."/home/radio/music/the_playlist"."u:radio:rwX" = {}; + krebs.acl."/var/music/the_playlist"."u:syncthing:X".parents = true; + krebs.acl."/var/music/the_playlist"."u:syncthing:rwX" = {}; + krebs.acl."/var/music/the_playlist"."u:radio:rwX" = {}; } diff --git a/lass/2configs/radio/radio.liq b/lass/2configs/radio/radio.liq index 70d316043..1366287a7 100644 --- a/lass/2configs/radio/radio.liq +++ b/lass/2configs/radio/radio.liq @@ -10,7 +10,7 @@ def stringify_attrs(attrs) = out end -def filter_graveyard(req) = +def filter_music(req) = filename = request.filename(req) if string.match(pattern = '.*/\\.graveyard/.*', filename) then false @@ -27,7 +27,7 @@ end env = environment() port = string.to_int(env["RADIO_PORT"], default = 8000) -all_music = playlist(env["MUSIC"], check_next = filter_graveyard) +all_music = playlist(env["MUSIC"], check_next = filter_music) wishlist = request.queue() tracks = fallback(track_sensitive = true, [wishlist, all_music]) tracks = blank.eat(tracks) @@ -36,7 +36,7 @@ last_metadata = ref([]) def on_metadata(m) = last_metadata := m print("changing tracks") - out = process.read(env["HOOK_TRACK_CHANGE"], env = m) + out = process.read(env["HOOK_TRACK_CHANGE"], env = m, timeout = 5.0) print(out) end tracks.on_metadata(on_metadata) diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix index 704bf7218..dca8a7843 100644 --- a/lass/2configs/radio/weather.nix +++ b/lass/2configs/radio/weather.nix @@ -10,20 +10,25 @@ let export PATH="${lib.makeBinPath [ pkgs.coreutils pkgs.curl - pkgs.iproute2 - pkgs.jc pkgs.jq ]}" curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY - ss -no 'sport = :8000' | - jc --ss | jq -r '.[] | - select( - .local_address != "[::ffff:127.0.0.1]" - and .local_address != "[::1]" - ) | .peer_address | gsub("[\\[\\]]"; "") - ' | + ( + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg' + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3' + curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus' + ) | jq -rs ' + [ + .[][].source|values|to_entries[].value | + (.listener//[]) [] | + (.useragent | capture("client-ip=(?<ip>[a-f0-9.:]+)")).ip // .ip + ] | + unique[] | + select(. != "127.0.0.1") | + select(. != "::1") + ' | ${weather_for_ips}/bin/weather_for_ips ''; in { diff --git a/lass/2configs/radio/weather_for_ips.py b/lass/2configs/radio/weather_for_ips.py index 447c6389b..62206a985 100644 --- a/lass/2configs/radio/weather_for_ips.py +++ b/lass/2configs/radio/weather_for_ips.py @@ -20,26 +20,29 @@ for ip in fileinput.input(): f'The probability of reincarnation is {random.randrange(0, 100)} percent.' ) else: - location = geoip.city(ip.strip()) - if location.city.geoname_id not in seen: - seen[location.city.geoname_id] = True - weather_api_key = os.environ['OPENWEATHER_API_KEY'] - url = ( - f'https://api.openweathermap.org/data/2.5/onecall' - f'?lat={location.location.latitude}' - f'&lon={location.location.longitude}' - f'&appid={weather_api_key}' - f'&units=metric' - ) - resp = requests.get(url) - weather = json.loads(resp.text) - output.append( - f'Weather report for {location.city.name}, {location.country.name}. ' - f'It is {weather["current"]["weather"][0]["description"]} outside ' - f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' - f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' - f'and a humidity of {weather["current"]["humidity"]} percent. ' - f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' - ) + try: + location = geoip.city(ip.strip()) + if location.city.geoname_id not in seen: + seen[location.city.geoname_id] = True + weather_api_key = os.environ['OPENWEATHER_API_KEY'] + url = ( + f'https://api.openweathermap.org/data/2.5/onecall' + f'?lat={location.location.latitude}' + f'&lon={location.location.longitude}' + f'&appid={weather_api_key}' + f'&units=metric' + ) + resp = requests.get(url) + weather = json.loads(resp.text) + output.append( + f'Weather report for {location.city.name}, {location.country.name}. ' + f'It is {weather["current"]["weather"][0]["description"]} outside ' + f'with a temperature of {weather["current"]["temp"]:.1f} degrees, ' + f'a wind speed of {weather["current"]["wind_speed"]:.1f} meters per second ' + f'and a humidity of {weather["current"]["humidity"]} percent. ' + f'The probability of precipitation is {weather["hourly"][0]["pop"] * 100:.0f} percent. ' + ) + except: # noqa E722 + pass print('\n'.join(output)) diff --git a/lass/2configs/riot.nix b/lass/2configs/riot.nix index 37a6298ca..559e7b20d 100644 --- a/lass/2configs/riot.nix +++ b/lass/2configs/riot.nix @@ -7,8 +7,11 @@ pkgs.git pkgs.jq ]; - networking.useDHCP = lib.mkForce true; - networking.firewall.enable = false; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" + ]; + networking.defaultGateway = "10.233.1.1"; systemd.services.autoswitch = { environment = { NIX_REMOTE = "daemon"; diff --git a/lass/2configs/sync/the_playlist.nix b/lass/2configs/sync/the_playlist.nix index c01a11cc3..233ca8fb7 100644 --- a/lass/2configs/sync/the_playlist.nix +++ b/lass/2configs/sync/the_playlist.nix @@ -1,7 +1,7 @@ { services.syncthing.folders.the_playlist = { path = "/home/lass/tmp/the_playlist"; - devices = [ "mors" "phone" "prism" "omo" ]; + devices = [ "mors" "phone" "prism" "omo" "radio" ]; }; krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:X".parents = true; krebs.acl."/home/lass/tmp/the_playlist"."u:syncthing:rwX" = {}; diff --git a/lass/2configs/prism-mounts/samba.nix b/lass/2configs/yellow-mounts/samba.nix index 4b1475ef3..e16f1cc47 100644 --- a/lass/2configs/prism-mounts/samba.nix +++ b/lass/2configs/yellow-mounts/samba.nix @@ -1,6 +1,6 @@ { - fileSystems."/mnt/prism" = { - device = "//prism.r/public"; + fileSystems."/mnt/yellow" = { + device = "//yellow.r/public"; fsType = "cifs"; options = [ "guest" |