diff options
Diffstat (limited to 'makefu/2configs')
43 files changed, 736 insertions, 326 deletions
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6ce0606a8..1cf21f213 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -5,22 +5,37 @@ let ident = (builtins.readFile ./auphonic.pub); bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; + + # TODO: only when the data is stored somewhere else + wwwdir = "/var/www/binaergewitter"; + storedir = "/media/cloud/www/binaergewitter"; in { + fileSystems."${wwwdir}" = { + device = storedir; + options = [ "bind" ]; + }; + services.openssh = { allowSFTP = true; sftpFlags = [ "-l VERBOSE" ]; extraConfig = '' + HostkeyAlgorithms +ssh-rsa + Match User auphonic ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no PasswordAuthentication no + PubkeyAcceptedAlgorithms +ssh-rsa + ''; }; users.users.auphonic = { uid = genid "auphonic"; group = "nginx"; + # for storedir + extraGroups = [ "download" ]; useDefaultShell = true; isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/bgt/template.md b/makefu/2configs/bgt/template.md index fdc0e2585..8413e0b8b 100644 --- a/makefu/2configs/bgt/template.md +++ b/makefu/2configs/bgt/template.md @@ -1,31 +1,25 @@ # <SENDUNGSNUMMER> -0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) (wichtig) +0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig) 1. `eine` Person anrufen (den Host): - markus 162dcbf89f@studio.link - Felix1 makefu@studio.link - L33tFelix l33tname@studio.link - Ingo ingo@studio.link -2. Jitis an machen! https://meet.jit.cloud/bgt (mittel) -3. studio-link aufnehmen drücken, schauen ob file local.flac größer wird (wichtig) +2. Jitis an machen https://meet.ffmuc.net/bgt (mittel) +3. studio-link aufnehmen drücken (wichtig) 4. audiocity starten, 48000Hz einstellen, Audio-Device checken und aufnehmen drücken (wichtig) 4. alternative parecord: `$ pacmd list-sources | grep -e device.string -e 'name:' # keins der "monitor" devices` `$ parecord --channels=1 -d alsa_input.usb-Burr-Brown_from_TI_USB_Audio_CODEC-00.analog-stereo bgt.wav` 5. darkice starten (wichtig) -5. chapter-marker starten (wichtig) +6. Ingo daran erinnern, dass er die Überschriften richtig aussprechen muss 7. klatschen 8. Hallihallo und Herzlich Willkommen -9. ctrl-u auf "H" von "Halli" Felix auf jeden fall erinnern (wichtig) -10. Ctrl-j drücken für neuen Eintrag - ggf. Felix erinnern (wichtig) ## Vorschläge ### Backlog von Picks und Lesefoo aus der letzten Woche -die Nachfolgenden 3 Striche sind sehr wichtig, bitte nicht löschen. Nachdem -chapter-marker gestartet wurde kann die reihenfolge nicht mer angepasst werden, -das ist der preis, den man zahlt - --- ## Blast from the Past diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index e955384d6..52b5d68a5 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -1,8 +1,9 @@ {pkgs, ... }: -# state: /var/lib/bitlbee { services.bitlbee = { enable = true; libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; }; + users.users.makefu.packages = with pkgs; [ weechat tmux ]; + state = [ "/var/lib/bitlbee" ]; } diff --git a/makefu/2configs/bitwarden.nix b/makefu/2configs/bitwarden.nix index 92c1c4e0e..d57badd1c 100644 --- a/makefu/2configs/bitwarden.nix +++ b/makefu/2configs/bitwarden.nix @@ -23,6 +23,12 @@ in { { name = "vaultwarden"; ensurePermissions."DATABASE bitwarden" = "ALL PRIVILEGES"; } ]; }; + services.postgresqlBackup = { + enable = true; + databases = [ "bitwarden" ]; + }; + systemd.services.postgresqlBackup-bitwarden.serviceConfig.SupplementaryGroups = [ "download" ]; + services.nginx.virtualHosts."bw.euer.krebsco.de" ={ forceSSL = true; diff --git a/makefu/2configs/bureautomation/comic-updater.nix b/makefu/2configs/bureautomation/comic-updater.nix index 1e2440939..5804d66d2 100644 --- a/makefu/2configs/bureautomation/comic-updater.nix +++ b/makefu/2configs/bureautomation/comic-updater.nix @@ -11,8 +11,9 @@ in { path = with pkgs; [ wget xmlstarlet ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = "hass"; - WorkingDirectory = config.services.home-assistant.configDir; + # User = "hass"; + #WorkingDirectory = config.services.home-assistant.configDir; + WorkingDirectory = "/var/lib/homeassistant-docker"; ExecStart = pkgs.writeDash "update-comics" '' set -euf mkdir -p www/ diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 46bf05963..44690271d 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -2,6 +2,7 @@ let kodi-host = "192.168.8.11"; unstable = import <nixpkgs-unstable> {}; + confdir = "/var/lib/homeassistant-docker"; in { imports = [ ./ota.nix @@ -13,169 +14,188 @@ in { # hass config ## complex configs # ./multi/daily-standup.nix - ./multi/aramark.nix - ./multi/matrix.nix - ./multi/frosch.nix - ./multi/mittagessen.nix - ./multi/10h_timers.nix + #./multi/aramark.nix + #./multi/matrix.nix + #./multi/frosch.nix + #./multi/mittagessen.nix + #./multi/10h_timers.nix - ./switch/tasmota_switch.nix - ./switch/rfbridge.nix + #./switch/tasmota_switch.nix + #./switch/rfbridge.nix - ./light/statuslight.nix - ./light/buzzer.nix + #./light/statuslight.nix + #./light/buzzer.nix - ./script/multi_blink.nix + #./script/multi_blink.nix - ./binary_sensor/buttons.nix - ./binary_sensor/motion.nix + #./binary_sensor/buttons.nix + #./binary_sensor/motion.nix - # ./sensor/pollen.nix requires dwd_pollen - ./sensor/espeasy.nix - ./sensor/airquality.nix - ./sensor/outside.nix - ./sensor/tasmota_firmware.nix + ## ./sensor/pollen.nix requires dwd_pollen + #./sensor/espeasy.nix + #./sensor/airquality.nix + #./sensor/outside.nix + #./sensor/tasmota_firmware.nix - ./camera/verkehrskamera.nix - ./camera/comic.nix - ./camera/stuttgart.nix - ./automation/bureau-shutdown.nix - ./automation/nachtlicht.nix - ./automation/schlechteluft.nix - ./automation/philosophische-tuer.nix - ./automation/hass-restart.nix - ./device_tracker/openwrt.nix - ./person/team.nix + #./camera/verkehrskamera.nix + #./camera/comic.nix + #./camera/stuttgart.nix + #./automation/bureau-shutdown.nix + #./automation/nachtlicht.nix + #./automation/schlechteluft.nix + #./automation/philosophische-tuer.nix + #./automation/hass-restart.nix + #./device_tracker/openwrt.nix + #./person/team.nix ]; networking.firewall.allowedTCPPorts = [ 8123 ]; state = [ "/var/lib/hass/known_devices.yaml" ]; - - services.home-assistant = { - enable = true; - package = (unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - })).override { - extraPackages = p: [ - # TODO: put somewhere else - (p.callPackage <stockholm/makefu/2configs/home/ham/deps/dwdwfsapi.nix> {}) - # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/pykodi.nix> {}) - p.APScheduler ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + #user = "${toString config.users.users.kiosk.uid}:${toString config.users.groups.kiosk.gid}"; + #user = "${toString config.users.users.kiosk.uid}:root"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.kiosk.uid; + PGID = toString config.users.groups.kiosk.gid; + UMASK = "007"; }; - autoExtraComponents = true; - config = { - config = {}; - discovery = {}; - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "legacy_api_password"; - api_password = "sistemas"; - } - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "192.168.8.0/24" - "::1/128" - "fd00::/8" - ]; - # allow_bypass_login = true; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "hass"; - tags = { - instance = "wbob"; - source = "hass"; - }; - }; - mqtt = { - discovery = true; - discovery_prefix = "homeassistant"; - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - birth_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - notify = [ - { - platform = "kodi"; - name = "wbob-kodi"; - host = kodi-host; - } - #{ - # platform = "telegram"; - # name = "telegrambot"; - # chat_id = builtins.elemAt - # (builtins.fromJSON (builtins.readFile - # <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; - #} - ]; - media_player = [ - { platform = "kodi"; - host = kodi-host; - } - { platform = "mpd"; - host = "127.0.0.1"; - } - ]; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + "d ${confdir} 0770 kiosk kiosk - -" + ]; + #services.home-assistant = { + # enable = true; + # package = (unstable.home-assistant.overrideAttrs (old: { + # doInstallCheck = false; + # })).override { + # extraPackages = p: [ + # # TODO: put somewhere else + # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/dwdwfsapi.nix> {}) + # # (p.callPackage <stockholm/makefu/2configs/home/ham/deps/pykodi.nix> {}) + # p.APScheduler ]; + # }; + # autoExtraComponents = true; + # config = { + # config = {}; + # discovery = {}; + # homeassistant = { + # name = "Bureautomation"; + # time_zone = "Europe/Berlin"; + # latitude = "48.8265"; + # longitude = "9.0676"; + # elevation = 303; + # auth_providers = [ + # { type = "homeassistant";} + # { type = "legacy_api_password"; + # api_password = "sistemas"; + # } + # { type = "trusted_networks"; + # trusted_networks = [ + # "127.0.0.1/32" + # "192.168.8.0/24" + # "::1/128" + # "fd00::/8" + # ]; + # # allow_bypass_login = true; + # } + # ]; + # }; + # # https://www.home-assistant.io/components/influxdb/ + # influxdb = { + # database = "hass"; + # tags = { + # instance = "wbob"; + # source = "hass"; + # }; + # }; + # mqtt = { + # discovery = true; + # discovery_prefix = "homeassistant"; + # broker = "localhost"; + # port = 1883; + # client_id = "home-assistant"; + # keepalive = 60; + # protocol = 3.1; + # birth_message = { + # topic = "/bam/hass/tele/LWT"; + # payload = "Online"; + # qos = 1; + # retain = true; + # }; + # will_message = { + # topic = "/bam/hass/tele/LWT"; + # payload = "Offline"; + # qos = 1; + # retain = true; + # }; + # }; + # notify = [ + # { + # platform = "kodi"; + # name = "wbob-kodi"; + # host = kodi-host; + # } + # #{ + # # platform = "telegram"; + # # name = "telegrambot"; + # # chat_id = builtins.elemAt + # # (builtins.fromJSON (builtins.readFile + # # <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0; + # #} + # ]; + # media_player = [ + # { platform = "kodi"; + # host = kodi-host; + # } + # { platform = "mpd"; + # host = "127.0.0.1"; + # } + # ]; - # sensor = [{ platform = "version"; }]; # pyhaversion + # # sensor = [{ platform = "version"; }]; # pyhaversion - frontend = { }; - http = { - # TODO: https://github.com/home-assistant/home-assistant/issues/16149 - # base_url = "http://192.168.8.11:8123"; - }; - conversation = {}; - history = {}; - logbook = {}; - tts = [ - { platform = "google_translate"; - language = "de"; - time_memory = 57600; - service_name = "google_say"; - } - { platform = "voicerss"; - api_key = builtins.readFile <secrets/hass/voicerss.apikey>; - language = "de-de"; - } - #{ platform = "picotts"; - # language = "de-DE"; - #} - ]; - recorder = {}; - sun = {}; - #telegram_bot = [ - # (builtins.fromJSON - # (builtins.readFile <secrets/hass/telegram-bot.json>)) - #]; - # only for automation - # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; - # we don't use imports because the expressions do not merge in - # home-assistant - }; - }; + # frontend = { }; + # http = { + # # TODO: https://github.com/home-assistant/home-assistant/issues/16149 + # # base_url = "http://192.168.8.11:8123"; + # }; + # conversation = {}; + # history = {}; + # logbook = {}; + # tts = [ + # { platform = "google_translate"; + # language = "de"; + # time_memory = 57600; + # service_name = "google_say"; + # } + # { platform = "voicerss"; + # api_key = builtins.readFile <secrets/hass/voicerss.apikey>; + # language = "de-de"; + # } + # #{ platform = "picotts"; + # # language = "de-DE"; + # #} + # ]; + # recorder = {}; + # sun = {}; + # #telegram_bot = [ + # # (builtins.fromJSON + # # (builtins.readFile <secrets/hass/telegram-bot.json>)) + # #]; + # # only for automation + # # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + # # we don't use imports because the expressions do not merge in + # # home-assistant + # }; + #}; } diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix index ad62babc3..60ed6826d 100644 --- a/makefu/2configs/dcpp/airdcpp.nix +++ b/makefu/2configs/dcpp/airdcpp.nix @@ -8,7 +8,7 @@ hubs."krebshub" = { Nick = "makefu-${config.krebs.build.host.name}"; Password = builtins.readFile <secrets/krebshub.pw>; - Server = "adcs://hub.nsupdate.info:411"; + Server = "adcs://hub.nsupdate.info:1511"; AutoConnect = true; }; dcpp = { diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index 5a88f5ef8..f0aac3f32 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -95,6 +95,7 @@ in { enableTLS = true; settings = { server_port = 1511; + server_bind_addr = "any"; hub_name = "krebshub"; tls_certificate = "${uhubDir}/uhub.crt"; tls_private_key = "${uhubDir}/uhub.key"; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 610ba75fe..e5c7e48de 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -20,6 +20,12 @@ let dbpw = "/run/secret/nextcloud-db-pw"; in { + fileSystems."/var/lib/nextcloud/data" = { + device = "/media/cloud/nextcloud-data"; + options = [ "bind" ]; + }; + + krebs.secret.files.nextcloud-db-pw = { path = dbpw; owner.name = "nextcloud"; @@ -40,16 +46,18 @@ in { enable = true; databases = [ config.services.nextcloud.config.dbname ]; }; - +systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = [ "download" ]; + state = [ # services.postgresql.dataDir # "${config.services.nextcloud.home}/config" config.services.postgresqlBackup.location ]; + users.users.nextcloud.extraGroups = [ "download" ]; services.nextcloud = { enable = true; - package = pkgs.nextcloud22; + package = pkgs.nextcloud23; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; @@ -59,10 +67,11 @@ in { autoUpdateApps.startAt = "05:00:00"; caching.redis = true; - # caching.memcached = true; + caching.apcu = true; config = { # Further forces Nextcloud to use HTTPS overwriteProtocol = "https"; + defaultPhoneRegion = "DE"; # Nextcloud PostegreSQL database configuration, recommended over using SQLite dbtype = "pgsql"; @@ -71,7 +80,7 @@ in { dbname = "nextcloud"; dbpassFile = dbpw; adminpassFile = adminpw; - adminuser = "admin"; + adminuser = "root"; }; }; services.redis.enable = true; diff --git a/makefu/2configs/deployment/rss/ebk.yml b/makefu/2configs/deployment/rss/ebk.yml new file mode 100644 index 000000000..3248f5c4e --- /dev/null +++ b/makefu/2configs/deployment/rss/ebk.yml @@ -0,0 +1,59 @@ +regex: https://www.ebay\-kleinanzeigen.de/s\-.* +selectors: + httpsettings: + cookie: {} + header: {} + useragent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) + Chrome/90.0.4430.72 Safari/537.36 + insecure: false + feed: + title: title + authorname: "" + authoremail: "" + item: + container: ul[id='srchrslt-adtable'] li[class='ad-listitem lazyload-item '] + title: | + title = sel:find("h2.text-module-begin"):first():text():gsub("^%s*(.-)%s*$", "%1") + print(title) + link: | + link = sel:find("a"):first():attr("href") + print("https://www.ebay-kleinanzeigen.de" .. link) + created: |- + created = "" + sel:find("div.aditem-main--top--right"):each(function(i, s) + created = s:text():gsub("^%s*(.-)%s*$", "%1") + end) + if created:match("Heute") then + time = created:gsub("^.*,", "") + print(os.date("%d.%m.%Y") .. time .. " CET") + return + end + if created:match("Gestern") then + time = created:gsub("^.*,", "") + print(os.date("%d.%m.%Y", os.time()-24*60*60) .. time .. " CET") + return + end + if created:match("\.") then + print(created .. " 00:00 CET") + return + end + createdformat: 02.01.2006 15:04 MST + description: |- + description = sel:find(".aditem-main--middle"):html() + place = sel:find(".aditem-main--top--left"):html() + print(description .. place) + content: "" + image: | + img = sel:find("div.imagebox"):first():attr("data-imgsrc") + if img ~= "" then + -- prepend host if needed + if not(img:match("https*:\/\/.*")) then + img = "https://www.ebay-kleinanzeigen.de" .. img + end + print(img) + end + nextpage: | + nextpage = sel:find("link[rel=next]"):attr("href") + print("https://www.ebay-kleinanzeigen.de" .. nextpage) + nextpagecount: 5 + sort: "" diff --git a/makefu/2configs/deployment/rss/ratt-hourly.sh b/makefu/2configs/deployment/rss/ratt-hourly.sh new file mode 100755 index 000000000..67f2529bd --- /dev/null +++ b/makefu/2configs/deployment/rss/ratt-hourly.sh @@ -0,0 +1,28 @@ +#!/bin/sh +set -eu +URLS=${1?must provide URLS file} +OUTFILE=${2:-all.xml} + +echo "init, writing to $OUTFILE" + +cat > "$OUTFILE" <<EOF +<?xml version="1.0" encoding="UTF-8"?> +<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/"> + <channel> + <title>makefu Ebay Kleinanzeigen</title> + <link>https://www.ebay-kleinanzeigen.de/</link> + <description>Feed for all kleinanzeigen</description> + <pubDate>$(date '+%a, %d %b %Y %H:%M:%S %z')</pubDate> +EOF +echo "looping through $URLS" +cat "$URLS" | while read line;do + echo "fetching $line" + ratt auto "$line" | \ + xmlstarlet sel -t -c "//item" >> "$OUTFILE" || : +done + +echo "close" +cat >> "$OUTFILE" <<EOF + </channel> +</rss> +EOF diff --git a/makefu/2configs/deployment/rss/ratt.nix b/makefu/2configs/deployment/rss/ratt.nix new file mode 100644 index 000000000..2e7ecb45d --- /dev/null +++ b/makefu/2configs/deployment/rss/ratt.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, ... }: +let + fqdn = "rss.euer.krebsco.de"; + ratt-path = "/var/lib/ratt/"; + out-path = "${ratt-path}/all.xml"; +in { + systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ]; + systemd.services.run-ratt = { + enable = true; + path = with pkgs; [ ratt xmlstarlet ]; + script = builtins.readFile ./ratt-hourly.sh; + scriptArgs = "${./urls} ${out-path}"; + + preStart = "install -v -m750 ${./ebk.yml} ${ratt-path}/ebk.yml"; # ratt requires the config file in the cwd + serviceConfig.User = "nginx"; + serviceConfig.WorkingDirectory= ratt-path; + startAt = "00/3:07"; # every 3 hours, fetch latest + }; + + services.nginx.virtualHosts."${fqdn}" = { + locations."=/ratt/all.xml" = { + alias = out-path; + }; + }; +} + diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix index 19f20f50f..7e077d7e4 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss/rss.euer.krebsco.de.nix @@ -1,24 +1,30 @@ { pkgs, lib, config, ... }: let fqdn = "rss.euer.krebsco.de"; + ratt-path = "/var/lib/ratt/"; in { + systemd.tmpfiles.rules = ["d ${ratt-path} 0750 nginx nginx - -" ]; services.tt-rss = { enable = true; virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; - services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; services.postgresqlBackup = { enable = true; databases = [ config.services.tt-rss.database.name ]; }; + systemd.services.postgresqlBackup-tt_rss.serviceConfig.SupplementaryGroups = [ "download" ]; services.nginx.virtualHosts."${fqdn}" = { enableACME = true; forceSSL = true; + locations."/ratt/" = { + alias = ratt-path; + extraConfig = "autoindex on;"; + }; }; } diff --git a/makefu/2configs/deployment/rss/urls b/makefu/2configs/deployment/rss/urls new file mode 100644 index 000000000..3ab2538a1 --- /dev/null +++ b/makefu/2configs/deployment/rss/urls @@ -0,0 +1,7 @@ +https://www.ebay-kleinanzeigen.de/s-heimwerken/nein/muehlhausen/bohrmaschine/k0c84l9313r5+heimwerken.versand_s:nein +https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280 +https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5 +https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313 +https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313 +https://www.ebay-kleinanzeigen.de/s-muehlhausen/labeldrucker/k0l9313r5 +https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5 diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index 5751bf489..07f80719d 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -6,16 +6,15 @@ ((pkgs.vim_configurable.override { python = pkgs.python3; }).customize { name = "vim"; vimrcConfig.customRC = builtins.readFile ./vimrc; - vimrcConfig.vam.knownPlugins = pkgs.vimPlugins; - vimrcConfig.vam.pluginDictionaries = [ - { names = [ "undotree" + vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; { start = [ + "undotree" "YouCompleteMe" #"UltiSnips" - "vim-better-whitespace" ]; } # vim-nix handles indentation better but does not perform sanity - { names = [ "vim-addon-nix" ]; ft_regex = "^nix\$"; } + "vim-addon-nix" + "vim-better-whitespace" ]; - + }; }) ]; } diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index dc28cf4d2..55df23640 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -4,17 +4,21 @@ imports = [ ./base.nix ]; - users.users.makefu = { - packages = [ pkgs.chromium ]; - extraGroups = [ "audio" "pulse" ]; + users.users.kiosk = { + packages = [ pkgs.chromium pkgs.vscode ]; + group = "kiosk"; + isNormalUser = true; + uid = 1003; + extraGroups = [ "wheel" "audio" "pulse" ]; }; + users.groups.kiosk.gid = 989 ; services.xserver = { windowManager = lib.mkForce { awesome.enable = false; }; displayManager.gdm.enable = true; displayManager.autoLogin = { enable = true; - user = "makefu"; + user = lib.mkForce "kiosk"; }; displayManager.defaultSession = "gnome"; desktopManager.gnome.enable = true; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index cf6f1d334..13755de27 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -35,7 +35,7 @@ home-manager.users.makefu = { programs.direnv.enable = true; - programs.direnv.enableNixDirenvIntegration = true; + programs.direnv.nix-direnv.enable = true; programs.direnv.enableZshIntegration = true; home.packages = [ (pkgs.writeDashBin "nixify" '' test ! -e shell.nix && cat > shell.nix <<EOF diff --git a/makefu/2configs/home/ham/automation/check-in.nix b/makefu/2configs/home/ham/automation/check-in.nix index 21040b409..3a7ebe9ac 100644 --- a/makefu/2configs/home/ham/automation/check-in.nix +++ b/makefu/2configs/home/ham/automation/check-in.nix @@ -3,7 +3,7 @@ let light = "light.arbeitszimmer_onebutton_led"; at_work = "input_boolean.felix_at_work"; lib = import ../lib; - say = lib.say.living_room; + say = lib.say.office; in { services.home-assistant.config.input_boolean.felix_at_work.name = "Felix auf Arbeit"; @@ -37,7 +37,16 @@ in { service = "homeassistant.turn_on"; entity_id = at_work; } - ] ++ (say "Willkommen auf Arbeit"); + ] ++ (say "Willkommen auf Arbeit") ++ + [ + { service = "media_player.play_media"; + data = { + media_content_id = "https://radio.lassul.us/radio.mp3"; + media_content_type = "music"; + }; + target.entity_id = "media_player.office"; + } + ]; } { conditions = { diff --git a/makefu/2configs/home/ham/automation/flurlicht.nix b/makefu/2configs/home/ham/automation/flurlicht.nix index c26f7e3e0..aa62ab9e4 100644 --- a/makefu/2configs/home/ham/automation/flurlicht.nix +++ b/makefu/2configs/home/ham/automation/flurlicht.nix @@ -1,56 +1,57 @@ let - licht = [ "light.flur_statuslight" "light.wohnzimmer_status_led" ]; - kehrwoche_color = [ 204 0 255 ]; # pink - nachtlicht_color = [ 255 190 0 ]; # ein dunkles rot + nachtlicht = [ "light.flur_statuslight" "light.wohnzimmer_status_led" ]; + + # flurlicht an + lightcond = name: conditions: rgb_color: brightness: + { + inherit conditions; + sequence = { + service = "light.turn_on"; + target.entity_id = nachtlicht; + data = { + inherit rgb_color brightness; + }; + }; + }; in { services.home-assistant.config.automation = [ - { alias = "Nachtlicht im Flur an"; - trigger = { - platform = "sun"; - event = "sunset"; - }; - action = - [ - { - service = "light.turn_on"; - target.entity_id = licht; - data = { - brightness = 87; - rgb_color = nachtlicht_color; - #effect = "None"; - }; + { alias = "Nachtlicht trigger"; + trigger = [ + { platform = "sun"; event = "sunset"; } + { platform = "sun"; event = "sunrise"; } + { platform = "state"; entity_id = [ + "calendar.kehrwoche_kehrwoche" + "binary_sensor.badezimmer_fenster_contact" + "binary_sensor.dusche_fenster_contact" + ]; } ]; - } - { alias = "Nachtlicht in Flur aus, Kehrwoche an"; - trigger = { - platform = "sun"; - event = "sunrise"; - }; action = [ { choose = [ - { - conditions = { - condition = "state"; - entity_id = "calendar.kehrwoche_kehrwoche"; - state = "on"; - }; - sequence = { - service = "light.turn_on"; - target.entity_id = licht; - data = { - brightness = 190; - rgb_color = kehrwoche_color; # pink - }; - }; - }]; + (lightcond "Badezimmer Fenster Auf" + { condition = "state"; entity_id = "binary_sensor.badezimmer_fenster_contact"; state = "on"; } + [ 64 207 255 ] 255 # helblau + ) + (lightcond "Duschenster auf" + { condition = "state"; entity_id = "binary_sensor.dusche_fenster_contact"; state = "on"; } + [ 64 207 255 ] 255 # helblau + ) + (lightcond "Nachtlicht" + { condition = "state"; entity_id = "sun.sun"; state = "below_horizon"; } + [ 255 190 0 ] 90 # red + ) + (lightcond "Kehrwoche" + { condition = "state"; entity_id = "calendar.kehrwoche_kehrwoche"; state = "on"; } + [ 204 0 255 ] 128 # pink + ) + ]; default = { - service = "light.turn_off"; - entity_id = licht; - }; + service = "light.turn_off"; + entity_id = nachtlicht; + }; } ]; } diff --git a/makefu/2configs/home/ham/automation/giesskanne.nix b/makefu/2configs/home/ham/automation/giesskanne.nix index b11fd9d52..400e553e8 100644 --- a/makefu/2configs/home/ham/automation/giesskanne.nix +++ b/makefu/2configs/home/ham/automation/giesskanne.nix @@ -7,8 +7,10 @@ let light = "light.espcam_02_light"; seconds = 90; # default shutoff to protect the LED from burning out }; - seconds = 70; # time for giesskanne + seconds = 60*5; # time for giesskanne - 5 minutes pump = "switch.arbeitszimmer_giesskanne_relay"; + light = "switch.terrasse_plug_relay"; + # sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; in { @@ -26,56 +28,51 @@ in [ ##### brotbox - { alias = "Water the plant for ${toString seconds} seconds"; + { alias = "Water the plant for ${toString seconds} seconds and turn on the light"; trigger = [ { # trigger at 23:15 no matter what # TODO: retry or run only if switch.wasser is available - platform = "time"; - at = "23:15:00"; + platform = "sun"; + event = "sunrise"; } ]; action = [ - { # take a snapshot before watering - service = "homeassistant.turn_on"; - entity_id = [ cam.light ]; - } - { # TODO: we could also create a recording with camera.record - service = "camera.snapshot"; - data = { - entity_id = cam.camera; - # TODO: create /var/lib/hass/cam/ - now being done manually - filename = "/var/lib/hass/cam/${cam.name}_{{ now().strftime('%Y%m%d-%H%M%S') }}.jpg"; - }; - } { # now turn on the pumping services # i do not start hte pump and light before the snapshot because i do # not know how long it takes (do not want to water the plants for too long) service = "homeassistant.turn_on"; - entity_id = [ pump ]; + entity_id = [ pump light ]; } { delay.seconds = seconds; } { service = "homeassistant.turn_off"; entity_id = [ pump cam.light ]; } + { # TODO: we could also create a recording with camera.record + service = "camera.snapshot"; + data = { + entity_id = cam.camera; + # TODO: create /var/lib/hass/cam/ - now being done manually + filename = "/var/lib/hass/cam/${cam.name}_{{ now().strftime('%Y%m%d-%H%M%S') }}.jpg"; + }; + } ]; } - { alias = "Always turn off the light after ${toString (cam.seconds)}s"; + { alias = "Turn off the light at sunset"; trigger = [ { - platform = "state"; - entity_id = cam.light; - to = "on"; - for.seconds = cam.seconds; + platform = "sun"; + event = "sunset"; + # offset = "+02:00:00"; } ]; action = [ { service = "homeassistant.turn_off"; - entity_id = [ pump cam.light ]; + entity_id = [ light ]; } ]; } @@ -93,7 +90,7 @@ in [ { service = "homeassistant.turn_off"; - entity_id = [ pump cam.light ]; + entity_id = [ pump ]; } ]; } diff --git a/makefu/2configs/home/ham/automation/urlaub.nix b/makefu/2configs/home/ham/automation/urlaub.nix index 50294514c..c11c589cf 100644 --- a/makefu/2configs/home/ham/automation/urlaub.nix +++ b/makefu/2configs/home/ham/automation/urlaub.nix @@ -7,12 +7,26 @@ let schranklicht = "light.wohnzimmer_schrank_osram"; weihnachtslicht = "light.wohnzimmer_fenster_lichterkette_licht"; fernsehlicht = "light.wled"; + + all_lights = [ + schranklicht weihnachtslicht fernsehlicht + # extra lights to also turn off + # wohnzimmer + "light.wohnzimmer_komode_osram" + "light.wohnzimmer_stehlampe_osram" + # arbeitszimmer + "light.wled_4" + "light.arbeitszimmer_schrank_dimmer" + "light.arbeitszimmer_pflanzenlicht" + ]; + final_off = "00:37"; - turn_on = entity_id: at: - { alias = "Turn on ${entity_id} at ${at}"; + turn_on = entity_id: offset: + # negative offset => before sunset + { alias = "Turn on ${entity_id} at sunset ${offset}"; trigger = [ - { platform = "time"; inherit at; } + { platform = "sun"; event = "sunset"; inherit offset; } ]; action = [ @@ -25,9 +39,9 @@ in { automation = [ - (turn_on schranklicht "17:30") - (turn_on weihnachtslicht "17:30") - (turn_on fernsehlicht "19:00") + (turn_on schranklicht "-00:30:00") + #(turn_on weihnachtslicht "-00:30:00") + (turn_on fernsehlicht "-00:00:00") { alias = "Always turn off the urlaub lights at ${final_off}"; trigger = [ diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index b9701f129..31e7ba419 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -31,15 +31,16 @@ in { ./media/firetv.nix ./media/sonos.nix ./media/remote_sound_wohnzimmer.nix + ./media/remote_sound_arbeitszimmer.nix ./automation/check-in.nix ./automation/fenster_auf.nix ./automation/firetv_restart.nix ./automation/light_buttons.nix ./automation/wohnzimmer_rf_fernbedienung.nix - ./automation/ladestecker_timer.nix + # ./automation/ladestecker_timer.nix ./automation/flurlicht.nix - #./automation/giesskanne.nix + ./automation/giesskanne.nix ./automation/pflanzen_giessen_erinnerung.nix ./automation/urlaub.nix ./automation/moodlight.nix @@ -59,7 +60,7 @@ in { extraPackages = p: [ (p.callPackage ./deps/dwdwfsapi.nix {}) (p.callPackage ./signal-rest/pkg.nix {}) - #(p.callPackage ./deps/pykodi.nix {}) + (p.callPackage ./deps/pykodi.nix {}) ]; }; @@ -141,11 +142,11 @@ in { retain = true; }; }; - luftdaten = { - show_on_map = true; - sensor_id = 10529; - sensors.monitored_conditions = [ "P1" "P2" ]; - }; + #luftdaten = { + # show_on_map = true; + # sensor_id = 10529; + # sensors.monitored_conditions = [ "P1" "P2" ]; + #}; #binary_sensor = # flurlicht.binary_sensor; diff --git a/makefu/2configs/home/ham/light/tint_wohnzimmer.nix b/makefu/2configs/home/ham/light/tint_wohnzimmer.nix index fd87cf064..474bf5c99 100644 --- a/makefu/2configs/home/ham/light/tint_wohnzimmer.nix +++ b/makefu/2configs/home/ham/light/tint_wohnzimmer.nix @@ -25,19 +25,20 @@ let default_scene_1 = "Solid"; default_color_1 = "Default"; main_color_select_1 = "select.wled_color_palette"; - light_group_1.entity_id = [ - main_light_1 - ]; + light_group_1.entity_id = [ + main_light_1 + ]; # contains only the actually changeable lights - light_group_2.entity_id = [ + light_group_2 = { entity_id = [ "light.wohnzimmer_komode_osram" "light.wohnzimmer_schrank_osram" "light.wohnzimmer_fenster_lichterkette_licht" - ]; - light_group_3.entity_id = [ + ]; + }; + light_group_3 = { entity_id = [ "light.wohnzimmer_stehlampe_osram" - ]; + ]; }; statecond = cond: { # cond must be a list condition = "template"; diff --git a/makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix b/makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix new file mode 100644 index 000000000..f59f022f4 --- /dev/null +++ b/makefu/2configs/home/ham/media/remote_sound_arbeitszimmer.nix @@ -0,0 +1,107 @@ +{ lib, ...}: +let + statecond = cond: { # cond must be a list + condition = "template"; + value_template = "{{ trigger.to_state.state in ( " + + (lib.concatMapStringsSep "," (x: "'${x}'") cond) + ") }}"; + }; + vol_change = 0.030; + + max_repeat = "30"; # max loops to repeat before bailing out + remote = "sensor.arbeitszimmer_sound1_action"; + player = "media_player.office"; + last_state_sensor_name = "last_rotation_action_arbeitszimmer"; + last_state_sensor = "input_text.${last_state_sensor_name}"; + # - service: media_player.volume_set + # target: + # entity_id: media_player.kitchen + # data: + # volume_level: {{ state_attr('media_player.kitchen', 'volume_level') + 0.02 }} + rotate_stop = "brightness_stop"; + rotate_right = "brightness_move_up"; + rotate_left = "brightness_move_down" ; + + single_click = "toggle"; + double_click = "brightness_step_up"; + triple_click = "brightness_step_down"; +in { + services.home-assistant.config.input_text."${last_state_sensor_name}".name = "Last action of the arbeitszimmer"; + services.home-assistant.config.automation = [ + { + trigger = { + platform = "state"; + entity_id = remote; + to = [ rotate_stop ]; + }; + action = [ + { service = "input_text.set_value"; + target.entity_id = last_state_sensor; + data.value = "stop"; + } + ]; + } + { + alias = "Perform Actions with ${remote}"; + trigger = { + platform = "state"; + entity_id = remote; + to = [ single_click double_click triple_click rotate_left rotate_right ]; + }; + #mode = "queued"; + #max = 5; + mode = "single"; + #max_exceeded = "silent"; + action = [ + { + choose = [ + { + conditions = statecond [ single_click ]; + sequence = [ + { service = "media_player.media_play_pause"; + target.entity_id = player; + } + ]; + } + { + conditions = statecond [ rotate_left rotate_right ]; + sequence = let + vol_up = toString vol_change; + vol_down = toString (-1 * vol_change); + in [ + { + variables.nextvol = ''{% if trigger.to_state.state in ( "${rotate_left}" ) -%} ${vol_down} {% else -%} ${vol_up} {% endif -%}''; + variables.state = ''{% if trigger.to_state.state in ( "${rotate_left}" ) -%} left {% else -%} right {% endif -%}''; + } + { service = "input_text.set_value"; + target.entity_id = last_state_sensor; + data.value = ''{{ state }}''; + } + { + repeat = { + sequence = [ + { service = "media_player.volume_set"; + target.entity_id = player; + data.volume_level = ''{{ state_attr("${player}","volume_level") + (nextvol|float) }}''; + } + { delay.milliseconds = "150"; } + ]; + while = [ + { + condition = "template"; + value_template = ''{{ states("${last_state_sensor}") == state }}''; + } + { + condition = "template"; + value_template = "{{ repeat.index <= ${max_repeat}}}"; + } + ]; + }; + } + ]; + } + ]; + } + ]; + } + ]; +} diff --git a/makefu/2configs/home/ham/media/sonos.nix b/makefu/2configs/home/ham/media/sonos.nix index 5b9694512..40dcfc3ca 100644 --- a/makefu/2configs/home/ham/media/sonos.nix +++ b/makefu/2configs/home/ham/media/sonos.nix @@ -2,6 +2,7 @@ services.home-assistant.config.sonos.media_player.hosts = [ "192.168.111.30" "192.168.111.31" + "192.168.111.32" ]; } diff --git a/makefu/2configs/home/ham/person/default.nix b/makefu/2configs/home/ham/person/default.nix new file mode 100644 index 000000000..a72f610e8 --- /dev/null +++ b/makefu/2configs/home/ham/person/default.nix @@ -0,0 +1,20 @@ +{config, ... }: +{ + services.home-assistant.config.person = [ + { + name = "Felix"; + id = 1; + device_trackers = [ + "device_tracker.felix_phone" + "device_tracker.x" + ]; + } + { + name = "Misa"; + id = 2; + device_trackers = [ + "device_tracker.misa_phone" + ]; + } + ]; +} diff --git a/makefu/2configs/home/jellyfin.nix b/makefu/2configs/home/jellyfin.nix new file mode 100644 index 000000000..672a483e5 --- /dev/null +++ b/makefu/2configs/home/jellyfin.nix @@ -0,0 +1,10 @@ +{ lib, config, ... }: +{ + services.jellyfin.enable = true; + services.jellyfin.openFirewall = true; + #users.users.${config.services.jellyfin.user}.extraGroups = [ "download" "video" "render" ]; + state = [ "/var/lib/jellyfin" ]; + systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false; + systemd.services.jellyfin.serviceConfig.DeviceAllow = lib.mkForce ["char-drm rwm" "char-nvidia-frontend" "char-nvidia-uvm"]; + systemd.services.jellyfin.serviceConfig.SupplementaryGroups = [ "video" "render" "download" ]; +} diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix index 59f6d9170..7f5a425d2 100644 --- a/makefu/2configs/home/music.nix +++ b/makefu/2configs/home/music.nix @@ -6,7 +6,7 @@ in { services.navidrome.enable = true; services.navidrome.settings = { - MusicFolder = "/media/cryptX/music"; + MusicFolder = "/media/cryptX/music/kinder"; Address = "0.0.0.0"; }; diff --git a/makefu/2configs/home/tonie.nix b/makefu/2configs/home/tonie.nix index 959e48e8b..bc3633a88 100644 --- a/makefu/2configs/home/tonie.nix +++ b/makefu/2configs/home/tonie.nix @@ -4,8 +4,8 @@ let #host = config.networking.hostName; ident = 998; user = "${toString ident}:${toString ident}"; - #backend_host = "tonie.lan"; - backend_host = "tonie.omo.r"; + backend_host = "tonie.lan"; + #backend_host = "tonie.omo.r"; frontend_port = 30006; homedir = "/var/lib/tonies"; albumdir = "${homedir}/albumart/"; diff --git a/makefu/2configs/hw/nswitch.nix b/makefu/2configs/hw/nswitch.nix new file mode 100644 index 000000000..56e122cbf --- /dev/null +++ b/makefu/2configs/hw/nswitch.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + + users.extraUsers.${config.krebs.build.user.name}.extraGroups = [ "dialout" ]; + + # 1: USB + # 2: RCM + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="3000", MODE="0660" ,GROUP="dialout" + SUBSYSTEM=="usb", ATTRS{idVendor}=="0955", ATTRS{idProduct}=="7321", MODE="0660", GROUP="dialout" + ''; +} + diff --git a/makefu/2configs/nginx/dl.euer.krebsco.de.nix b/makefu/2configs/nginx/dl.euer.krebsco.de.nix index 5380d8437..e31d355a7 100644 --- a/makefu/2configs/nginx/dl.euer.krebsco.de.nix +++ b/makefu/2configs/nginx/dl.euer.krebsco.de.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { + users.groups.download.members = [ "nginx" ]; services.nginx = { enable = lib.mkDefault true; recommendedGzipSettings = true; diff --git a/makefu/2configs/nginx/euer.blog.nix b/makefu/2configs/nginx/euer.blog.nix index 14d1285db..24696adf2 100644 --- a/makefu/2configs/nginx/euer.blog.nix +++ b/makefu/2configs/nginx/euer.blog.nix @@ -35,6 +35,7 @@ in { #serverAliases = [ "blog.euer.krebsco.de" "blog.${hostname}" ]; enableACME = true; forceSSL = true; + default = true; root = base-dir; }; }; diff --git a/makefu/2configs/printer.nix b/makefu/2configs/printer.nix index 72b9dadd6..210a9df33 100644 --- a/makefu/2configs/printer.nix +++ b/makefu/2configs/printer.nix @@ -11,6 +11,7 @@ in { cups-dymo # dymo labelwriter foo2zjs # magicolor 1690mf cups-zj-58 + cups-ptouch ]; }; diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index a2b24d35a..d1cfc2f88 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -10,7 +10,6 @@ LocalDiscovery = no ''} ''; - #krebs.tinc.retiolum.connectTo = [ "gum" ]; environment.systemPackages = [ pkgs.tinc ]; networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 1f622a8e0..cb4ca24a8 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -5,7 +5,7 @@ users.users.makefu.packages = with pkgs; [ # mitmproxy nmap - msf + metasploit #drozer #dex2jar apktool diff --git a/makefu/2configs/tools/consoles.nix b/makefu/2configs/tools/consoles.nix index 7d58daa3f..f213a9b0e 100644 --- a/makefu/2configs/tools/consoles.nix +++ b/makefu/2configs/tools/consoles.nix @@ -15,6 +15,7 @@ nx_game_info hactool nsrenamer + ns-usbloader sfo exfatprogs exfat-utils exfat ]; diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 918d950f2..66bc9a0e6 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -38,6 +38,10 @@ ovh-zone gen-oath-safe cdrtools + unrar + ffmpeg + dnsutils + # network related sshuttle pciutils diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 14e782e3f..255d1c51a 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -13,7 +13,7 @@ plowshare streamripper - youtube-dl + yt-dlp pulseeffects-legacy # for pulse ]; diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index acc22d647..6b7aa4fec 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -9,7 +9,7 @@ iodine mtr nmap - msf + metasploit thc-hydra borgbackup ledger diff --git a/makefu/2configs/torrent/deluge.nix b/makefu/2configs/torrent/deluge.nix new file mode 100644 index 000000000..af965fbe9 --- /dev/null +++ b/makefu/2configs/torrent/deluge.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: +let + base = config.makefu.dl-dir; + daemon-port = 58846; + peer-port = 51412; + web-port = 8112; + secfile = toString <torrent-secrets> + "/deluge-auth"; + authfile = config.services.deluge.dataDir + "/myauth"; +in { + services.deluge = { + enable = true; + package = pkgs.deluge-2_x; + openFilesLimit = 65355; + declarative = true; + config = { + download_location = base + "/finished"; + allow_remote = true; + inherit daemon-port; + listen_ports = [ peer-port ]; + copy_torrent_file = true; + torrentfiles_location = base + "/torrents"; + max_active_seeding = 50; + max_connections_global = 1000; + max_half_open_connections = 200; + enabled_plugins = [ "AutoAdd" ]; + }; + openFirewall = true; + group = "download"; + authFile = authfile; + web = { + enable = true; + port = web-port; + }; + }; + + #systemd.services.deluged.serviceConfig.ExecStartPre = pkgs.writeDash "install-auth" '' + # install -odeluge "$secfile" "$authfile" + #''; + services.nginx.enable = true; + services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; + state = [ "/var/lib/deluge/.config/deluge" ]; +} diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix index 79325bfc7..87ecc1e19 100644 --- a/makefu/2configs/torrent/rtorrent.nix +++ b/makefu/2configs/torrent/rtorrent.nix @@ -7,15 +7,17 @@ let daemon-port = 58846; dldir = config.makefu.dl-dir; in { - services.rtorrent.enable = true; - services.rtorrent.user = "rtorrent"; - services.rtorrent.group = "download"; - services.rtorrent.downloadDir = dldir; - services.rtorrent.configText = '' - schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent"))) - ''; - - services.rtorrent.openFirewall = true; + services.rtorrent = { + enable = true; + user = "rtorrent"; + port = peer-port; + openFirewall = true; + group = "download"; + downloadDir = dldir; + configText = '' + schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent"))) + ''; + }; systemd.services.flood = { wantedBy = [ "multi-user.target" ]; diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 3620bc568..e6952fdbc 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -21,7 +21,6 @@ in { ## No rate limit ## rate limited - # https://api.github.com/repos/dorimanx/exfat-nofuse/commits # https://api.github.com/repos/mcepl/gen-oath-safe/commits https://api.github.com/repos/naim94a/udpt/commits https://api.github.com/repos/dirkvdb/ps3netsrv--/commits @@ -58,7 +57,6 @@ in { "embray/d2to1" "vicious-widgets/vicious" "embray/d2to1" - "dorimanx/exfat-nofuse" "rapid7/metasploit-framework" "GothenburgBitFactory/taskserver" "GothenburgBitFactory/taskwarrior" diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix index c8fbfe6fb..bda250702 100644 --- a/makefu/2configs/wireguard/server.nix +++ b/makefu/2configs/wireguard/server.nix @@ -1,59 +1,69 @@ -{ config, ... }: +{ config,pkgs, ... }: let ext-if = config.makefu.server.primary-itf; in { # wireguard server # opkg install wireguard luci-proto-wireguard - # TODO: networking.nat - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; # conf.all.proxy_arp =1 networking.firewall = { allowedUDPPorts = [ 51820 ]; - extraCommands = '' - iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE - ''; + }; + networking.nat = { + enable = true; + #externalIP = "144.76.26.247"; + #internalIPs = [ "10.244.0.0/24" ]; + externalInterface = ext-if; + internalInterfaces = [ "wg0" ]; }; networking.wireguard.interfaces.wg0 = { ips = [ "10.244.0.1/24" ]; listenPort = 51820; privateKeyFile = (toString <secrets>) + "/wireguard.key"; - allowedIPsAsRoutes = true; + # allowedIPsAsRoutes = true; + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + + # This undoes the above command + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; peers = [ - { - # x - allowedIPs = [ "10.244.0.2/32" ]; - publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; - } - { - # vbob - allowedIPs = [ "10.244.0.3/32" ]; - publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; - } - { - # x-test - allowedIPs = [ "10.244.0.4/32" ]; - publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; - } - { - # work-router - persistentKeepalive = 25; - allowedIPs = [ "10.244.0.5/32" ]; - publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; - } - { - # workr - persistentKeepalive = 25; - allowedIPs = [ "10.244.0.6/32" ]; - publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; - } - { - # mobile - allowedIPs = [ "10.244.0.7/32" ]; - publicKey = "Y6fOW2QDt0SsHT7hSVzzJYQVB3JI/txO4/FDB54Z52A="; - } + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + persistentKeepalive = 25; + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + persistentKeepalive = 25; + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + { + # mobile + allowedIPs = [ "10.244.0.7/32" ]; + publicKey = "Y6fOW2QDt0SsHT7hSVzzJYQVB3JI/txO4/FDB54Z52A="; + } ]; }; # TODO: this issue is related to the router which connects to the host but is |