diff options
Diffstat (limited to 'makefu')
37 files changed, 79 insertions, 157 deletions
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 763d36841..1cfa8e4a4 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -126,6 +126,9 @@ in { <stockholm/makefu/2configs/wireguard/server.nix> <stockholm/makefu/2configs/wireguard/wiregrill.nix> + { # recent changes mediawiki bot + networking.firewall.allowedUDPPorts = [ 5005 5006 ]; + } # Removed until move: no extra mails # <stockholm/makefu/2configs/urlwatch> # Removed until move: avoid letsencrypt ban diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 13918a9b1..6afe792ec 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -43,7 +43,6 @@ in { <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/mobility.nix> - { environment.systemPackages = [ pkgs.esniper ]; } #<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/share-user-sftp.nix> @@ -97,7 +96,7 @@ in { <stockholm/makefu/2configs/home/airsonic.nix> <stockholm/makefu/2configs/home/photoprism.nix> - <stockholm/makefu/2configs/home/metube.nix> + # <stockholm/makefu/2configs/home/metube.nix> <stockholm/makefu/2configs/home/ham> <stockholm/makefu/2configs/home/zigbee2mqtt> { @@ -141,6 +140,7 @@ in { ]; makefu.full-populate = true; nixpkgs.config.allowUnfree = true; + users.users.share.isNormalUser = true; users.groups.share = { gid = (import <stockholm/lib>).genid "share"; members = [ "makefu" "misa" ]; @@ -152,6 +152,7 @@ in { users.users.misa = { uid = 9002; name = "misa"; + isNormalUser = true; }; zramSwap.enable = true; diff --git a/makefu/1systems/x/x13/default.nix b/makefu/1systems/x/x13/default.nix index f0d663ee9..ea557bbef 100644 --- a/makefu/1systems/x/x13/default.nix +++ b/makefu/1systems/x/x13/default.nix @@ -8,7 +8,7 @@ <nixos-hardware/lenovo/thinkpad/l14/amd> # close enough # <stockholm/makefu/2configs/hw/tpm.nix> <stockholm/makefu/2configs/hw/ssd.nix> - <stockholm/makefu/2configs/hw/xmm7360.nix> + # <stockholm/makefu/2configs/hw/xmm7360.nix> ]; boot.zfs.requestEncryptionCredentials = true; networking.hostId = "f8b8e0a2"; diff --git a/makefu/1systems/x/x13/zfs.nix b/makefu/1systems/x/x13/zfs.nix index adfebbf96..d6b99df41 100644 --- a/makefu/1systems/x/x13/zfs.nix +++ b/makefu/1systems/x/x13/zfs.nix @@ -13,6 +13,7 @@ boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; + boot.zfs.enableUnstable = true; # required for 21.05 fileSystems."/" = { device = "zroot/root/nixos"; fsType = "zfs"; diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 4abc7d345..6ce0606a8 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -22,6 +22,7 @@ in { uid = genid "auphonic"; group = "nginx"; useDefaultShell = true; + isSystemUser = true; openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; diff --git a/makefu/2configs/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8dc..56d319e39 100644 --- a/makefu/2configs/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix @@ -41,8 +41,8 @@ in services.tor = { enable = true; hiddenServices."${name}".map = [ - { port = "80"; } - # { port = "443"; toHost = "blog.binaergewitter.de"; } + { port = 80; } + # { port = 443; toHost = "blog.binaergewitter.de"; } ]; }; } diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 669754caf..46bf05963 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -6,7 +6,7 @@ in { imports = [ ./ota.nix ./comic-updater.nix - ./puppy-proxy.nix + # ./puppy-proxy.nix ./zigbee2mqtt diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index fbbce1f09..d9a2869cc 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -33,10 +33,11 @@ let uhubDir = "/var/lib/uhub"; in { - users.extraUsers."${ddclientUser}" = { + users.users."${ddclientUser}" = { uid = genid "ddclient"; description = "ddclient daemon user"; home = stateDir; + isSystemUser = true; createHome = true; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index be64e402e..52206c380 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -23,6 +23,7 @@ with import <stockholm/lib>; group = "users"; home = "/home/makefu"; createHome = true; + isNormalUser = true; useDefaultShell = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index 86bd4b524..0593cf7fc 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -75,7 +75,7 @@ in { }; }; services.redis.enable = true; - systemd.services.redis.serviceConfig.LimitNOFILE=65536; + systemd.services.redis.serviceConfig.LimitNOFILE=mkForce "65536"; services.postgresql = { enable = true; # Ensure the database, user, and permissions always exist diff --git a/makefu/2configs/deployment/rss.euer.krebsco.de.nix b/makefu/2configs/deployment/rss.euer.krebsco.de.nix index a7ada9395..098ffcdd5 100644 --- a/makefu/2configs/deployment/rss.euer.krebsco.de.nix +++ b/makefu/2configs/deployment/rss.euer.krebsco.de.nix @@ -7,6 +7,11 @@ in { virtualHost = fqdn; selfUrlPath = "https://${fqdn}"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "python2.7-Pillow-6.2.2" + ]; + systemd.services.tt-rss.serviceConfig.ExecStart = lib.mkForce "${pkgs.php}/bin/php /var/lib/tt-rss/update_daemon2.php"; services.postgresql.package = pkgs.postgresql_9_6; state = [ config.services.postgresqlBackup.location ]; diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index 70c0320a1..abbdcbbb2 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -6,7 +6,7 @@ let in { users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; }; diff --git a/makefu/2configs/home/ham/automation/fenster_auf.nix b/makefu/2configs/home/ham/automation/fenster_auf.nix index 0c57fc760..b24f6445d 100644 --- a/makefu/2configs/home/ham/automation/fenster_auf.nix +++ b/makefu/2configs/home/ham/automation/fenster_auf.nix @@ -19,8 +19,8 @@ let [ { service = "notify.signal_home"; - data = { - message= "${name} seit ${toString min} Minuten offen\nBitte einmal checken ob das ok ist :)"; + data_template = { + message = "${name} seit ${toString min} Minuten offen und draussen ist es gerade {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte"; }; } { diff --git a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix index 3aaa57bd6..32a373edc 100644 --- a/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix +++ b/makefu/2configs/home/ham/automation/pflanzen_giessen_erinnerung.nix @@ -5,22 +5,22 @@ let }; notify_home = message: { service = "notify.signal_home"; - data.message = message; + data_template.message = message; }; in { services.home-assistant.config.automation = [ - { - alias = "Pflanzen Giessen Erinnerung Daily"; - trigger = { - platform = "time"; - at = "12:15:00"; - }; - action = [ - (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") - ]; - } + #{ + # alias = "Pflanzen Giessen Erinnerung Daily"; + # trigger = { + # platform = "time"; + # at = "12:15:00"; + # }; + # action = [ + # (notify_felix "Es ist Mittagszeit und du kannst ruhig einmal alle Blumen im Zimmer giessen") + # ]; + #} { alias = "Pflanzen Giessen Erinnerung Weekly"; trigger = { @@ -32,7 +32,11 @@ in weekday = [ "sat" ]; }; action = [ - (notify_home "Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen.") + (notify_home + ''Es ist Wochenende und die Pflanzen würden sich über ein bisschen Wasser freuen. + Die Wettervorhersage: {{states.sensor.dark_sky_summary.state}} mit einer Regenwahrscheinlichkeit von {{states.sensor.dark_sky_precip_probability.state}}%. + Aktuell sind es {{states.sensor.dark_sky_temperature.state}}°C bei {{states.sensor.dark_sky_humidity.state}}% Luftfeuchte. + Der UV Index liegt bei {{states.sensor.dark_sky_uv_index.state}}'') ]; } ]; diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 11894906e..79f26a053 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -180,7 +180,8 @@ in { frontend = { }; http = { use_x_forwarded_for = true; - server_host = "127.0.0.1"; + #server_host = "127.0.0.1"; + server_host = "0.0.0.0"; trusted_proxies = [ "127.0.0.1" ]; #trusted_proxies = [ "192.168.1.0/24" ]; }; diff --git a/makefu/2configs/home/metube.nix b/makefu/2configs/home/metube.nix index 50646d210..e6008d475 100644 --- a/makefu/2configs/home/metube.nix +++ b/makefu/2configs/home/metube.nix @@ -26,7 +26,10 @@ in ]; user = "metube"; }; - users.users.metube.uid = uid; + users.users.metube = { + uid = uid; + isSystemUser = true; + }; systemd.services.docker-metube.serviceConfig = { StandardOutput = lib.mkForce "journal"; diff --git a/makefu/2configs/home/zigbee2mqtt/default.nix b/makefu/2configs/home/zigbee2mqtt/default.nix index 95ee56835..1c4582ed5 100644 --- a/makefu/2configs/home/zigbee2mqtt/default.nix +++ b/makefu/2configs/home/zigbee2mqtt/default.nix @@ -20,7 +20,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 4176d7b35..0bd29497d 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; #effectively systemUser description = "smb guest user"; home = "/data/lanparty"; createHome = true; diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index cfa6193c6..2f8f4acc4 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -34,6 +34,7 @@ in { description = "ddclient daemon user"; home = stateDir; createHome = true; + isSystemUser = true; }; systemd.services = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index 0227f512a..039698f1d 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,12 @@ {config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { - name = "nixBuild"; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - config.krebs.users.buildbotSlave.pubkey - config.krebs.users.makefu-remote-builder.pubkey - ]; - }; + name = "nixBuild"; + isNormalUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.buildbotSlave.pubkey + config.krebs.users.makefu-remote-builder.pubkey + ]; + }; } diff --git a/makefu/2configs/share-user-sftp.nix b/makefu/2configs/share-user-sftp.nix index 2c93143ec..26f1d3ba3 100644 --- a/makefu/2configs/share-user-sftp.nix +++ b/makefu/2configs/share-user-sftp.nix @@ -5,6 +5,7 @@ share = { uid = 9002; home = "/var/empty"; + isNormalUser = true; openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ]; }; }; diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix index 27e0c638b..fd81f28ca 100644 --- a/makefu/2configs/share/gum.nix +++ b/makefu/2configs/share/gum.nix @@ -11,7 +11,10 @@ in { # home = "/var/empty"; # }; environment.systemPackages = [ pkgs.samba ]; - users.users.download.uid = genid "download"; + users.users.download = { + uid = genid "download"; + isNormalUser = true; + }; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index ac0eaa978..56beb5b42 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -9,7 +9,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 9695751ff..f2c36b551 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -3,7 +3,7 @@ networking.firewall.allowedTCPPorts = [ 139 445 ]; users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/home/share"; createHome = true; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index e96daa038..c8ccbfbb9 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -23,6 +23,7 @@ in { uid = genid "arafetch"; inherit home; createHome = true; + isSystemUser = true; }; systemd.services.ara2mqtt = { diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix index 34f0ab0b4..106f8fac6 100644 --- a/makefu/2configs/temp/share-samba.nix +++ b/makefu/2configs/temp/share-samba.nix @@ -1,7 +1,7 @@ {config, ... }:{ users.users.smbguest = { name = "smbguest"; - uid = config.ids.uids.smbguest; + uid = config.ids.uids.smbguest; # effectively systemUser group = "share"; description = "smb guest user"; home = "/var/empty"; diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 5a29eea85..763603dfd 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -16,7 +16,10 @@ saleae-logic gitAndTools.gitFull signal-desktop + element-desktop # rambox + vscode + chitubox ]; } diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index d66ea7760..14e782e3f 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -15,6 +15,6 @@ streamripper youtube-dl - pulseeffects + pulseeffects-legacy # for pulse ]; } diff --git a/makefu/2configs/tools/sec.nix b/makefu/2configs/tools/sec.nix index 17a980ef7..acc22d647 100644 --- a/makefu/2configs/tools/sec.nix +++ b/makefu/2configs/tools/sec.nix @@ -4,7 +4,7 @@ users.users.makefu.packages = with pkgs; [ aria2 # mitmproxy - pythonPackages.binwalk-full + python3Packages.binwalk-full dnsmasq iodine mtr diff --git a/makefu/3modules/ps3netsrv.nix b/makefu/3modules/ps3netsrv.nix index 5222e50ac..30070430c 100644 --- a/makefu/3modules/ps3netsrv.nix +++ b/makefu/3modules/ps3netsrv.nix @@ -50,6 +50,7 @@ let # TODO only create if user is ps3netsrv users.users.ps3netsrv = { uid = genid "ps3netsrv"; + isSystemUser = true; }; users.groups.ps3netsrv.gid = genid "ps3netsrv"; }; diff --git a/makefu/5pkgs/awesomecfg/full.cfg b/makefu/5pkgs/awesomecfg/full.cfg index bbf15e603..049c145dd 100644 --- a/makefu/5pkgs/awesomecfg/full.cfg +++ b/makefu/5pkgs/awesomecfg/full.cfg @@ -489,6 +489,8 @@ awful.rules.rules = { properties = { tag = tags[4] } }, { rule = { class = "telegram-desktop" }, properties = { tag = tags[4] } }, + { rule = { class = "element-desktop" }, + properties = { tag = tags[4] } }, { rule = { class = "mutt" }, properties = { tag = tags[5] } }, { rule = { class = "mosh" }, diff --git a/makefu/5pkgs/chitubox/default.nix b/makefu/5pkgs/chitubox/default.nix index 2e01949bb..bea33e64f 100644 --- a/makefu/5pkgs/chitubox/default.nix +++ b/makefu/5pkgs/chitubox/default.nix @@ -14,7 +14,8 @@ stdenv.mkDerivation rec { version = "1.8.1"; src = builtins.fetchTarball { - url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + #url = "https://sac.chitubox.com/software/download.do?softwareId=17839&softwareVersionId=v${version}&fileName=CHITUBOX_V${version}.tar.gz"; + url = "https://archive.org/download/chitubox-v-1.8.1.tar/CHITUBOX_V${version}.tar.gz"; sha256 = "08fh8w7s5qvlx6bhdg24g81a7zprq7n8m27w2vdv0cd8j0wixbsx"; }; nativeBuildInputs = [ autoPatchelfHook ]; diff --git a/makefu/5pkgs/droidcam/default.nix b/makefu/5pkgs/droidcam/default.nix deleted file mode 100644 index d30fb01a6..000000000 --- a/makefu/5pkgs/droidcam/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ stdenv, fetchFromGitHub -, pkg-config -, alsaLib -, libjpeg_turbo -, ffmpeg -, libusbmuxd -, speex -, gtk3 -, libappindicator-gtk3 -}: - -stdenv.mkDerivation rec { - pname = "droidcam"; - version = "1.6"; - - src = fetchFromGitHub { - owner = "aramg"; - repo = "droidcam"; - rev = "v${version}"; - sha256 = "1d9qpnmqa3pfwsrpjnxdz76ipk4w37bbxyrazchh4vslnfc886fx"; - }; - - sourceRoot = "source/linux"; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ - alsaLib - libjpeg_turbo - ffmpeg - libusbmuxd - speex - gtk3 - libappindicator-gtk3 - ]; - - buildPhase = '' - runHook preBuild - make JPEG_DIR="" JPEG_INCLUDE="" JPEG_LIB="" JPEG="$(pkg-config --libs --cflags libturbojpeg)" - ''; - installPhase = '' - runHook preInstall - install -Dm755 "droidcam" "$out/bin/droidcam" - install -Dm755 "droidcam-cli" "$out/bin/droidcam-cli" - install -Dm644 icon2.png "$out/share/pixmaps/droidcam.png" - install -Dm644 README.md "$out/share/licenses/droidcam/LICENSE" - ''; - - meta = with stdenv.lib; { - description = "A kernel module to create V4L2 loopback devices"; - homepage = "https://github.com/aramg/droidcam"; - license = licenses.gpl2; - maintainers = [ maintainers.makefu ]; - platforms = platforms.linux; - }; -} diff --git a/makefu/5pkgs/hdl-dump/default.nix b/makefu/5pkgs/hdl-dump/default.nix deleted file mode 100644 index bd454223a..000000000 --- a/makefu/5pkgs/hdl-dump/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ stdenv, lib, pkgs, fetchurl,fetchFromGitHub, upx, wine }: -stdenv.mkDerivation rec { - pname = "hdl-dump"; - version = "75df8d7"; - name = "${pname}-${version}"; - - src = fetchFromGitHub { - owner = "AKuHAK"; - repo = "hdl-dump"; - rev = version; - sha256 = "10jjr6p5yn0c182x17m7q68jmf8gizcny7wjxw7z5yh0fv5s48z4"; - }; - - buildInputs = [ upx wine ]; - - makeFlags = [ "RELEASE=yes" ]; - |