From 07609fb02da32cb8f6ca3553d20e6db51927b64b Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 2 Mar 2024 16:28:45 +0100 Subject: [PATCH 01/16] hosts/storage-2: add firmware.clerie.de --- hosts/storage-2/configuration.nix | 2 + hosts/storage-2/firmware.nix | 37 +++++++++++++++++++ hosts/storage-2/secrets/firmware-htpasswd.age | 10 +++++ hosts/storage-2/users.nix | 5 +++ 4 files changed, 54 insertions(+) create mode 100644 hosts/storage-2/firmware.nix create mode 100644 hosts/storage-2/secrets/firmware-htpasswd.age create mode 100644 hosts/storage-2/users.nix diff --git a/hosts/storage-2/configuration.nix b/hosts/storage-2/configuration.nix index 4aaea5a..3b39699 100644 --- a/hosts/storage-2/configuration.nix +++ b/hosts/storage-2/configuration.nix @@ -5,8 +5,10 @@ [ ./hardware-configuration.nix ../../configuration/proxmox-vm + ./firmware.nix ./mixcloud.nix ./syncthing.nix + ./users.nix ]; boot.loader.grub.enable = true; diff --git a/hosts/storage-2/firmware.nix b/hosts/storage-2/firmware.nix new file mode 100644 index 0000000..4ba6b5d --- /dev/null +++ b/hosts/storage-2/firmware.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + age.secrets.firmware-htpasswd = { + owner = "nginx"; + group = "nginx"; + }; + + services.nginx.virtualHosts = { + "firmware.clerie.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + alias = "/data/firmware/"; + basicAuthFile = config.age.secrets.firmware-htpasswd.path; + extraConfig = '' + autoindex on; + autoindex_exact_size off; + ''; + }; + }; + }; + + users.users.data-firmware = { + group = "data-firmware"; + home = "/data/firmware"; + useDefaultShell = true; + isSystemUser = true; + }; + users.groups.data-firmware = {}; + + systemd.tmpfiles.rules = [ + "d /data/firmware - data-firmware data-firmware - -" + ]; +} diff --git a/hosts/storage-2/secrets/firmware-htpasswd.age b/hosts/storage-2/secrets/firmware-htpasswd.age new file mode 100644 index 0000000..efcf094 --- /dev/null +++ b/hosts/storage-2/secrets/firmware-htpasswd.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 HwR33w AtsznTAUQumy3G6fSBwIiezL2Zdzl33t9TU3hDotcRs +eG+bBDB+MOQk7cHx+3Ha/n83t2QEbZunRYi0idRF9RQ +-> ssh-ed25519 pI7EWw egjmvw3f6zrl0XmxI7xWhKsPl8PXTkZDSY84VbtJTG4 +MFsjDhp5UrprE3w7q9W3ZmGlkNnOFbsJNVjfeO11trw +-> 0=-grease Fi`a + >zPFov* a +nx2zvPHhzkSNi/8oxnL07qefB248BCwJMjpVTc8i5j5aedELas87iI/WppKoa/tq +/jYLHztLjqKy412YvA0xuzR6yZ7G +--- 7M+CSupk4WV36DU/c8ZtODB6N8kuhttk4aLMULp8/Zc +!UթұmL saYh?Uaqa} Ž l@Eqǘw䍯*.L ѓJeFy@= J \ No newline at end of file diff --git a/hosts/storage-2/users.nix b/hosts/storage-2/users.nix new file mode 100644 index 0000000..984ce62 --- /dev/null +++ b/hosts/storage-2/users.nix @@ -0,0 +1,5 @@ +{ ... }: + +{ + users.users.clerie.extraGroups = [ "data-firmware" ]; +} From 521ffac88c3e6792106bebb9671df4fb24d6e004 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 11 Mar 2024 17:20:48 +0100 Subject: [PATCH 02/16] configuration/desktop: global touchpad config --- configuration/desktop/default.nix | 1 + configuration/desktop/inputs.nix | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 configuration/desktop/inputs.nix diff --git a/configuration/desktop/default.nix b/configuration/desktop/default.nix index 4713d19..074cbab 100644 --- a/configuration/desktop/default.nix +++ b/configuration/desktop/default.nix @@ -5,6 +5,7 @@ ./audio.nix ./fonts.nix ./gnome.nix + ./inputs.nix ./networking.nix ./power.nix ./printing.nix diff --git a/configuration/desktop/inputs.nix b/configuration/desktop/inputs.nix new file mode 100644 index 0000000..e855eda --- /dev/null +++ b/configuration/desktop/inputs.nix @@ -0,0 +1,19 @@ +{ ... }: + +{ + programs.dconf.profiles = { + user.databases = [ + { + settings = { + "org/gnome/desktop/peripherals/touchpad" = { + disable-while-typing = false; + edge-scrolling-enabled = false; + natural-scroll = true; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + }; + } + ]; + }; +} From c472f5086c7c7927b7b60bcacd4a8f5827aeb358 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 11 Mar 2024 20:07:46 +0100 Subject: [PATCH 03/16] configuration/common: Set defaults for gnome shell --- configuration/desktop/gnome.nix | 23 +++++++++++++++++++++++ configuration/desktop/inputs.nix | 10 ++++++++++ configuration/desktop/power.nix | 14 ++++++++++++++ 3 files changed, 47 insertions(+) diff --git a/configuration/desktop/gnome.nix b/configuration/desktop/gnome.nix index 1a70246..f05d50a 100644 --- a/configuration/desktop/gnome.nix +++ b/configuration/desktop/gnome.nix @@ -32,4 +32,27 @@ ]; services.gnome.evolution-data-server.enable = true; + + programs.dconf.profiles = { + user.databases = [ + { + settings = { + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { + enable-hot-corners = false; + show-battery-percentage = true; + }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + "org/gnome/gnome-system-monitor" = { + network-in-bits = true; + network-total-in-bits = true; + }; + }; + } + ]; + }; } diff --git a/configuration/desktop/inputs.nix b/configuration/desktop/inputs.nix index e855eda..e6419a1 100644 --- a/configuration/desktop/inputs.nix +++ b/configuration/desktop/inputs.nix @@ -12,6 +12,16 @@ tap-to-click = true; two-finger-scrolling-enabled = true; }; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/terminal/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/terminal" = { + name = "Terminal"; + binding = "t"; + command = "gnome-terminal"; + }; }; } ]; diff --git a/configuration/desktop/power.nix b/configuration/desktop/power.nix index 87c060a..f5429d1 100644 --- a/configuration/desktop/power.nix +++ b/configuration/desktop/power.nix @@ -8,4 +8,18 @@ systemd.sleep.extraConfig = '' HibernateDelaySec=30m ''; + + programs.dconf.profiles = { + user.databases = [ + { + settings = { + "org/gnome/settings-daemon/plugins/power" = { + power-button-action = "nothing"; + power-saver-profile-on-low-battery = false; + sleep-inactive-ac-type = "nothing"; + }; + }; + } + ]; + }; } From 03b75a9b8a83591d33fd3b44f07a753168a2523b Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 11 Mar 2024 20:28:28 +0100 Subject: [PATCH 04/16] configuration/desktop: gdm settings --- configuration/desktop/inputs.nix | 13 +++++++++++++ configuration/desktop/power.nix | 11 +++++++++++ 2 files changed, 24 insertions(+) diff --git a/configuration/desktop/inputs.nix b/configuration/desktop/inputs.nix index e6419a1..4207c16 100644 --- a/configuration/desktop/inputs.nix +++ b/configuration/desktop/inputs.nix @@ -25,5 +25,18 @@ }; } ]; + gdm.databases = [ + { + settings = { + "org/gnome/desktop/peripherals/touchpad" = { + disable-while-typing = false; + edge-scrolling-enabled = false; + natural-scroll = true; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + }; + } + ]; }; } diff --git a/configuration/desktop/power.nix b/configuration/desktop/power.nix index f5429d1..41f8355 100644 --- a/configuration/desktop/power.nix +++ b/configuration/desktop/power.nix @@ -21,5 +21,16 @@ }; } ]; + gdm.databases = [ + { + settings = { + "org/gnome/settings-daemon/plugins/power" = { + power-button-action = "nothing"; + power-saver-profile-on-low-battery = false; + sleep-inactive-ac-type = "nothing"; + }; + }; + } + ]; }; } From 59f83dd5afe68ed7d48e090f62862c4730a6e696 Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 11 Mar 2024 20:42:17 +0100 Subject: [PATCH 05/16] configuration/desktop: hibernate on power button --- configuration/desktop/power.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configuration/desktop/power.nix b/configuration/desktop/power.nix index 41f8355..aca3231 100644 --- a/configuration/desktop/power.nix +++ b/configuration/desktop/power.nix @@ -14,7 +14,7 @@ { settings = { "org/gnome/settings-daemon/plugins/power" = { - power-button-action = "nothing"; + power-button-action = "hibernate"; power-saver-profile-on-low-battery = false; sleep-inactive-ac-type = "nothing"; }; @@ -25,7 +25,7 @@ { settings = { "org/gnome/settings-daemon/plugins/power" = { - power-button-action = "nothing"; + power-button-action = "hibernate"; power-saver-profile-on-low-battery = false; sleep-inactive-ac-type = "nothing"; }; From 1faa4386b125f1c88d5ec56fd42ac9677d1bb600 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 19:41:59 +0100 Subject: [PATCH 06/16] configuration/common: add template repo to nix registry --- configuration/common/nix.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/configuration/common/nix.nix b/configuration/common/nix.nix index 2c2f4b4..75cc0a6 100644 --- a/configuration/common/nix.nix +++ b/configuration/common/nix.nix @@ -51,6 +51,16 @@ }; exact = true; }; + "templates" = { + from = { + type = "indirect"; + id = "templates"; + }; + to = { + type = "git"; + url = "https://git.clerie.de/clerie/flake-templates.git"; + }; + }; }; documentation.doc.enable = false; From 52582895cf1f7082eb39370ebc86cf416cb5d45e Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 20:03:32 +0100 Subject: [PATCH 07/16] pkgs/anycast_healthchecker: remove package --- flake.nix | 1 - modules/anycast_healthchecker/default.nix | 122 ---------------------- modules/default.nix | 1 - pkgs/anycast_healthchecker/default.nix | 18 ---- pkgs/overlay.nix | 1 - 5 files changed, 143 deletions(-) delete mode 100644 modules/anycast_healthchecker/default.nix delete mode 100644 pkgs/anycast_healthchecker/default.nix diff --git a/flake.nix b/flake.nix index 3b87f80..10e66c6 100644 --- a/flake.nix +++ b/flake.nix @@ -112,7 +112,6 @@ }; in { inherit (pkgs) - anycast_healthchecker flask-excel iot-data nixfiles-add-secret diff --git a/modules/anycast_healthchecker/default.nix b/modules/anycast_healthchecker/default.nix deleted file mode 100644 index 2683a09..0000000 --- a/modules/anycast_healthchecker/default.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - cfg = config.clerie.anycast_healthchecker; - configFile = pkgs.writeText "anycast-healthchecker.conf" '' - [DEFAULT] - interface = lo - - [daemon] - pidfile = /run/anycast-healthchecker/anycast-healthchecker.pid - ipv4 = true - ipv6 = true - bird_conf = /var/lib/anycast-healthchecker/anycast-prefixes.conf - bird6_conf = /var/lib/anycast-healthchecker/anycast-prefixes6.conf - bird_variable = ACAST_PS_ADVERTISE - bird6_variable = ACAST6_PS_ADVERTISE - bird_reconfigure_cmd = birdc configure - bird6_reconfigure_cmd = birdc configure - dummy_ip_prefix = 10.189.200.255/32 - dummy_ip6_prefix = 2001:db8::1/128 - bird_keep_changes = false - bird6_keep_changes = false - bird_changes_counter = 128 - bird6_changes_counter = 128 - purge_ip_prefixes = false - loglevel = debug - log_maxbytes = 104857600 - log_backups = 8 - json_stdout = false - json_log_file = false - json_log_server = false - ''; - - checksDir = pkgs.writeTextDir "checks.conf" ( - concatStringsSep "\n" ( - mapAttrsToList ( - name: check: '' - [${name}] - ip_prefix = ${check.ip_prefix} - check_cmd = ${check.cmd} - '' + ( - concatStringsSep "\n" ( - optional (check.timeout != null) "check_timeout = ${toString check.timeout}" - ++ optional (check.rise != null) "check_rise = ${toString check.rise}" - ++ optional (check.fail != null) "check_fail = ${toString check.fail}" - ++ optional (check.interval != null) "check_interval = ${toString check.interval}" - ) - ) - ) cfg.checks - ) - ); - - checkOpts = { config, ... }@moduleAttrs: { - - options = { - - enable = mkOption { - type = types.bool; - default = true; - }; - timeout = mkOption { - type = with types; nullOr int; - default = null; - }; - rise = mkOption { - type = with types; nullOr int; - default = null; - }; - fail = mkOption { - type = with types; nullOr int; - default = null; - }; - interval = mkOption { - type = with types; nullOr int; - default = null; - }; - ip_prefix = mkOption { - type = types.str; - }; - cmd = mkOption { - type = types.str; - default = "${pkgs.curl}/bin/curl --fail --silent http://${moduleAttrs.config.ip_prefix}"; - }; - }; - - }; - -in { - - options = { - - clerie.anycast_healthchecker = { - - enable = mkEnableOption "anycast healthchecker"; - - checks = mkOption { - type = with types; attrsOf (submodule checkOpts); - }; - - }; - - }; - - - config = mkIf cfg.enable { - - systemd.services.anycast_healthchecker = { - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - RuntimeDirectory = "anycast-healthchecker"; - StateDirectory = "anycast-healthchecker"; - User = "bird2"; - Group = "bird2"; - ExecStart = "${pkgs.anycast_healthchecker}/bin/anycast-healthchecker -f ${configFile} -d ${checksDir}"; - }; - path = with pkgs; [ bird2 ]; - }; - - }; -} diff --git a/modules/default.nix b/modules/default.nix index 08b5ed4..846bfdf 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -4,7 +4,6 @@ imports = [ ./policyrouting ./akne - ./anycast_healthchecker ./backup ./clerie-firewall ./clerie-gc-dir diff --git a/pkgs/anycast_healthchecker/default.nix b/pkgs/anycast_healthchecker/default.nix deleted file mode 100644 index a0d682b..0000000 --- a/pkgs/anycast_healthchecker/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ buildPythonPackage, fetchPypi, pbr, docopt, python-json-logger }: - -buildPythonPackage rec { - pname = "anycast-healthchecker"; - version = "0.9.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "1d555aa420113c9119f9f548eac35cb4789018b8866535a91f05086727146ea4"; - }; - - buildInputs = [ - pbr - ]; - propagatedBuildInputs = [ - docopt python-json-logger - ]; -} diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 52b4146..5ca8e61 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,5 +1,4 @@ final: prev: { - anycast_healthchecker = final.python3.pkgs.callPackage ./anycast_healthchecker {}; flask-excel = final.python3.pkgs.callPackage ./flask-excel {}; iot-data = final.python3.pkgs.callPackage ./iot-data {}; nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {}; From f34337159d64d3b3ce258cf6289e700aab536998 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 20:12:41 +0100 Subject: [PATCH 08/16] pkgs/wetter: remove package --- flake.nix | 4 -- hosts/web-2/wetter.nix | 81 +-------------------------------- pkgs/flask-excel/default.nix | 17 ------- pkgs/overlay.nix | 6 --- pkgs/pyexcel-webio/default.nix | 17 ------- pkgs/pyexcel-xlsx/default.nix | 17 ------- pkgs/wetter/default.nix | 83 ---------------------------------- 7 files changed, 1 insertion(+), 224 deletions(-) delete mode 100644 pkgs/flask-excel/default.nix delete mode 100644 pkgs/pyexcel-webio/default.nix delete mode 100644 pkgs/pyexcel-xlsx/default.nix delete mode 100644 pkgs/wetter/default.nix diff --git a/flake.nix b/flake.nix index 10e66c6..a960b01 100644 --- a/flake.nix +++ b/flake.nix @@ -112,7 +112,6 @@ }; in { inherit (pkgs) - flask-excel iot-data nixfiles-add-secret nixfiles-auto-install @@ -121,11 +120,8 @@ nixfiles-system-upgrade nixfiles-updated-inputs nixfiles-update-ssh-host-keys - pyexcel-xlsx - pyexcel-webio update-from-hydra uptimestatus - wetter; }); hydraJobs = { diff --git a/hosts/web-2/wetter.nix b/hosts/web-2/wetter.nix index bbbb582..c4cac3d 100644 --- a/hosts/web-2/wetter.nix +++ b/hosts/web-2/wetter.nix @@ -1,90 +1,11 @@ { pkgs, ... }: -let - configFile = pkgs.writeText "wetter.cfg" '' - SQLALCHEMY_DATABASE_URI="postgresql://wetter_web@/wetter?host=/run/postgresql" - ''; - -in { - users.users.wetter = { - description = "Wetter Service"; - group = "wetter"; - home = "/var/lib/wetter/"; - useDefaultShell = true; - isSystemUser = true; - }; - users.groups.wetter = {}; - - users.users.wetter_web = { - description = "Wetter Web Service"; - group = "wetter_web"; - home = "/var/lib/wetter/"; - useDefaultShell = true; - isSystemUser = true; - }; - users.groups.wetter_web = {}; - - users.users.wetter_scraper = { - description = "Wetter Scraper"; - group = "wetter_scraper"; - home = "/var/lib/wetter/"; - useDefaultShell = true; - isSystemUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4kCYnm6mnPI3nPF5YmYCxeVqL4i02dSIJ9kngxu9rS dwd-scraper" - ]; - }; - users.groups.wetter_scraper = {}; - - services.postgresql = { - ensureDatabases = [ "wetter" ]; - ensureUsers = [ - { - name = "wetter"; - ensurePermissions = { - "DATABASE wetter" = "ALL PRIVILEGES"; - }; - } - { - name = "wetter_scraper"; - ensurePermissions = { - "DATABASE wetter" = "CONNECT"; - "SCHEMA public" = "USAGE"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - } - { - name = "wetter_web"; - ensurePermissions = { - "DATABASE wetter" = "CONNECT"; - "SCHEMA public" = "USAGE"; - "ALL TABLES IN SCHEMA public" = "SELECT"; - }; - } - ]; - }; - -# systemd.services.wetter = { -# wantedBy = [ "multi-user.target" ]; -# serviceConfig = { -# RuntimeDirectory = "wetter"; -# StateDirectory = "wetter"; -# User = "wetter_web"; -# Group = "wetter_web"; -# }; -# environment = { -# WETTER_SETTINGS = "${configFile}"; -# }; -# script = "gunicorn -w 4 -b [::1]:8234 wetter:app"; -# path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ]; -# }; - +{ services.nginx.virtualHosts = { "wetter.clerie.de" = { enableACME = true; forceSSL = true; locations."/" = { - #proxyPass = "http://[::1]:8234"; return = ''200 "wetter.clerie.de is currently offline, find source code on https://git.clerie.de/clerie/wetter\n"''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; diff --git a/pkgs/flask-excel/default.nix b/pkgs/flask-excel/default.nix deleted file mode 100644 index c2b47e6..0000000 --- a/pkgs/flask-excel/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ buildPythonPackage, fetchPypi, pyexcel-webio, flask }: - -buildPythonPackage rec { - pname = "Flask-Excel"; - version = "0.0.7"; - - src = fetchPypi { - inherit pname version; - sha256 = "b82ddfe6319ecf2f796ada9966737ac8eaf9a99d6bce773f8acdc08acd7e9fae"; - }; - - propagatedBuildInputs = [ - pyexcel-webio flask - ]; - - doCheck = false; -} diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 5ca8e61..e22f81c 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,5 +1,4 @@ final: prev: { - flask-excel = final.python3.pkgs.callPackage ./flask-excel {}; iot-data = final.python3.pkgs.callPackage ./iot-data {}; nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {}; nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; @@ -8,11 +7,6 @@ final: prev: { nixfiles-system-upgrade = final.callPackage ./nixfiles/nixfiles-system-upgrade.nix {}; nixfiles-updated-inputs = final.callPackage ./nixfiles/nixfiles-updated-inputs.nix {}; nixfiles-update-ssh-host-keys = final.callPackage ./nixfiles/nixfiles-update-ssh-host-keys.nix {}; - pyexcel-xlsx = final.python3.pkgs.callPackage ./pyexcel-xlsx {}; - pyexcel-webio = final.python3.pkgs.callPackage ./pyexcel-webio {}; update-from-hydra = final.callPackage ./update-from-hydra {}; uptimestatus = final.python3.pkgs.callPackage ./uptimestatus {}; - wetter = final.python3.pkgs.callPackage ./wetter { - inherit (final) pkg-config libsass; - }; } diff --git a/pkgs/pyexcel-webio/default.nix b/pkgs/pyexcel-webio/default.nix deleted file mode 100644 index aab2240..0000000 --- a/pkgs/pyexcel-webio/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ buildPythonPackage, fetchPypi, pyexcel }: - -buildPythonPackage rec { - pname = "pyexcel-webio"; - version = "0.1.4"; - - src = fetchPypi { - inherit pname version; - sha256 = "039538f1b35351f1632891dde29ef4d7fba744e217678ebb5a501336e28ca265"; - }; - - propagatedBuildInputs = [ - pyexcel - ]; - - doCheck = false; -} diff --git a/pkgs/pyexcel-xlsx/default.nix b/pkgs/pyexcel-xlsx/default.nix deleted file mode 100644 index 91ad307..0000000 --- a/pkgs/pyexcel-xlsx/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ buildPythonPackage, fetchPypi, openpyxl, pyexcel-io }: - -buildPythonPackage rec { - pname = "pyexcel-xlsx"; - version = "0.6.0"; - - src = fetchPypi { - inherit pname version; - sha256 = "55754f764252461aca6871db203f4bd1370ec877828e305e6be1de5f9aa6a79d"; - }; - - propagatedBuildInputs = [ - openpyxl pyexcel-io - ]; - - doCheck = false; -} diff --git a/pkgs/wetter/default.nix b/pkgs/wetter/default.nix deleted file mode 100644 index 658be06..0000000 --- a/pkgs/wetter/default.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - pkgs, - buildPythonPackage, - flask, - flask_sqlalchemy, - lib, - libsass, - yarn2nix-moretea, - nodejs, - pkg-config, - psycopg2, - python3, - stdenv, - flask-excel, - pyexcel-xlsx, -}: - -let - src = pkgs.fetchgit { - url = "https://git.clerie.de/clerie/wetter.git"; - rev = "3193c6d507af5d6f5d62c23046b7fbf0c638ddb4"; - sha256 = "sha256-ouUmmw020jKg/SRlYhGBFRw/atxW+atQ1JSTFQNi5iw="; - }; - pname = "wetter"; - version = "0.0.1"; - - packageJSON = src + "/package.json"; - yarnLock = src + "/yarn.lock"; - - modules = yarn2nix-moretea.mkYarnModules { - pname = "${pname}-modules"; - name = "${pname}-modules-${version}"; - inherit version packageJSON yarnLock; - - /* build native node-sass extensions */ - pkgConfig.node-sass = { - buildInputs = [ python3 libsass pkg-config ]; - postInstall = '' - export npm_config_nodedir=${nodejs} - LIBSASS_EXT=auto yarn --offline run build - rm build/config.gypi - ''; - }; - }; - - assets = stdenv.mkDerivation { - inherit src pname version; - - NODE_ENV = "production"; - - buildPhase = '' - runHook preBuild - ln -s ${modules}/node_modules - node_modules/.bin/rollup -c - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - cp -r wetter/static/bundle $out - runHook postInstall - ''; - }; - -in buildPythonPackage rec { - inherit src pname version; - - propagatedBuildInputs = [ - flask - flask_sqlalchemy - psycopg2 - flask-excel - pyexcel-xlsx - ]; - - postInstall = '' - mkdir -p $out/${python3.sitePackages}/wetter/static - cp -r ${assets} $out/${python3.sitePackages}/wetter/static/bundle - cp -r wetter/templates $out/${python3.sitePackages}/wetter/templates - ''; - - doCheck = false; -} From 8e9c9f87befd14d6a85e755d88171f295f39e7c4 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 20:15:08 +0100 Subject: [PATCH 09/16] modules/gre-tunnel: remove module --- modules/default.nix | 1 - modules/gre-tunnel/default.nix | 89 ---------------------------------- 2 files changed, 90 deletions(-) delete mode 100644 modules/gre-tunnel/default.nix diff --git a/modules/default.nix b/modules/default.nix index 846bfdf..5a4a258 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -7,7 +7,6 @@ ./backup ./clerie-firewall ./clerie-gc-dir - ./gre-tunnel ./minecraft-server ./monitoring ./nginx-port-forward diff --git a/modules/gre-tunnel/default.nix b/modules/gre-tunnel/default.nix deleted file mode 100644 index 8e6bc90..0000000 --- a/modules/gre-tunnel/default.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.clerie.gre-tunnel; - - generateInterfaceUnit = isIPv6: (name: tunnel: - nameValuePair "gre-tunnel-${name}" { - description = "GRE Tunnel - ${name}"; - requires = [ "network-online.target" ]; - after = [ "network.target" "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - environment.DEVICE = name; - path = with pkgs; [ iproute ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - script = '' - ${tunnel.preSetup} - ip${optionalString isIPv6 " -6"} tunnel add ${name} mode ${optionalString isIPv6 "ip6"}gre remote ${tunnel.remote} local ${tunnel.local} - ip link set ${name} up - ip${optionalString isIPv6 " -6"} a add ${tunnel.address} dev ${name} - ${tunnel.postSetup} - ''; - - postStop = '' - ip link set ${name} down - ip tunnel del ${name} - ${tunnel.postShutdown} - ''; - }); - - checkOpts = { config, ... }@moduleAttrs: { - options = { - remote = mkOption { - type = types.str; - description = "Address of reciever."; - }; - local = mkOption { - type = types.str; - description = "Address our packets originate from."; - }; - address = mkOption { - type = types.str; - description = "Our address in this tunnel."; - }; - preSetup = mkOption { - type = types.str; - default = ""; - description = "Commands called at the start of the interface setup."; - }; - postSetup = mkOption { - type = types.str; - default = ""; - description = "Commands called at the end of the interface setup."; - }; - postShutdown = mkOption { - type = types.str; - default = ""; - description = "Commands called after shutting down the interface."; - }; - }; - }; - -in { - options = { - clerie.gre-tunnel = { - enable = mkEnableOption "Declarative Policy-Routing"; - ipv6 = mkOption { - type = with types; attrsOf (submodule checkOpts); - default = {}; - }; - ipv4 = mkOption { - type = with types; attrsOf (submodule checkOpts); - default = {}; - }; - }; - }; - - config = mkIf cfg.enable { - systemd.services = - (mapAttrs' (generateInterfaceUnit false) cfg.ipv4) - // (mapAttrs' (generateInterfaceUnit true) cfg.ipv6); - }; -} From b98fb3b061e3ad374c49a055bdaa814a18c72004 Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 20:27:20 +0100 Subject: [PATCH 10/16] flake.nix: fix syntax --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index a960b01..65d6676 100644 --- a/flake.nix +++ b/flake.nix @@ -121,7 +121,7 @@ nixfiles-updated-inputs nixfiles-update-ssh-host-keys update-from-hydra - uptimestatus + uptimestatus; }); hydraJobs = { From f011e3fc9e9babf858aab4153d3458a98b48d70d Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 20:30:37 +0100 Subject: [PATCH 11/16] modules/nixfiles/nixfiles-system-upgrade.nix,modules/clerie-system-upgrade: rename module --- configuration/common/nix.nix | 2 +- hosts/dn42-il-gw1/configuration.nix | 2 +- hosts/dn42-il-gw5/configuration.nix | 2 +- hosts/dn42-il-gw6/configuration.nix | 2 +- hosts/minecraft-2/configuration.nix | 2 +- hosts/nonat/configuration.nix | 2 +- hosts/storage-2/configuration.nix | 2 +- .../default.nix} | 10 +++++----- 8 files changed, 12 insertions(+), 12 deletions(-) rename modules/{nixfiles/nixfiles-system-upgrade.nix => clerie-system-upgrade/default.nix} (83%) diff --git a/configuration/common/nix.nix b/configuration/common/nix.nix index 75cc0a6..67977ec 100644 --- a/configuration/common/nix.nix +++ b/configuration/common/nix.nix @@ -4,7 +4,7 @@ clerie.nixfiles.enable = true; - clerie.nixfiles.system-auto-upgrade.enable = true; + clerie.system-auto-upgrade.enable = true; nix.settings = { trusted-users = [ "@wheel" "@guests" ]; diff --git a/hosts/dn42-il-gw1/configuration.nix b/hosts/dn42-il-gw1/configuration.nix index b984017..8ade80b 100644 --- a/hosts/dn42-il-gw1/configuration.nix +++ b/hosts/dn42-il-gw1/configuration.nix @@ -329,7 +329,7 @@ } ''; - clerie.nixfiles.system-auto-upgrade = { + clerie.system-auto-upgrade = { allowReboot = true; autoUpgrade = true; }; diff --git a/hosts/dn42-il-gw5/configuration.nix b/hosts/dn42-il-gw5/configuration.nix index ac7a0d9..1512f88 100644 --- a/hosts/dn42-il-gw5/configuration.nix +++ b/hosts/dn42-il-gw5/configuration.nix @@ -183,7 +183,7 @@ } ''; - clerie.nixfiles.system-auto-upgrade = { + clerie.system-auto-upgrade = { allowReboot = true; autoUpgrade = true; startAt = "*-*-* 06:22:00"; diff --git a/hosts/dn42-il-gw6/configuration.nix b/hosts/dn42-il-gw6/configuration.nix index ffefe9b..274f33a 100644 --- a/hosts/dn42-il-gw6/configuration.nix +++ b/hosts/dn42-il-gw6/configuration.nix @@ -183,7 +183,7 @@ } ''; - clerie.nixfiles.system-auto-upgrade = { + clerie.system-auto-upgrade = { allowReboot = true; autoUpgrade = true; startAt = "*-*-* 07:22:00"; diff --git a/hosts/minecraft-2/configuration.nix b/hosts/minecraft-2/configuration.nix index 3a893b0..611dc19 100644 --- a/hosts/minecraft-2/configuration.nix +++ b/hosts/minecraft-2/configuration.nix @@ -62,7 +62,7 @@ in { }; }; - clerie.nixfiles.system-auto-upgrade = { + clerie.system-auto-upgrade = { allowReboot = true; autoUpgrade = true; }; diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix index d1af256..8e048bc 100644 --- a/hosts/nonat/configuration.nix +++ b/hosts/nonat/configuration.nix @@ -39,7 +39,7 @@ networking.firewall.allowedUDPPorts = []; - clerie.nixfiles.system-auto-upgrade = { + clerie.system-auto-upgrade = { allowReboot = true; autoUpgrade = true; }; diff --git a/hosts/storage-2/configuration.nix b/hosts/storage-2/configuration.nix index 3b39699..7631145 100644 --- a/hosts/storage-2/configuration.nix +++ b/hosts/storage-2/configuration.nix @@ -28,7 +28,7 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; - clerie.nixfiles.system-auto-upgrade = { + clerie.system-auto-upgrade = { allowReboot = true; autoUpgrade = true; }; diff --git a/modules/nixfiles/nixfiles-system-upgrade.nix b/modules/clerie-system-upgrade/default.nix similarity index 83% rename from modules/nixfiles/nixfiles-system-upgrade.nix rename to modules/clerie-system-upgrade/default.nix index 43e0612..6c3a212 100644 --- a/modules/nixfiles/nixfiles-system-upgrade.nix +++ b/modules/clerie-system-upgrade/default.nix @@ -3,13 +3,13 @@ with lib; let - cfg = config.clerie.nixfiles.system-auto-upgrade; + cfg = config.clerie.system-auto-upgrade; in { options = { - clerie.nixfiles.system-auto-upgrade = { - enable = mkEnableOption "clerie nixfiles tools"; + clerie.system-auto-upgrade = { + enable = mkEnableOption "clerie system upgrade"; allowReboot = mkOption { type = types.bool; default = false; @@ -28,7 +28,7 @@ in }; }; config = mkIf cfg.enable { - systemd.services.nixfiles-system-auto-upgrade = { + systemd.services.clerie-system-auto-upgrade = { # Make sure this unit does not stop themself while upgrading restartIfChanged = false; unitConfig.X-StopOnRemoval = false; @@ -38,7 +38,7 @@ in ExecStart = pkgs.nixfiles-system-upgrade + "/bin/nixfiles-system-upgrade --no-confirm${optionalString cfg.allowReboot " --allow-reboot"}${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/nixfiles-system-upgrade.prom"}"; }; }; - systemd.timers.nixfiles-system-auto-upgrade = mkIf cfg.autoUpgrade { + systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade { wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = if cfg.startAt == null then "*-*-* 05:37:00" else cfg.startAt; From a15527caf8eb91afd9eb7681503ded30928debfb Mon Sep 17 00:00:00 2001 From: clerie Date: Thu, 14 Mar 2024 20:33:28 +0100 Subject: [PATCH 12/16] modules/clerie-system-upgrade: add to modules --- modules/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/default.nix b/modules/default.nix index 5a4a258..09a16f8 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -7,11 +7,11 @@ ./backup ./clerie-firewall ./clerie-gc-dir + ./clerie-system-upgrade ./minecraft-server ./monitoring ./nginx-port-forward ./nixfiles - ./nixfiles/nixfiles-system-upgrade.nix ./update-from-hydra ./wg-clerie ./wireguard-initrd From 5b8b8f8cab6ffc158c97b2ff5ed5f1c12c944d2e Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 17 Mar 2024 14:24:06 +0100 Subject: [PATCH 13/16] pkgs/chromium-incognito: add package --- flake.nix | 1 + hosts/krypton/programs.nix | 1 + pkgs/chromium-incognito/default.nix | 36 +++++++++++++++++++++++++++++ pkgs/overlay.nix | 1 + 4 files changed, 39 insertions(+) create mode 100644 pkgs/chromium-incognito/default.nix diff --git a/flake.nix b/flake.nix index 65d6676..c20ec46 100644 --- a/flake.nix +++ b/flake.nix @@ -112,6 +112,7 @@ }; in { inherit (pkgs) + chromium-incognito iot-data nixfiles-add-secret nixfiles-auto-install diff --git a/hosts/krypton/programs.nix b/hosts/krypton/programs.nix index 44b7585..2284729 100644 --- a/hosts/krypton/programs.nix +++ b/hosts/krypton/programs.nix @@ -25,6 +25,7 @@ nmap okular + chromium-incognito ]; # Wireshark diff --git a/pkgs/chromium-incognito/default.nix b/pkgs/chromium-incognito/default.nix new file mode 100644 index 0000000..d8b9db0 --- /dev/null +++ b/pkgs/chromium-incognito/default.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: + +let + chromium-incognito-wrapper = pkgs.writeScriptBin "chromium" '' + ${pkgs.ungoogled-chromium}/bin/chromium --incognito "$@" + ''; + +in pkgs.stdenv.mkDerivation { + pname = "chromium-incognito"; + version = "0.1.0"; + src = pkgs.writeTextDir "chromium-incognito.desktop" '' + [Desktop Entry] + Version=1.0 + Name=Chromium Incognito + Exec=${chromium-incognito-wrapper}/bin/chromium %U + StartupNotify=true + Terminal=false + Icon=chromium + Type=Application + Categories=Network;WebBrowser; + MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https; + Actions=new-private-window; + + [Desktop Action new-private-window] + Name=New Incognito Window + Exec=${chromium-incognito-wrapper}/bin/chromium + ''; + buildPhase = '' + mkdir -p $out/bin + ln -s ${chromium-incognito-wrapper}/bin/chromium $out/bin + install -D chromium-incognito.desktop $out/share/applications/chromium-incognito.desktop + ln -s ${pkgs.ungoogled-chromium}/share/icons $out/share + ''; + + meta.mainProgram = "chromium"; +} diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index e22f81c..59705f6 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,4 +1,5 @@ final: prev: { + chromium-incognito = final.callPackage ./chromium-incognito {}; iot-data = final.python3.pkgs.callPackage ./iot-data {}; nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {}; nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; From 7b674458384e796c171c23c7bda84e04901a2428 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 17 Mar 2024 14:33:57 +0100 Subject: [PATCH 14/16] pkgs/chromium-incognito: Use writeShellScriptBin --- pkgs/chromium-incognito/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/chromium-incognito/default.nix b/pkgs/chromium-incognito/default.nix index d8b9db0..fccb617 100644 --- a/pkgs/chromium-incognito/default.nix +++ b/pkgs/chromium-incognito/default.nix @@ -1,7 +1,7 @@ { pkgs, ... }: let - chromium-incognito-wrapper = pkgs.writeScriptBin "chromium" '' + chromium-incognito-wrapper = pkgs.writeShellScriptBin "chromium" '' ${pkgs.ungoogled-chromium}/bin/chromium --incognito "$@" ''; @@ -19,9 +19,9 @@ in pkgs.stdenv.mkDerivation { Type=Application Categories=Network;WebBrowser; MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https; - Actions=new-private-window; + Actions=new-window; - [Desktop Action new-private-window] + [Desktop Action new-window] Name=New Incognito Window Exec=${chromium-incognito-wrapper}/bin/chromium ''; From 343ce806613e75433a9f3858e74858185ee9dfc6 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 17 Mar 2024 15:14:12 +0100 Subject: [PATCH 15/16] pkgs/nix-remove-result-links: add package --- configuration/common/nix.nix | 3 +++ flake.nix | 1 + pkgs/nix-remove-result-links/default.nix | 9 +++++++++ pkgs/overlay.nix | 1 + 4 files changed, 14 insertions(+) create mode 100644 pkgs/nix-remove-result-links/default.nix diff --git a/configuration/common/nix.nix b/configuration/common/nix.nix index 67977ec..cabb17a 100644 --- a/configuration/common/nix.nix +++ b/configuration/common/nix.nix @@ -65,4 +65,7 @@ documentation.doc.enable = false; + environment.systemPackages = with pkgs; [ + nix-remove-result-links + ]; } diff --git a/flake.nix b/flake.nix index c20ec46..b1dd8e2 100644 --- a/flake.nix +++ b/flake.nix @@ -114,6 +114,7 @@ inherit (pkgs) chromium-incognito iot-data + nix-remove-result-links nixfiles-add-secret nixfiles-auto-install nixfiles-generate-backup-secrets diff --git a/pkgs/nix-remove-result-links/default.nix b/pkgs/nix-remove-result-links/default.nix new file mode 100644 index 0000000..9fd9c30 --- /dev/null +++ b/pkgs/nix-remove-result-links/default.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +pkgs.writeShellApplication { + name = "nix-remove-result-links"; + text = '' + #!/usr/bin/env bash + find "''${1:-.}" -depth -type l -name "result*" -lname "/nix/store/*" -print -delete + ''; +} diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 59705f6..530c957 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -1,6 +1,7 @@ final: prev: { chromium-incognito = final.callPackage ./chromium-incognito {}; iot-data = final.python3.pkgs.callPackage ./iot-data {}; + nix-remove-result-links = final.callPackage ./nix-remove-result-links {}; nixfiles-add-secret = final.callPackage ./nixfiles/nixfiles-add-secret.nix {}; nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {}; nixfiles-generate-backup-secrets = final.callPackage ./nixfiles/nixfiles-generate-backup-secrets.nix {}; From 987a65fe2bf8e715a496e9edecc0b20f06d2ec35 Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Sun, 17 Mar 2024 15:34:55 +0100 Subject: [PATCH 16/16] Update nixpkgs 2024-03-17-14-34 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ccc4e02..3836d0e 100644 --- a/flake.lock +++ b/flake.lock @@ -212,11 +212,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1708118438, - "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", + "lastModified": 1710451336, + "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", + "rev": "d691274a972b3165335d261cc4671335f5c67de9", "type": "github" }, "original": {