Update nixpkgs 2025-10-27-02-03

flake.lock

@@ -404,6 +404,26 @@
         "url": "https://git.clerie.de/clerie/mitel_ommclient2.git"
       }
     },
+    "mu5001tool": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1757627777,
+        "narHash": "sha256-NGUqHQ+/BaUhjgSYQauTihTtNyhhnQRMJ8t7ZSPNpmk=",
+        "ref": "refs/heads/main",
+        "rev": "b7b0f0d5191433bca1377f7d818b800627a83fda",
+        "revCount": 9,
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/mu5001tool.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/mu5001tool.git"
+      }
+    },
     "nix2container": {
       "flake": false,
       "locked": {
@@ -646,11 +666,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1756542300,
+        "lastModified": 1761373498,
-        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
+        "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
         "type": "github"
       },
       "original": {
@@ -743,6 +763,7 @@
         "hydra": "hydra",
         "lix": "lix_2",
         "lix-module": "lix-module",
+        "mu5001tool": "mu5001tool",
         "nixos-exporter": "nixos-exporter",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_5",

flake.nix

@@ -40,6 +40,10 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     fieldpoc.url = "git+https://git.clerie.de/clerie/fieldpoc.git";
+    mu5001tool = {
+      url = "git+https://git.clerie.de/clerie/mu5001tool.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
     nixos-exporter = {
       url = "git+https://git.clerie.de/clerie/nixos-exporter.git";
       inputs.nixpkgs.follows = "nixpkgs";

flake/inputs-overlay.nix

@@ -5,6 +5,7 @@
 , chaosevents
 , harmonia
 , hydra
+, mu5001tool
 , nurausstieg
 , rainbowrss
 , scan-to-gpg
@@ -25,6 +26,8 @@ final: prev: {
     harmonia;
   inherit (hydra.packages.${final.system})
     hydra;
+  inherit (mu5001tool.packages.${final.system})
+    mu5001tool;
   inherit (nurausstieg.packages.${final.system})
     nurausstieg;
   inherit (rainbowrss.packages.${final.system})

hosts/astatine/configuration.nix

@@ -4,6 +4,10 @@
   imports =
     [
       ./hardware-configuration.nix
+
+      ./grafana.nix
+      ./mu5001tool.nix
+      ./prometheus.nix
     ];
 
   profiles.clerie.network-fallback-dhcp.enable = true;
@@ -18,6 +22,16 @@
     terminal_output serial
   ";
 
+  sops.secrets.monitoring-htpasswd = {
+    owner = "nginx";
+    group = "nginx";
+  };
+  services.nginx = {
+    enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   profiles.clerie.wg-clerie = {
     enable = true;
     ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];

hosts/astatine/grafana.nix

@@ -0,0 +1,45 @@
+{ config, ... }:
+{
+  services.grafana = {
+    enable  = true;
+    settings = {
+      server = {
+        domain = "grafana.astatine.net.clerie.de";
+        root_url = "https://grafana.astatine.net.clerie.de";
+        http_port = 3001;
+        http_addr = "::1";
+      };
+      "auth.anonymous" = {
+        enabled = true;
+      };
+    };
+
+    provision = {
+      enable = true;
+      datasources.settings.datasources = [
+        {
+          type = "prometheus";
+          name = "Prometheus";
+          url = "http://[::1]:9090";
+          isDefault = true;
+        }
+      ];
+    };
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "grafana.astatine.net.clerie.de" = {
+        enableACME = true;
+        forceSSL   = true;
+        basicAuthFile = config.sops.secrets.monitoring-htpasswd.path;
+        locations."/".proxyPass = "http://[::1]:3001/";
+        locations."= /api/live/ws" = {
+          proxyPass = "http://[::1]:3001";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+
+}

hosts/astatine/mu5001tool.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  systemd.services."mu5001tool" = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      DynamicUser = true;
+      LoadCredential = "zte-hypermobile-5g-password:${config.sops.secrets."zte-hypermobile-5g-password".path}";
+      Restart = "on-failure";
+      RestartSec = "15s";
+    };
+    script = ''
+      ${lib.getExe pkgs.mu5001tool} --password-file ''${CREDENTIALS_DIRECTORY}/zte-hypermobile-5g-password prometheus-exporter --listen-port 9242
+    '';
+  };
+
+}

hosts/astatine/prometheus.nix

@@ -0,0 +1,46 @@
+{ config, ... }:
+
+{
+  services.prometheus = {
+    enable = true;
+    enableReload = true;
+    listenAddress = "[::1]";
+    scrapeConfigs = [
+      {
+        job_name = "prometheus";
+        scrape_interval = "20s";
+        scheme = "http";
+        static_configs = [
+          {
+            targets = [
+              "[::1]:9090"
+            ];
+          }
+        ];
+      }
+      {
+        job_name = "mu5001tool";
+        scrape_interval = "20s";
+        static_configs = [
+          {
+            targets = [
+              "[::1]:9242"
+            ];
+          }
+        ];
+      }
+    ];
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "prometheus.astatine.net.clerie.de" = {
+        enableACME = true;
+        forceSSL   = true;
+        basicAuthFile = config.sops.secrets.monitoring-htpasswd.path;
+        locations."/".proxyPass = "http://[::1]:9090/";
+      };
+    };
+  };
+
+}

hosts/astatine/secrets.json

@@ -1,19 +1,17 @@
 {
 	"wg-clerie": "ENC[AES256_GCM,data:DbchcO6GTmSFyoHrRAkfu2flaKYrQHPk+rIerekYO4Cto9sqaWLgaSigpS8=,iv:no1xNRVqsKzAN6ssYA0Ir+utOM9tg8OBUT9PY2v0HPA=,tag:lZj1wEPFWHaf52N7YHEQKQ==,type:str]",
 	"wg-monitoring": "ENC[AES256_GCM,data:dTKKeieaGvECkHUpATLorhOgr9Re5CAH25y1WTcSqJZDsvnwD4CBbqMv2QQ=,iv:u1n1wyAW5aNcVYfGN8BmrEhIhtA3EfRDBNu65IdBZMI=,tag:RJYgOpel9uy6dC72MmqS5A==,type:str]",
+	"monitoring-htpasswd": "ENC[AES256_GCM,data:0uQ+Gwedi9kTaOzrwVzkNkS9qL0Dwmph1leK2sj/TndfSn3yaq7ur7ZHoPjWUl5Oy1poxU2rIUxWHajYC0n3yHv2AuGT,iv:FyH4MHcgW5iHkAsahNFtshnqqPOMlukg8aYfhcN9onw=,tag:q3BsnyKLrKYi/xDP6GmSkA==,type:str]",
+	"zte-hypermobile-5g-password": "ENC[AES256_GCM,data:lqxQICmWYwMejn8=,iv:TPYOs/cL/ETw7Ee0+YG/+Fhd7ASi0kr4rDLEiste+2Y=,tag:6O6AXIHkIjPm7hJVC4Y/1g==,type:str]",
 	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
 		"age": [
 			{
 				"recipient": "age1fffvnazdv3ys9ww8v4g832hv5nkvnk6d728syerzvpgskfmfkq8q00whpv",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUF5dkRwdXRmUkJ1SXN5\nLzdOVkhWYUJGdFd4Qklsa1BXeVZlTGx0eDE0ClZmYWNLMEVzaVVXWGkwQUt5ZHF5\nS1c5OU9PWjBTelM5R2phNFdVNncxUUkKLS0tIDlwSXFyZWNVT1dtdGU5dVFSRHNE\nUUpJZHJZRTd6TnBUU2dCWW90UTRVb0UKCWrHWmQTNhez16wgEKj4EQA4+UBRmGQn\n+NHSjBCMBmmTdHb05nENYVK515Z0T/60+9N3VlNyHWS9IgC3mZRUBg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-04-21T16:03:13Z",
+		"lastmodified": "2025-09-08T21:03:41Z",
-		"mac": "ENC[AES256_GCM,data:fA8fhOZbX30TYgwZXB7sQDNmck0JRDyAnEXf5nCYtli/Qvs78fTs4DdC08VOpOni8uAVARkFsGSo6Fjo/MpTSDVA8VNYZig/we/bWF+LQlEMCmiqwOI1R6eQ3GPxcRXltlO2aPPlT9BpLwIVZjGGjIsmjpVE8xjkCbLUUqj+UxY=,iv:fHLyw96QLVRrAQky2kR7TDDxf8CNXDV9lVQ5RETzJEI=,tag:y+cG9u3d6vCUmPyNMDRWpA==,type:str]",
+		"mac": "ENC[AES256_GCM,data:ztS/Z6mn8hFAPsks2evJRJFocw/3oz22O2HeSEkY7Mu+bfNvClsJuvuTbnDadB0IwKiLDFWRMGs/UPFmNP6J/euro4cFHDWXopdXg7eDFGDoJDKIg4fBUtofdXIqWvDoQ9LeZNvc5Z4EEQYhs3LwFnAU0x15acwIIxr5TB9l8g8=,iv:WVjavmcrEs2CyYTfoTTP44c9TqFubUdE+PBN2jRPR+s=,tag:fBXzU69Q9MwD3o/Nyu5OZA==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-04-21T16:02:41Z",

hosts/carbon/configuration.nix

@@ -39,7 +39,7 @@
   networking.nat = {
     enableIPv6 = true;
     enable = true;
-    externalInterface = "ppp-dtagdsl";
+    externalInterface = "ppp-ncfttb";
     internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"];
     internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ];
   };

hosts/carbon/net-dsl.nix

@@ -3,17 +3,17 @@
 {
 
   ## DSL-Uplink
-  networking.vlans."enp1s0.7" = {
+  networking.vlans."enp1s0.10" = {
-    id = 7;
+    id = 10;
     interface = "enp1s0";
   };
-  networking.vlans."enp3s0.7" = {
+  networking.vlans."enp3s0.10" = {
-    id = 7;
+    id = 10;
     interface = "enp3s0";
   };
   networking.bridges."net-dsl".interfaces = [
-    "enp1s0.7"
+    "enp1s0.10"
-    "enp3s0.7"
+    "enp3s0.10"
   ];
 
 }

hosts/carbon/net-gastnetz.nix

@@ -61,7 +61,7 @@
 
   # net-gastnetz can only access internet
   clerie.firewall.extraForwardFilterCommands = ''
-    ip46tables -A forward-filter -i net-gastnetz -o ppp-dtagdsl -j ACCEPT
+    ip46tables -A forward-filter -i net-gastnetz -o ppp-ncfttb -j ACCEPT
     ip46tables -A forward-filter -i net-gastnetz -j DROP
     ip46tables -A forward-filter -o net-gastnetz -j DROP
   '';

hosts/carbon/ppp.nix

@@ -4,11 +4,11 @@
 
   services.pppd = {
     enable = true;
-    peers.dtagdsl = {
+    peers.ncfttb = {
       config = ''
         plugin pppoe.so net-dsl
-        user "''${PPPD_DTAGDSL_USERNAME}"
+        user "''${PPPD_NETCOLOGNE_USERNAME}"
-        ifname ppp-dtagdsl
+        ifname ppp-ncfttb
         persist
         maxfail 0
         holdoff 5
@@ -24,9 +24,9 @@
     };
   };
 
-  environment.etc."ppp/peers/dtagdsl".enable = false;
+  environment.etc."ppp/peers/ncfttb".enable = false;
 
-  systemd.services."pppd-dtagdsl".serviceConfig = let
+  systemd.services."pppd-ncfttb".serviceConfig = let
     preStart = ''
       mkdir -p /etc/ppp/peers
 
@@ -34,22 +34,22 @@
       umask u=rw,g=,o=
 
       # Copy config and substitute username
-      rm -f /etc/ppp/peers/dtagdsl
+      rm -f /etc/ppp/peers/ncfttb
-      ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
+      ${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/ncfttb".source}" > /etc/ppp/peers/ncfttb
 
       # Copy login secrets
       rm -f /etc/ppp/pap-secrets
-      cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets
+      cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/pap-secrets
       rm -f /etc/ppp/chap-secrets
-      cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets
+      cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/chap-secrets
     '';
 
     preStartFile = pkgs.writeShellApplication {
-      name = "pppd-dtagdsl-pre-start";
+      name = "pppd-ncfttb-pre-start";
       text = preStart;
     };
   in {
-    EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path;
+    EnvironmentFile = config.sops.secrets.pppd-ncfttb-username.path;
     ExecStartPre = [
       # "+" marks script to be executed without priviledge restrictions
       "+${lib.getExe preStartFile}"

hosts/carbon/secrets.json

@@ -1,21 +1,17 @@
 {
 	"wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]",
-	"pppd-dtagdsl-username": "ENC[AES256_GCM,data:JC7EyyMoN0p5YwnS9W5I0G5Omhk5usw28UiJrCfifGr+2FUgMrtFYAHQdrtWAELvYNBQDPgrHMmQjGQLhpqqK0hH,iv:/q+Fm63GVBApGInyS8i39V/lo6iv+I2omVh47deq+o8=,tag:LkR+1zTDNWuYkhH2iWT7SA==,type:str]",
+	"pppd-ncfttb-username": "ENC[AES256_GCM,data:vyOCNm23xsD3Kj+R7zqnBjH4jEIfYpx/YUUGPcVzqMs9pnFEembahtFTl2sNzOFXLfYCYg==,iv:gMfi/6jldkXCnfdvhu5X1VKj58sVsPR8IX8iEECPfgk=,tag:PJGyIASP6RPAdVULEnn+Gg==,type:str]",
-	"pppd-dtagdsl-secrets": "ENC[AES256_GCM,data:c5pOb8It1py/9NXNTgLvt9zmsBVbSLHJt4iXWiNA+Osvomw3r7pgoO/JJh9ujomPMnOlDwN7g+pJ,iv:W36gA8E1mWchN6+8hdMdt2epv/RdS91T5ANB/JTcHCE=,tag:7eZ3fZkjERCVJCXYrABnlQ==,type:str]",
+	"pppd-ncfttb-secrets": "ENC[AES256_GCM,data:IEAguET78vdzRo47UvxbDdz+kKgYWVxYakPPu5rNAZ4BCui7DUG3qm2X9bBdHSMA,iv:Q8D58HXkCoVbqwFoYk+dizXNcEP1J63uMaDSNEzfg2g=,tag:R/xG3owmbVDOLM79sfBQjA==,type:str]",
 	"wg-clerie": "ENC[AES256_GCM,data:OEZg8ZoLAdVhKkvB0ai13ID3gPnVUU/xkOjZ4KiJ9MnRbcFu5HBd7Nw6iNwh,iv:edPuaehya2ZvYKkiBqNUbXVDAxAT6yNgETnWtd6it94=,tag:cX12szdQfAcC6cij6zk6Dw==,type:str]",
 	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
 		"age": [
 			{
 				"recipient": "age16mln27e2p58gu6dpxfclttmuzfnq39mv62kthjpps33g3nl3scfq449857",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-08-13T14:06:43Z",
+		"lastmodified": "2025-10-24T19:16:49Z",
-		"mac": "ENC[AES256_GCM,data:yGKY0fi3KQWGHBeyNtQ8EJ6561dKRZ5aAjO9zq3odDtX75i2RSjORIlNjBsVvegBzeo8AkwwnzxNPt2sHl6MKDZfEsysWAi8Wolh4UvHk087AnR/uKvtG6t4uUaNIWej2DEzxUtTQ8QP1afsdqGCf0vZVruNcJ4u2xiQbN2vJPc=,iv:CDXJ5/P+h0Enq/0EL1su1Mw55FVYLy4XPSoUCkRkt+U=,tag:AvRfEDYMBunyIQIVCPbXag==,type:str]",
+		"mac": "ENC[AES256_GCM,data:ADhCQ7JxrEq+5ssevuuQVf3uyHcrcNVSzdT8bkFfDFVEE1hKv8q9QsGxhIaKtv4N2gt079fy0YA+WFKH6H8zWb5ONepH4H/mAek2SYgAtmVsxwdWY13zswsJUPi2CfbaCWOqppb9IiDb8+RCbzY2u/8Qqwk8gx/0uw2hr3IJrhM=,iv:c1/TS+W4pQgh2oPT77LX+dUL929YppRYdZCmMl2yN+M=,tag:fTk1sxdeT9xFjDMhqiHZAg==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-05-10T13:05:56Z",
@@ -24,6 +20,6 @@
 			}
 		],
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.8.1"
+		"version": "3.10.2"
 	}
 }

hosts/clerie-backup/configuration.nix

@@ -52,6 +52,11 @@
       environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; };
       compression = "auto,lzma";
       startAt = "*-*-* 04:07:00";
+
+      readWritePaths = [ "/var/lib/prometheus-node-exporter/textfiles" ];
+      postPrune = ''
+        echo "backup_replication_hetzner_last_successful_run_time $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/backup-replication-hetzner.prom
+      '';
     };
   };
 

hosts/krypton/programs.nix

@@ -11,6 +11,8 @@
     signal-desktop
     dino
     fractal
+    tuba
+    flare-signal
 
     tio
     xournalpp
@@ -23,6 +25,7 @@
     wireshark
     tcpdump
     nmap
+    pkgs."http.server"
 
     kdePackages.okular
     chromium-incognito

hosts/storage-2/em.nix

@@ -11,7 +11,28 @@ with lib;
   };
   users.groups.data-em = {};
 
+  users.users.data-em-mp3 = {
+    group = "data-em-mp3";
+    home = "/data/em-mp3";
+    useDefaultShell = true;
+    isSystemUser = true;
+  };
+  users.groups.data-em-mp3 = {};
+
   systemd.tmpfiles.rules = [
     "d /data/em - data-em data-em - -"
+    "d /data/em-mp3 - data-em-mp3 data-em-mp3 - -"
   ];
+
+  systemd.services.convert-flac-dir-to-mp3 = {
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${lib.getExe pkgs.convert-flac-dir-to-mp3} /data/em /data/em-mp3";
+      StateDirectory = "convert-flac-dir-to-mp3";
+      WorkingDirectory = "/var/lib/convert-flac-dir-to-mp3";
+      User = "data-em-mp3";
+      Group = "data-em-mp3";
+    };
+    startAt = "*-*-* 03:47:00";
+  };
 }

hosts/storage-2/mixcloud.nix

@@ -53,17 +53,23 @@ in {
     "mixcloud.clerie.de" = {
       enableACME = true;
       forceSSL = true;
+      basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
       locations."/" = {
         alias = "/data/mixcloud/";
-        basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
         extraConfig = ''
           autoindex on;
           autoindex_exact_size off;
         '';
       };
+      locations."/api/" = {
+        alias = "/data/mixcloud/";
+        extraConfig = ''
+          autoindex on;
+          autoindex_format json;
+        '';
+      };
       locations."/media/" = {
         alias = "/data/media/";
-        basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
         extraConfig = ''
           autoindex on;
           autoindex_exact_size off;

pkgs/build-support/writePythonScript.nix

@@ -1,6 +1,7 @@
 {
   python3,
-  writeTextFile,
+  makeWrapper,
+  runCommand,
   lib,
 }:
 
@@ -9,6 +10,7 @@
   text,
   runtimePackages ? ps: [],
   pythonPackage ? python3,
+  runtimeInputs ? [],
   meta ? {},
   passthru ? {},
   derivationArgs ? {},
@@ -18,13 +20,17 @@ let
 
   pythonWithPackages = pythonPackage.withPackages runtimePackages;
 
-in writeTextFile {
+in runCommand name ({
-  inherit
+  passAsFile = [ "text" ] ++ (derivationArgs.passAsFile or []);
-    name
+
-    meta
+  meta = {
-    passthru
+    mainProgram = name;
-    derivationArgs
+  } // meta // (derivationArgs.meta or {});
-    ;
+
+  passthru = passthru // (derivationArgs.passthru or {});
+
+  nativeBuildInputs = [ makeWrapper ] ++ (derivationArgs.nativeBuildInputs or []);
+
   executable = true;
   destination = "/bin/${name}";
   allowSubstitutes = true;
@@ -34,4 +40,17 @@ in writeTextFile {
 
     ${text}
   '';
-}
+} // (
+  builtins.removeAttrs derivationArgs [ "passAsFile" "meta" "passthru" "nativeBuildInputs" ]
+))
+''
+mkdir -p $out/bin
+
+target=$out/bin/${lib.escapeShellArg name}
+
+cp "$textPath" "$target"
+
+chmod +x "$target"
+
+wrapProgram "$target" --prefix PATH : "${lib.makeBinPath runtimeInputs}"
+''

pkgs/convert-flac-dir-to-mp3/convert-flac-dir-to-mp3.py

@@ -0,0 +1,109 @@
+#!/usr/bin/env python
+
+import argparse
+from pathlib import Path
+from progress.bar import Bar
+import shutil
+import subprocess
+
+def files_and_dirs_for_directory(path):
+    filepaths = []
+    dirpaths = []
+
+    for dirpath, dirnames, filenames in path.walk():
+        dirpaths.append(dirpath)
+
+        for filename in filenames:
+            filepath = dirpath / filename
+            filepaths.append(filepath)
+
+    return set(filepaths), set(dirpaths)
+
+def make_paths_relative(paths, relative_to_path):
+    return set(path.relative_to(relative_to_path) for path in paths)
+
+def replace_suffix(path, suffix):
+    return path.with_name(path.stem + suffix)
+
+def convert_filepath(path):
+    if path.suffix == ".flac":
+        return replace_suffix(path, ".mp3")
+
+    return path
+
+def ffmpeg_flac_to_mp3(in_path, out_path):
+    print("")
+    subprocess.run(["ffmpeg", "-hide_banner", "-loglevel", "warning", "-stats", "-i", in_path, "-ab", "320k", "-map_metadata", "0", "-id3v2_version", "3", out_path], check=True)
+    print("")
+
+if __name__ == "__main__":
+
+    parser = argparse.ArgumentParser(prog="convert-flac-dir-to-mp3")
+    parser.add_argument("from_dir", type=Path)
+    parser.add_argument("to_dir", type=Path)
+
+    args = parser.parse_args()
+
+    from_path = args.from_dir.absolute()
+    to_path = args.to_dir.absolute()
+
+    if not from_path.exists():
+        raise Exception("from_path does not exist")
+
+    if not to_path.exists():
+        raise Exception("to_path does not exist")
+
+    if not from_path.is_dir():
+        raise Exception("from_path is not a directory")
+
+    if not to_path.is_dir():
+        raise Exception("to_path is not a directory")
+
+    print(f"Converting {from_path} to {to_path}…")
+
+    from_filepaths, from_dirpaths = files_and_dirs_for_directory(from_path)
+    to_filepaths, to_dirpaths = files_and_dirs_for_directory(to_path)
+
+
+    relative_from_filepaths = make_paths_relative(from_filepaths, from_path)
+    relative_to_filepaths = make_paths_relative(to_filepaths, to_path)
+
+    converted_from_filepaths = set(convert_filepath(filepath) for filepath in relative_from_filepaths)
+
+    filepaths_missing_in_to_path = converted_from_filepaths - relative_to_filepaths
+
+
+    relative_from_dirpaths = make_paths_relative(from_dirpaths, from_path)
+    relative_to_dirpaths = make_paths_relative(to_dirpaths, to_path)
+
+    dirpaths_missing_in_to_path = relative_from_dirpaths - relative_to_dirpaths
+
+    print(f"Missing {len(filepaths_missing_in_to_path)} files and {len(dirpaths_missing_in_to_path)} directories")
+
+    if len(dirpaths_missing_in_to_path) > 0:
+        for dirpath in Bar("Creating directories").iter(dirpaths_missing_in_to_path):
+            (to_path / dirpath).mkdir(parents=True, exist_ok=True)
+
+    if len(filepaths_missing_in_to_path) > 0:
+        for filepath in Bar("Creating files").iter(filepaths_missing_in_to_path):
+            if filepath in relative_from_filepaths:
+                # Just copy the file
+                shutil.copy(from_path / filepath, to_path / filepath)
+            elif filepath.suffix == ".mp3" and replace_suffix(filepath, ".flac") in relative_from_filepaths:
+                # Convert from flac
+                print("")
+                print(f"Converting {to_path / filepath}…")
+
+                # Tempfile for ffmpeg
+                tmpfilepath = filepath.with_name(".~" + filepath.name)
+                (to_path / tmpfilepath).unlink(missing_ok=True)
+
+                print(f"Using tempfile for ffmpeg {to_path / tmpfilepath}…")
+
+                # Convert
+                ffmpeg_flac_to_mp3(from_path / replace_suffix(filepath, ".flac"), to_path / tmpfilepath)
+
+                # Rename tempfile
+                (to_path / tmpfilepath).rename(to_path / filepath)
+            else:
+                raise Exception("Unable to figure out how to get {to_path / filepath} from {from_path}")

pkgs/convert-flac-dir-to-mp3/default.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+
+pkgs.clerie-build-support.writePythonScript {
+  name = "convert-flac-dir-to-mp3";
+  runtimePackages = ps: with ps; [ progress ];
+  runtimeInputs = [ pkgs.ffmpeg-headless ];
+  text = builtins.readFile ./convert-flac-dir-to-mp3.py;
+}

pkgs/curl-timings/curl-timings.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+curl -w "Request to %{url}
+
+time_namelookup: %{time_namelookup}s
+time_connect: %{time_connect}s
+time_appconnect: %{time_appconnect}s
+time_pretransfer: %{time_pretransfer}s
+time_starttransfer: %{time_starttransfer}s
+time_posttransfer: %{time_posttransfer}s
+time_queue: %{time_queue}s
+time_redirect: %{time_redirect}s
+time_starttransfer: %{time_starttransfer}s
+
+time_total: %{time_total}s
+" -o /dev/null -s "$@"

pkgs/curl-timings/default.nix

@@ -0,0 +1,12 @@
+{
+  curl,
+  writeShellApplication,
+}:
+
+writeShellApplication {
+  name = "curl-timings";
+  text = builtins.readFile ./curl-timings.sh;
+  runtimeInputs = [
+    curl
+  ];
+}

pkgs/grow-last-partition-and-filesystem/default.nix

@@ -1,5 +1,6 @@
 {
   e2fsprogs,
+  gptfdisk,
   jq,
   parted,
   writeShellApplication,
@@ -10,6 +11,7 @@ writeShellApplication {
   text = builtins.readFile ./grow-last-partition-and-filesystem.sh;
   runtimeInputs = [
     e2fsprogs
+    gptfdisk
     jq
     parted
   ];

pkgs/grow-last-partition-and-filesystem/grow-last-partition-and-filesystem.sh

@@ -11,6 +11,9 @@ fi
 
 DEVICE="$1"
 
+echo "Move GTP backup header to end of disk"
+sgdisk "${DEVICE}" --move-second-header
+
 PARTITIONDATA="$(parted --script --json --fix "${DEVICE}" print)"
 PARTNUMBER="$(echo "${PARTITIONDATA}" | jq -r '.disk.partitions | last | .number')"
 PARTNAME="$(echo "${PARTITIONDATA}" | jq -r '.disk.partitions | last | .name')"

pkgs/http.server/default.nix

@@ -0,0 +1,14 @@
+{
+  python3,
+  writeShellApplication,
+}:
+
+writeShellApplication {
+  name = "http.server";
+  text = ''
+    python3 -m http.server "$@"
+  '';
+  runtimeInputs = [
+    python3
+  ];
+}

pkgs/overlay.nix

@@ -12,6 +12,8 @@ final: prev: {
   clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
   clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
   chromium-incognito = final.callPackage ./chromium-incognito {};
+  convert-flac-dir-to-mp3 = final.callPackage ./convert-flac-dir-to-mp3 {};
+  curl-timings = final.callPackage ./curl-timings {};
   factorio-launcher = final.callPackage ./factorio-launcher {};
   feeds-dir = final.callPackage ./feeds-dir {};
   generate-blocked-prefixes = final.callPackage ./generate-blocked-prefixes {};
@@ -20,6 +22,7 @@ final: prev: {
   git-pp = final.callPackage ./git-pp {};
   git-show-link = final.callPackage ./git-show-link {};
   grow-last-partition-and-filesystem = final.callPackage ./grow-last-partition-and-filesystem {};
+  "http.server" = final.callPackage ./http.server {};
   nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
   nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
   nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};