Compare commits
1 Commits
updated-in
...
updated-in
| Author | SHA1 | Date | |
|---|---|---|---|
|
3d0229dbef |
44
flake.lock
generated
44
flake.lock
generated
@@ -269,11 +269,11 @@
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759516991,
|
||||
"narHash": "sha256-esoe/uYPyy4a6hAwZq1QgkSe7dnZ5c0zHHXDq/JG9Yk=",
|
||||
"lastModified": 1751801455,
|
||||
"narHash": "sha256-hUJqtS88SbNQQSEJAPFyY2vLMh8yA8rQ6jbul50p64M=",
|
||||
"ref": "lix-2.93",
|
||||
"rev": "b1328322a49e8e153635ea8b3b602db363de727f",
|
||||
"revCount": 4284,
|
||||
"rev": "b940aca430a7ca41f70bdb320659dd62026fe0e9",
|
||||
"revCount": 4261,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/hydra.git"
|
||||
},
|
||||
@@ -301,11 +301,11 @@
|
||||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1757791921,
|
||||
"narHash": "sha256-83qbJckLOLrAsKO88UI9N4QRatNEc3gUFtLMiAPwK0g=",
|
||||
"lastModified": 1751235704,
|
||||
"narHash": "sha256-Jzm3KPZ2gL+0Nl3Mw/2E0B3vqDDi1Xt5+9VCXghUDZ8=",
|
||||
"ref": "release-2.93",
|
||||
"rev": "b7c2f17e9133e8b85d41c58b52f9d4e3254f41da",
|
||||
"revCount": 17892,
|
||||
"rev": "f3a7bbe5f8d1a8504ddb6362d50106904523e440",
|
||||
"revCount": 17874,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/lix"
|
||||
},
|
||||
@@ -327,11 +327,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1756125859,
|
||||
"narHash": "sha256-6a+PWILmqHCs9B5eIBLg6HSZ8jYweZpgOWO8FlyVwYI=",
|
||||
"lastModified": 1753282722,
|
||||
"narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=",
|
||||
"ref": "release-2.93",
|
||||
"rev": "d3292125035b04df00d01549a26e948631fabe1e",
|
||||
"revCount": 156,
|
||||
"rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873",
|
||||
"revCount": 149,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module.git"
|
||||
},
|
||||
@@ -353,11 +353,11 @@
|
||||
"pre-commit-hooks": "pre-commit-hooks_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1759940703,
|
||||
"narHash": "sha256-/dXDCzYnQbkqCsvUDIxgIH4BS/fyxIu73m2v4ftJLXQ=",
|
||||
"lastModified": 1753306924,
|
||||
"narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=",
|
||||
"ref": "release-2.93",
|
||||
"rev": "75c03142049242a5687309e59e4f356fbc92789a",
|
||||
"revCount": 17894,
|
||||
"rev": "1a4393d0aac31aba21f5737ede1b171e11336d77",
|
||||
"revCount": 17884,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/lix.git"
|
||||
},
|
||||
@@ -634,11 +634,11 @@
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1759281824,
|
||||
"narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=",
|
||||
"lastModified": 1751582995,
|
||||
"narHash": "sha256-u7ubvtxdTnFPpV27AHpgoKn7qHuE7sgWgza/1oj5nzA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5b5be50345d4113d04ba58c444348849f5585b4a",
|
||||
"rev": "7a732ed41ca0dd64b4b71b563ab9805a80a7d693",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -666,11 +666,11 @@
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1762596750,
|
||||
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
|
||||
"lastModified": 1758035966,
|
||||
"narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
|
||||
"rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
./hardware-configuration.nix
|
||||
|
||||
./dns.nix
|
||||
./ds-lite-ncfttb.nix
|
||||
./mdns.nix
|
||||
./net-dsl.nix
|
||||
./net-gastnetz.nix
|
||||
@@ -17,7 +16,7 @@
|
||||
./net-printer.nix
|
||||
./net-voip.nix
|
||||
./ntp.nix
|
||||
./ppp-ncfttb.nix
|
||||
./ppp.nix
|
||||
./scan-to-gpg.nix
|
||||
./wg-clerie.nix
|
||||
];
|
||||
@@ -40,7 +39,7 @@
|
||||
networking.nat = {
|
||||
enableIPv6 = true;
|
||||
enable = true;
|
||||
externalInterface = "ppp-ncfttb";
|
||||
externalInterface = "ppp-dtagdsl";
|
||||
internalIPv6s = [ "fd00:152:152::/48" "fd00:3214:9453:4920::/64"];
|
||||
internalIPs = [ "10.152.0.0/16" "192.168.32.0/24" ];
|
||||
};
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
|
||||
profiles.clerie.ds-lite = {
|
||||
enable = true;
|
||||
wanInterfaceName = "ppp-ncfttb";
|
||||
tunnelInterfaceName = "ds-lite-ncfttb";
|
||||
lanInterfaces = [
|
||||
{
|
||||
name = "net-heimnetz";
|
||||
sla_id = 201;
|
||||
prefix_len = 64;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
@@ -3,17 +3,17 @@
|
||||
{
|
||||
|
||||
## DSL-Uplink
|
||||
networking.vlans."enp1s0.10" = {
|
||||
id = 10;
|
||||
networking.vlans."enp1s0.7" = {
|
||||
id = 7;
|
||||
interface = "enp1s0";
|
||||
};
|
||||
networking.vlans."enp3s0.10" = {
|
||||
id = 10;
|
||||
networking.vlans."enp3s0.7" = {
|
||||
id = 7;
|
||||
interface = "enp3s0";
|
||||
};
|
||||
networking.bridges."net-dsl".interfaces = [
|
||||
"enp1s0.10"
|
||||
"enp3s0.10"
|
||||
"enp1s0.7"
|
||||
"enp3s0.7"
|
||||
];
|
||||
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@
|
||||
|
||||
# net-gastnetz can only access internet
|
||||
clerie.firewall.extraForwardFilterCommands = ''
|
||||
ip46tables -A forward-filter -i net-gastnetz -o ppp-ncfttb -j ACCEPT
|
||||
ip46tables -A forward-filter -i net-gastnetz -o ppp-dtagdsl -j ACCEPT
|
||||
ip46tables -A forward-filter -i net-gastnetz -j DROP
|
||||
ip46tables -A forward-filter -o net-gastnetz -j DROP
|
||||
'';
|
||||
|
||||
@@ -4,11 +4,11 @@
|
||||
|
||||
services.pppd = {
|
||||
enable = true;
|
||||
peers.ncfttb = {
|
||||
peers.dtagdsl = {
|
||||
config = ''
|
||||
plugin pppoe.so net-dsl
|
||||
user "''${PPPD_NETCOLOGNE_USERNAME}"
|
||||
ifname ppp-ncfttb
|
||||
user "''${PPPD_DTAGDSL_USERNAME}"
|
||||
ifname ppp-dtagdsl
|
||||
persist
|
||||
maxfail 0
|
||||
holdoff 5
|
||||
@@ -24,9 +24,9 @@
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."ppp/peers/ncfttb".enable = false;
|
||||
environment.etc."ppp/peers/dtagdsl".enable = false;
|
||||
|
||||
systemd.services."pppd-ncfttb".serviceConfig = let
|
||||
systemd.services."pppd-dtagdsl".serviceConfig = let
|
||||
preStart = ''
|
||||
mkdir -p /etc/ppp/peers
|
||||
|
||||
@@ -34,22 +34,22 @@
|
||||
umask u=rw,g=,o=
|
||||
|
||||
# Copy config and substitute username
|
||||
rm -f /etc/ppp/peers/ncfttb
|
||||
${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/ncfttb".source}" > /etc/ppp/peers/ncfttb
|
||||
rm -f /etc/ppp/peers/dtagdsl
|
||||
${pkgs.envsubst}/bin/envsubst -i "${config.environment.etc."ppp/peers/dtagdsl".source}" > /etc/ppp/peers/dtagdsl
|
||||
|
||||
# Copy login secrets
|
||||
rm -f /etc/ppp/pap-secrets
|
||||
cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/pap-secrets
|
||||
cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/pap-secrets
|
||||
rm -f /etc/ppp/chap-secrets
|
||||
cat ${config.sops.secrets.pppd-ncfttb-secrets.path} > /etc/ppp/chap-secrets
|
||||
cat ${config.sops.secrets.pppd-dtagdsl-secrets.path} > /etc/ppp/chap-secrets
|
||||
'';
|
||||
|
||||
preStartFile = pkgs.writeShellApplication {
|
||||
name = "pppd-ncfttb-pre-start";
|
||||
name = "pppd-dtagdsl-pre-start";
|
||||
text = preStart;
|
||||
};
|
||||
in {
|
||||
EnvironmentFile = config.sops.secrets.pppd-ncfttb-username.path;
|
||||
EnvironmentFile = config.sops.secrets.pppd-dtagdsl-username.path;
|
||||
ExecStartPre = [
|
||||
# "+" marks script to be executed without priviledge restrictions
|
||||
"+${lib.getExe preStartFile}"
|
||||
@@ -1,17 +1,21 @@
|
||||
{
|
||||
"wg-monitoring": "ENC[AES256_GCM,data:+k5MgBrj/psMCE1T2jDtCCJI9Q7L+wJ3j83inNkeGp3LSUjoAPtBp4YoyL4=,iv:C19g/Lqi+cWAyiJBMNDtgLc3SDNI9bMBrBPWn+26mVY=,tag:9zIoawuGeGCMbOX1HKR/sQ==,type:str]",
|
||||
"pppd-ncfttb-username": "ENC[AES256_GCM,data:vyOCNm23xsD3Kj+R7zqnBjH4jEIfYpx/YUUGPcVzqMs9pnFEembahtFTl2sNzOFXLfYCYg==,iv:gMfi/6jldkXCnfdvhu5X1VKj58sVsPR8IX8iEECPfgk=,tag:PJGyIASP6RPAdVULEnn+Gg==,type:str]",
|
||||
"pppd-ncfttb-secrets": "ENC[AES256_GCM,data:IEAguET78vdzRo47UvxbDdz+kKgYWVxYakPPu5rNAZ4BCui7DUG3qm2X9bBdHSMA,iv:Q8D58HXkCoVbqwFoYk+dizXNcEP1J63uMaDSNEzfg2g=,tag:R/xG3owmbVDOLM79sfBQjA==,type:str]",
|
||||
"pppd-dtagdsl-username": "ENC[AES256_GCM,data:JC7EyyMoN0p5YwnS9W5I0G5Omhk5usw28UiJrCfifGr+2FUgMrtFYAHQdrtWAELvYNBQDPgrHMmQjGQLhpqqK0hH,iv:/q+Fm63GVBApGInyS8i39V/lo6iv+I2omVh47deq+o8=,tag:LkR+1zTDNWuYkhH2iWT7SA==,type:str]",
|
||||
"pppd-dtagdsl-secrets": "ENC[AES256_GCM,data:c5pOb8It1py/9NXNTgLvt9zmsBVbSLHJt4iXWiNA+Osvomw3r7pgoO/JJh9ujomPMnOlDwN7g+pJ,iv:W36gA8E1mWchN6+8hdMdt2epv/RdS91T5ANB/JTcHCE=,tag:7eZ3fZkjERCVJCXYrABnlQ==,type:str]",
|
||||
"wg-clerie": "ENC[AES256_GCM,data:OEZg8ZoLAdVhKkvB0ai13ID3gPnVUU/xkOjZ4KiJ9MnRbcFu5HBd7Nw6iNwh,iv:edPuaehya2ZvYKkiBqNUbXVDAxAT6yNgETnWtd6it94=,tag:cX12szdQfAcC6cij6zk6Dw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age16mln27e2p58gu6dpxfclttmuzfnq39mv62kthjpps33g3nl3scfq449857",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Rkd5WFE3aE5EQzY5ZXV4\nbXVGYmxTdVg1ekRpVjlRUnozY2tMTGloL21RCktjZW95OU9ZZ2owTCtMR1NxaXJn\na2VYS2ttb3VhSjNXOG84UUJtYU04QjAKLS0tIGd3aHM0RldFYnVFdDRVS0Vhc3BF\nckJhYmN6a1FJUC9ibks1cGlRaU1zbFkKE4ClunQ3XGAILwluC6iYFs+rlR02PdhK\njOmPbOlS0aNG0hoC7Z6aetgpj689AkJgl68QVcyvm+ecHH7TOT7l1A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-10-24T19:16:49Z",
|
||||
"mac": "ENC[AES256_GCM,data:ADhCQ7JxrEq+5ssevuuQVf3uyHcrcNVSzdT8bkFfDFVEE1hKv8q9QsGxhIaKtv4N2gt079fy0YA+WFKH6H8zWb5ONepH4H/mAek2SYgAtmVsxwdWY13zswsJUPi2CfbaCWOqppb9IiDb8+RCbzY2u/8Qqwk8gx/0uw2hr3IJrhM=,iv:c1/TS+W4pQgh2oPT77LX+dUL929YppRYdZCmMl2yN+M=,tag:fTk1sxdeT9xFjDMhqiHZAg==,type:str]",
|
||||
"lastmodified": "2024-08-13T14:06:43Z",
|
||||
"mac": "ENC[AES256_GCM,data:yGKY0fi3KQWGHBeyNtQ8EJ6561dKRZ5aAjO9zq3odDtX75i2RSjORIlNjBsVvegBzeo8AkwwnzxNPt2sHl6MKDZfEsysWAi8Wolh4UvHk087AnR/uKvtG6t4uUaNIWej2DEzxUtTQ8QP1afsdqGCf0vZVruNcJ4u2xiQbN2vJPc=,iv:CDXJ5/P+h0Enq/0EL1su1Mw55FVYLy4XPSoUCkRkt+U=,tag:AvRfEDYMBunyIQIVCPbXag==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2024-05-10T13:05:56Z",
|
||||
@@ -20,6 +24,6 @@
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.10.2"
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
@@ -52,11 +52,6 @@
|
||||
environment = { BORG_RSH = "ssh -p 23 -i /var/src/secrets/ssh/borg-backup-replication-hetzner"; };
|
||||
compression = "auto,lzma";
|
||||
startAt = "*-*-* 04:07:00";
|
||||
|
||||
readWritePaths = [ "/var/lib/prometheus-node-exporter/textfiles" ];
|
||||
postPrune = ''
|
||||
echo "backup_replication_hetzner_last_successful_run_time $(date +%s)" > /var/lib/prometheus-node-exporter/textfiles/backup-replication-hetzner.prom
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -11,8 +11,6 @@
|
||||
signal-desktop
|
||||
dino
|
||||
fractal
|
||||
tuba
|
||||
flare-signal
|
||||
|
||||
tio
|
||||
xournalpp
|
||||
@@ -25,7 +23,6 @@
|
||||
wireshark
|
||||
tcpdump
|
||||
nmap
|
||||
pkgs."http.server"
|
||||
|
||||
kdePackages.okular
|
||||
chromium-incognito
|
||||
|
||||
@@ -11,28 +11,7 @@ with lib;
|
||||
};
|
||||
users.groups.data-em = {};
|
||||
|
||||
users.users.data-em-mp3 = {
|
||||
group = "data-em-mp3";
|
||||
home = "/data/em-mp3";
|
||||
useDefaultShell = true;
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.data-em-mp3 = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /data/em - data-em data-em - -"
|
||||
"d /data/em-mp3 - data-em-mp3 data-em-mp3 - -"
|
||||
];
|
||||
|
||||
systemd.services.convert-flac-dir-to-mp3 = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${lib.getExe pkgs.convert-flac-dir-to-mp3} /data/em /data/em-mp3";
|
||||
StateDirectory = "convert-flac-dir-to-mp3";
|
||||
WorkingDirectory = "/var/lib/convert-flac-dir-to-mp3";
|
||||
User = "data-em-mp3";
|
||||
Group = "data-em-mp3";
|
||||
};
|
||||
startAt = "*-*-* 03:47:00";
|
||||
};
|
||||
}
|
||||
|
||||
@@ -53,23 +53,17 @@ in {
|
||||
"mixcloud.clerie.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
|
||||
locations."/" = {
|
||||
alias = "/data/mixcloud/";
|
||||
basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
'';
|
||||
};
|
||||
locations."/api/" = {
|
||||
alias = "/data/mixcloud/";
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
autoindex_format json;
|
||||
'';
|
||||
};
|
||||
locations."/media/" = {
|
||||
alias = "/data/media/";
|
||||
basicAuthFile = config.sops.secrets.mixcloud-htpasswd.path;
|
||||
extraConfig = ''
|
||||
autoindex on;
|
||||
autoindex_exact_size off;
|
||||
|
||||
@@ -48,8 +48,5 @@
|
||||
},
|
||||
"cleriewi.uber.space": {
|
||||
"clerie-uberspace": { "enable": true }
|
||||
},
|
||||
"reichart.uber.space": {
|
||||
"clerie-uberspace": { "enable": true }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
{
|
||||
python3,
|
||||
makeWrapper,
|
||||
runCommand,
|
||||
writeTextFile,
|
||||
lib,
|
||||
}:
|
||||
|
||||
@@ -10,7 +9,6 @@
|
||||
text,
|
||||
runtimePackages ? ps: [],
|
||||
pythonPackage ? python3,
|
||||
runtimeInputs ? [],
|
||||
meta ? {},
|
||||
passthru ? {},
|
||||
derivationArgs ? {},
|
||||
@@ -20,17 +18,13 @@ let
|
||||
|
||||
pythonWithPackages = pythonPackage.withPackages runtimePackages;
|
||||
|
||||
in runCommand name ({
|
||||
passAsFile = [ "text" ] ++ (derivationArgs.passAsFile or []);
|
||||
|
||||
meta = {
|
||||
mainProgram = name;
|
||||
} // meta // (derivationArgs.meta or {});
|
||||
|
||||
passthru = passthru // (derivationArgs.passthru or {});
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ] ++ (derivationArgs.nativeBuildInputs or []);
|
||||
|
||||
in writeTextFile {
|
||||
inherit
|
||||
name
|
||||
meta
|
||||
passthru
|
||||
derivationArgs
|
||||
;
|
||||
executable = true;
|
||||
destination = "/bin/${name}";
|
||||
allowSubstitutes = true;
|
||||
@@ -40,17 +34,4 @@ in runCommand name ({
|
||||
|
||||
${text}
|
||||
'';
|
||||
} // (
|
||||
builtins.removeAttrs derivationArgs [ "passAsFile" "meta" "passthru" "nativeBuildInputs" ]
|
||||
))
|
||||
''
|
||||
mkdir -p $out/bin
|
||||
|
||||
target=$out/bin/${lib.escapeShellArg name}
|
||||
|
||||
cp "$textPath" "$target"
|
||||
|
||||
chmod +x "$target"
|
||||
|
||||
wrapProgram "$target" --prefix PATH : "${lib.makeBinPath runtimeInputs}"
|
||||
''
|
||||
}
|
||||
|
||||
@@ -1,109 +0,0 @@
|
||||
#!/usr/bin/env python
|
||||
|
||||
import argparse
|
||||
from pathlib import Path
|
||||
from progress.bar import Bar
|
||||
import shutil
|
||||
import subprocess
|
||||
|
||||
def files_and_dirs_for_directory(path):
|
||||
filepaths = []
|
||||
dirpaths = []
|
||||
|
||||
for dirpath, dirnames, filenames in path.walk():
|
||||
dirpaths.append(dirpath)
|
||||
|
||||
for filename in filenames:
|
||||
filepath = dirpath / filename
|
||||
filepaths.append(filepath)
|
||||
|
||||
return set(filepaths), set(dirpaths)
|
||||
|
||||
def make_paths_relative(paths, relative_to_path):
|
||||
return set(path.relative_to(relative_to_path) for path in paths)
|
||||
|
||||
def replace_suffix(path, suffix):
|
||||
return path.with_name(path.stem + suffix)
|
||||
|
||||
def convert_filepath(path):
|
||||
if path.suffix == ".flac":
|
||||
return replace_suffix(path, ".mp3")
|
||||
|
||||
return path
|
||||
|
||||
def ffmpeg_flac_to_mp3(in_path, out_path):
|
||||
print("")
|
||||
subprocess.run(["ffmpeg", "-hide_banner", "-loglevel", "warning", "-stats", "-i", in_path, "-ab", "320k", "-map_metadata", "0", "-id3v2_version", "3", out_path], check=True)
|
||||
print("")
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
parser = argparse.ArgumentParser(prog="convert-flac-dir-to-mp3")
|
||||
parser.add_argument("from_dir", type=Path)
|
||||
parser.add_argument("to_dir", type=Path)
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
from_path = args.from_dir.absolute()
|
||||
to_path = args.to_dir.absolute()
|
||||
|
||||
if not from_path.exists():
|
||||
raise Exception("from_path does not exist")
|
||||
|
||||
if not to_path.exists():
|
||||
raise Exception("to_path does not exist")
|
||||
|
||||
if not from_path.is_dir():
|
||||
raise Exception("from_path is not a directory")
|
||||
|
||||
if not to_path.is_dir():
|
||||
raise Exception("to_path is not a directory")
|
||||
|
||||
print(f"Converting {from_path} to {to_path}…")
|
||||
|
||||
from_filepaths, from_dirpaths = files_and_dirs_for_directory(from_path)
|
||||
to_filepaths, to_dirpaths = files_and_dirs_for_directory(to_path)
|
||||
|
||||
|
||||
relative_from_filepaths = make_paths_relative(from_filepaths, from_path)
|
||||
relative_to_filepaths = make_paths_relative(to_filepaths, to_path)
|
||||
|
||||
converted_from_filepaths = set(convert_filepath(filepath) for filepath in relative_from_filepaths)
|
||||
|
||||
filepaths_missing_in_to_path = converted_from_filepaths - relative_to_filepaths
|
||||
|
||||
|
||||
relative_from_dirpaths = make_paths_relative(from_dirpaths, from_path)
|
||||
relative_to_dirpaths = make_paths_relative(to_dirpaths, to_path)
|
||||
|
||||
dirpaths_missing_in_to_path = relative_from_dirpaths - relative_to_dirpaths
|
||||
|
||||
print(f"Missing {len(filepaths_missing_in_to_path)} files and {len(dirpaths_missing_in_to_path)} directories")
|
||||
|
||||
if len(dirpaths_missing_in_to_path) > 0:
|
||||
for dirpath in Bar("Creating directories").iter(dirpaths_missing_in_to_path):
|
||||
(to_path / dirpath).mkdir(parents=True, exist_ok=True)
|
||||
|
||||
if len(filepaths_missing_in_to_path) > 0:
|
||||
for filepath in Bar("Creating files").iter(filepaths_missing_in_to_path):
|
||||
if filepath in relative_from_filepaths:
|
||||
# Just copy the file
|
||||
shutil.copy(from_path / filepath, to_path / filepath)
|
||||
elif filepath.suffix == ".mp3" and replace_suffix(filepath, ".flac") in relative_from_filepaths:
|
||||
# Convert from flac
|
||||
print("")
|
||||
print(f"Converting {to_path / filepath}…")
|
||||
|
||||
# Tempfile for ffmpeg
|
||||
tmpfilepath = filepath.with_name(".~" + filepath.name)
|
||||
(to_path / tmpfilepath).unlink(missing_ok=True)
|
||||
|
||||
print(f"Using tempfile for ffmpeg {to_path / tmpfilepath}…")
|
||||
|
||||
# Convert
|
||||
ffmpeg_flac_to_mp3(from_path / replace_suffix(filepath, ".flac"), to_path / tmpfilepath)
|
||||
|
||||
# Rename tempfile
|
||||
(to_path / tmpfilepath).rename(to_path / filepath)
|
||||
else:
|
||||
raise Exception("Unable to figure out how to get {to_path / filepath} from {from_path}")
|
||||
@@ -1,8 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.clerie-build-support.writePythonScript {
|
||||
name = "convert-flac-dir-to-mp3";
|
||||
runtimePackages = ps: with ps; [ progress ];
|
||||
runtimeInputs = [ pkgs.ffmpeg-headless ];
|
||||
text = builtins.readFile ./convert-flac-dir-to-mp3.py;
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
pkgs.writeShellApplication {
|
||||
name = "ds-lite-dhcpcd-hook";
|
||||
text = builtins.readFile ./ds-lite-dhcpcd-hook.sh;
|
||||
runtimeInputs = with pkgs; [
|
||||
iproute2
|
||||
jq
|
||||
dig
|
||||
gawk
|
||||
];
|
||||
}
|
||||
@@ -1,102 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# Setting up required environment variables
|
||||
# shellcheck disable=SC2154
|
||||
WAN_INTERFACE_NAME="${DS_LITE_WAN_INTERFACE_NAME}"
|
||||
# shellcheck disable=SC2154
|
||||
TUNNEL_INTERFACE_NAME="${DS_LITE_TUNNEL_INTERFACE_NAME}"
|
||||
|
||||
log_dhcp () {
|
||||
echo "<ds-lite-dhcpcd-hook> ${WAN_INTERFACE_NAME}: $1"
|
||||
}
|
||||
|
||||
log_tunnel () {
|
||||
echo "<ds-lite-dhcpcd-hook> ${WAN_INTERFACE_NAME} (${TUNNEL_INTERFACE_NAME}): $1"
|
||||
}
|
||||
|
||||
# Check if the event calling this hook is for the wan interface
|
||||
# exit immediately if not
|
||||
# shellcheck disable=SC2154
|
||||
if [[ "$interface" != "$WAN_INTERFACE_NAME" ]]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
# Make sure the event calling this hook carries the environment variable
|
||||
# in question. The environment variable is not provided with every call
|
||||
# and we just want to exit if it is not provided
|
||||
# shellcheck disable=SC2154
|
||||
if [[ ! -v new_dhcp6_aftr_name ]]; then
|
||||
# Variable is not set
|
||||
exit
|
||||
fi
|
||||
# shellcheck disable=SC2154
|
||||
if [[ -z "${new_dhcp6_aftr_name}" ]]; then
|
||||
# Variable is empty, can't do anything
|
||||
exit
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2154
|
||||
AFTR_NAME="$new_dhcp6_aftr_name"
|
||||
|
||||
log_dhcp "Received new AFTR_NAME ${AFTR_NAME}"
|
||||
|
||||
# Make sure we have a nameserver to resolve aftr name against
|
||||
# shellcheck disable=SC2154
|
||||
if [[ ! -v new_dhcp6_name_servers ]]; then
|
||||
# Variable is not set
|
||||
exit
|
||||
fi
|
||||
# shellcheck disable=SC2154
|
||||
if [[ -z "${new_dhcp6_name_servers}" ]]; then
|
||||
# Variable is empty, can't do anything
|
||||
exit
|
||||
fi
|
||||
|
||||
# shellcheck disable=SC2154
|
||||
NAME_SERVERS="$new_dhcp6_name_servers"
|
||||
|
||||
log_dhcp "Received new NAME_SERVERS ${NAME_SERVERS}"
|
||||
|
||||
# Select first nameserver
|
||||
NAME_SERVER="$(echo "${NAME_SERVERS}" | awk '{print $1;}')"
|
||||
|
||||
log_dhcp "Selected NAME_SERVER ${NAME_SERVER}"
|
||||
|
||||
# Figure out a usable IPv6 address on the wan interface, to origin our DNS requests and tunnel
|
||||
WAN_INTERFACE_ADDRESS="$(ip --json address show "${WAN_INTERFACE_NAME}" | jq -r '.[0].addr_info[] | select(.family == "inet6" and .scope == "global" and .mngtmpaddr == true) | .local')"
|
||||
|
||||
log_dhcp "Using WAN_INTERFACE_ADDRESS ${WAN_INTERFACE_ADDRESS}"
|
||||
|
||||
AFTR_ADDRESS="$(dig "@${NAME_SERVER}" -b "${WAN_INTERFACE_ADDRESS}" AAAA "${AFTR_NAME}" +short | head -1)"
|
||||
|
||||
log_dhcp "Resolved AFTR_NAME ${AFTR_NAME} to ${AFTR_ADDRESS}"
|
||||
|
||||
# Check if there is already a tunnel interface
|
||||
if TUNNEL_INTERFACE_CONFIG="$(ip --json link show "${TUNNEL_INTERFACE_NAME}")"; then
|
||||
TUNNEL_INTERFACE_OPERSTATE="$(echo "${TUNNEL_INTERFACE_CONFIG}" | jq -r '.[0].operstate')"
|
||||
TUNNEL_INTERFACE_ORIGIN_ADDRESS="$(echo "${TUNNEL_INTERFACE_CONFIG}" | jq -r '.[0].address')"
|
||||
TUNNEL_INTERFACE_REMOTE_ADDRESS="$(echo "${TUNNEL_INTERFACE_CONFIG}" | jq -r '.[0].broadcast')"
|
||||
|
||||
# Reconfigure tunnel interface, if not already in state we want
|
||||
if [[ "${TUNNEL_INTERFACE_ORIGIN_ADDRESS}" != "${WAN_INTERFACE_ADDRESS}" || "${TUNNEL_INTERFACE_REMOTE_ADDRESS}" != "${AFTR_ADDRESS}" || "${TUNNEL_INTERFACE_OPERSTATE}" != "UNKNOWN" ]]; then
|
||||
log_tunnel "Bad configuration, fixing tunnel parameter"
|
||||
|
||||
ip tunnel change "${TUNNEL_INTERFACE_NAME}" mode ipip6 local "${WAN_INTERFACE_ADDRESS}" remote "${AFTR_ADDRESS}"
|
||||
ip link set "$TUNNEL_INTERFACE_NAME" up
|
||||
else
|
||||
log_tunnel "Tunnel already configured"
|
||||
fi
|
||||
else
|
||||
log_tunnel "Setting up DS-Lite tunnel"
|
||||
|
||||
ip tunnel add "${TUNNEL_INTERFACE_NAME}" mode ipip6 local "${WAN_INTERFACE_ADDRESS}" remote "${AFTR_ADDRESS}"
|
||||
ip link set "$TUNNEL_INTERFACE_NAME" up
|
||||
fi
|
||||
|
||||
log_tunnel "Setting default route"
|
||||
|
||||
ip route replace default dev "${TUNNEL_INTERFACE_NAME}"
|
||||
|
||||
log_tunnel "Tunnel setup finished"
|
||||
@@ -1,6 +1,5 @@
|
||||
{
|
||||
e2fsprogs,
|
||||
gptfdisk,
|
||||
jq,
|
||||
parted,
|
||||
writeShellApplication,
|
||||
@@ -11,7 +10,6 @@ writeShellApplication {
|
||||
text = builtins.readFile ./grow-last-partition-and-filesystem.sh;
|
||||
runtimeInputs = [
|
||||
e2fsprogs
|
||||
gptfdisk
|
||||
jq
|
||||
parted
|
||||
];
|
||||
|
||||
@@ -11,9 +11,6 @@ fi
|
||||
|
||||
DEVICE="$1"
|
||||
|
||||
echo "Move GTP backup header to end of disk"
|
||||
sgdisk "${DEVICE}" --move-second-header
|
||||
|
||||
PARTITIONDATA="$(parted --script --json --fix "${DEVICE}" print)"
|
||||
PARTNUMBER="$(echo "${PARTITIONDATA}" | jq -r '.disk.partitions | last | .number')"
|
||||
PARTNAME="$(echo "${PARTITIONDATA}" | jq -r '.disk.partitions | last | .name')"
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{
|
||||
python3,
|
||||
writeShellApplication,
|
||||
}:
|
||||
|
||||
writeShellApplication {
|
||||
name = "http.server";
|
||||
text = ''
|
||||
python3 -m http.server "$@"
|
||||
'';
|
||||
runtimeInputs = [
|
||||
python3
|
||||
];
|
||||
}
|
||||
@@ -12,9 +12,7 @@ final: prev: {
|
||||
clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
|
||||
clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
|
||||
chromium-incognito = final.callPackage ./chromium-incognito {};
|
||||
convert-flac-dir-to-mp3 = final.callPackage ./convert-flac-dir-to-mp3 {};
|
||||
curl-timings = final.callPackage ./curl-timings {};
|
||||
ds-lite-dhcpcd-hook = final.callPackage ./ds-lite-dhcpcd-hook {};
|
||||
factorio-launcher = final.callPackage ./factorio-launcher {};
|
||||
feeds-dir = final.callPackage ./feeds-dir {};
|
||||
generate-blocked-prefixes = final.callPackage ./generate-blocked-prefixes {};
|
||||
@@ -23,7 +21,6 @@ final: prev: {
|
||||
git-pp = final.callPackage ./git-pp {};
|
||||
git-show-link = final.callPackage ./git-show-link {};
|
||||
grow-last-partition-and-filesystem = final.callPackage ./grow-last-partition-and-filesystem {};
|
||||
"http.server" = final.callPackage ./http.server {};
|
||||
nix-remove-result-links = final.callPackage ./nix-remove-result-links {};
|
||||
nixfiles-auto-install = final.callPackage ./nixfiles/nixfiles-auto-install.nix {};
|
||||
nixfiles-generate-config = final.callPackage ./nixfiles/nixfiles-generate-config.nix {};
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
final: prev:
|
||||
prev.dhcpcd.overrideAttrs (finalAttrs: prevAttrs: {
|
||||
|
||||
configureFlags = [
|
||||
"--sysconfdir=/etc/ds-lite-dhcpcd"
|
||||
"--localstatedir=/var"
|
||||
"--disable-fork"
|
||||
"--disable-privsep"
|
||||
"--dbdir=/var/lib/ds-lite-dhcpcd"
|
||||
"--rundir=/var/run/ds-lite-dhcpcd"
|
||||
"--with-default-hostname=ds-lite"
|
||||
"--disable-ipv4"
|
||||
"--disable-arp"
|
||||
"--disable-arpping"
|
||||
"--disable-ipv4ll"
|
||||
"--disable-ntp"
|
||||
];
|
||||
|
||||
})
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
final: prev: {
|
||||
dino = import ./dino.nix final prev;
|
||||
ds-lite-dhcpcd = import ./ds-lite-dhcpcd.nix final prev;
|
||||
xmppc = import ./xmppc.nix final prev;
|
||||
}
|
||||
|
||||
@@ -11,7 +11,6 @@
|
||||
./cybercluster-vm
|
||||
./desktop
|
||||
./dn42-router
|
||||
./ds-lite
|
||||
./fem-net
|
||||
./firefox
|
||||
./gpg-ssh
|
||||
|
||||
@@ -1,150 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
cfg = config.profiles.clerie.ds-lite;
|
||||
|
||||
|
||||
dsLiteDhcpcdConfig = ''
|
||||
allowinterfaces ${cfg.wanInterfaceName} ${concatMapStringsSep " " (interface: interface.name) cfg.lanInterfaces}
|
||||
|
||||
option dhcp6_name_servers
|
||||
option dhcp6_aftr_name
|
||||
|
||||
waitip 6
|
||||
|
||||
ipv6only
|
||||
ipv6ra_noautoconf
|
||||
noipv6rs
|
||||
|
||||
interface ${cfg.wanInterfaceName}
|
||||
ipv6ra_autoconf
|
||||
ipv6rs
|
||||
ia_pd 1/::/48 ${concatMapStringsSep " " (interface: "${interface.name}/${toString interface.sla_id}/${toString interface.prefix_len}") cfg.lanInterfaces}
|
||||
|
||||
${concatMapStrings (interface: ''
|
||||
interface ${interface.name}
|
||||
nolink
|
||||
'') cfg.lanInterfaces}
|
||||
'';
|
||||
|
||||
dsLiteDhcpcdConfigFile = pkgs.writeTextFile {
|
||||
name = "dhcpcd.conf";
|
||||
text = dsLiteDhcpcdConfig;
|
||||
};
|
||||
|
||||
dsLiteDhcpcdHookWrapperFile = pkgs.writeShellScript "ds-lite-dhcpcd-hook-wrapper" ''
|
||||
DS_LITE_WAN_INTERFACE_NAME=${lib.escapeShellArg cfg.wanInterfaceName};
|
||||
export DS_LITE_WAN_INTERFACE_NAME
|
||||
DS_LITE_TUNNEL_INTERFACE_NAME=${lib.escapeShellArg cfg.tunnelInterfaceName};
|
||||
export DS_LITE_TUNNEL_INTERFACE_NAME
|
||||
|
||||
exec ${lib.getExe pkgs.ds-lite-dhcpcd-hook}
|
||||
'';
|
||||
|
||||
in {
|
||||
|
||||
options.profiles.clerie.ds-lite = {
|
||||
enable = mkEnableOption "DS-Lite setup";
|
||||
wanInterfaceName = mkOption {
|
||||
type = types.str;
|
||||
description = "Interface with IPv6 connectivity to provider";
|
||||
};
|
||||
tunnelInterfaceName = mkOption {
|
||||
type = types.str;
|
||||
description = "Interface with IPv4 connectivity to provider";
|
||||
};
|
||||
lanInterfaces = mkOption {
|
||||
type = with types; listOf (submodule ({ ... }: {
|
||||
options = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
sla_id = mkOption {
|
||||
type = types.ints.unsigned;
|
||||
};
|
||||
prefix_len = mkOption {
|
||||
type = types.ints.between 48 128;
|
||||
};
|
||||
};
|
||||
}));
|
||||
default = [];
|
||||
description = "Interfaces to provisn with an IPv6 prefix";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.ds-lite-dhcpcd = {
|
||||
description = "DS-Lite dhcpcd";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = {
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = "ds-lite";
|
||||
Group = "ds-lite";
|
||||
StateDirectory = "ds-lite-dhcpcd";
|
||||
RuntimeDirectory = "ds-lite-dhcpcd";
|
||||
|
||||
ExecStart = "${pkgs.ds-lite-dhcpcd}/bin/dhcpcd --ipv6only --nobackground --config ${dsLiteDhcpcdConfigFile} --script ${dsLiteDhcpcdHookWrapperFile}";
|
||||
|
||||
Restart = "always";
|
||||
AmbientCapabilities = [
|
||||
"CAP_NET_ADMIN"
|
||||
"CAP_NET_RAW"
|
||||
"CAP_NET_BIND_SERVICE"
|
||||
];
|
||||
ReadWritePaths = [
|
||||
"/proc/sys/net/ipv6"
|
||||
];
|
||||
DeviceAllow = "";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
PrivateUsers = false;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = "tmpfs"; # allow exceptions to be added to ReadOnlyPaths, etc.
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_UNIX"
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_NETLINK"
|
||||
"AF_PACKET"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@keyring"
|
||||
"~@memlock"
|
||||
"~@mount"
|
||||
];
|
||||
SystemCallArchitectures = "native";
|
||||
UMask = "0027";
|
||||
};
|
||||
};
|
||||
|
||||
users.users.ds-lite = {
|
||||
isSystemUser = true;
|
||||
group = "ds-lite";
|
||||
};
|
||||
users.groups.ds-lite = { };
|
||||
};
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user