diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/1systems/prism/config.nix | 1 | ||||
| -rw-r--r-- | lass/1systems/ubik/config.nix | 14 | ||||
| -rw-r--r-- | lass/2configs/baseX.nix | 1 | ||||
| -rw-r--r-- | lass/2configs/matrix.nix | 80 | ||||
| -rw-r--r-- | lass/2configs/mpv.nix | 45 | ||||
| -rw-r--r-- | lass/2configs/themes.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 8 | ||||
| -rw-r--r-- | lass/2configs/weechat.nix | 2 | ||||
| -rw-r--r-- | lass/3modules/default.nix | 1 | ||||
| -rw-r--r-- | lass/5pkgs/weechat-matrix/default.nix | 80 | ||||
| -rw-r--r-- | lass/krops.nix | 29 |
11 files changed, 136 insertions, 127 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e1f92c51e..1faa23ec3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -138,6 +138,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/services/coms/jitsi.nix> <stockholm/lass/2configs/fysiirc.nix> <stockholm/lass/2configs/bgt-bot> + <stockholm/lass/2configs/matrix.nix> <stockholm/krebs/2configs/mastodon-proxy.nix> { services.tor = { diff --git a/lass/1systems/ubik/config.nix b/lass/1systems/ubik/config.nix index 1d836d4ec..b153c0d3b 100644 --- a/lass/1systems/ubik/config.nix +++ b/lass/1systems/ubik/config.nix @@ -14,13 +14,25 @@ with import <stockholm/lib>; pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBFGMjH0+Dco6DVFZbByENMci8CFTLXCL7j53yctPnM"; }; - networking.firewall.allowedTCPPorts = [ 80 ]; + security.acme = { + acceptTerms = true; + defaults.email = "acme@lassul.us"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + # nextcloud + services.nginx.virtualHosts."c.apanowicz.de" = { + enableACME = true; + forceSSL = true; + }; services.nextcloud = { enable = true; + enableBrokenCiphersForSSE = false; hostName = "c.apanowicz.de"; package = pkgs.nextcloud25; config.adminpassFile = "/run/nextcloud.pw"; https = true; + maxUploadSize = "9001M"; }; systemd.services.nextcloud-setup.serviceConfig.ExecStartPre = [ "+${pkgs.writeDash "copy-pw" '' diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index bb01d3dcd..654247728 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -99,7 +99,6 @@ in { ${pkgs.flameshot}/bin/flameshot gui ${pkgs.klem}/bin/klem '') - ]; services.udev.extraRules = '' diff --git a/lass/2configs/matrix.nix b/lass/2configs/matrix.nix new file mode 100644 index 000000000..cdcbe7ab0 --- /dev/null +++ b/lass/2configs/matrix.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: +with import <stockholm/lib>; +{ + services.matrix-synapse = { + # synapse 1.60.0 errors during startup with: + # https://github.com/matrix-org/synapse/issues/15809 + package = pkgs.matrix-synapse.overrideAttrs (oldAttrs: rec { + version = "1.85.2"; + name = "matrix-synapse-${version}"; + src = pkgs.fetchFromGitHub { + owner = "matrix-org"; + repo = "synapse"; + rev = "v${version}"; + hash = "sha256-pFafBsisBPfpDnFYWcimUuBgfFVPZzLna3yHeqIBAAE="; + }; + cargoDeps = pkgs.rustPlatform.fetchCargoTarball { + inherit src; + name = "matrix-synapse-${version}"; + hash = "sha256-dnno+5Ma0YNYpmj3oZ5UG22uAanKwVT67BwQW+mHoFc="; + }; + doCheck = false; + }); + enable = true; + settings = { + server_name = "lassul.us"; + # registration_shared_secret = "yolo"; + database.name = "sqlite3"; + turn_uris = [ + "turn:turn.matrix.org?transport=udp" + "turn:turn.matrix.org?transport=tcp" + ]; + listeners = [ + { + port = 8008; + bind_addresses = [ "::1" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" ]; + compress = true; + } + { + names = [ "federation" ]; + compress = false; + } + ]; + } + ]; + }; + }; + services.nginx = { + virtualHosts = { + "lassul.us" = { + locations."= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON { + "m.server" = "matrix.lassul.us:443"; + }}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON { + "m.homeserver" = { "base_url" = "https://matrix.lassul.us"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }}'; + ''; + }; + "matrix.lassul.us" = { + forceSSL = true; + enableACME = true; + locations."/_matrix" = { + proxyPass = "http://[::1]:8008"; + }; + }; + }; + }; +} diff --git a/lass/2configs/mpv.nix b/lass/2configs/mpv.nix index f88d0d91d..b11e54c2c 100644 --- a/lass/2configs/mpv.nix +++ b/lass/2configs/mpv.nix @@ -1,28 +1,10 @@ { pkgs, lib, ... }: let - - download_subs = pkgs.writers.writePython3 "download_sub" { - libraries = [ pkgs.python3Packages.subliminal ]; - } '' - from subliminal import download_best_subtitles, scan_video - from babelfish import Language - import sys - - video_filename = sys.argv[1] - - vid = scan_video(video_filename) - try: - sub = download_best_subtitles([vid], {Language('eng')})[vid][0] - - filename = '/tmp/' + vid.title + '.srt' - - with open(filename, 'wb+') as file: - file.write(sub.content) - - print(filename) - except: # noqa - print("/dev/null") + dl_subs = pkgs.writers.writeDashBin "dl_subs" '' + filename=$1 + ${pkgs.subdl}/bin/subdl --output='/tmp/{m}.{M}.sub' "$filename" 1>&2 + echo "/tmp/$(basename "$filename").sub" ''; autosub = pkgs.writeText "autosub.lua" '' @@ -39,10 +21,9 @@ let function download() log('Searching subtitles ...', 10) - table = { args = {"${download_subs}", mp.get_property('path')} } - result = utils.subprocess(table) + path = mp.get_property('path') + result = utils.subprocess({ args = {"${dl_subs}/bin/dl_subs", path} }) if result.error == nil then - -- remove trailing newline from subtitle filename filename = string.gsub(result.stdout, "\n", "") log(filename) mp.commandv('sub_add', filename) @@ -78,6 +59,8 @@ let mpvInput = pkgs.writeText "mpv.input" '' : script-binding console/enable + x add audio-delay -0.050 + X add audio-delay 0.050 ''; mpvConfig = pkgs.writeText "mpv.conf" '' @@ -89,14 +72,7 @@ let paths = [ (pkgs.writeDashBin "mpv" '' set -efu - if [ -n "''${DISPLAY+x}" ]; then - Y_RES=$(${pkgs.xorg.xrandr}/bin/xrandr | - ${pkgs.jc}/bin/jc --xrandr | - ${pkgs.jq}/bin/jq '.screens[0].current_width' - ) - else - Y_RES=1000 - fi + Y_RES=1081 # we need to disable sponsorblock local database because of # https://github.com/po5/mpv_sponsorblock/issues/31 exec ${pkgs.mpv.override { @@ -105,7 +81,6 @@ let youtube-quality ]; }}/bin/mpv \ - -vo=gpu \ --no-config \ --input-conf=${mpvInput} \ --include=${mpvConfig} \ @@ -113,6 +88,7 @@ let --ytdl-format="best[height<$Y_RES]" \ --script-opts=ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp \ --script-opts-append=sponsorblock-local_database=no \ + --audio-channels=2 \ "$@" '') pkgs.mpv @@ -122,5 +98,6 @@ let in { environment.systemPackages = [ mpv + dl_subs ]; } diff --git a/lass/2configs/themes.nix b/lass/2configs/themes.nix index e9f83deea..60e2f7aec 100644 --- a/lass/2configs/themes.nix +++ b/lass/2configs/themes.nix @@ -15,7 +15,7 @@ ${pkgs.coreutils}/bin/chown lass:users /var/theme/current_theme ${pkgs.xorg.xrdb}/bin/xrdb -merge /var/theme/config/xresources ${pkgs.procps}/bin/pkill -HUP xsettingsd - ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)" + ${pkgs.glib}/bin/gsettings set org.gnome.desktop.interface gtk-theme "$(cat /var/theme/config/gtk-theme)" || : else echo "theme $1 not found" fi diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 90a0a5a72..c57fb5907 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -29,8 +29,10 @@ in { (servePage [ "apanowicz.de" "www.apanowicz.de" ]) (servePage [ "reich-gebaeudereinigung.de" "www.reich-gebaeudereinigung.de" ]) (servePage [ "illustra.de" "www.illustra.de" ]) - (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ]) + (servePage [ "event-extra.de" "www.event-extra.de" ]) + # (servePage [ "nirwanabluete.de" "www.nirwanabluete.de" ]) (servePage [ "familienrat-hamburg.de" "www.familienrat-hamburg.de" ]) + (servePage [ "karlaskop.de" ]) (servePage [ "freemonkey.art" "www.freemonkey.art" @@ -58,7 +60,6 @@ in { "factscloud.ubikmedia.de" "illucloud.ubikmedia.de" "joemisch.ubikmedia.de" - "karlaskop.ubikmedia.de" "nb.ubikmedia.de" "youthtube.ubikmedia.de" "weirdwednesday.ubikmedia.de" @@ -103,8 +104,9 @@ in { }; services.nextcloud = { enable = true; + enableBrokenCiphersForSSE = false; hostName = "o.xanf.org"; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; config = { adminpassFile = "/run/nextcloud.pw"; overwriteProtocol = "https"; diff --git a/lass/2configs/weechat.nix b/lass/2configs/weechat.nix index 845a7e3b8..10ca013f8 100644 --- a/lass/2configs/weechat.nix +++ b/lass/2configs/weechat.nix @@ -3,7 +3,7 @@ weechat-configured = pkgs.weechat-declarative.override { config = { scripts = [ - pkgs.weechat-matrix + pkgs.weechatScripts.weechat-matrix pkgs.weechatScripts.wee-slack ]; settings = { diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index 0e1a794ca..4082c8bd2 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -1,6 +1,7 @@ _: { imports = [ + ../../submodules/disko/module.nix ./dnsmasq.nix ./drbd.nix ./folderPerms.nix diff --git a/lass/5pkgs/weechat-matrix/default.nix b/lass/5pkgs/weechat-matrix/default.nix deleted file mode 100644 index 40848caaa..000000000 --- a/lass/5pkgs/weechat-matrix/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ python3Packages -, lib -, fetchFromGitHub -}: - -with python3Packages; - -let - scriptPython = python.withPackages (ps: with ps; [ - aiohttp - requests - python_magic - ]); - - version = "lassulus-fork"; -in python3Packages.buildPythonPackage { - pname = "weechat-matrix"; - inherit version; - - src = fetchFromGitHub { - owner = "poljar"; - repo = "weechat-matrix"; - rev = version; - hash = "sha256-o4kgneszVLENG167nWnk2FxM+PsMzi+PSyMUMIktZcc="; - }; - # src = ./weechat-matrix; - - propagatedBuildInputs = [ - pyopenssl - webcolors - future - atomicwrites - attrs - Logbook - pygments - matrix-nio - aiohttp - requests - ]; - - passthru.scripts = [ "matrix.py" ]; - - dontBuild = true; - doCheck = false; - - format = "other"; - - installPhase = '' - mkdir -p $out/share $out/bin - cp main.py $out/share/matrix.py - - cp contrib/matrix_upload.py $out/bin/matrix_upload - cp contrib/matrix_decrypt.py $out/bin/matrix_decrypt - cp contrib/matrix_sso_helper.py $out/bin/matrix_sso_helper - substituteInPlace $out/bin/matrix_upload \ - --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' - substituteInPlace $out/bin/matrix_sso_helper \ - --replace '/usr/bin/env -S python3' '${scriptPython}/bin/python' - substituteInPlace $out/bin/matrix_decrypt \ - --replace '/usr/bin/env python3' '${scriptPython}/bin/python' - - mkdir -p $out/${python.sitePackages} - cp -r matrix $out/${python.sitePackages}/matrix - ''; - - dontPatchShebangs = true; - postFixup = '' - addToSearchPath program_PYTHONPATH $out/${python.sitePackages} - patchPythonScript $out/share/matrix.py - substituteInPlace $out/${python.sitePackages}/matrix/server.py --replace \"matrix_sso_helper\" \"$out/bin/matrix_sso_helper\" - ''; - - meta = with lib; { - description = "A Python plugin for Weechat that lets Weechat communicate over the Matrix protocol"; - homepage = "https://github.com/poljar/weechat-matrix"; - license = licenses.isc; - platforms = platforms.unix; - maintainers = with maintainers; [ tilpner emily ]; - }; -} diff --git a/lass/krops.nix b/lass/krops.nix index c8a5b94b7..81c679c5e 100644 --- a/lass/krops.nix +++ b/lass/krops.nix @@ -5,16 +5,33 @@ pkgs ; - source = { test }: lib.evalSource ([ (krebs-source { test = test; }) { nixos-config.symlink = "stockholm/lass/1systems/${name}/physical.nix"; - nixpkgs-unstable.git = { - url = "https://github.com/nixos/nixpkgs"; - ref = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; - shallow = true; - }; + nixpkgs = lib.mkForce (if test then { + derivation = let + rev = (lib.importJSON ../krebs/nixpkgs-unstable.json).rev; + sha256 = (lib.importJSON ../krebs/nixpkgs-unstable.json).sha256; + in '' + with import (builtins.fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz"; + sha256 = "${sha256}"; + }) {}; + pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "${rev}"; + sha256 = "${sha256}"; + } + ''; + } else { + git = { + ref = (lib.importJSON ../krebs/nixpkgs.json).rev; + url = https://github.com/NixOS/nixpkgs; + shallow = true; + }; + }); secrets = if test then { file = toString ./2configs/tests/dummy-secrets; } else { |