palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Some Changes

Browse source
This commit is contained in:
Ingolf Wagner 2024-01-02 03:22:41 +01:00
parent f9431439d0
commit 1d3ca2a682
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
16 changed files with 19 additions and 28 deletions

58
nixos/legacy/finance.nix Normal file
View file

@ -0,0 +1,58 @@
{ lib, config, pkgs, ... }:
let
# find symbols with
# https://www.alphavantage.co/query?function=SYMBOL_SEARCH&apikey=<api_key>&keywords=<keywords>
# as described here : https://www.alphavantage.co/documentation/#symbolsearch
#
# example:
# --------
# stocks = [
# {
# friendly_name = "google";
# symbol = "GOOGL.DEX";
# name = "google";
# currency = "$";
# }
# ];
# results in
# P 2020-01-30 GOOGL $123
stocks = import ../../private_assets/finance/stocks;
stocksFile = toString /home/syncthing/finance/hledger/stocks.journal;
in
{
systemd.services.pull_stocks = {
enable = true;
description = "pull stocks for hledger";
serviceConfig = {
User = "syncthing";
Type = "oneshot";
};
script =
let
command = { symbol, name, currency, ... }: ''
APIKEY=${lib.fileContents ../../private_assets/finance/alphavantage/apiKey}
SYMBOL="${symbol}"
${pkgs.curl}/bin/curl --location --silent \
"https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \
| ${pkgs.jq}/bin/jq --raw-output '.["Global Quote"]
| "P \(.["07. latest trading day"]) ${name} ${currency}\(.["05. price"] | tonumber)"' \
>> ${stocksFile}
sleep 1
'';
in
lib.concatStringsSep "\n" (map command stocks);
};
systemd.timers.pull_stocks = {
enable = true;
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = "true";
};
};
}

130
nixos/legacy/graylog.nix Normal file
View file

@ -0,0 +1,130 @@
{ config, lib, pkgs, ... }:
let port = 9000;
in {
# configure nginx
services.nginx = {
enable = true;
virtualHosts = {
"graylog.workhorse.private" = {
locations."/" = {
proxyPass = "http://localhost:${toString port}";
extraConfig = ''
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://localhost:${
toString port
} https://graylog.workhorse.private/;
'';
};
};
};
};
services.mongodb.enable = true;
services.elasticsearch = {
enable = true;
listenAddress = "${config.networking.hostName}.private";
extraJavaOptions = [ "-Des.http.cname_in_publish_address=true" ];
};
services.graylog.enable = true;
services.graylog.elasticsearchHosts =
[ "http://${config.services.elasticsearch.listenAddress}:9200" ];
# https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
services.graylog.extraConfig = ''
http_bind_address = 0.0.0.0:${toString port}
http_publish_uri = http://workhorse.private:${toString port}/
'';
# other wise this does not work
services.graylog.nodeIdFile = "/var/lib/graylog/node-id";
# pwgen -N 1 -s 96
services.graylog.passwordSecret =
lib.fileContents ../../private_assets/graylog/password-secret;
# echo -n yourpassword | shasum -a 256
services.graylog.rootPasswordSha2 =
lib.fileContents ../../private_assets/graylog/root-password-hash;
services.graylog.plugins = [ pkgs.graylogPlugins.slack ];
# not working at the moment
#services.geoip-updater.enable = true;
# https://wiki.splunk.com/Http_status.csv
environment.etc."graylog/server/httpCodes.csv" = {
enable = true;
text = ''
status,status_description,status_type
100,Continue,Informational
101,Switching Protocols,Informational
200,OK,Successful
201,Created,Successful
202,Accepted,Successful
203,Non-Authoritative Information,Successful
204,No Content,Successful
205,Reset Content,Successful
206,Partial Content,Successful
300,Multiple Choices,Redirection
301,Moved Permanently,Redirection
302,Found,Redirection
303,See Other,Redirection
304,Not Modified,Redirection
305,Use Proxy,Redirection
307,Temporary Redirect,Redirection
400,Bad Request,Client Error
401,Unauthorized,Client Error
402,Payment Required,Client Error
403,Forbidden,Client Error
404,Not Found,Client Error
405,Method Not Allowed,Client Error
406,Not Acceptable,Client Error
407,Proxy Authentication Required,Client Error
408,Request Timeout,Client Error
409,Conflict,Client Error
410,Gone,Client Error
411,Length Required,Client Error
412,Precondition Failed,Client Error
413,Request Entity Too Large,Client Error
414,Request-URI Too Long,Client Error
415,Unsupported Media Type,Client Error
416,Requested Range Not Satisfiable,Client Error
417,Expectation Failed,Client Error
500,Internal Server Error,Server Error
501,Not Implemented,Server Error
502,Bad Gateway,Server Error
503,Service Unavailable,Server Error
504,Gateway Timeout,Server Error
505,HTTP Version Not Supported,Server Error
'';
};
environment.etc."graylog/server/known_servers.csv" = {
enable = true;
text = ''
"ip","host_name"
"95.216.1.150","lassul.us"
'';
};
environment.etc."graylog/systemd/loglevel.csv" = {
enable = true;
text = ''
"value","Servity","Description"
"0","emergency","System is unusable"
"1","alert","Should be corrected immediately"
"2","cirtical","Critical conditions"
"3","error","Error Condition"
"4","warning","May indicate that an error will occur if action is not taken."
"5","notice","Events that are unusual, but not error conditions."
"6","info","Normal operational messages that require no action."
"7","debug","Information useful to developers for debugging the application."
'';
};
}

25
nixos/legacy/kibana.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"kibana.${config.networking.hostName}.private" = {
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.kibana.port
}";
};
};
};
};
services.elasticsearch.enable = true;
services.elasticsearch.listenAddress = "workhorse.private";
services.kibana.enable = true;
services.kibana.elasticsearch.hosts = [ "http://workhorse.private:9200" ];
services.kibana.listenAddress = "workhorse.private";
services.kibana.port = 5601;
}

663
nixos/legacy/mail-fetcher.nix Normal file
View file

@ -0,0 +1,663 @@
# fetches mails for me
{ lib, pkgs, config, ... }:
let
junk_filter = [
"from:booking.com"
"subject:Gewinn"
"from:brompton.com"
"from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)"
"from:codepen.io"
"from:congstarnews.de"
"from:cronullasurfingacademy.com"
"from:cryptohopper.com"
"from:digitalo.de"
"from:facebook.com OR from:facebookmail.com"
"from:fitnessfirst.de"
"from:flixbus.de"
"from:getdigital.de"
"from:getpocket.com"
"from:ghostinspector.com"
"from:globetrotter.de"
"from:hackster.io"
"from:hostelworld.com"
"from:immobilienscout24.de"
"from:kvraudio.com"
"from:letterboxd.com"
"from:linkedin.com"
"from:magix.net"
"from:mailings.gmx.net"
"from:mailings.web.de"
"from:matrix.org"
"from:menospese.com"
"from:microsoftstoreemail.com"
"from:mixcloudmail.com AND subject:Weekly Update"
"from:oknotify2.com AND NOT subject:New message"
"from:paulaschoice.com"
"from:puppet.com"
"from:runtastic.com"
"from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com"
"from:ticketmaster.de"
"from:trade4less.de"
"from:tumblr.com"
"from:turners.co.nz"
"from:twitch.tv"
"from:vstbuzz.com"
];
filters = [
{
query = "from:hv-geelen.de";
tags = [ "+wohnung" ];
}
{
query = "from:computerfutures.com OR from:computerfutures.de";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:seek.com.au or from:seek.co.nz";
tags = [ "+jobs" ];
}
{
query = "from:xing.com";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com";
tags = [ "+sononym" "-inbox" ];
}
{
query = "from:ebay.com OR from:ebay.de OR from:ebay.net";
tags = [ "+ebay" "+shop" "+billing" ];
}
{
query = "from:bahn.de";
tags = [ "+billing" "+bahn" ];
}
{
query =
"from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com";
tags = [ "+mia" "+work" "-unread" "-inbox" ];
}
{
query =
"from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/";
tags = [ "+spaceleft" "+space-left" ];
}
{
query = "from:landr.com";
tags = [ "+landr" "+music" ];
}
{
query = "tag:landr and tag:billing";
tags = [ "+billing" ];
}
{
query = "from:oknotify2.com";
tags = [ "+okcupid" ];
}
{
query = "from:taxback.de OR to:taxback.de";
tags = [ "+steuer" ];
}
{
query = "from:campact.de";
tags = [ "+campact" "+politics" ];
}
{
query = "from:aliexpress.com";
tags = [ "+shop" "+aliexpress" ];
}
{
query = "from:congstar.de";
tags = [ "+billing" "+congstar" "-inbox" "-unread" ];
}
{
query =
"from:steampowered.com AND NOT ( subject:purchase OR subject:received )";
tags = [ "-inbox" "-unread" ];
}
{
query =
"from:steampowered.com AND ( subject:purchase OR subject:received )";
tags = [ "+billing" "+steam" ];
}
{
query = "from:gog.com AND NOT subject:Bestellung";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:gog.com AND subject:Bestellung";
tags = [ "+billing" "+gog" ];
}
{
query = "from:stadtmobil.de";
tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ];
}
{
query = "from:drive-now.com";
tags = [ "+billing" "+drivenow" "-inbox" "-unread" ];
}
{
query = "from:data-treuhand.de";
tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ];
}
{
query = "from:immocation.de";
tags = [ "+immobilien" "-inbox" ];
}
{
query = "from:tinc-vpn.org";
tags = [ "+tinc" ];
}
{
query = "from:mindfactory.de";
tags = [ "+shop" "+billing" ];
}
{
query = "from:zalando.de";
tags = [ "+shop" "+billing" "+zalando" ];
}
{
query = "from:ing.de";
tags = [ "+bank" "+ingdiba" ];
}
{
query = "from:nab.com.au";
tags = [ "+bank" "+nab" "-inbox" "-unread" ];
}
{
query = "from:dkb.de";
tags = [ "+bank" "+dkb" ];
}
{
query = "from:o2online.de";
tags = [ "+billing" "+o2" ];
}
{
query = "from:betfair.com";
tags = [ "+work" "+betfair" ];
}
{
query = "from:notifications@github.com";
tags = [ "+github" ];
}
{
query = "to:NUR@noreply.github.com";
tags = [ "+nur" "+nixos" "+list" ];
}
{
query = "to:nixpkgs@noreply.github.com";
tags = [ "+nixpkgs" "+nixos" "+list" ];
}
{
query = "from:travis-ci.org AND subject:mrVanDalo/navi";
tags = [ "+development" "+navi" ];
}
{
query = "from:travis-ci.org AND subject:nur-packages";
tags = [ "+development" "+nixos" "+nur-packages" ];
}
{
query = "from:travis-ci.org AND subject:csv-to-qif";
tags = [ "+development" "+csv-to-qif" ];
}
{
query = "to:proaudio@lists.tuxfamily.org";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:nixos1@discoursemail.com";
tags = [ "+nixos" "+discourse" "+list" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Development";
tags = [ "+nixos" "+discourse" "+development" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Français";
tags = [ "+nixos" "+discourse" "-inbox" "-unread" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Announcements";
tags = [ "+nixos" "+discourse" "+announcements" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Links";
tags = [ "+nixos" "+discourse" "+links" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Games";
tags = [ "+nixos" "+discourse" "+games" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Meta";
tags = [ "+nixos" "+discourse" "+meta" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Events";
tags = [ "+nixos" "+discourse" "+events" ];
}
{
query = "from:limebike.com AND (subject:Funds OR subject:Receipt)";
tags = [ "-inbox" "-unread" "+billing" "+limebike" ];
}
{
query = "from:freemusicarchive.org";
tags = [ "+FMA" ];
}
{
query = "from:namecheap.com and subject:auto-renewal";
tags = [ "+namecheap" "+billing" ];
}
{
query = "from:namecheap.com and subject:order";
tags = [ "+namecheap" "+billing" ];
}
{
query = "tag:namecheap.com and tag:billing and body:gaykraft.com";
tags = [ "+namecheap" "+billing" ];
}
{
query = "from:nintendo.com";
tags = [ "+nintendo" "+billing" ];
}
{
query = "from:oculus.com AND subject:receipt";
tags = [ "+oculus" "+billing" ];
}
{
query = "from:car2go.com";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:sixt.de";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:meetup.com";
tags = [ "-inbox" "-unread" "+meetup" ];
}
{
query = "from:slack.com";
tags = [ "+slack" ];
}
{
query = "from:keybase.io";
tags = [ "+keybase" ];
}
{
query = "from:jobs2web.com";
tags = [ "+newzealand" "+jobs" "-inbox" ];
}
{
query = "from:paypal.de AND subject:Bestätigung";
tags = [ "-unread" "+paypal" "+billing" ];
}
{
query = "to:c-base.org";
tags = [ "+cbase" "+list" ];
}
{
query = "to:c-base.org AND subject=[auto-report]";
tags = [ "-unread" "-inbox" ];
}
{
query = "from:browserstack.com";
tags = [ "+browserstack" ];
}
{
query =
"to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com";
tags = [ "+renoise" ];
}
{
query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com";
tags = [ "+shop" "+amazon" "+billing" ];
}
{
query = "from:hetzner.com OR from:hetzner.de";
tags = [ "+hetzner" ];
}
{
query =
"to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
}
{
query = "tag:hetzner and subject:Invoice";
tags = [ "+billing" ];
}
# final rules to make imap sync stuff easier
# there can only be one output folder tag, and theses rules are prioritized
{
query = "tag:fraud";
tags = [ "-inbox" "-archive" "-junk" "-unread" ];
message = "clean up tag fraud";
}
{
query = "tag:junk";
tags = [ "-inbox" "-archive" "-fraud" "-unread" ];
message = "clean up tag junk";
}
{
query = "tag:archive";
tags = [ "-inbox" "-junk" "-fraud" "-unread" ];
message = "clean up tag archive";
}
{
query = "tag:inbox";
tags = [ "-archive" "-junk" "-fraud" ];
message = "clean up inbox";
}
{
query = "tag:killed";
tags = [ "-inbox" "-unread" ];
message = "clean up tag killed";
}
{
query = "tag:muted";
tags = [ "-inbox" "-unread" ];
}
# remove new tag at the end
{
query = "tag:new";
tags = [ "-new" ];
message = "remove new tag at the end";
}
];
notmuchTagging =
let
template = index:
{ tags, query, message ? "generic", ... }:
let
command = ''
${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}"
'';
in
''
echo '${command}'
${command}
'';
junk_template = index: query:
template index {
tags = [ "+junk" "-unread" "-inbox" ];
query = query;
message = "generic junk filter";
};
in
pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n"
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
notmuchTaggingNew =
let
template = index:
{ tags, query, message ? "generic", ... }:
let
command = ''
${pkgs.notmuch}/bin/notmuch tag ${
lib.concatStringsSep " " tags
} -- "${query} AND tag:new"
'';
in
''
echo '${command}'
${command}
'';
junk_template = index: query:
template index {
tags = [ "+junk" "-unread" "-inbox" ];
query = query;
message = "generic junk filter";
};
in
pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n"
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
in
{
backup.dirs = [ "/home/mailfetcher" ];
users.users.mailUser = {
isNormalUser = true;
description = "collects mails for me";
hashedPassword = "!";
name = "mailfetcher";
home = "/home/mailfetcher";
openssh.authorizedKeys.keyFiles =
config.users.users.root.openssh.authorizedKeys.keyFiles;
group = "mailfetcher";
};
users.groups.mailUser = {
name = "mailfetcher";
};
sops.secrets.mail_terranix = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmail = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmx_palo = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmx_ingolf = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_web = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_siteground = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
environment.systemPackages = [ pkgs.muchsync ];
# configure accounts
home-manager.users.mailUser.accounts.email = {
accounts = {
palo_van_dalo-gmx = {
primary = false;
address = "palo_van_dalo@gmx.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palo_van_dalo@gmx.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_gmx_palo.path }";
imap = {
host = "imap.gmx.net";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
ingolf-wagner-gmx = {
primary = false;
address = "ingolf.wagner@gmx.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "ingolf.wagner@gmx.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_gmx_ingolf.path }";
imap = {
host = "imap.gmx.net";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
pali_palo = {
primary = false;
address = "pali_palo@web.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "pali_palo@web.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_web.path }";
imap = {
host = "imap.web.de";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
gmail = {
# for google accounts you have to allow 'less secure apps' in accounts.google.com
primary = true;
address = "palipalo9@googlemail.com";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palipalo9@googlemail.com";
passwordCommand =
"cat ${toString config.sops.secrets.mail_gmail.path }";
imap = {
host = "imap.gmail.com";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
terranix_org = {
primary = false;
address = "palo@terranix.org";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palo@terranix.org";
passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }";
imap = {
host = "mail.privateemail.com";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
ingolf-wagner-de = {
primary = false;
address = "contact@ingolf-wagner.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "contact@ingolf-wagner.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_siteground.path }";
imap = {
host = "securees5.sgcpanel.com";
port = 993;
tls.enable = true;
#tls.useStartTls = true;
};
# make sure the upstream mail is deleted
getmail = {
enable = true;
delete = true;
readAll = false;
mailboxes = [ "ALL" ];
};
notmuch.enable = true;
};
};
};
home-manager.users.mailUser.home.stateVersion = "22.11";
# configure mbsync
home-manager.users.mailUser.programs.mbsync.enable = true;
# re-tag everything once a day
systemd.services.retagmail = {
enable = true;
serviceConfig = { User = config.users.users.mailUser.name; };
environment.NOTMUCH_CONFIG =
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
script = "${notmuchTagging}";
};
systemd.timers.retagmail = {
enable = true;
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
};
wantedBy = [ "multi-user.target" ];
};
# fetch mails every 10 minutes
systemd.services.fetchmail =
let
threadTag = tag: ''
echo "tag threads with ${tag}"
${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag})
'';
in
{
enable = true;
serviceConfig = { User = config.users.users.mailUser.name; };
environment.NOTMUCH_CONFIG =
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
script = ''
echo "run mbsync"
${pkgs.isync}/bin/mbsync \
--all
echo "run getmail"
${pkgs.getmail}/bin/getmail \
--quiet \
--rcfile getmailingolf-wagner-de
echo "run notmuch"
${pkgs.notmuch}/bin/notmuch new
${notmuchTaggingNew}
${threadTag "muted"}
${threadTag "wohnung"}
${threadTag "flagged"}
'';
};
systemd.timers.fetchmail = {
enable = true;
# timerConfig.OnCalendar = " *-*-* *:00:00";
timerConfig.OnCalendar = "*:0/10";
wantedBy = [ "multi-user.target" ];
};
# configure notmuch
home-manager.users.mailUser.programs.notmuch = {
enable = true;
new.tags = [ "unread" "inbox" "new" ];
};
}

40
nixos/legacy/media-unmanic.nix Normal file
View file

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers = {
containers.unmanic = {
volumes = [
"/media/arr/unmanic/config:/config"
#"/media/arr/unmanic/library:/library"
"/media/arr/unmanic/tmp:/tmp/unmanic"
"/media:/library"
];
environment = {
PUID = toString config.users.users.media.uid;
PGID = toString config.users.groups.media.gid;
};
ports = [
"127.0.0.1:8889:8888"
];
image = "josh5/unmanic:latest";
};
};
#networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
#networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
#networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
#networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
services.nginx.virtualHosts."unmanic.${config.networking.hostName}.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:8889";
proxyWebsockets = true;
};
};
}

20
nixos/legacy/mysql.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, lib, config, ... }: {
services.mysql = {
enable = true;
package = pkgs.mysql80;
initialScript = pkgs.writeText "initScript" ''
CREATE USER 'admin'@'%' IDENTIFIED BY 'admin';
GRANT ALL PRIVILEGES ON * . * TO 'admin'@'%';
'';
};
services.mysqlBackup = {
enable = true;
databases = [ "property" ];
#user = "admin";
};
backup.dirs = [ config.services.mysqlBackup.location ];
}

43
nixos/legacy/property.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, pkgs, config, ... }: {
users.users.property = { isSystemUser = true; };
systemd.services.property = {
enable = true;
wantedBy = [ "multi-user.target" ];
path = [
(pkgs.python3.withPackages (ps:
with ps; [
flask
selenium
beautifulsoup4
urllib3
sqlalchemy
mysqlclient
pytest
dateparser
geopy
nltk
click
]))
];
serviceConfig = { User = "property"; };
script = ''
FLASK_APP=${<property>}/server.py \
FLASK_RUN_PORT=7888 \
flask run --host 0.0.0.0 \
"$@"
'';
};
services.nginx = {
enable = true;
virtualHosts = {
"property.workhorse.private" = {
locations."/" = { proxyPass = "http://localhost:7888"; };
};
};
};
}

73
nixos/legacy/screeps.nix Normal file
View file

@ -0,0 +1,73 @@
{ config, lib, pkgs, ... }:
with lib;
let
debug = true;
#version = "latest";
# version = "142c079"; # 2 years ago.
# version = "v1.14.0"; # 2 years ago.
version = "v1.13.2"; # 2 years ago.
in
{
virtualisation.oci-containers = {
containers.screeps = {
volumes = [
"/srv/screeps:/screeps"
(optionalString debug "/srv/screeps-tmp:/tmp")
];
environment.TZ = "Europe/Berlin";
image = "screepers/screeps-launcher:${version}";
ports = [ "21025:21025" ];
};
};
systemd.services.docker-screeps =
let
configuration = builtins.toJSON {
steamKey = "keyFromStep3";
version = "latest";
mods = [
#"screepsmod-auth"
#"screepsmod-admin-utils"
#"screepsmod-mongo"
];
bots = {
simplebot = "screepsbot-zeswarm";
};
serverConfig = {
welcomeText = "<h1 style=\"text-align: center;\">My Cool Server</h1>";
constants = {
"TEST_CONSTANT" = 123;
};
tickRate = 1000;
};
};
in
{
unitConfig = {
StartLimitInterval = 200;
StartLimitBurst = 2;
};
serviceConfig = {
Restart = mkForce (if debug then "no" else "always");
RestartSec = 30;
ExecStartPre = [
(toString (pkgs.writers.writeDash "create-screeps-config" ''
mkdir -p /srv/screeps/
chown 1000:1000 -R /srv/screeps
${optionalString debug "mkdir -p /srv/screeps-tmp"}
${optionalString debug "chown 1000:1000 -R /srv/screeps-tmp"}
echo '${configuration}' > /srv/screeps/config.yaml
''))
];
};
};
#networking.firewall.allowedTCPPorts = [ 8123 ];
#networking.firewall.allowedUDPPorts = [ 8123 ];
#networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
#networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
}

45
nixos/legacy/webhook-ring.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, pkgs, ... }:
# To create a sign at the door
# "Sorry Doorbell is broken, please scan this QR Code
#
# create QR Code with:
# qrencode -o ./test.png http://ring.ingolf-wagner.de
#
# for secure urls check
# https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/
{
sops.secrets.ringPushover = {
owner = config.services.webhook.user;
};
services.webhook = {
enable = true;
hooks = {
ring = {
execute-command =
let
script = pkgs.writers.writeBash "ring-script" ''
. ${config.sops.secrets.ringPushover.path}
${pkgs.curl}/bin/curl -s \
--form-string "token=$API_KEY" \
--form-string "user=$USER_KEY" \
--form-string "title=Klingeling" \
--form-string "message=Jemand an der Tür" \
https://api.pushover.net/1/messages.json
'';
in
toString script;
response-message = "It's ringing";
};
};
};
services.nginx.virtualHosts."ring.ingolf-wagner.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.webhook.port}/${config.services.webhook.urlPrefix}/ring";
};
};
}

38
nixos/legacy/weechat.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }:
# how to setup a relay
# * ssh on the maching
# * sudo -u weechat screen -r
# /set relay.network.password "mypassword"
# /relay add weechat 10000
{
# configure weechat
services.weechat = { enable = true; };
# configure bitlbee
services.bitlbee = {
enable = true;
libpurple_plugins = [
#pkgs.pidgin-otr
#pkgs.purple-facebook
#pkgs.purple-discord
#pkgs.purple-matrix
#pkgs.purple-hangouts
#pkgs.pidgin-latex
#pkgs.pidgin-opensteamworks
#pkgs.pidgin-skypeweb
pkgs.telegram-purple
#pkgs.purple-lurch
];
plugins =
[ pkgs.bitlbee-facebook pkgs.bitlbee-steam pkgs.bitlbee-mastodon ];
};
# otherwise xterm is the only thing that works
environment.systemPackages = [ pkgs.rxvt_unicode ];
backup.dirs = [ config.services.weechat.root ];
}