newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: newedge:32b01c84dbf6d6133721db9490aa5f9a654f856e
Branches Tags
newedge:main newedge:mob/inventree-nixpkgs-test newedge:inventree-nixpkgs-test newedge:mob/inventree-test newedge:inventree-test newedge:mob/phonebox-multi-clients newedge:phonebox-multi-clients newedge:buna-machine newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:vega-ups newedge:mob/gitea newedge:gitea
..
compare: newedge:mob/phonebox-multi-clients
Branches Tags
newedge:mob/inventree-nixpkgs-test newedge:inventree-nixpkgs-test newedge:main newedge:mob/inventree-test newedge:inventree-test newedge:mob/phonebox-multi-clients newedge:phonebox-multi-clients newedge:buna-machine newedge:whitehouse-router newedge:mob/vega-backup newedge:mob/router-device newedge:router-device newedge:vega-backup newedge:mob/noreply-mailer newedge:noreply-mailer newedge:mob/vega-ups newedge:vega-ups newedge:mob/gitea newedge:gitea

3 Commits
32b01c84db ... mob/phoneb

Author SHA1 Message Date
kurogeek
f54cf1c60a mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/phonebox/default.nix
 2025-12-19 16:15:39 +07:00
kurogeek
1fa7da00c2 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/phonebox/default.nix
 2025-12-19 09:21:24 +07:00
kurogeek
34e9774aa7 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/phonebox/default.nix
 2025-12-18 15:47:08 +07:00
32 changed files with 76 additions and 634 deletions
Expand all files Collapse all files

61
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766984802, "lastModified": 1764799743,
"narHash": "sha256-SYZ/MXVtJEb3sRWxvPL/2HtpSL1CzQgu1o8ASXqCO98=", "narHash": "sha256-MbbiNG/bhqe+4z7ml8TefIs4swSonmiV0CimCntXuCg=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "052b66d8dc724c3e519b9003281c2f9a210fc380", "rev": "ddc0f9fabf33ad000676a33e97be6b5df12a4560",
"revCount": 11770, "revCount": 11417,
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "https://git.clan.lol/clan/clan-core"
}, },
@@ -49,11 +49,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766977667, "lastModified": 1762942435,
"narHash": "sha256-LUALgG4ZpsA0k7pGYzMDto/r6T8aIPlYTok3lGlojjA=", "narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=",
"rev": "3f852546b5d8bd2e9659a81c6b2cc14922e63a94", "rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/3f852546b5d8bd2e9659a81c6b2cc14922e63a94.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -88,11 +88,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766150702, "lastModified": 1764627417,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -121,26 +121,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768068402,
"narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"import-tree": { "import-tree": {
"locked": { "locked": {
"lastModified": 1752730890, "lastModified": 1752730890,
@@ -182,11 +162,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766784396, "lastModified": 1764161084,
"narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=", "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
"owner": "nix-darwin", "owner": "nix-darwin",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55", "rev": "e95de00a471d07435e0527ff4db092c84998698e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -210,11 +190,11 @@
}, },
"nixos-facter-modules": { "nixos-facter-modules": {
"locked": { "locked": {
"lastModified": 1766558141, "lastModified": 1764252389,
"narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-facter-modules", "repo": "nixos-facter-modules",
"rev": "e796d536e3d83de74267069e179dc620a608ed7d", "rev": "5ea68886d95218646d11d3551a476d458df00778",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -244,7 +224,6 @@
"clan-core": "clan-core", "clan-core": "clan-core",
"devshell": "devshell", "devshell": "devshell",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager",
"import-tree": "import-tree", "import-tree": "import-tree",
"liminix": "liminix", "liminix": "liminix",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
@@ -259,11 +238,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766894905, "lastModified": 1764483358,
"narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=", "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7", "rev": "5aca6ff67264321d47856a2ed183729271107c9c",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
flake.nix
View File

@@ -15,10 +15,6 @@
inputs.nixpkgs-lib.follows = "nixpkgs"; inputs.nixpkgs-lib.follows = "nixpkgs";
url = "github:hercules-ci/flake-parts"; url = "github:hercules-ci/flake-parts";
}; };
home-manager = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/home-manager";
};
import-tree.url = "github:vic/import-tree"; import-tree.url = "github:vic/import-tree";
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
treefmt-nix = { treefmt-nix = {
@@ -65,7 +61,6 @@
}; };
packages.think = pkgs.think-gtcm; packages.think = pkgs.think-gtcm;
packages.think-be = pkgs.think-backend-gtcm; packages.think-be = pkgs.think-backend-gtcm;
packages.file-uploader = pkgs.gtcm-file-uploader;
}; };
} }
); );

62
inventories/default.nix
View File

@@ -46,14 +46,6 @@
}; };
}; };
user-emmie = {
module = {
name = "emmie";
input = "self";
};
roles.default.machines."rana" = { };
};
tor = { tor = {
module = { module = {
name = "tor"; name = "tor";
@@ -117,6 +109,12 @@
roles.default.machines."adhil".settings = { roles.default.machines."adhil".settings = {
ata-ethernet-iface = "end0"; ata-ethernet-iface = "end0";
}; };
roles.default.machines."rigel".settings = {
extraClientNumbers = [
"01"
"02"
];
};
}; };
pocket-id = { pocket-id = {
@@ -208,54 +206,6 @@
}; };
}; };
}; };
git-daemon = {
module = {
name = "git-daemon";
input = "self";
};
roles.default.machines.neptune = {
settings.repositories =
let
defaults = rec {
write-access = [
"10.0.0.0/24"
"200:d7b1:c5d5:ea7:27ad:6837:40f6:404d/128"
];
read-access = write-access;
};
PUBLIC = {
read-access = [
"10.0.0.0/24"
"0200::/7"
];
};
in
builtins.mapAttrs (_: override: defaults // override) {
"9e" = PUBLIC;
archive-dl = { };
barrytown = { };
cleanroom = PUBLIC;
community-memory = { };
eris = { };
ftdi-sd-spi = { };
go-go-gadget = { };
hacking-the-kindle = { };
islands = { };
kt = { };
legba = { };
llb = PUBLIC;
llc = PUBLIC;
lora = { };
mute = { };
navi = { };
notmuch-memoryhole = PUBLIC;
pms5003 = { };
thinc = { };
toad = { };
yggdrasil-erlang = { };
};
};
};
}; };
}; };
}; };

4
machines/adhil/configuration.nix
View File

@@ -7,7 +7,7 @@
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
# clan.core.networking.targetHost = "root@"; # clan.core.networking.targetHost = "root@";
clan.core.settings.name = "adhil"; clan.meta.name = "adhil";
# clan.meta.description = "Raspberry Pi 4 SBC board for one of w phone network. (With w office)"; clan.meta.description = "Raspberry Pi 4 SBC board for one of w phone network. (With w office)";
} }

4
machines/almach/configuration.nix
View File

@@ -7,7 +7,7 @@
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
# clan.core.networking.targetHost = "root@"; # clan.core.networking.targetHost = "root@";
clan.core.settings.name = "almach"; clan.meta.name = "almach";
# clan.meta.description = "Radxa X4 SBC board for one of w phone network."; clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
} }

4
machines/alpheratz/configuration.nix
View File

@@ -7,7 +7,7 @@
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
# clan.core.networking.targetHost = "root@"; # clan.core.networking.targetHost = "root@";
clan.core.settings.name = "alpheratz"; clan.meta.name = "alpheratz";
# clan.meta.description = "Radxa X4 SBC board for one of w phone network."; clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
} }

4
machines/buna/configuration.nix
View File

@@ -7,7 +7,7 @@
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
# clan.core.networking.targetHost = "root@"; # clan.core.networking.targetHost = "root@";
clan.core.settings.name = "buna"; clan.meta.name = "buna";
# clan.meta.description = "Radxa X4 SBC board for one of w phone network. (With w whitehouse)"; clan.meta.description = "Radxa X4 SBC board for one of w phone network. (With w whitehouse)";
} }

4
machines/mirach/configuration.nix
View File

@@ -7,7 +7,7 @@
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
# clan.core.networking.targetHost = "root@"; # clan.core.networking.targetHost = "root@";
clan.core.settings.name = "mirach"; clan.meta.name = "mirach";
# clan.meta.description = "Radxa X4 SBC board for one of w phone network."; clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
} }

4
machines/neptune/configuration.nix
View File

@@ -56,7 +56,7 @@
"tls://astrra.space:55535" "tls://astrra.space:55535"
]; ];
clan.core.settings.name = "neptune"; clan.meta.name = "neptune";
# clan.meta.description = "Radxa SBC board for testing. (With vi)"; clan.meta.description = "Radxa SBC board for testing. (With vi)";
} }

8
machines/ramus/configuration.nix
View File

@@ -5,10 +5,10 @@
system = "x86_64-linux"; system = "x86_64-linux";
}; };
clan.core.settings.name = "ramus"; clan.meta.name = "ramus";
# clan.meta.description = '' clan.meta.description = ''
# A Hetzner VPS machine own by Alex. A Hetzner VPS machine own by Alex.
# ''; '';
clan.core.sops.defaultGroups = [ "admins" ]; clan.core.sops.defaultGroups = [ "admins" ];
clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";

5
machines/ramus/think-greater-chiangmai.nix
View File

@@ -1,6 +1,6 @@
{ self, config, ... }: { self, config, ... }:
let let
commonSettings = rec { commonSettings = {
APP_NAME = "Laravel"; APP_NAME = "Laravel";
APP_ENV = "local"; APP_ENV = "local";
APP_KEY._secret = config.clan.core.vars.generators.greaterchiangmai.files.app_key.path; APP_KEY._secret = config.clan.core.vars.generators.greaterchiangmai.files.app_key.path;
@@ -13,7 +13,6 @@ let
DB_DATABASE = "thinkgtcm"; DB_DATABASE = "thinkgtcm";
DB_USERNAME = "gtcm"; DB_USERNAME = "gtcm";
R2_SCHEMA_URL = "https://${R2_BUCKET}.${R2_REGION}.your-objectstorage.com/test-large-files/";
R2_ACCESS_KEY_ID = config.clan.core.vars.generators.greaterchiangmai-s3.files.access_key_id.value; R2_ACCESS_KEY_ID = config.clan.core.vars.generators.greaterchiangmai-s3.files.access_key_id.value;
R2_SECRET_ACCESS_KEY._secret = R2_SECRET_ACCESS_KEY._secret =
config.clan.core.vars.generators.greaterchiangmai-s3.files.secret_access_key.path; config.clan.core.vars.generators.greaterchiangmai-s3.files.secret_access_key.path;
@@ -21,8 +20,6 @@ let
R2_BUCKET = config.clan.core.vars.generators.greaterchiangmai-s3.files.bucket.value; R2_BUCKET = config.clan.core.vars.generators.greaterchiangmai-s3.files.bucket.value;
R2_ENDPOINT = config.clan.core.vars.generators.greaterchiangmai-s3.files.endpoint.value; R2_ENDPOINT = config.clan.core.vars.generators.greaterchiangmai-s3.files.endpoint.value;
R2_BUCKET_NAME = R2_BUCKET;
LOG_CHANNEL = "stack"; LOG_CHANNEL = "stack";
LOG_LEVEL = "debug"; LOG_LEVEL = "debug";

8
machines/rana/configuration.nix
View File

@@ -1,8 +0,0 @@
{ ... }:
{
nixpkgs.hostPlatform = {
system = "x86_64-linux";
};
system.stateVersion = "25.11";
clan.core.sops.defaultGroups = [ "admins" ];
}

90
machines/rana/disko.nix
View File

@@ -1,90 +0,0 @@
{ ... }:
let
hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
os = "/dev/disk/by-id/FIXME";
in
{
boot.loader = {
systemd-boot = {
enable = true;
};
efi = {
canTouchEfiVariables = true;
};
};
disko.devices = {
disk = {
"os-${hashDisk os}" = {
type = "disk";
device = os;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
};
system = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
swap = {
size = "16G";
content = {
type = "swap";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
mountpoint = "none";
compression = "lz4";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
};
options.ashift = "12";
datasets = {
"root" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"root/nixos" = {
type = "zfs_fs";
options.mountpoint = "/";
mountpoint = "/";
};
"root/home" = {
type = "zfs_fs";
options.mountpoint = "/home";
mountpoint = "/home";
};
"root/tmp" = {
type = "zfs_fs";
mountpoint = "/tmp";
options = {
mountpoint = "/tmp";
sync = "disabled";
};
};
};
};
};
};
}

1
machines/sirius/configuration.nix
View File

@@ -19,6 +19,7 @@
system = "x86_64-linux"; system = "x86_64-linux";
}; };
networking.fqdn = config.clan.core.vars.generators.vega-internal-domain.files.name.value;
system.stateVersion = "25.11"; system.stateVersion = "25.11";
} }

172
modules/clan/git-daemon/default.nix
View File

@@ -1,172 +0,0 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "git-daemon";
manifest.description = "a really simple server for git repositories";
manifest.categories = [ "System" ];
roles.default = {
interface =
{ lib, ... }:
{
options = with lib; {
directory = lib.mkOption {
type = types.str;
default = "/var/git";
};
repositories = lib.mkOption {
type =
with lib.types;
attrsOf (
submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
type = str;
default = name;
};
read-access = lib.mkOption {
type = listOf str;
default = [ ];
};
write-access = lib.mkOption {
type = listOf str;
default = [ ];
};
};
}
)
);
default = { };
};
};
};
perInstance =
{
settings,
...
}:
{
nixosModule =
{
pkgs,
lib,
config,
...
}:
{
systemd.services.git-init = {
serviceConfig = {
Type = "oneshot";
User = config.services.gitDaemon.user;
Group = config.services.gitDaemon.group;
ExecStartPre = toString [
"+${pkgs.coreutils}/bin/install"
"--directory"
"--owner=${config.services.gitDaemon.user}"
"--group=${config.services.gitDaemon.group}"
"--mode=0750"
settings.directory
];
ExecStart =
let
git-template = pkgs.stdenv.mkDerivation {
name = "git-template";
buildCommand = ''
cp --no-preserve=mode,ownership --recursive \
${pkgs.git}/share/git-core/templates $out
install -m550 $out/hooks/post-update{.sample,}
'';
};
init-script =
{ name, ... }:
pkgs.writeShellScript "git-init-${name}" ''
${pkgs.git}/bin/git init \
--bare --template=${git-template} --shared=0660 \
${settings.directory}/${name}.git
${pkgs.git}/bin/git \
-C ${settings.directory}/${name}.git \
config set receive.denyNonFastforwards false
'';
in
map init-script (lib.attrValues settings.repositories);
};
};
services.gitDaemon = {
enable = true;
user = "git";
group = "git";
options =
let
firewall = pkgs.writeText "git-daemon-firewall.json" (
builtins.toJSON (builtins.attrValues settings.repositories)
);
hook = pkgs.writers.writePython3 "hook.py" { flakeIgnore = [ "E" ]; } ''
import os, sys, enum, pathlib, ipaddress, json
class Service(enum.Enum):
UploadPack = enum.auto()
ReceivePack = enum.auto()
UploadArchive = enum.auto()
@classmethod
def parse(cls, string):
return {
'upload-pack': cls.UploadPack,
'receive-pack': cls.ReceivePack,
'upload-archive': cls.UploadArchive
}[string]
@property
def service(self):
return {
UploadPack: 'read-access',
ReceivePack: 'write-access'
}[self]
UploadPack = Service.UploadPack
ReceivePack = Service.ReceivePack
def parse_remote_addr(remote_addr):
if remote_addr.startswith('[') and remote_addr.endswith(']'):
return ipaddress.ip_address(remote_addr[1:-1])
return ipaddress.ip_address(remote_addr)
service = Service.parse(sys.argv[1])
repo = pathlib.Path(sys.argv[2]).stem
client = parse_remote_addr(os.environ['REMOTE_ADDR'])
with open("${firewall}", 'r') as f:
firewall = json.load(f)
for rule in firewall:
if rule["name"] == repo:
for network in rule[service.service]:
if client in ipaddress.ip_network(network):
sys.exit(0)
print('stairway denied')
sys.exit(1)
'';
in
toString [
"--enable=upload-pack"
"--enable=receive-pack"
"--disable=upload-archive"
"--access-hook=${hook}"
"--informative-errors"
];
exportAll = true;
basePath = settings.directory;
};
systemd.services.git-daemon = {
requires = [ "git-init.service" ];
after = [ "git-init.service" ];
};
networking.firewall.allowedTCPPorts = [ 9418 ];
};
};
};
}

9
modules/clan/git-daemon/flake-module.nix
View File

@@ -1,9 +0,0 @@
{ lib, ... }:
let
module = lib.modules.importApply ./default.nix { };
in
{
clan.modules = {
git-daemon = module;
};
}

31
modules/clan/home-manager-users/emmie/default.nix
View File

@@ -1,31 +0,0 @@
{ ... }:
{
_class = "clan.service";
manifest.name = "emmie";
manifest.description = "Home manager for user Emmie";
manifest.categories = [ "System" ];
roles.default = {
perInstance.nixosModule =
{
config,
lib,
inputs,
...
}:
let
username = "emmie";
in
{
imports = [ inputs.home-manager.flakeModules.home-manager ];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.${username} = ./home.nix;
home-manager.extraSpecialArgs = {
inherit inputs;
};
};
};
}

21
modules/clan/home-manager-users/emmie/home.nix
View File

@@ -1,21 +0,0 @@
{ osConfig, pkgs, ... }:
let
username = "emmie";
in
{
home = {
inherit username;
homeDirectory = "/home/${username}";
stateVersion = osConfig.system.stateVersion;
packages = with pkgs; [
libreoffice
element-desktop
brave
firefox
keepassxc
drawio
vlc
];
};
programs.home-manager.enable = true;
}

10
modules/clan/home-manager-users/flake-module.nix
View File

@@ -1,10 +0,0 @@
{ lib, ... }:
let
emmie = lib.modules.importApply ./emmie/default.nix { };
in
{
clan.modules = {
emmie-home = emmie;
};
}

107
modules/clan/phonebox/default.nix
View File

@@ -1,7 +1,4 @@
{ { clanLib, ... }:
clanLib,
...
}:
{ {
_class = "clan.service"; _class = "clan.service";
manifest.name = "phonebox"; manifest.name = "phonebox";
@@ -17,10 +14,10 @@
description = "An Ethernet interface that connect to ATA box."; description = "An Ethernet interface that connect to ATA box.";
default = "enp2s0"; default = "enp2s0";
}; };
options.ownerName = lib.mkOption { options.extraClientNumbers = lib.mkOption {
type = lib.types.str; type = with lib.types; listOf str;
description = ""; description = "List of client suffix number.";
default = ""; default = [ ];
}; };
}; };
perInstance = perInstance =
@@ -30,7 +27,6 @@
... ...
}: }:
{ {
nixosModule = nixosModule =
{ {
lib, lib,
@@ -43,57 +39,12 @@
propagatedNativeBuildInputs = [ pkgs.spandsp3 ]; propagatedNativeBuildInputs = [ pkgs.spandsp3 ];
}); });
machines = lib.attrNames roles.default.machines;
user = "asterisk"; user = "asterisk";
faxDir = "/run/asterisk/fax"; faxDir = "/run/asterisk/fax";
rtpPortFrom = 10000; rtpPortFrom = 10000;
rtpPortTo = 20000; rtpPortTo = 20000;
ata-interface = settings.ata-ethernet-iface; ata-interface = settings.ata-ethernet-iface;
contactList = builtins.map (machineName: {
name = "${clanLib.getPublicValue {
flake = config.clan.core.settings.directory;
machine = machineName;
generator = "phonebox";
file = "owner-name";
default = null;
}}";
number = "${
clanLib.getPublicValue {
flake = config.clan.core.settings.directory;
machine = machineName;
generator = "phonebox";
file = "server-prefix-number";
default = null;
}
}${
clanLib.getPublicValue {
flake = config.clan.core.settings.directory;
machine = machineName;
generator = "phonebox";
file = "ata-local-number";
default = null;
}
}";
}) machines;
createContactListTiff =
let
contactTXT = lib.concatStringsSep "\n" (
builtins.map (contact: "${contact.number}\t\t: \t\t${contact.name}") contactList
);
in
pkgs.writeShellApplication {
name = "create-contact-tiff";
text = ''
magick -background white -fill black -pointsize 20 -font DejaVu-Sans label:"${contactTXT}" "$1"
magick "$1" -border 20x50 -bordercolor white "$1"
magick "$1" -resize 1728x -units PixelsPerInch -compress Group4 -density 204x196 -monochrome -depth 1 "$1"
'';
runtimeInputs = [ pkgs.imagemagick ];
};
genServerSIPEndpoint = genServerSIPEndpoint =
{ hostname, address }: { hostname, address }:
'' ''
@@ -123,6 +74,22 @@
max_contacts=1 max_contacts=1
''; '';
genLocalSIPEndpointV6 =
{ localNumber }:
''
[${localNumber}](internal_endpoint)
transport=transport-udp6
aors=${localNumber}
auth=${localNumber}
[${localNumber}](userpass_auth)
username=${localNumber}
password=${localNumber}
[${localNumber}](dynamiic_aor)
max_contacts=1
'';
genLocalExtenConf = genLocalExtenConf =
{ localNumber }: { localNumber }:
'' ''
@@ -156,35 +123,26 @@
throw "clanService/yggdrasil is required"; throw "clanService/yggdrasil is required";
in in
{ {
clan.core.vars.generators.phonebox = builtins.break { clan.core.vars.generators.phonebox = {
files = { files = {
server-prefix-number.secret = false; server-prefix-number.secret = false;
ata-local-number.secret = false; ata-local-number.secret = false;
owner-name.secret = false;
}; };
prompts = { prompts = {
server-prefix-number = { server-prefix-number = {
type = "line"; type = "line";
persist = true;
description = "Server prefix number: indicate server to connect to [10XX]"; description = "Server prefix number: indicate server to connect to [10XX]";
}; };
ata-local-number = { ata-local-number = {
persist = true;
type = "line"; type = "line";
description = "Local suffix number: indicate local number on the server [XX00]"; description = "Local suffix number: indicate local number on the server [XX00]";
}; };
owner-name = {
persist = true;
type = "line";
description = "The owner's name for this unit";
};
}; };
script = '' script = ''
cat $prompts/server-prefix-number > $out/server-prefix-number cat $prompts/server-prefix-number > $out/server-prefix-number
cat $prompts/ata-local-number > $out/ata-local-number cat $prompts/ata-local-number > $out/ata-local-number
cat $prompts/owner-name > $out/owner-name
''; '';
}; };
@@ -262,6 +220,7 @@
package = lib.mkDefault asterisk; package = lib.mkDefault asterisk;
confFiles = confFiles =
let let
machines = lib.attrNames roles.default.machines;
nodes = builtins.foldl' ( nodes = builtins.foldl' (
nodes: name: nodes: name:
nodes nodes
@@ -337,22 +296,18 @@
same => n,Set(FAXFILE=${faxDir}/echo-''${UNIQUEID}.tiff) same => n,Set(FAXFILE=${faxDir}/echo-''${UNIQUEID}.tiff)
same => n,Set(FAXECHO=true) same => n,Set(FAXECHO=true)
exten => 888,1,Answer()
same => n,Set(FAXFILE=${faxDir}/contact.tiff)
same => n,System(${lib.getExe createContactListTiff} ''${FAXFILE})
same => n,Set(FAXECHO=true)
same => n,Playback(vm-goodbye)
same => n,Wait(3)
exten => h,1,GotoIf($[''${FAXECHO}]?sendfax) exten => h,1,GotoIf($[''${FAXECHO}]?sendfax)
same => n,Hangup() same => n,Hangup()
same => n(sendfax),Originate(PJSIP/00,app,SendFAX,''${FAXFILE}) same => n(sendfax),Originate(PJSIP/00,app,SendFAX,${faxDir}/echo-''${UNIQUEID}.tiff)
same => n,Set(FAXECHO=false) same => n,Set(FAXECHO=false)
'' ''
+ (genLocalExtenConf { + (genLocalExtenConf {
localNumber = config.clan.core.vars.generators.phonebox.files.ata-local-number.value; localNumber = config.clan.core.vars.generators.phonebox.files.ata-local-number.value;
}) })
+ lib.concatStringsSep "\n" (
builtins.map (number: genLocalExtenConf { localNumber = number; }) settings.extraClientNumbers
)
+ serverConf; + serverConf;
"rtp.conf" = '' "rtp.conf" = ''
@@ -384,6 +339,7 @@
[base_endpoint](!) [base_endpoint](!)
type=endpoint type=endpoint
transport=transport-udp
disallow=all disallow=all
allow=ulaw,alaw,g722,gsm allow=ulaw,alaw,g722,gsm
direct_media=no direct_media=no
@@ -406,14 +362,13 @@
+ (genLocalSIPEndpoint { + (genLocalSIPEndpoint {
localNumber = config.clan.core.vars.generators.phonebox.files.ata-local-number.value; localNumber = config.clan.core.vars.generators.phonebox.files.ata-local-number.value;
}) })
+ lib.concatStringsSep "\n" (
builtins.map (number: genLocalSIPEndpointV6 { localNumber = number; }) settings.extraClientNumbers
)
+ serverConf; + serverConf;
}; };
}; };
environment.systemPackages = [
createContactListTiff
];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${faxDir} 0755 ${user} ${user} - -" "d ${faxDir} 0755 ${user} ${user} - -"
]; ];

1
modules/clan/phonebox/tests/vm/vars/per-machine/server/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
fake_line_value

45
modules/nixos/think-backend-gtcm.nix
View File

@@ -7,30 +7,6 @@
let let
cfg = config.services.think-backend-greaterchiangmai; cfg = config.services.think-backend-greaterchiangmai;
think-backend-gtcm = pkgs.think-backend-gtcm.override { dataDir = cfg.dataDir; }; think-backend-gtcm = pkgs.think-backend-gtcm.override { dataDir = cfg.dataDir; };
file-uploader = pkgs.gtcm-file-uploader.override { dataDir = cfg.dataDir; };
nginxNodeProxyConfig = ''
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host 127.0.0.1;
proxy_set_header x-webobjects-server-port $server_port;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_max_body_size 50m;
client_body_buffer_size 128k;
'';
defaultUser = "gtcm"; defaultUser = "gtcm";
defaultGroup = "gtcm"; defaultGroup = "gtcm";
@@ -166,19 +142,6 @@ in
''; '';
}; };
systemd.services.gtcm-file-uploader = {
description = "File upload service for think-backend.greaterchiangmai.com";
requiredBy = [ "phpfpm-think-backend-gtcm.service" ];
before = [ "phpfpm-think-backend-gtcm.service" ];
serviceConfig = {
User = cfg.user;
WorkingDirectory = "${file-uploader}";
ExecStart = "${lib.getExe pkgs.nodejs_20} ${file-uploader}/src/be/index.js";
Restart = "on-failure";
};
path = [ pkgs.nodejs_20 ];
};
environment.systemPackages = [ environment.systemPackages = [
artisan-be artisan-be
]; ];
@@ -281,8 +244,6 @@ in
"d ${cfg.dataDir}/storage/framework/views 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/storage/framework/views 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/logs 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/storage/logs 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/storage/uploads 0700 ${cfg.user} ${cfg.group} - -" "d ${cfg.dataDir}/storage/uploads 0700 ${cfg.user} ${cfg.group} - -"
"d ${cfg.dataDir}/gtcm-file-uploader/uploads 0700 ${cfg.user} ${cfg.group} - -"
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
@@ -310,12 +271,6 @@ in
"~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = { "~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
extraConfig = "expires 365d;"; extraConfig = "expires 365d;";
}; };
"^~ /initiate-multipart-upload".extraConfig = nginxNodeProxyConfig;
"^~ /get-presigned-url".extraConfig = nginxNodeProxyConfig;
"^~ /complete-multipart-upload".extraConfig = nginxNodeProxyConfig;
"^~ /generate-presigned-url".extraConfig = nginxNodeProxyConfig;
"^~ /enable-bucket-cors".extraConfig = nginxNodeProxyConfig;
"^~ /upload".extraConfig = nginxNodeProxyConfig;
}; };
}; };
}; };

40
pkgs/gtcm-file-uploader.nix
View File

@@ -1,40 +0,0 @@
{
fetchgit,
buildNpmPackage,
pkgs,
dataDir ? "/var/lib/gtcm-file-uploader",
}:
let
repoSrc = fetchgit {
url = "https://git.b4l.co.th/newedge/think-greaterchiangmai";
rev = "6f8c8d7dfaf5a0c1eb2077de1d6fb35ceaf3d4ec";
hash = "sha256-2mCdn8xGjWZrANclctGTmxQhkNc43VzlzMTVwVIFJcM=";
};
src = "${repoSrc}/upload-large-file";
in
buildNpmPackage {
pname = "gtcm-file-uploader";
version = "1.0.0";
nativeBuildInputs = with pkgs; [
nodejs_20
breakpointHook
];
inherit src;
npmDepsHash = "sha256-JEp2F1CQfuV9fSYZRdRO+BiOE9dy1ReK6doJcqCuxu4=";
buildPhase = ''
npm install
'';
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r * $out
ln -s ${dataDir}/.env $out/.env
ln -s ${dataDir}/gtcm-file-uploader/uploads $out/src/be/uploads
runHook postInstall
'';
}

1
pkgs/overlay.nix
View File

@@ -1,5 +1,4 @@
final: prev: { final: prev: {
think-gtcm = final.callPackage ./think-gtcm.nix { }; think-gtcm = final.callPackage ./think-gtcm.nix { };
think-backend-gtcm = final.callPackage ./think-backend-gtcm.nix { php = final.php83; }; think-backend-gtcm = final.callPackage ./think-backend-gtcm.nix { php = final.php83; };
gtcm-file-uploader = final.callPackage ./gtcm-file-uploader.nix { };
} }

1
vars/per-machine/adhil/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
w-office

1
vars/per-machine/almach/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
usa-1

1
vars/per-machine/alpheratz/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
usa-2

1
vars/per-machine/buna/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
whitehouse

1
vars/per-machine/mirach/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
usa-3

1
vars/per-machine/neptune/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
vi

2
vars/per-machine/ramus/greaterchiangmai-s3/endpoint/value
View File

@@ -1 +1 @@
https://fsn1.your-objectstorage.com fsn1.your-objectstorage.com

1
vars/per-machine/rigel/phonebox/owner-name/value
View File

@@ -1 +0,0 @@
b4l