Compare commits
3 Commits
32b01c84db
...
mob/phoneb
| Author | SHA1 | Date | |
|---|---|---|---|
| f54cf1c60a | |||
| 1fa7da00c2 | |||
| 34e9774aa7 |
61
flake.lock
generated
61
flake.lock
generated
@@ -20,11 +20,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766984802,
|
||||
"narHash": "sha256-SYZ/MXVtJEb3sRWxvPL/2HtpSL1CzQgu1o8ASXqCO98=",
|
||||
"lastModified": 1764799743,
|
||||
"narHash": "sha256-MbbiNG/bhqe+4z7ml8TefIs4swSonmiV0CimCntXuCg=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "052b66d8dc724c3e519b9003281c2f9a210fc380",
|
||||
"revCount": 11770,
|
||||
"rev": "ddc0f9fabf33ad000676a33e97be6b5df12a4560",
|
||||
"revCount": 11417,
|
||||
"type": "git",
|
||||
"url": "https://git.clan.lol/clan/clan-core"
|
||||
},
|
||||
@@ -49,11 +49,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766977667,
|
||||
"narHash": "sha256-LUALgG4ZpsA0k7pGYzMDto/r6T8aIPlYTok3lGlojjA=",
|
||||
"rev": "3f852546b5d8bd2e9659a81c6b2cc14922e63a94",
|
||||
"lastModified": 1762942435,
|
||||
"narHash": "sha256-zIWGs5FIytTtJN+dhDb8Yx+q4TQI/yczuL539yVcyPE=",
|
||||
"rev": "0ee328404b12c65e8106bde9e9fab8abf4ecada4",
|
||||
"type": "tarball",
|
||||
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/3f852546b5d8bd2e9659a81c6b2cc14922e63a94.tar.gz"
|
||||
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/0ee328404b12c65e8106bde9e9fab8abf4ecada4.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
@@ -88,11 +88,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766150702,
|
||||
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",
|
||||
"lastModified": 1764627417,
|
||||
"narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",
|
||||
"rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -121,26 +121,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1768068402,
|
||||
"narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"import-tree": {
|
||||
"locked": {
|
||||
"lastModified": 1752730890,
|
||||
@@ -182,11 +162,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766784396,
|
||||
"narHash": "sha256-rIlgatT0JtwxsEpzq+UrrIJCRfVAXgbYPzose1DmAcM=",
|
||||
"lastModified": 1764161084,
|
||||
"narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=",
|
||||
"owner": "nix-darwin",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "f0c8e1f6feb562b5db09cee9fb566a2f989e6b55",
|
||||
"rev": "e95de00a471d07435e0527ff4db092c84998698e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -210,11 +190,11 @@
|
||||
},
|
||||
"nixos-facter-modules": {
|
||||
"locked": {
|
||||
"lastModified": 1766558141,
|
||||
"narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=",
|
||||
"lastModified": 1764252389,
|
||||
"narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-facter-modules",
|
||||
"rev": "e796d536e3d83de74267069e179dc620a608ed7d",
|
||||
"rev": "5ea68886d95218646d11d3551a476d458df00778",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -244,7 +224,6 @@
|
||||
"clan-core": "clan-core",
|
||||
"devshell": "devshell",
|
||||
"flake-parts": "flake-parts",
|
||||
"home-manager": "home-manager",
|
||||
"import-tree": "import-tree",
|
||||
"liminix": "liminix",
|
||||
"nixpkgs": "nixpkgs",
|
||||
@@ -259,11 +238,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1766894905,
|
||||
"narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=",
|
||||
"lastModified": 1764483358,
|
||||
"narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7",
|
||||
"rev": "5aca6ff67264321d47856a2ed183729271107c9c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -15,10 +15,6 @@
|
||||
inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||
url = "github:hercules-ci/flake-parts";
|
||||
};
|
||||
home-manager = {
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
url = "github:nix-community/home-manager";
|
||||
};
|
||||
import-tree.url = "github:vic/import-tree";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
|
||||
treefmt-nix = {
|
||||
@@ -65,7 +61,6 @@
|
||||
};
|
||||
packages.think = pkgs.think-gtcm;
|
||||
packages.think-be = pkgs.think-backend-gtcm;
|
||||
packages.file-uploader = pkgs.gtcm-file-uploader;
|
||||
};
|
||||
}
|
||||
);
|
||||
|
||||
@@ -46,14 +46,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
user-emmie = {
|
||||
module = {
|
||||
name = "emmie";
|
||||
input = "self";
|
||||
};
|
||||
roles.default.machines."rana" = { };
|
||||
};
|
||||
|
||||
tor = {
|
||||
module = {
|
||||
name = "tor";
|
||||
@@ -117,6 +109,12 @@
|
||||
roles.default.machines."adhil".settings = {
|
||||
ata-ethernet-iface = "end0";
|
||||
};
|
||||
roles.default.machines."rigel".settings = {
|
||||
extraClientNumbers = [
|
||||
"01"
|
||||
"02"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
pocket-id = {
|
||||
@@ -208,54 +206,6 @@
|
||||
};
|
||||
};
|
||||
};
|
||||
git-daemon = {
|
||||
module = {
|
||||
name = "git-daemon";
|
||||
input = "self";
|
||||
};
|
||||
roles.default.machines.neptune = {
|
||||
settings.repositories =
|
||||
let
|
||||
defaults = rec {
|
||||
write-access = [
|
||||
"10.0.0.0/24"
|
||||
"200:d7b1:c5d5:ea7:27ad:6837:40f6:404d/128"
|
||||
];
|
||||
read-access = write-access;
|
||||
};
|
||||
PUBLIC = {
|
||||
read-access = [
|
||||
"10.0.0.0/24"
|
||||
"0200::/7"
|
||||
];
|
||||
};
|
||||
in
|
||||
builtins.mapAttrs (_: override: defaults // override) {
|
||||
"9e" = PUBLIC;
|
||||
archive-dl = { };
|
||||
barrytown = { };
|
||||
cleanroom = PUBLIC;
|
||||
community-memory = { };
|
||||
eris = { };
|
||||
ftdi-sd-spi = { };
|
||||
go-go-gadget = { };
|
||||
hacking-the-kindle = { };
|
||||
islands = { };
|
||||
kt = { };
|
||||
legba = { };
|
||||
llb = PUBLIC;
|
||||
llc = PUBLIC;
|
||||
lora = { };
|
||||
mute = { };
|
||||
navi = { };
|
||||
notmuch-memoryhole = PUBLIC;
|
||||
pms5003 = { };
|
||||
thinc = { };
|
||||
toad = { };
|
||||
yggdrasil-erlang = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
# clan.core.networking.targetHost = "root@";
|
||||
|
||||
clan.core.settings.name = "adhil";
|
||||
# clan.meta.description = "Raspberry Pi 4 SBC board for one of w phone network. (With w office)";
|
||||
clan.meta.name = "adhil";
|
||||
clan.meta.description = "Raspberry Pi 4 SBC board for one of w phone network. (With w office)";
|
||||
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
# clan.core.networking.targetHost = "root@";
|
||||
|
||||
clan.core.settings.name = "almach";
|
||||
# clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
|
||||
clan.meta.name = "almach";
|
||||
clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
|
||||
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
# clan.core.networking.targetHost = "root@";
|
||||
|
||||
clan.core.settings.name = "alpheratz";
|
||||
# clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
|
||||
clan.meta.name = "alpheratz";
|
||||
clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
|
||||
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
# clan.core.networking.targetHost = "root@";
|
||||
|
||||
clan.core.settings.name = "buna";
|
||||
# clan.meta.description = "Radxa X4 SBC board for one of w phone network. (With w whitehouse)";
|
||||
clan.meta.name = "buna";
|
||||
clan.meta.description = "Radxa X4 SBC board for one of w phone network. (With w whitehouse)";
|
||||
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
# clan.core.networking.targetHost = "root@";
|
||||
|
||||
clan.core.settings.name = "mirach";
|
||||
# clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
|
||||
clan.meta.name = "mirach";
|
||||
clan.meta.description = "Radxa X4 SBC board for one of w phone network.";
|
||||
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@
|
||||
"tls://astrra.space:55535"
|
||||
];
|
||||
|
||||
clan.core.settings.name = "neptune";
|
||||
# clan.meta.description = "Radxa SBC board for testing. (With vi)";
|
||||
clan.meta.name = "neptune";
|
||||
clan.meta.description = "Radxa SBC board for testing. (With vi)";
|
||||
|
||||
}
|
||||
|
||||
@@ -5,10 +5,10 @@
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
clan.core.settings.name = "ramus";
|
||||
# clan.meta.description = ''
|
||||
# A Hetzner VPS machine own by Alex.
|
||||
# '';
|
||||
clan.meta.name = "ramus";
|
||||
clan.meta.description = ''
|
||||
A Hetzner VPS machine own by Alex.
|
||||
'';
|
||||
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{ self, config, ... }:
|
||||
let
|
||||
commonSettings = rec {
|
||||
commonSettings = {
|
||||
APP_NAME = "Laravel";
|
||||
APP_ENV = "local";
|
||||
APP_KEY._secret = config.clan.core.vars.generators.greaterchiangmai.files.app_key.path;
|
||||
@@ -13,7 +13,6 @@ let
|
||||
DB_DATABASE = "thinkgtcm";
|
||||
DB_USERNAME = "gtcm";
|
||||
|
||||
R2_SCHEMA_URL = "https://${R2_BUCKET}.${R2_REGION}.your-objectstorage.com/test-large-files/";
|
||||
R2_ACCESS_KEY_ID = config.clan.core.vars.generators.greaterchiangmai-s3.files.access_key_id.value;
|
||||
R2_SECRET_ACCESS_KEY._secret =
|
||||
config.clan.core.vars.generators.greaterchiangmai-s3.files.secret_access_key.path;
|
||||
@@ -21,8 +20,6 @@ let
|
||||
R2_BUCKET = config.clan.core.vars.generators.greaterchiangmai-s3.files.bucket.value;
|
||||
R2_ENDPOINT = config.clan.core.vars.generators.greaterchiangmai-s3.files.endpoint.value;
|
||||
|
||||
R2_BUCKET_NAME = R2_BUCKET;
|
||||
|
||||
LOG_CHANNEL = "stack";
|
||||
LOG_LEVEL = "debug";
|
||||
|
||||
|
||||
@@ -1,8 +0,0 @@
|
||||
{ ... }:
|
||||
{
|
||||
nixpkgs.hostPlatform = {
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
system.stateVersion = "25.11";
|
||||
clan.core.sops.defaultGroups = [ "admins" ];
|
||||
}
|
||||
@@ -1,90 +0,0 @@
|
||||
{ ... }:
|
||||
let
|
||||
hashDisk = disk: "os-${builtins.substring 0 5 (builtins.hashString "sha256" disk)}";
|
||||
os = "/dev/disk/by-id/FIXME";
|
||||
in
|
||||
{
|
||||
|
||||
boot.loader = {
|
||||
systemd-boot = {
|
||||
enable = true;
|
||||
};
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
|
||||
disko.devices = {
|
||||
disk = {
|
||||
"os-${hashDisk os}" = {
|
||||
type = "disk";
|
||||
device = os;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
size = "1G";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "nofail" ];
|
||||
};
|
||||
};
|
||||
system = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
};
|
||||
};
|
||||
swap = {
|
||||
size = "16G";
|
||||
content = {
|
||||
type = "swap";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
zpool = {
|
||||
zroot = {
|
||||
type = "zpool";
|
||||
rootFsOptions = {
|
||||
mountpoint = "none";
|
||||
compression = "lz4";
|
||||
acltype = "posixacl";
|
||||
xattr = "sa";
|
||||
"com.sun:auto-snapshot" = "true";
|
||||
};
|
||||
options.ashift = "12";
|
||||
datasets = {
|
||||
"root" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "none";
|
||||
};
|
||||
"root/nixos" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "/";
|
||||
mountpoint = "/";
|
||||
};
|
||||
"root/home" = {
|
||||
type = "zfs_fs";
|
||||
options.mountpoint = "/home";
|
||||
mountpoint = "/home";
|
||||
};
|
||||
"root/tmp" = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/tmp";
|
||||
options = {
|
||||
mountpoint = "/tmp";
|
||||
sync = "disabled";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -19,6 +19,7 @@
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
networking.fqdn = config.clan.core.vars.generators.vega-internal-domain.files.name.value;
|
||||
system.stateVersion = "25.11";
|
||||
|
||||
}
|
||||
|
||||
@@ -1,172 +0,0 @@
|
||||
{ ... }:
|
||||
{
|
||||
_class = "clan.service";
|
||||
manifest.name = "git-daemon";
|
||||
manifest.description = "a really simple server for git repositories";
|
||||
manifest.categories = [ "System" ];
|
||||
|
||||
roles.default = {
|
||||
interface =
|
||||
{ lib, ... }:
|
||||
{
|
||||
options = with lib; {
|
||||
directory = lib.mkOption {
|
||||
type = types.str;
|
||||
default = "/var/git";
|
||||
};
|
||||
repositories = lib.mkOption {
|
||||
type =
|
||||
with lib.types;
|
||||
attrsOf (
|
||||
submodule (
|
||||
{ name, ... }:
|
||||
{
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = str;
|
||||
default = name;
|
||||
};
|
||||
read-access = lib.mkOption {
|
||||
type = listOf str;
|
||||
default = [ ];
|
||||
};
|
||||
write-access = lib.mkOption {
|
||||
type = listOf str;
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
);
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
perInstance =
|
||||
{
|
||||
settings,
|
||||
...
|
||||
}:
|
||||
{
|
||||
nixosModule =
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
systemd.services.git-init = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = config.services.gitDaemon.user;
|
||||
Group = config.services.gitDaemon.group;
|
||||
ExecStartPre = toString [
|
||||
"+${pkgs.coreutils}/bin/install"
|
||||
"--directory"
|
||||
"--owner=${config.services.gitDaemon.user}"
|
||||
"--group=${config.services.gitDaemon.group}"
|
||||
"--mode=0750"
|
||||
settings.directory
|
||||
];
|
||||
ExecStart =
|
||||
let
|
||||
git-template = pkgs.stdenv.mkDerivation {
|
||||
name = "git-template";
|
||||
buildCommand = ''
|
||||
cp --no-preserve=mode,ownership --recursive \
|
||||
${pkgs.git}/share/git-core/templates $out
|
||||
install -m550 $out/hooks/post-update{.sample,}
|
||||
'';
|
||||
};
|
||||
init-script =
|
||||
{ name, ... }:
|
||||
pkgs.writeShellScript "git-init-${name}" ''
|
||||
${pkgs.git}/bin/git init \
|
||||
--bare --template=${git-template} --shared=0660 \
|
||||
${settings.directory}/${name}.git
|
||||
${pkgs.git}/bin/git \
|
||||
-C ${settings.directory}/${name}.git \
|
||||
config set receive.denyNonFastforwards false
|
||||
'';
|
||||
in
|
||||
map init-script (lib.attrValues settings.repositories);
|
||||
};
|
||||
};
|
||||
|
||||
services.gitDaemon = {
|
||||
enable = true;
|
||||
user = "git";
|
||||
group = "git";
|
||||
options =
|
||||
let
|
||||
firewall = pkgs.writeText "git-daemon-firewall.json" (
|
||||
builtins.toJSON (builtins.attrValues settings.repositories)
|
||||
);
|
||||
hook = pkgs.writers.writePython3 "hook.py" { flakeIgnore = [ "E" ]; } ''
|
||||
import os, sys, enum, pathlib, ipaddress, json
|
||||
|
||||
class Service(enum.Enum):
|
||||
UploadPack = enum.auto()
|
||||
ReceivePack = enum.auto()
|
||||
UploadArchive = enum.auto()
|
||||
|
||||
@classmethod
|
||||
def parse(cls, string):
|
||||
return {
|
||||
'upload-pack': cls.UploadPack,
|
||||
'receive-pack': cls.ReceivePack,
|
||||
'upload-archive': cls.UploadArchive
|
||||
}[string]
|
||||
|
||||
@property
|
||||
def service(self):
|
||||
return {
|
||||
UploadPack: 'read-access',
|
||||
ReceivePack: 'write-access'
|
||||
}[self]
|
||||
UploadPack = Service.UploadPack
|
||||
ReceivePack = Service.ReceivePack
|
||||
|
||||
def parse_remote_addr(remote_addr):
|
||||
if remote_addr.startswith('[') and remote_addr.endswith(']'):
|
||||
return ipaddress.ip_address(remote_addr[1:-1])
|
||||
return ipaddress.ip_address(remote_addr)
|
||||
|
||||
service = Service.parse(sys.argv[1])
|
||||
repo = pathlib.Path(sys.argv[2]).stem
|
||||
client = parse_remote_addr(os.environ['REMOTE_ADDR'])
|
||||
|
||||
with open("${firewall}", 'r') as f:
|
||||
firewall = json.load(f)
|
||||
|
||||
for rule in firewall:
|
||||
if rule["name"] == repo:
|
||||
for network in rule[service.service]:
|
||||
if client in ipaddress.ip_network(network):
|
||||
sys.exit(0)
|
||||
print('stairway denied')
|
||||
sys.exit(1)
|
||||
'';
|
||||
in
|
||||
toString [
|
||||
"--enable=upload-pack"
|
||||
"--enable=receive-pack"
|
||||
"--disable=upload-archive"
|
||||
"--access-hook=${hook}"
|
||||
"--informative-errors"
|
||||
];
|
||||
exportAll = true;
|
||||
basePath = settings.directory;
|
||||
};
|
||||
|
||||
systemd.services.git-daemon = {
|
||||
requires = [ "git-init.service" ];
|
||||
after = [ "git-init.service" ];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 9418 ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
module = lib.modules.importApply ./default.nix { };
|
||||
in
|
||||
{
|
||||
clan.modules = {
|
||||
git-daemon = module;
|
||||
};
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
{ ... }:
|
||||
{
|
||||
_class = "clan.service";
|
||||
manifest.name = "emmie";
|
||||
manifest.description = "Home manager for user Emmie";
|
||||
manifest.categories = [ "System" ];
|
||||
|
||||
roles.default = {
|
||||
|
||||
perInstance.nixosModule =
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
username = "emmie";
|
||||
in
|
||||
{
|
||||
imports = [ inputs.home-manager.flakeModules.home-manager ];
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.${username} = ./home.nix;
|
||||
home-manager.extraSpecialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,21 +0,0 @@
|
||||
{ osConfig, pkgs, ... }:
|
||||
let
|
||||
username = "emmie";
|
||||
in
|
||||
{
|
||||
home = {
|
||||
inherit username;
|
||||
homeDirectory = "/home/${username}";
|
||||
stateVersion = osConfig.system.stateVersion;
|
||||
packages = with pkgs; [
|
||||
libreoffice
|
||||
element-desktop
|
||||
brave
|
||||
firefox
|
||||
keepassxc
|
||||
drawio
|
||||
vlc
|
||||
];
|
||||
};
|
||||
programs.home-manager.enable = true;
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
{ lib, ... }:
|
||||
let
|
||||
emmie = lib.modules.importApply ./emmie/default.nix { };
|
||||
in
|
||||
{
|
||||
clan.modules = {
|
||||
emmie-home = emmie;
|
||||
};
|
||||
|
||||
}
|
||||
@@ -1,7 +1,4 @@
|
||||
{
|
||||
clanLib,
|
||||
...
|
||||
}:
|
||||
{ clanLib, ... }:
|
||||
{
|
||||
_class = "clan.service";
|
||||
manifest.name = "phonebox";
|
||||
@@ -17,10 +14,10 @@
|
||||
description = "An Ethernet interface that connect to ATA box.";
|
||||
default = "enp2s0";
|
||||
};
|
||||
options.ownerName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "";
|
||||
default = "";
|
||||
options.extraClientNumbers = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
description = "List of client suffix number.";
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
perInstance =
|
||||
@@ -30,7 +27,6 @@
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
nixosModule =
|
||||
{
|
||||
lib,
|
||||
@@ -43,57 +39,12 @@
|
||||
propagatedNativeBuildInputs = [ pkgs.spandsp3 ];
|
||||
});
|
||||
|
||||
machines = lib.attrNames roles.default.machines;
|
||||
|
||||
user = "asterisk";
|
||||
faxDir = "/run/asterisk/fax";
|
||||
rtpPortFrom = 10000;
|
||||
rtpPortTo = 20000;
|
||||
ata-interface = settings.ata-ethernet-iface;
|
||||
|
||||
contactList = builtins.map (machineName: {
|
||||
name = "${clanLib.getPublicValue {
|
||||
flake = config.clan.core.settings.directory;
|
||||
machine = machineName;
|
||||
generator = "phonebox";
|
||||
file = "owner-name";
|
||||
default = null;
|
||||
}}";
|
||||
number = "${
|
||||
clanLib.getPublicValue {
|
||||
flake = config.clan.core.settings.directory;
|
||||
machine = machineName;
|
||||
generator = "phonebox";
|
||||
file = "server-prefix-number";
|
||||
default = null;
|
||||
}
|
||||
}${
|
||||
clanLib.getPublicValue {
|
||||
flake = config.clan.core.settings.directory;
|
||||
machine = machineName;
|
||||
generator = "phonebox";
|
||||
file = "ata-local-number";
|
||||
default = null;
|
||||
}
|
||||
}";
|
||||
}) machines;
|
||||
|
||||
createContactListTiff =
|
||||
let
|
||||
contactTXT = lib.concatStringsSep "\n" (
|
||||
builtins.map (contact: "${contact.number}\t\t: \t\t${contact.name}") contactList
|
||||
);
|
||||
in
|
||||
pkgs.writeShellApplication {
|
||||
name = "create-contact-tiff";
|
||||
text = ''
|
||||
magick -background white -fill black -pointsize 20 -font DejaVu-Sans label:"${contactTXT}" "$1"
|
||||
magick "$1" -border 20x50 -bordercolor white "$1"
|
||||
magick "$1" -resize 1728x -units PixelsPerInch -compress Group4 -density 204x196 -monochrome -depth 1 "$1"
|
||||
'';
|
||||
runtimeInputs = [ pkgs.imagemagick ];
|
||||
};
|
||||
|
||||
genServerSIPEndpoint =
|
||||
{ hostname, address }:
|
||||
''
|
||||
@@ -123,6 +74,22 @@
|
||||
max_contacts=1
|
||||
'';
|
||||
|
||||
genLocalSIPEndpointV6 =
|
||||
{ localNumber }:
|
||||
''
|
||||
[${localNumber}](internal_endpoint)
|
||||
transport=transport-udp6
|
||||
aors=${localNumber}
|
||||
auth=${localNumber}
|
||||
|
||||
[${localNumber}](userpass_auth)
|
||||
username=${localNumber}
|
||||
password=${localNumber}
|
||||
|
||||
[${localNumber}](dynamiic_aor)
|
||||
max_contacts=1
|
||||
'';
|
||||
|
||||
genLocalExtenConf =
|
||||
{ localNumber }:
|
||||
''
|
||||
@@ -156,35 +123,26 @@
|
||||
throw "clanService/yggdrasil is required";
|
||||
in
|
||||
{
|
||||
clan.core.vars.generators.phonebox = builtins.break {
|
||||
clan.core.vars.generators.phonebox = {
|
||||
files = {
|
||||
server-prefix-number.secret = false;
|
||||
ata-local-number.secret = false;
|
||||
owner-name.secret = false;
|
||||
};
|
||||
|
||||
prompts = {
|
||||
server-prefix-number = {
|
||||
type = "line";
|
||||
persist = true;
|
||||
description = "Server prefix number: indicate server to connect to [10XX]";
|
||||
};
|
||||
ata-local-number = {
|
||||
persist = true;
|
||||
type = "line";
|
||||
description = "Local suffix number: indicate local number on the server [XX00]";
|
||||
};
|
||||
owner-name = {
|
||||
persist = true;
|
||||
type = "line";
|
||||
description = "The owner's name for this unit";
|
||||
};
|
||||
};
|
||||
|
||||
script = ''
|
||||
cat $prompts/server-prefix-number > $out/server-prefix-number
|
||||
cat $prompts/ata-local-number > $out/ata-local-number
|
||||
cat $prompts/owner-name > $out/owner-name
|
||||
'';
|
||||
};
|
||||
|
||||
@@ -262,6 +220,7 @@
|
||||
package = lib.mkDefault asterisk;
|
||||
confFiles =
|
||||
let
|
||||
machines = lib.attrNames roles.default.machines;
|
||||
nodes = builtins.foldl' (
|
||||
nodes: name:
|
||||
nodes
|
||||
@@ -337,22 +296,18 @@
|
||||
same => n,Set(FAXFILE=${faxDir}/echo-''${UNIQUEID}.tiff)
|
||||
same => n,Set(FAXECHO=true)
|
||||
|
||||
exten => 888,1,Answer()
|
||||
same => n,Set(FAXFILE=${faxDir}/contact.tiff)
|
||||
same => n,System(${lib.getExe createContactListTiff} ''${FAXFILE})
|
||||
same => n,Set(FAXECHO=true)
|
||||
same => n,Playback(vm-goodbye)
|
||||
same => n,Wait(3)
|
||||
|
||||
exten => h,1,GotoIf($[''${FAXECHO}]?sendfax)
|
||||
same => n,Hangup()
|
||||
same => n(sendfax),Originate(PJSIP/00,app,SendFAX,''${FAXFILE})
|
||||
same => n(sendfax),Originate(PJSIP/00,app,SendFAX,${faxDir}/echo-''${UNIQUEID}.tiff)
|
||||
same => n,Set(FAXECHO=false)
|
||||
|
||||
''
|
||||
+ (genLocalExtenConf {
|
||||
localNumber = config.clan.core.vars.generators.phonebox.files.ata-local-number.value;
|
||||
})
|
||||
+ lib.concatStringsSep "\n" (
|
||||
builtins.map (number: genLocalExtenConf { localNumber = number; }) settings.extraClientNumbers
|
||||
)
|
||||
+ serverConf;
|
||||
|
||||
"rtp.conf" = ''
|
||||
@@ -384,6 +339,7 @@
|
||||
|
||||
[base_endpoint](!)
|
||||
type=endpoint
|
||||
transport=transport-udp
|
||||
disallow=all
|
||||
allow=ulaw,alaw,g722,gsm
|
||||
direct_media=no
|
||||
@@ -406,14 +362,13 @@
|
||||
+ (genLocalSIPEndpoint {
|
||||
localNumber = config.clan.core.vars.generators.phonebox.files.ata-local-number.value;
|
||||
})
|
||||
+ lib.concatStringsSep "\n" (
|
||||
builtins.map (number: genLocalSIPEndpointV6 { localNumber = number; }) settings.extraClientNumbers
|
||||
)
|
||||
+ serverConf;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
createContactListTiff
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${faxDir} 0755 ${user} ${user} - -"
|
||||
];
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
fake_line_value
|
||||
@@ -7,30 +7,6 @@
|
||||
let
|
||||
cfg = config.services.think-backend-greaterchiangmai;
|
||||
think-backend-gtcm = pkgs.think-backend-gtcm.override { dataDir = cfg.dataDir; };
|
||||
file-uploader = pkgs.gtcm-file-uploader.override { dataDir = cfg.dataDir; };
|
||||
|
||||
nginxNodeProxyConfig = ''
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
||||
proxy_set_header x-webobjects-remote-host 127.0.0.1;
|
||||
proxy_set_header x-webobjects-server-port $server_port;
|
||||
proxy_set_header x-webobjects-server-name $server_name;
|
||||
proxy_set_header x-webobjects-server-url $scheme://$host;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_send_timeout 90;
|
||||
proxy_read_timeout 90;
|
||||
proxy_buffer_size 64k;
|
||||
proxy_buffers 8 64k;
|
||||
proxy_busy_buffers_size 64k;
|
||||
proxy_temp_file_write_size 64k;
|
||||
client_max_body_size 50m;
|
||||
client_body_buffer_size 128k;
|
||||
'';
|
||||
|
||||
defaultUser = "gtcm";
|
||||
defaultGroup = "gtcm";
|
||||
|
||||
@@ -166,19 +142,6 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.gtcm-file-uploader = {
|
||||
description = "File upload service for think-backend.greaterchiangmai.com";
|
||||
requiredBy = [ "phpfpm-think-backend-gtcm.service" ];
|
||||
before = [ "phpfpm-think-backend-gtcm.service" ];
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
WorkingDirectory = "${file-uploader}";
|
||||
ExecStart = "${lib.getExe pkgs.nodejs_20} ${file-uploader}/src/be/index.js";
|
||||
Restart = "on-failure";
|
||||
};
|
||||
path = [ pkgs.nodejs_20 ];
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
artisan-be
|
||||
];
|
||||
@@ -281,8 +244,6 @@ in
|
||||
"d ${cfg.dataDir}/storage/framework/views 0700 ${cfg.user} ${cfg.group} - -"
|
||||
"d ${cfg.dataDir}/storage/logs 0700 ${cfg.user} ${cfg.group} - -"
|
||||
"d ${cfg.dataDir}/storage/uploads 0700 ${cfg.user} ${cfg.group} - -"
|
||||
|
||||
"d ${cfg.dataDir}/gtcm-file-uploader/uploads 0700 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
@@ -310,12 +271,6 @@ in
|
||||
"~ \\.(js|css|gif|png|ico|jpg|jpeg)$" = {
|
||||
extraConfig = "expires 365d;";
|
||||
};
|
||||
"^~ /initiate-multipart-upload".extraConfig = nginxNodeProxyConfig;
|
||||
"^~ /get-presigned-url".extraConfig = nginxNodeProxyConfig;
|
||||
"^~ /complete-multipart-upload".extraConfig = nginxNodeProxyConfig;
|
||||
"^~ /generate-presigned-url".extraConfig = nginxNodeProxyConfig;
|
||||
"^~ /enable-bucket-cors".extraConfig = nginxNodeProxyConfig;
|
||||
"^~ /upload".extraConfig = nginxNodeProxyConfig;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -1,40 +0,0 @@
|
||||
{
|
||||
fetchgit,
|
||||
buildNpmPackage,
|
||||
pkgs,
|
||||
dataDir ? "/var/lib/gtcm-file-uploader",
|
||||
}:
|
||||
let
|
||||
repoSrc = fetchgit {
|
||||
url = "https://git.b4l.co.th/newedge/think-greaterchiangmai";
|
||||
rev = "6f8c8d7dfaf5a0c1eb2077de1d6fb35ceaf3d4ec";
|
||||
hash = "sha256-2mCdn8xGjWZrANclctGTmxQhkNc43VzlzMTVwVIFJcM=";
|
||||
};
|
||||
src = "${repoSrc}/upload-large-file";
|
||||
in
|
||||
buildNpmPackage {
|
||||
pname = "gtcm-file-uploader";
|
||||
version = "1.0.0";
|
||||
|
||||
nativeBuildInputs = with pkgs; [
|
||||
nodejs_20
|
||||
breakpointHook
|
||||
];
|
||||
|
||||
inherit src;
|
||||
|
||||
npmDepsHash = "sha256-JEp2F1CQfuV9fSYZRdRO+BiOE9dy1ReK6doJcqCuxu4=";
|
||||
|
||||
buildPhase = ''
|
||||
npm install
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p $out
|
||||
cp -r * $out
|
||||
ln -s ${dataDir}/.env $out/.env
|
||||
ln -s ${dataDir}/gtcm-file-uploader/uploads $out/src/be/uploads
|
||||
runHook postInstall
|
||||
'';
|
||||
}
|
||||
@@ -1,5 +1,4 @@
|
||||
final: prev: {
|
||||
think-gtcm = final.callPackage ./think-gtcm.nix { };
|
||||
think-backend-gtcm = final.callPackage ./think-backend-gtcm.nix { php = final.php83; };
|
||||
gtcm-file-uploader = final.callPackage ./gtcm-file-uploader.nix { };
|
||||
}
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
w-office
|
||||
@@ -1 +0,0 @@
|
||||
usa-1
|
||||
@@ -1 +0,0 @@
|
||||
usa-2
|
||||
@@ -1 +0,0 @@
|
||||
whitehouse
|
||||
@@ -1 +0,0 @@
|
||||
usa-3
|
||||
@@ -1 +0,0 @@
|
||||
vi
|
||||
@@ -1 +1 @@
|
||||
https://fsn1.your-objectstorage.com
|
||||
fsn1.your-objectstorage.com
|
||||
@@ -1 +0,0 @@
|
||||
b4l
|
||||
Reference in New Issue
Block a user