georg: enable spotifyd

2024-08-11 03:13:17 +02:00
42 changed files with 209 additions and 318 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,10 +0,0 @@
 root = true
 [*]
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
 [*.nix]
 indent_style = space
 indent_size = 2
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -1 +0,0 @@
 e00008da1afe0d760badd34bbeddff36bb08c475
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
 result*
 /configuration.nix
 /.direnv/
 *.qcow2
--- a/base.nix
+++ b/base.nix
@@ -76,19 +76,10 @@
  # Trusted users on the nix builder machines
  users.groups."nix-builder-users".name = "nix-builder-users";
  # Let's not thermal throttle
  services.thermald.enable = lib.mkIf (lib.all (x: x) [
      (config.nixpkgs.system == "x86_64-linux")
      (!config.boot.isContainer or false)
    ]) true;
  services.openssh = {
    enable = true;
    extraConfig = ''
      PubkeyAcceptedAlgorithms=+ssh-rsa
      Match Group wheel
        PasswordAuthentication no
      Match All
    '';
    settings.PermitRootLogin = "yes";
  };
@@ -139,12 +130,4 @@
    acceptTerms = true;
    defaults.email = "drift@pvv.ntnu.no";
  };
  # Let's not spam LetsEncrypt in `nixos-rebuild build-vm` mode:
  virtualisation.vmVariant = {
    security.acme.defaults.server = "https://127.0.0.1";
    security.acme.preliminarySelfsigned = true;
    users.users.root.initialPassword = "root";
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -194,11 +194,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723850344,
+        "lastModified": 1693136143,
-        "narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=",
+        "narHash": "sha256-amHprjftc3y/bg8yf4hITCLa+ez5HIi0yGfR7TU6UIc=",
        "ref": "refs/heads/main",
-        "rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092",
+        "rev": "a32894b305f042d561500f5799226afd1faf5abb",
-        "revCount": 19,
+        "revCount": 9,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
      },
@@ -207,25 +207,6 @@
        "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
      }
    },
    "pvv-doorbell-bot": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "dirtyRev": "cec320746bbf5b5bc6618a145c1a997ebd0b5196-dirty",
        "dirtyShortRev": "cec3207-dirty",
        "lastModified": 1724515328,
        "narHash": "sha256-Vj3ZJkCaLq+6d1LJtl7Hg5f7XV4NDPeNC1xEyu9QkOI=",
        "type": "git",
        "url": "file:///home/felixalb/doorbell-matrix-bot"
      },
      "original": {
        "type": "git",
        "url": "file:///home/felixalb/doorbell-matrix-bot"
      }
    },
    "pvv-nettsiden": {
      "inputs": {
        "nixpkgs": [
@@ -256,7 +237,6 @@
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "pvv-calendar-bot": "pvv-calendar-bot",
        "pvv-doorbell-bot": "pvv-doorbell-bot",
        "pvv-nettsiden": "pvv-nettsiden",
        "sops-nix": "sops-nix"
      }
--- a/flake.nix
+++ b/flake.nix
@@ -17,10 +17,6 @@
    pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
    pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
    pvv-doorbell-bot.url = "git+https://git.pvv.ntnu.no/Projects/doorbell-matrix-bot.git";
    #pvv-doorbell-bot.url = "git+file:///home/felixalb/doorbell-matrix-bot";
    pvv-doorbell-bot.inputs.nixpkgs.follows = "nixpkgs";
    matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
    matrix-next.inputs.nixpkgs.follows = "nixpkgs";
@@ -41,8 +37,8 @@
      "aarch64-linux"
      "aarch64-darwin"
    ];
-    forAllSystems = f: nixlib.genAttrs systems f;
+    forAllSystems = f: nixlib.genAttrs systems (system: f system);
-    allMachines = builtins.attrNames self.nixosConfigurations;
+    allMachines = nixlib.mapAttrsToList (name: _: name) self.nixosConfigurations;
    importantMachines = [
      "bekkalokk"
      "bicep"
@@ -51,8 +47,6 @@
      "ildkule"
    ];
  in {
    inherit inputs;
    nixosConfigurations = let
      unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
      nixosConfig = nixpkgs: name: config: nixpkgs.lib.nixosSystem (nixpkgs.lib.recursiveUpdate
@@ -85,11 +79,9 @@
        modules = [
          inputs.matrix-next.nixosModules.default
          inputs.pvv-calendar-bot.nixosModules.default
          inputs.pvv-doorbell-bot.nixosModules.default
        ];
        overlays = [
          inputs.pvv-calendar-bot.overlays.x86_64-linux.default
          inputs.pvv-doorbell-bot.overlays.x86_64-linux.default
        ];
      };
      bekkalokk = stableNixosConfig "bekkalokk" {
@@ -132,11 +124,6 @@
      buskerud = stableNixosConfig "buskerud" { };
    };
    nixosModules = {
      snakeoil-certs = ./modules/snakeoil-certs.nix;
      snappymail = ./modules/snappymail.nix;
    };
    devShells = forAllSystems (system: {
      default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
    });
--- a/hosts/bekkalokk/services/gitea/default.nix
+++ b/hosts/bekkalokk/services/gitea/default.nix
@@ -135,16 +135,10 @@ in {
    script = let
      logo-svg = ../../../../assets/logo_blue_regular.svg;
      logo-png = ../../../../assets/logo_blue_regular.png;
      extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
        <a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
        <a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
        <a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
      '';
    in ''
      install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
      install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
      install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
    '';
  };
 }
--- a/hosts/bekkalokk/services/kerberos/pam.nix
+++ b/hosts/bekkalokk/services/kerberos/pam.nix
@@ -879,7 +879,7 @@ let
  inherit (pkgs) pam_krb5 pam_ccreds;
-  use_ldap = config.users.ldap.enable && config.users.ldap.loginPam;
+  use_ldap = (config.users.ldap.enable && config.users.ldap.loginPam);
  pam_ldap = if config.users.ldap.daemon.enable then pkgs.nss_pam_ldapd else pkgs.pam_ldap;
  # Create a limits.conf(5) file.
@@ -1510,7 +1510,7 @@ in
           it complains "Cannot create session: Already running in a
           session". */
        runuser-l = { rootOK = true; unixAuth = false; };
-      } // optionalAttrs config.security.pam.enableFscrypt {
+      } // optionalAttrs (config.security.pam.enableFscrypt) {
        # Allow fscrypt to verify login passphrase
        fscrypt = {};
      };
--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -9,11 +9,11 @@
    ./acmeCert.nix
    ./services/calendar-bot.nix
    ./services/doorbell-bot.nix
    ./services/mysql.nix
    ./services/mysql.nix
    ./services/postgres.nix
    ./services/mysql.nix
    # TODO: fix the calendar bot
    # ./services/calendar-bot.nix
    ./services/matrix
  ];
--- a/hosts/bicep/services/calendar-bot.nix
+++ b/hosts/bicep/services/calendar-bot.nix
@@ -2,20 +2,12 @@
 let
  cfg = config.services.pvv-calendar-bot;
 in {
-  sops.secrets = {
+  sops.secrets."calendar-bot/matrix_token" = {
    "calendar-bot/matrix_token" = {
    sopsFile = ../../../secrets/bicep/bicep.yaml;
    key = "calendar-bot/matrix_token";
    owner = cfg.user;
    group = cfg.group;
  };
    "calendar-bot/mysql_password" = {
      sopsFile = ../../../secrets/bicep/bicep.yaml;
      key = "calendar-bot/mysql_password";
      owner = cfg.user;
      group = cfg.group;
    };
  };
  services.pvv-calendar-bot = {
    enable = true;
@@ -26,11 +18,6 @@ in {
        user = "@bot_calendar:pvv.ntnu.no";
        channel = "!gkNLUIhYVpEyLatcRz:pvv.ntnu.no";
      };
      database = {
        host = "mysql.pvv.ntnu.no";
        user = "calendar-bot";
        passwordFile = config.sops.secrets."calendar-bot/mysql_password".path;
      };
      secretsFile = config.sops.secrets."calendar-bot/matrix_token".path;
      onCalendar = "*-*-* 09:00:00";
    };
--- a/hosts/bicep/services/doorbell-bot.nix
+++ b/hosts/bicep/services/doorbell-bot.nix
@@ -1,16 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.services.pvv-doorbell-bot;
 in {
  sops.secrets."doorbell-bot/config-json" = {
    owner = cfg.user;
    group = cfg.group;
  };
  services.pvv-doorbell-bot = {
    enable = true;
    settings = {
      configFile = config.sops.secrets."doorbell-bot/config-json".path;
    };
  };
 }
--- a/hosts/bicep/services/matrix/mjolnir.nix
+++ b/hosts/bicep/services/matrix/mjolnir.nix
@@ -11,7 +11,7 @@
  services.mjolnir = {
    enable = true;
    pantalaimon.enable = false;
-    homeserverUrl = "http://127.0.0.1:8008";
+    homeserverUrl = http://127.0.0.1:8008;
    accessTokenFile = config.sops.secrets."matrix/mjolnir/access_token".path;
    managementRoom = "!gsdeCoWjvYRBrzuiRq:pvv.ntnu.no";
    protectedRooms = map (a: "https://matrix.to/#/${a}") [
--- a/hosts/bicep/services/matrix/synapse.nix
+++ b/hosts/bicep/services/matrix/synapse.nix
@@ -143,10 +143,10 @@ in {
  services.redis.servers."".enable = true;
  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
-  {
+  ({
    kTLS = true;
-  }
+  })
-  {
+  ({
    locations."/.well-known/matrix/server" = {
      return = ''
        200 '{"m.server": "matrix.pvv.ntnu.no:443"}'
@@ -156,16 +156,16 @@ in {
        add_header Access-Control-Allow-Origin *;
      '';
    };
-  }
+  })
-  {
+  ({
    locations = let
      connectionInfo = w: matrix-lib.workerConnectionResource "metrics" w;
-      socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString c.port}";
+      socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString (c.port)}";
      metricsPath = w: "/metrics/${w.type}/${toString w.index}";
      proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
    in lib.mapAttrs' (n: v: lib.nameValuePair
-      (metricsPath v) {
+      (metricsPath v) ({
        proxyPass = proxyPath v;
        extraConfig = ''
          allow ${values.hosts.ildkule.ipv4};
@@ -174,10 +174,10 @@ in {
          allow ${values.hosts.ildkule.ipv6_global};
          deny all;
        '';
-      })
+      }))
      cfg.workers.instances;
-  }
+  })
-  {
+  ({
    locations."/metrics/master/1" = {
      proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
      extraConfig = ''
@@ -202,5 +202,5 @@ in {
            labels = { };
          }]) + "/";
    };
-  }];
+  })];
 }
--- a/hosts/georg/configuration.nix
+++ b/hosts/georg/configuration.nix
@@ -7,6 +7,7 @@
      ../../misc/metrics-exporters.nix
      ../../modules/grzegorz.nix
      ../../modules/spotifyd.nix
    ];
  boot.loader.systemd-boot.enable = true;
--- a/hosts/ildkule/services/monitoring/grafana.nix
+++ b/hosts/ildkule/services/monitoring/grafana.nix
@@ -34,13 +34,13 @@ in {
        {
          name = "Ildkule Prometheus";
          type = "prometheus";
-          url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
+          url = ("http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}");
         isDefault = true;
        }
        {
          name = "Ildkule loki";
          type = "loki";
-          url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
+          url = ("http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}");
        }
      ];
      dashboards.settings.providers = [
--- a/25
+++ b/25
@@ -1,25 +0,0 @@
 export GUM_FILTER_HEIGHT := "15"
 nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
@_default:
  just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
 check:
  nix flake check --keep-going
 build-machine machine=`just _a_machine`:
  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
 run-vm machine=`just _a_machine`:
  nixos-rebuild build-vm --flake .#{{ machine }}
  QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
@update-inputs:
  nix eval .#inputs --apply builtins.attrNames --json \
    | jq '.[]' -r \
    | gum choose --no-limit --height=15 \
    | xargs nix flake update --commit-lock-file
 _a_machine:
  nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter
--- a/modules/spotifyd.nix
+++ b/modules/spotifyd.nix
@@ -0,0 +1,44 @@
 { lib, config, ... }:
 {
  services.spotifyd.enable = true;
  # https://docs.spotifyd.rs/config/File.html
  services.spotifyd.settings = {
    device_name = "${config.networking.hostName}-spotifyd";
    device_type = "t_v"; # in ["unknown" "computer" "tablet" "smartphone" "speaker" "t_v"],
    bitrate = 160; # in [96 160 320]
    volume_normalisation = true;
    zeroconf_port = 44677; # instead of user/password
    # this is the place you add blinkenlights
    #on_song_change_hook = "rm -rf / --no-preserve-root";
  };
  systemd.services.spotifyd.serviceConfig = {
    SupplementaryGroups = [
      "audio"
      "pipewire"
    ];
  };
  services.avahi.enable = true;
  services.avahi.publish.enable = true;
  services.avahi.publish.addresses = true;
  services.avahi.publish.domain = true;
  services.avahi.extraServiceFiles.spotifyd = ''
    <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
    <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
    <service-group>
      <name replace-wildcards="yes">%h</name>
      <service>
        <type>_spotify-connect._tcp</type>
        <port>${builtins.toString config.services.spotifyd.settings.zeroconf_port}</port>
      </service>
    </service-group>
  '';
  networking.firewall.allowedTCPPorts = [ config.services.spotifyd.settings.zeroconf_port ];
  networking.firewall.allowedUDPPorts = [ 5353 ]; # mDNS
 }
--- a/secrets/bicep/bicep.yaml
+++ b/secrets/bicep/bicep.yaml
@@ -1,8 +1,5 @@
 calendar-bot:
    matrix_token: ENC[AES256_GCM,data:zJv9sw6pEzb9hxKT682wsD87HC9iejbps2wl2Z5QW1XZUSBHdcqyg1pxd+jFKTeKGQ==,iv:zDbvF1H98NsECjCtGXS+Y9HIhXowzz9HF9mltqnArog=,tag:/ftcOSQ13ElkVJBxYIMUGQ==,type:str]
    mysql_password: ENC[AES256_GCM,data:Gqag8yOgPH3ntoT5TmaqJWv1j+si2qIyz5Ryfw5E2A==,iv:kQDcxnPfwJQcFovI4f87UDt18F8ah3z5xeY86KmdCyY=,tag:A1sCSNXJziAmtUWohqwJgg==,type:str]
 doorbell-bot:
    config-json: ENC[AES256_GCM,data:QNFHiUqaBWfW9ZRAkZo9M18AMbn/oSxvEMq1N1NsDcBjxJMo/OE36fz1Uf4TagGccCDkWy56wSVSFZm8KZnXVaQ/X0EgJkUK1JZyR7i5yiEW8ByLaVzThMWBwxQoj2cz48z53krzfddyl250rLFQRa7Fco74yTFfBWruf/1clN5O/iHFspeW7uJtQh/oyFIVb87YisjKU2+jpU3IeDNsO6VFWOoOJd+ACmfwsAY0wOz5lzBEIrdU2k/PMgSVzECMV4S5ipwIUmVUpGzbvgAWZQGtsUeVevAbvZ1QgyH6bhDIUheeUrOKN0cbgEMc/xIi7yZ+VWHOMBqb8LkyBvunG2TjK31B1HAGL/krBS+gvvQnW0ZN,iv:K0djdxNOGaHBkE4vyh/22fruAHVsZYVT68cdVoMmogw=,tag:3fjjzD3bghvGy3aZ7/Ienw==,type:str]
 mysql:
    password: ENC[AES256_GCM,data:KqEe0TVdeMIzPKsmFg9x0X9xWijnOk306ycyXTm2Tpqo/O0F,iv:Y+hlQ8n1ZIP9ncXBzd2kCSs/DWVTWhiEluFVwZFKRCA=,tag:xlaUk0Wftk62LpYE5pKNQw==,type:str]
 sops:
@@ -65,8 +62,8 @@ sops:
            cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
            0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-24T16:49:06Z"
+    lastmodified: "2023-09-05T23:28:56Z"
-    mac: ENC[AES256_GCM,data:A5pYM3yNt5GdlvpdDbRXxQwUccC/dr5JZwPBMjjx4ZRaJMbewpmGL/ySITnsCEuxOG1cagc1S28ti8k3z0bR4rfFlt/fZ93K8uwI9rT6KW5pSEAa1vPEz8Jq+7asfJIBMCpxFxN704JDSeOnBMaSHwQdICdmG4jfN/F+YbXTPIA=,iv:Y6gloFlYtnJZ3kzcUtZZZmJQ8KowQ29pwZaqo/ePrm8=,tag:r8XFLU5PGMr3U3K0N0cmlQ==,type:str]
+    mac: ENC[AES256_GCM,data:pCWTkmCQgBOqhejK2sCLQ3H8bRXmXlToQxYmOG0IWDo2eGiZOLuIkZ1/1grYgfxAGiD4ysJod0nJuvo+eAsMeYAy6QJVtrOqO2d9V2NEdzLckXyYvwyJyZoFbNC5EW9471V0m4jLRSh5821ckNo/wtWFR11wfO15tI3MqtD1rtA=,iv:QDnckPl0LegaH0b7V4WAtmVXaL4LN+k3uKHQI2dkW7E=,tag:mScUQBR0ZHl1pi/YztrvFg==,type:str]
    pgp:
        - created_at: "2024-08-04T00:03:40Z"
          enc: |-
@@ -89,4 +86,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.7.3
--- a/shell.nix
+++ b/shell.nix
@@ -1,14 +1,9 @@
 { pkgs ? import <nixpkgs> {} }:
 pkgs.mkShellNoCC {
  packages = with pkgs; [
    just
    jq
    gum
    sops
    gnupg
    statix
    openstackclient
    editorconfig-checker
  ];
  shellHook = ''
--- a/statix.toml
+++ b/statix.toml
@@ -1,24 +0,0 @@
 ignore = [".direnv"]
 nix_version = '2.18' # '2.4'
 disabled = [
    # "bool_comparison", # W01
    # "empty_let_in", # W02
    "manual_inherit", # W03
    "manual_inherit_from", # W04
    # "legacy_let_syntax", # W05
    "collapsible_let_in", # W06
    # "eta_reduction", # W07
    # "useless_parens", # W08
    "empty_pattern", # W10
    # "redundant_pattern_bind", # W11
    # "unquoted_uri", # W12
    # "deprecated_is_null", # W13
    # "empty_inherit", # W14
    # "faster_groupby", # W15
    # "faster_zipattrswith", # W16
    # "deprecated_to_path", # W17
    # "bool_simplification", # W18
    # "useless_has_attr", # W19
    "repeated_keys", # W20
    "empty_list_concat", # W23
 ]