diff options
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/default.nix | 7 | ||||
-rw-r--r-- | krebs/2configs/shack/glados/automation/ampel.nix | 23 | ||||
-rw-r--r-- | krebs/2configs/shack/glados/default.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/shack/mqtt.nix | 22 | ||||
-rw-r--r-- | krebs/2configs/shack/muell_mail.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/muellshack.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/node-light.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/powerraw.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/s3-power.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/shackDNS.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/share.nix | 1 |
11 files changed, 58 insertions, 8 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 4c25bc963..369b750b7 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -45,6 +45,13 @@ with import <stockholm/lib>; services.cron.enable = false; services.ntp.enable = false; + # limit journald size + services.journald.extraConfig = '' + SystemMaxUse=1G + RuntimeMaxUse=128M + Storage=persistent + ''; + users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users.jeschli-brauerei.pubkey diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix new file mode 100644 index 000000000..4be92a328 --- /dev/null +++ b/krebs/2configs/shack/glados/automation/ampel.nix @@ -0,0 +1,23 @@ +# needs: +# binary_sensor.lounge_ampel_status +# light.lounge_ampel_licht_rot + +let + glados = import ../lib; +in +{ + services.home-assistant.config.automation = + [ + { + alias = "Ampel Rotes Licht"; + initial_state = true; + trigger = { + platform = "state"; + entity_id = "binary_sensor.lounge_ampel_status"; + }; + action = { service = "light.turn_on"; + data.entity_id = "light.lounge_ampel_licht_rot"; + }; + } + ]; +} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 51c2ad94f..e7860338c 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -40,6 +40,7 @@ in { ./automation/shack-startup.nix ./automation/party-time.nix ./automation/hass-restart.nix + ./automation/ampel.nix ]; services.home-assistant = diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix index e78f0f974..8ace42383 100644 --- a/krebs/2configs/shack/mqtt.nix +++ b/krebs/2configs/shack/mqtt.nix @@ -1,15 +1,21 @@ -# hostname: mqtt.shack +{ ... }: { networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.allowedUDPPorts = [ 1883 ]; services.mosquitto = { enable = true; - host = "0.0.0.0"; - users = {}; - # TODO: secure that shit - aclExtraConf = '' - pattern readwrite # - ''; - allowAnonymous = true; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = true; + users = {}; + settings = { + allow_anonymous = true; + }; + acl = [ "topic readwrite #" "pattern readwrite #" ]; + } + ]; }; } diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 9308c7b13..2a8c92e46 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -15,7 +15,9 @@ in { inherit home; isSystemUser = true; createHome = true; + group = "muell_mail"; }; + users.groups.muell_mail = {}; systemd.services.muell_mail = { description = "muell_mail"; wantedBy = [ "multi-user.target" ]; diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index cabe72b40..abec3b4d6 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -16,7 +16,9 @@ in { inherit home; isSystemUser = true; createHome = true; + group = "muellshack"; }; + users.groups.muellshack = {}; services.nginx.virtualHosts."muell.shack" = { locations."/" = { proxyPass = "http://localhost:${port}/muellshack/"; diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix index 7a648d4ee..1124d969f 100644 --- a/krebs/2configs/shack/node-light.nix +++ b/krebs/2configs/shack/node-light.nix @@ -17,7 +17,9 @@ in { inherit home; isSystemUser = true; createHome = true; + group = "node-light"; }; + users.groups.node-light = {}; services.nginx.virtualHosts."lounge.light.shack" = { locations."/" = { proxyPass = "http://localhost:${port}/lounge/"; diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix index 64e1911cf..79ba567b6 100644 --- a/krebs/2configs/shack/powerraw.nix +++ b/krebs/2configs/shack/powerraw.nix @@ -19,7 +19,9 @@ in { users.users.powermeter = { extraGroups = [ "dialout" ]; isSystemUser = true; + group = "powermeter"; }; + users.groups.powermeter = {}; # we make sure that usb-ttl has the correct permissions # creates /dev/powerraw diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index bed98d860..d8033f1e2 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -16,7 +16,9 @@ in { inherit home; createHome = true; isSystemUser = true; + group = "s3_power"; }; + users.groups.shackDNS = {}; systemd.services.s3-power = { startAt = "daily"; description = "s3-power"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix index 00f79abc4..4e73023aa 100644 --- a/krebs/2configs/shack/shackDNS.nix +++ b/krebs/2configs/shack/shackDNS.nix @@ -30,9 +30,11 @@ in { users.users.shackDNS = { inherit home; + group = "nogroup"; createHome = true; isSystemUser = true; }; + users.groups.shackDNS = {}; services.nginx.virtualHosts."leases.shack" = { locations."/" = { proxyPass = "http://localhost:${port}/"; diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix index 3eb30964e..bc483e8d0 100644 --- a/krebs/2configs/shack/share.nix +++ b/krebs/2configs/shack/share.nix @@ -7,6 +7,7 @@ home = "/home/share"; createHome = true; }; + users.groups.share = {}; networking.firewall.allowedTCPPorts = [ 139 445 # samba |