diff options
Diffstat (limited to 'makefu/2configs')
26 files changed, 183 insertions, 86 deletions
diff --git a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix index ba10ae74b..b35019793 100644 --- a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix +++ b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix @@ -12,7 +12,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index d9a2869cc..b8ca49b74 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -39,7 +39,9 @@ in { home = stateDir; isSystemUser = true; createHome = true; + group = ddclientUser; }; + users.groups.${ddclientUser} = {}; systemd.services = { ddclient-nsupdate-uhub = { @@ -80,32 +82,36 @@ in { users.users.uhub = { home = uhubDir; createHome = true; + isSystemUser = true; + group = "uhub"; }; - services.uhub = { + users.groups.uhub = {}; + services.uhub.home = { enable = true; - port = 1511; enableTLS = true; - hubConfig = '' - hub_name = "krebshub" - tls_certificate = ${uhubDir}/uhub.crt - tls_private_key = ${uhubDir}/uhub.key - registered_users_only = true - ''; - plugins = { - welcome = { - enable = true; - motd = "shareit"; - rules = "1. Don't be an asshole"; - }; - history = { - enable = true; - }; - authSqlite = { - enable = true; - file = "${uhubDir}/uhub.sql"; - }; - + settings = { + server_port = 1511; + hub_name = "krebshub"; + tls_certificate = "${uhubDir}/uhub.crt"; + tls_private_key = "${uhubDir}/uhub.key"; + registered_users_only = true; }; + plugins = [ + { + plugin = "${pkgs.uhub}/plugins/mod_auth_sqlite.so"; + settings.file = "${uhubDir}/uhub.sql"; + } + { + plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; + settings.motd = "shareit"; + settings.rules = "1. Don't be an asshole"; + } + { + plugin = "${pkgs.uhub}/plugins/mod_history.so"; + settings.motd = "shareit"; + settings.rules = "1. Don't be an asshole"; + } + ]; }; networking.firewall.allowedTCPPorts = [ 411 1511 ]; } diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 52206c380..bb5c057be 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -75,10 +75,10 @@ with import <stockholm/lib>; auto-optimise-store = true ''; - security.wrappers.sendmail = { - source = "${pkgs.exim}/bin/sendmail"; - setuid = true; - }; + #security.wrappers.sendmail = { + # source = "${pkgs.exim}/bin/sendmail"; + # setuid = true; + #}; services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M diff --git a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix index 7d51dfa0d..6f20ff579 100644 --- a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix +++ b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix @@ -11,8 +11,8 @@ with pkgs.python3Packages;buildPythonPackage rec { src = fetchFromGitHub { owner = "binaergewitter"; repo = "gecloudpad"; - rev = "master"; - sha256 = "0p9lcphp3r7hyypxadzw4x9ix6d0anmspxnjnj0v2jjll8gxqlhf"; + rev = "1399ede4e609f63fbf1c4560979a6b22b924e0c5"; + sha256 = "1w74j5ks7naalzrib87r0adq20ik5x3x5l520apagb7baszn17lb"; }; meta = { diff --git a/makefu/2configs/editor/neovim/default.nix b/makefu/2configs/editor/neovim/default.nix index e7e59373a..a6fc1abc1 100644 --- a/makefu/2configs/editor/neovim/default.nix +++ b/makefu/2configs/editor/neovim/default.nix @@ -29,7 +29,11 @@ enable = true; withPython3 = true; # withNodeJs = true; - extraPython3Packages = (ps: with ps; [ python-language-server pyls-mypy black libxml2]); + extraPython3Packages = (ps: with ps; [ + # python-language-server + # pyls-mypy + black libxml2 + ]); extraConfig = builtins.readFile ./vimrc; plugins = with pkgs.vimPlugins;[ undotree diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index abbdcbbb2..850d432f3 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -9,7 +9,9 @@ in { uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e49843cfe..54ee9f9e5 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -16,8 +16,8 @@ loader.grub.version = 2; loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["cbc" "hmac" "sha256" "rng" "aes" "encrypted_keys" "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { "/" = { diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 2f6a26d82..dc28cf4d2 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -17,7 +17,7 @@ user = "makefu"; }; displayManager.defaultSession = "gnome"; - desktopManager.gnome3.enable = true; + desktopManager.gnome.enable = true; displayManager.sessionCommands = '' ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 diff --git a/makefu/2configs/home/ham/automation/light_buttons.nix b/makefu/2configs/home/ham/automation/light_buttons.nix index 62fc87bb4..1892917c4 100644 --- a/makefu/2configs/home/ham/automation/light_buttons.nix +++ b/makefu/2configs/home/ham/automation/light_buttons.nix @@ -1,27 +1,53 @@ let inherit (import ../lib) btn_cycle_light; - turn_off_all = btn: #lights: - { - alias = "Turn of all lights via ${btn} double click"; - trigger = { - platform = "state"; - entity_id = "sensor.${btn}_click"; - to = "double"; - }; - action = { - service = "light.turn_off"; - #entity_id = lights; - entity_id = "all"; - }; - }; in { services.home-assistant.config.automation = [ # (btn_cycle_light "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") (btn_cycle_light "light.schlafzimmer_komode_osram" "schlafzimmer_btn2" 128) - - (btn_cycle_light "light.keller_osram" "keller_btn1" 128) + { + alias = "toggle keller"; + trigger = { + platform = "state"; + entity_id = "sensor.keller_btn1_click"; + to = "single"; + }; + action = { + service = "light.toggle"; + #entity_id = lights; + data = { + entity_id = "light.keller_osram"; + brightness = 255; + }; + }; + } + { + alias = "low brightness keller with doubleclick"; + trigger = { + platform = "state"; + entity_id = "sensor.keller_btn1_click"; + to = "double"; + }; + action = { + service = "light.toggle"; + data = { + entity_id = "light.keller_osram"; + brightness = 50; + }; + }; + } # (btn_cycle_light "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") - (turn_off_all "schlafzimmer_btn2" ) + { + alias = "Turn of all lights via schlafzimmer_btn2 double click"; + trigger = { + platform = "state"; + entity_id = "sensor.schlafzimmer_btn2_click"; + to = "double"; + }; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + } ]; } diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 6ab3cd46c..e17cfc35d 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -23,6 +23,7 @@ in { # ./multi/fliegen-couter.nix ./device_tracker/openwrt.nix + ./device_tracker/tile.nix ./sensor/outside.nix diff --git a/makefu/2configs/home/ham/device_tracker/tile.nix b/makefu/2configs/home/ham/device_tracker/tile.nix new file mode 100644 index 000000000..ad1e6c15d --- /dev/null +++ b/makefu/2configs/home/ham/device_tracker/tile.nix @@ -0,0 +1,10 @@ +{ + + services.home-assistant.config.device_tracker = + [ + { inherit (import <secrets/hass/tile.nix>) username password; + platform = "tile"; + show_inactive = true; + } + ]; +} diff --git a/makefu/2configs/home/ham/light/arbeitszimmer.nix b/makefu/2configs/home/ham/light/arbeitszimmer.nix index bc60678b3..45fbfb57b 100644 --- a/makefu/2configs/home/ham/light/arbeitszimmer.nix +++ b/makefu/2configs/home/ham/light/arbeitszimmer.nix @@ -6,7 +6,8 @@ let ]; arbeitszimmerbeleuchtung = [ "light.arbeitszimmer_schrank_dimmer" - "light.arbeitszimmer_kerze" # arbeitszimmer_kerze + "light.arbeitszimmer_kerze" + "light.arbeitszimmer_pflanzenlicht" ]; in { services.home-assistant.config.light = [ @@ -20,5 +21,22 @@ in { name = "Arbeitszimmer Deko"; entities = arbeitszimmer_deko; } + { platform = "switch"; + name = "Arbeitszimmer Pflanzenlicht"; + entity_id = "switch.arbeitszimmer_stecker1"; + } + ]; + services.home-assistant.config.automation = [ + { + alias = "Toggle Arbeitszimmerbeleuchtung via Remote"; + trigger = { + platform = "state"; + entity_id = "sensor.arbeitszimmer_remote1_action"; + }; + action = { + service = "light.toggle"; + data.entity_id = "light.arbeitszimmerbeleuchtung"; + }; + } ]; } diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index cd1c328d7..c90afff4a 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -1,24 +1,31 @@ { pkgs, config, ... }: { + environment.systemPackages = [ pkgs.mosquitto ]; + # port open via trusted interface services.mosquitto = { enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - # see <host>/mosquitto - users.sensor = { - hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "topic readwrite #" ]; - }; - users.hass = { - hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "topic readwrite #" ]; - }; - users.stats = { - hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "topic read #" ]; - }; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = false; + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; + settings = { + allow_anonymous = false; + }; + } + ]; }; - environment.systemPackages = [ pkgs.mosquitto ]; - # port open via trusted interface } diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 0bd29497d..e2fa58c4b 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -7,7 +7,9 @@ description = "smb guest user"; home = "/data/lanparty"; createHome = true; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; enableNmbd = true; diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index 445e6c577..1761f65e2 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -78,8 +78,8 @@ # Enable IPv6 Privacy Extensions boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; + "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; + "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; }; } diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 9d1da8392..cba43e22d 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -2,12 +2,18 @@ { services.mosquitto = { enable = true; - host = "0.0.0.0"; - users = {}; - # TODO: secure that shit - aclExtraConf = '' - pattern readwrite # - ''; - allowAnonymous = true; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = true; + users = {}; + settings = { + allow_anonymous = true; + }; + acl = [ "topic readwrite #" "pattern readwrite #" ]; + } + ]; }; } diff --git a/makefu/2configs/nix-community/supervision.nix b/makefu/2configs/nix-community/supervision.nix index f648b9c17..cd4b6567b 100644 --- a/makefu/2configs/nix-community/supervision.nix +++ b/makefu/2configs/nix-community/supervision.nix @@ -6,6 +6,7 @@ in { networking.firewall.extraCommands = '' iptables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT + ip6tables -A INPUT -i retiolum -p tcp --dport ${port} -j ACCEPT ''; services.telegraf = { diff --git a/makefu/2configs/nsupdate-data.nix b/makefu/2configs/nsupdate-data.nix index 2f8f4acc4..3b6518f60 100644 --- a/makefu/2configs/nsupdate-data.nix +++ b/makefu/2configs/nsupdate-data.nix @@ -28,14 +28,16 @@ let ''; in { - users.extraUsers = singleton { + users.users.${ddclientUser} = { name = ddclientUser; - uid = genid "ddclient"; + uid = genid ddclientUser; description = "ddclient daemon user"; home = stateDir; createHome = true; isSystemUser = true; + group = ddclientUser; }; + users.groups.${ddclientUser} = {}; systemd.services = { ddclient-nsupdate-elchos = { diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 308142f03..93536b63d 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -14,7 +14,9 @@ in { uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/var/empty"; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix index 56beb5b42..bcfddc112 100644 --- a/makefu/2configs/share/temp-share-samba.nix +++ b/makefu/2configs/share/temp-share-samba.nix @@ -13,7 +13,9 @@ description = "smb guest user"; home = "/home/share"; createHome = true; + group = "smbguest"; }; + users.groups.smbguest = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index f2c36b551..9e5f8ddf5 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -7,7 +7,9 @@ description = "smb guest user"; home = "/home/share"; createHome = true; + group = "smbguest"; }; + users.groups.smbguest = {}; users.groups.mpd.members = [ "makefu" ]; services.samba = { enable = true; diff --git a/makefu/2configs/stats/arafetch.nix b/makefu/2configs/stats/arafetch.nix index c8ccbfbb9..0ea05e779 100644 --- a/makefu/2configs/stats/arafetch.nix +++ b/makefu/2configs/stats/arafetch.nix @@ -24,7 +24,9 @@ in { inherit home; createHome = true; isSystemUser = true; + group = "arafetch"; }; + users.groups.arafetch = {}; systemd.services.ara2mqtt = { startAt = "05:00:00"; diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 766aacb9e..1f622a8e0 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -6,7 +6,7 @@ # mitmproxy nmap msf - drozer + #drozer #dex2jar apktool jd-gui diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 94e77e636..918d950f2 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -3,9 +3,10 @@ { users.users.makefu.packages = with pkgs;[ (python3.withPackages(ps: [ - ps.python-language-server + #ps.python-language-server # the following plugins are optional, they provide type checking, import sorting and code formatting - ps.pyls-mypy ps.pyls-isort ps.pyls-black + # ps.pyls-mypy ps.pyls-isort ps.pyls-black + ps.virtualenv ps.pyserial ps.virtualenv ])) # embedded diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 763603dfd..4bd0c25f4 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -20,6 +20,9 @@ # rambox vscode + + # 3d Modelling chitubox + freecad ]; } diff --git a/makefu/2configs/urlwatch/default.nix b/makefu/2configs/urlwatch/default.nix index 93424815d..3620bc568 100644 --- a/makefu/2configs/urlwatch/default.nix +++ b/makefu/2configs/urlwatch/default.nix @@ -34,9 +34,9 @@ in { https://pypi.python.org/simple/pyserial/ https://pypi.python.org/simple/semantic_version/ # weird shit - { url = "https://www.zigbee2mqtt.io/information/supported_adapters.html"; - filter = "html2text"; - } + #{ url = "https://www.zigbee2mqtt.io/guide/adapters/"; + # filter = "html2text"; + #} http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/ https://erdgeist.org/gitweb/opentracker/info/refs?service=git-upload-pack |