diff options
Diffstat (limited to 'makefu')
57 files changed, 262 insertions, 211 deletions
diff --git a/makefu/0tests/data/secrets/hass/tile.nix b/makefu/0tests/data/secrets/hass/tile.nix new file mode 100644 index 00000000..cbcf433f --- /dev/null +++ b/makefu/0tests/data/secrets/hass/tile.nix @@ -0,0 +1,4 @@ +{ + username = "lol"; + password = "wut"; +} diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix index 346de10b..3edfffb7 100644 --- a/makefu/1systems/filepimp/config.nix +++ b/makefu/1systems/filepimp/config.nix @@ -17,12 +17,6 @@ in { krebs.build.host = config.krebs.hosts.filepimp; networking.firewall.trustedInterfaces = [ itf ]; + networking.interfaces.${itf}.wakeOnLan.enable = true; - services.wakeonlan.interfaces = [ - { - interface = itf ; - method = "password"; - password = "CA:FE:BA:BE:13:37"; - } - ]; } diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 1cd56994..39c0554e 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -159,7 +159,7 @@ in { <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> - <stockholm/makefu/2configs/shiori.nix> + # <stockholm/makefu/2configs/shiori.nix> # <stockholm/makefu/2configs/workadventure> <stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix> diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix index ba4e3207..6915e413 100644 --- a/makefu/1systems/iso/target-config.nix +++ b/makefu/1systems/iso/target-config.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { imports = [ ./hardware-configuration.nix ./generated.nix ]; @@ -33,8 +33,8 @@ defaultLocale = "en_US.UTF-8"; }; boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; + "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; + "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; }; services.nscd.enable = false; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 6afe792e..0b4aaacb 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -75,7 +75,7 @@ in { # Logging #influx + grafana <stockholm/makefu/2configs/stats/server.nix> - <stockholm/makefu/2configs/stats/nodisk-client.nix> + # <stockholm/makefu/2configs/stats/nodisk-client.nix> # logs to influx <stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/telegraf> diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index 550afbea..60f4f7b7 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -100,7 +100,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; networking.firewall.allowedTCPPorts = [ 655 - 8081 #smokeping + 8081 # smokeping 49152 ]; networking.firewall.trustedInterfaces = [ "enp0s25" ]; @@ -111,15 +111,15 @@ in { # Port = 1655 # ''; #}; - boot.kernelPackages = pkgs.linuxPackages_latest; + #boot.kernelPackages = pkgs.linuxPackages_latest; # rt2870.bin wifi card, part of linux-unfree hardware.enableRedistributableFirmware = true; nixpkgs.config.allowUnfree = true; # rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # not explicitly setting the interface results in wpa_supplicant to crash - networking.interfaces.virbr1.ipv4.addresses = [{ - address = "10.8.8.11"; - prefixLength = 24; - }]; + #networking.interfaces.virbr1.ipv4.addresses = [{ + # address = "10.8.8.11"; + # prefixLength = 24; + #}]; # nuc hardware } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index dee6bd70..22427786 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -178,6 +178,7 @@ # temporary # { services.redis.enable = true; } # { services.mongodb.enable = true; } + # { services.elasticsearch.enable = true; } # <stockholm/makefu/2configs/deployment/nixos.wiki> # <stockholm/makefu/2configs/home/photoprism.nix> # <stockholm/makefu/2configs/dcpp/airdcpp.nix> diff --git a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix index ba10ae74..b3501979 100644 --- a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix +++ b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix @@ -12,7 +12,7 @@ in services.zigbee2mqtt = { enable = true; inherit dataDir; - config = { + settings = { permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index d9a2869c..b8ca49b7 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -39,7 +39,9 @@ in { home = stateDir; isSystemUser = true; createHome = true; + group = ddclientUser; }; + users.groups.${ddclientUser} = {}; systemd.services = { ddclient-nsupdate-uhub = { @@ -80,32 +82,36 @@ in { users.users.uhub = { home = uhubDir; createHome = true; + isSystemUser = true; + group = "uhub"; }; - services.uhub = { + users.groups.uhub = {}; + services.uhub.home = { enable = true; - port = 1511; enableTLS = true; - hubConfig = '' - hub_name = "krebshub" - tls_certificate = ${uhubDir}/uhub.crt - tls_private_key = ${uhubDir}/uhub.key - registered_users_only = true - ''; - plugins = { - welcome = { - enable = true; - motd = "shareit"; - rules = "1. Don't be an asshole"; - }; - history = { - enable = true; - }; - authSqlite = { - enable = true; - file = "${uhubDir}/uhub.sql"; - }; - + settings = { + server_port = 1511; + hub_name = "krebshub"; + tls_certificate = "${uhubDir}/uhub.crt"; + tls_private_key = "${uhubDir}/uhub.key"; + registered_users_only = true; }; + plugins = [ + { + plugin = "${pkgs.uhub}/plugins/mod_auth_sqlite.so"; + settings.file = "${uhubDir}/uhub.sql"; + } + { + plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; + settings.motd = "shareit"; + settings.rules = "1. Don't be an asshole"; + } + { + plugin = "${pkgs.uhub}/plugins/mod_history.so"; + settings.motd = "shareit"; + settings.rules = "1. Don't be an asshole"; + } + ]; }; networking.firewall.allowedTCPPorts = [ 411 1511 ]; } diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 52206c38..bb5c057b 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -75,10 +75,10 @@ with import <stockholm/lib>; auto-optimise-store = true ''; - security.wrappers.sendmail = { - source = "${pkgs.exim}/bin/sendmail"; - setuid = true; - }; + #security.wrappers.sendmail = { + # source = "${pkgs.exim}/bin/sendmail"; + # setuid = true; + #}; services.journald.extraConfig = '' SystemMaxUse=1G RuntimeMaxUse=128M diff --git a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix index 7d51dfa0..6f20ff57 100644 --- a/makefu/2configs/deployment/gecloudpad/gecloudpad.nix +++ b/makefu/2configs/deployment/gecloudpad/gecloudpad.nix @@ -11,8 +11,8 @@ with pkgs.python3Packages;buildPythonPackage rec { src = fetchFromGitHub { owner = "binaergewitter"; repo = "gecloudpad"; - rev = "master"; - sha256 = "0p9lcphp3r7hyypxadzw4x9ix6d0anmspxnjnj0v2jjll8gxqlhf"; + rev = "1399ede4e609f63fbf1c4560979a6b22b924e0c5"; + sha256 = "1w74j5ks7naalzrib87r0adq20ik5x3x5l520apagb7baszn17lb"; }; meta = { diff --git a/makefu/2configs/editor/neovim/default.nix b/makefu/2configs/editor/neovim/default.nix index e7e59373..a6fc1abc 100644 --- a/makefu/2configs/editor/neovim/default.nix +++ b/makefu/2configs/editor/neovim/default.nix @@ -29,7 +29,11 @@ enable = true; withPython3 = true; # withNodeJs = true; - extraPython3Packages = (ps: with ps; [ python-language-server pyls-mypy black libxml2]); + extraPython3Packages = (ps: with ps; [ + # python-language-server + # pyls-mypy + black libxml2 + ]); extraConfig = builtins.readFile ./vimrc; plugins = with pkgs.vimPlugins;[ undotree diff --git a/makefu/2configs/filepimp-share.nix b/makefu/2configs/filepimp-share.nix index abbdcbbb..850d432f 100644 --- a/makefu/2configs/filepimp-share.nix +++ b/makefu/2configs/filepimp-share.nix @@ -9,7 +9,9 @@ in { uid = config.ids.uids.smbguest; # effectively systemUser description = "smb guest user"; home = "/var/empty"; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; shares = { diff --git a/makefu/2configs/fs/sda-crypto-root.nix b/makefu/2configs/fs/sda-crypto-root.nix index e49843cf..54ee9f9e 100644 --- a/makefu/2configs/fs/sda-crypto-root.nix +++ b/makefu/2configs/fs/sda-crypto-root.nix @@ -16,8 +16,8 @@ loader.grub.version = 2; loader.grub.device = lib.mkDefault "/dev/sda"; - initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; - initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + #initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["cbc" "hmac" "sha256" "rng" "aes" "encrypted_keys" "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; }; fileSystems = { "/" = { diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index 2f6a26d8..dc28cf4d 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -17,7 +17,7 @@ user = "makefu"; }; displayManager.defaultSession = "gnome"; - desktopManager.gnome3.enable = true; + desktopManager.gnome.enable = true; displayManager.sessionCommands = '' ${pkgs.xlibs.xset}/bin/xset -display :0 s off -dpms ${pkgs.xlibs.xrandr}/bin/xrandr --output HDMI2 --right-of HDMI1 diff --git a/makefu/2configs/home/ham/automation/light_buttons.nix b/makefu/2configs/home/ham/automation/light_buttons.nix index 62fc87bb..1892917c 100644 --- a/makefu/2configs/home/ham/automation/light_buttons.nix +++ b/makefu/2configs/home/ham/automation/light_buttons.nix @@ -1,27 +1,53 @@ let inherit (import ../lib) btn_cycle_light; - turn_off_all = btn: #lights: - { - alias = "Turn of all lights via ${btn} double click"; - trigger = { - platform = "state"; - entity_id = "sensor.${btn}_click"; - to = "double"; - }; - action = { - service = "light.turn_off"; - #entity_id = lights; - entity_id = "all"; - }; - }; in { services.home-assistant.config.automation = [ # (btn_cycle_light "light.arbeitszimmerbeleuchtung" "arbeitszimmer_btn1") (btn_cycle_light "light.schlafzimmer_komode_osram" "schlafzimmer_btn2" 128) - - (btn_cycle_light "light.keller_osram" "keller_btn1" 128) + { + alias = "toggle keller"; + trigger = { + platform = "state"; + entity_id = "sensor.keller_btn1_click"; + to = "single"; + }; + action = { + service = "light.toggle"; + #entity_id = lights; + data = { + entity_id = "light.keller_osram"; + brightness = 255; + }; + }; + } + { + alias = "low brightness keller with doubleclick"; + trigger = { + platform = "state"; + entity_id = "sensor.keller_btn1_click"; + to = "double"; + }; + action = { + service = "light.toggle"; + data = { + entity_id = "light.keller_osram"; + brightness = 50; + }; + }; + } # (btn_cycle_light "light.wohnzimmerbeleuchtung" "wohnzimmer_btn3") - (turn_off_all "schlafzimmer_btn2" ) + { + alias = "Turn of all lights via schlafzimmer_btn2 double click"; + trigger = { + platform = "state"; + entity_id = "sensor.schlafzimmer_btn2_click"; + to = "double"; + }; + action = { + service = "light.turn_off"; + entity_id = "all"; + }; + } ]; } diff --git a/makefu/2configs/home/ham/default.nix b/makefu/2configs/home/ham/default.nix index 6ab3cd46..e17cfc35 100644 --- a/makefu/2configs/home/ham/default.nix +++ b/makefu/2configs/home/ham/default.nix @@ -23,6 +23,7 @@ in { # ./multi/fliegen-couter.nix ./device_tracker/openwrt.nix + ./device_tracker/tile.nix ./sensor/outside.nix diff --git a/makefu/2configs/home/ham/device_tracker/tile.nix b/makefu/2configs/home/ham/device_tracker/tile.nix new file mode 100644 index 00000000..ad1e6c15 --- /dev/null +++ b/makefu/2configs/home/ham/device_tracker/tile.nix @@ -0,0 +1,10 @@ +{ + + services.home-assistant.config.device_tracker = + [ + { inherit (import <secrets/hass/tile.nix>) username password; + platform = "tile"; + show_inactive = true; + } + ]; +} diff --git a/makefu/2configs/home/ham/light/arbeitszimmer.nix b/makefu/2configs/home/ham/light/arbeitszimmer.nix index bc60678b..45fbfb57 100644 --- a/makefu/2configs/home/ham/light/arbeitszimmer.nix +++ b/makefu/2configs/home/ham/light/arbeitszimmer.nix @@ -6,7 +6,8 @@ let ]; arbeitszimmerbeleuchtung = [ "light.arbeitszimmer_schrank_dimmer" - "light.arbeitszimmer_kerze" # arbeitszimmer_kerze + "light.arbeitszimmer_kerze" + "light.arbeitszimmer_pflanzenlicht" ]; in { services.home-assistant.config.light = [ @@ -20,5 +21,22 @@ in { name = "Arbeitszimmer Deko"; entities = arbeitszimmer_deko; } + { platform = "switch"; + name = "Arbeitszimmer Pflanzenlicht"; + entity_id = "switch.arbeitszimmer_stecker1"; + } + ]; + services.home-assistant.config.automation = [ + { + alias = "Toggle Arbeitszimmerbeleuchtung via Remote"; + trigger = { + platform = "state"; + entity_id = "sensor.arbeitszimmer_remote1_action"; + }; + action = { + service = "light.toggle"; + data.entity_id = "light.arbeitszimmerbeleuchtung"; + }; + } ]; } diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index cd1c328d..c90afff4 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -1,24 +1,31 @@ { pkgs, config, ... }: { + environment.systemPackages = [ pkgs.mosquitto ]; + # port open via trusted interface services.mosquitto = { enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - # see <host>/mosquitto - users.sensor = { - hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "topic readwrite #" ]; - }; - users.hass = { - hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "topic readwrite #" ]; - }; - users.stats = { - hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "topic read #" ]; - }; + persistence = false; + settings.max_keepalive = 60; + listeners = [ + { + port = 1883; + omitPasswordAuth = false; + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; + settings = { + allow_anonymous = false; + }; + } + ]; }; - environment.systemPackages = [ pkgs.mosquitto ]; - # port open via trusted interface } diff --git a/makefu/2configs/lanparty/samba.nix b/makefu/2configs/lanparty/samba.nix index 0bd29497..e2fa58c4 100644 --- a/makefu/2configs/lanparty/samba.nix +++ b/makefu/2configs/lanparty/samba.nix @@ -7,7 +7,9 @@ description = "smb guest user"; home = "/data/lanparty"; createHome = true; + group = "share"; }; + users.groups.share = {}; services.samba = { enable = true; enableNmbd = true; diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index 445e6c57..1761f65e 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -78,8 +78,8 @@ # Enable IPv6 Privacy Extensions boot.kernel.sysctl = { - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; + "net.ipv6.conf.a |