diff options
author | lassulus <lassulus@lassul.us> | 2020-01-10 19:37:56 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2020-01-10 19:37:56 +0100 |
commit | 4104b5d6d8e0acb80308e44e436a9cbe8863961a (patch) | |
tree | b753694bb258edace7269bce688ced3bbd4b0133 | |
parent | f491fac2025b2e99788be8e26181da1b26995e84 (diff) | |
parent | 5d3fbb2af9c1c7d166ca45cd9d119bd77a3acd80 (diff) |
Merge remote-tracking branch 'gum/master'
21 files changed, 549 insertions, 107 deletions
diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix new file mode 100644 index 000000000..9c6a9da08 --- /dev/null +++ b/krebs/1systems/filebitch/config.nix @@ -0,0 +1,48 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; +in +{ + imports = [ + ./hardware-configuration.nix + <stockholm/krebs> + <stockholm/krebs/2configs> + # <stockholm/krebs/2configs/secret-passwords.nix> + + # <stockholm/krebs/2configs/binary-cache/nixos.nix> + # <stockholm/krebs/2configs/binary-cache/prism.nix> + <stockholm/krebs/2configs/shack/ssh-keys.nix> + <stockholm/krebs/2configs/shack/prometheus/node.nix> + # provides access to /home/share for smbuser via smb + <stockholm/krebs/2configs/shack/share.nix> + { + fileSystems."/home/share" = + { device = "/serve"; + options = [ "bind" "nofail" ]; + }; + } + + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> + ]; + + krebs.build.host = config.krebs.hosts.filebitch; + sound.enable = false; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0" + ''; + networking = { + firewall.enable = true; + interfaces.et0.ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; +} diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix new file mode 100644 index 000000000..574618e39 --- /dev/null +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -0,0 +1,96 @@ +{ config, lib, pkgs, ... }: +let + byid = dev: "/dev/disk/by-id/" + dev; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; +in +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.zfs.forceImportRoot = false; + boot.zfs.forceImportAll = false; + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; + boot.tmpOnTmpfs = true; + + + boot.initrd.availableKernelModules = [ + "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" + "raid456" + "usbhid" + "usb_storage" + ]; + boot.initrd.kernelModules = [ + "sata_sil" + "megaraid_sas" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5266-931D"; + fsType = "vfat"; + }; + fileSystems."/serve" = + { device = "/dev/cryptvg/serve"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + fileSystems."/serve/incoming" = + { device = "/dev/cryptvg/incoming"; + fsType = "ext4"; + options = [ "nofail" ]; + + }; + fileSystems."/serve/movies" = + { device = "/dev/cryptvg/servemovies"; + fsType = "ext4"; + options = [ "nofail" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; } + ]; + + nix.maxJobs = lib.mkDefault 4; + boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN"; + + networking.hostId = "54d97450"; # required for zfs use + boot.initrd.luks.devices = let + usbkey = name: device: { + inherit name device keyFile; + keyFileSize = 2048; + preLVM = true; + }; + in [ + ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ) + ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) + // { allowDiscards = true; } ) + (usbkey "125" "/dev/md125") + (usbkey "126" "/dev/md126") + (usbkey "127" "/dev/md127") + ]; + + +} diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 059e09ac1..7a096cecf 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -69,6 +69,10 @@ in # grafana.shack <stockholm/krebs/2configs/shack/grafana.nix> + # shackdns.shack + # replacement for leases.shack and shackles.shack + <stockholm/krebs/2configs/shack/shackDNS.nix> + ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix new file mode 100644 index 000000000..e87354978 --- /dev/null +++ b/krebs/2configs/shack/glados/automation/hass-restart.nix @@ -0,0 +1,20 @@ +# needs: +# light.fablab_led +[ + { alias = "State on HA start-up"; + trigger = { + platform = "homeassistant"; + event = "start"; + }; + action = [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "yellow"; + }; + } + ]; + } +] + diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index d000af397..e48a54551 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -2,6 +2,7 @@ let shackopen = import ./multi/shackopen.nix; wasser = import ./multi/wasser.nix; + badair = import ./multi/schlechte_luft.nix; in { services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; @@ -44,7 +45,7 @@ in { autoExtraComponents = true; config = { homeassistant = { - name = "Bureautomation"; + name = "Glados"; time_zone = "Europe/Berlin"; latitude = "48.8265"; longitude = "9.0676"; @@ -89,7 +90,7 @@ in { }; }; switch = wasser.switch; - light = []; + light = badair.light; media_player = [ { platform = "mpd"; host = "lounge.mpd.shack"; @@ -99,7 +100,8 @@ in { sensor = (import ./sensors/hass.nix) ++ (import ./sensors/power.nix) - ++ shackopen.sensor; + ++ shackopen.sensor + ++ badair.sensor; binary_sensor = shackopen.binary_sensor; @@ -113,8 +115,9 @@ in { trusted_proxies = "127.0.0.1"; }; #conversation = {}; - #history = {}; - #logbook = {}; + history = {}; + logbook = {}; + recorder = {}; tts = [ { platform = "google_translate"; language = "de"; @@ -123,10 +126,12 @@ in { # language = "de-DE"; #} ]; - #recorder = {}; sun = {}; - automation = wasser.automation; + automation = wasser.automation + ++ badair.automation + ++ (import ./automation/hass-restart.nix); + device_tracker = []; }; }; diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix new file mode 100644 index 000000000..6737af842 --- /dev/null +++ b/krebs/2configs/shack/glados/lib/default.nix @@ -0,0 +1,107 @@ +let + prefix = "glados"; +in +{ + esphome = + { + temp = {host, topic ? "temperature" }: + { + platform = "mqtt"; + name = "${host} Temperature"; + device_class = "temperature"; + unit_of_measurement = "°C"; + icon = "mdi:thermometer"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + hum = {host, topic ? "humidity" }: + { + platform = "mqtt"; + unit_of_measurement = "%"; + icon = "mdi:water-percent"; + device_class = "humidity"; + name = "${host} Humidity"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + # copied from "homeassistant/light/fablab_led/led_ring/config" + led = {host, topic ? "led", name ? host}: + { # name: fablab_led + # topic: led_ring + platform = "mqtt"; + inherit name; + schema = "json"; + brightness = true; + rgb = true; + effect = true; + effect_list = [ # TODO: may be different + "Random" + "Strobe" + "Rainbow" + "Color Wipe" + "Scan" + "Twinkle" + "Fireworks" + "Addressable Flicker" + "None" + ]; + state_topic = "${prefix}/${host}/light/${topic}/state"; + command_topic = "${prefix}/${host}/light/${topic}/command"; + availability_topic = "${prefix}/${host}/status"; + payload_available = "online"; + payload_not_available = "offline"; + qos = 1; + }; + # Feinstaub + dust_25m = { host, name ? "${host} < 2.5µm", topic ? "particulate_matter_25m_concentration" }: + { + platform = "mqtt"; + unit_of_measurement = "µg/m³"; + icon = "mdi:chemical-weapon"; + inherit name; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; + dust_100m = {host, name ? "${host} < 10µm", topic ? "particulate_matter_100m_concentration" }: + { + platform = "mqtt"; + unit_of_measurement = "µg/m³"; + icon = "mdi:chemical-weapon"; + inherit name; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; + switch = {host, name ? "${host} Button", topic ? "btn" }: + # host: ampel + # name: Button 1 + # topic: btn1 + { + inherit name; + platform = "mqtt"; + state_topic = "${prefix}/${host}/sensor/${topic}/state"; + command_topic = "${prefix}/${host}/switch/${topic}/state"; + availability_topic = "${prefix}/${host}/status"; + }; + }; + tasmota = + { + plug = {host, name ? host, topic ? host}: + { + platform = "mqtt"; + inherit name; + state_topic = "sonoff/stat/${topic}/POWER1"; + command_topic = "sonoff/cmnd/${topic}/POWER1"; + availability_topic = "sonoff/tele/${topic}/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = false; + qos = 1; + }; + }; +} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix new file mode 100644 index 000000000..9cd2c56f4 --- /dev/null +++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix @@ -0,0 +1,123 @@ +let + glados = import ../lib; +in +{ + # LED + light = [ + (glados.esphome.led { name = "Fablab LED"; host = "fablab_led"; topic = "led_ring"; }) + + (glados.esphome.led { name = "Fablab LED Part A"; host = "fablab_led"; topic = "A";}) + (glados.esphome.led { name = "Fablab LED Part B"; host = "fablab_led"; topic = "B";}) + (glados.esphome.led { name = "Fablab LED Part C"; host = "fablab_led"; topic = "C";}) + (glados.esphome.led { name = "Fablab LED Part D"; host = "fablab_led"; topic = "D";}) + ]; + sensor = [ + (glados.esphome.temp { host = "fablab_feinstaub";}) + (glados.esphome.dust_25m { host = "fablab_feinstaub";}) + (glados.esphome.dust_100m { host = "fablab_feinstaub";}) + ]; + automation = + [ + { alias = "Gute Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + below = 25; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Twinkle"; + color_name = "green"; + }; + } + ]; + } + { alias = "mäßige Luft Fablab"; + trigger = [ + #{ + # platform = "numeric_state"; + # above = 25; + # entity_id = "sensor.fablab_feinstaub_25m"; + #} + { + platform = "numeric_state"; + above = 25; + below = 50; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Twinkle"; + color_name = "yellow"; + }; + } + ]; + } + { alias = "schlechte Luft Fablab"; + trigger = [ + { + platform = "numeric_state"; + above = 50; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Twinkle"; + color_name = "red"; + }; + } + ]; + } + { alias = "Luft Sensor nicht verfügbar"; + trigger = [ + { + platform = "state"; + to = "unavailable"; + entity_id = "sensor.fablab_feinstaub_2_5um"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "blue"; + }; + } + ]; + } + { alias = "Fablab Licht Reboot"; + trigger = [ + { + platform = "state"; + from = "unavailable"; + entity_id = "light.fablab_led"; + } + ]; + action = + [ + { service = "light.turn_on"; + data = { + entity_id = "light.fablab_led"; + effect = "Rainbow"; + color_name = "orange"; + }; + } + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix index 578bb0750..cdfe01405 100644 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -1,23 +1,12 @@ let - tasmota_plug = name: topic: - { platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; + glados = import ../lib; seconds = 20; in { switch = [ - (tasmota_plug "Wasser" "plug") + (glados.tasmota.plug { host = "Wasser"; topic = "plug";} ) ]; + automation = [ { alias = "Water the plant for ${toString seconds} seconds"; diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix index 634758701..8de0ef391 100644 --- a/krebs/2configs/shack/glados/sensors/hass.nix +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -1,22 +1,5 @@ let - esphome_temp = name: - { platform = "mqtt"; - name = "${name} Temperature"; - device_class = "temperature"; - state_topic = "glados/${name}/sensor/temperature/state"; - availability_topic = "glados/${name}/status"; - payload_available = "online"; - payload_not_available = "offline"; - }; - esphome_hum = name: - { platform = "mqtt"; - device_class = "humidity"; - name = "${name} Humidity"; - state_topic = "glados/${name}/sensor/humidity/state"; - availability_topic = "glados/${name}/status"; - payload_available = "online"; - payload_not_available = "offline"; - }; + glados = import ../lib; in - (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) - ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + (map (host: glados.esphome.temp {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map (host: glados.esphome.hum {inherit host;}) [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix index c1c957da3..c67d8f523 100644 --- a/krebs/2configs/shack/muellshack.nix +++ b/krebs/2configs/shack/muellshack.nix @@ -4,8 +4,8 @@ let pkg = pkgs.callPackage ( pkgs.fetchgit { url = "https://git.shackspace.de/rz/muellshack"; - rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f"; - sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j"; + rev = "c3d1f70325e5b90f280c5be60110e14f4de653ae"; + sha256 = "1dd4kqwdr4v413rmkvmyjzzvw8id9747nifp96pg0c2cy6bhzj24"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muellshack"; port = "8081"; diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix new file mode 100644 index 000000000..807bb7e65 --- /dev/null +++ b/krebs/2configs/shack/shackDNS.nix @@ -0,0 +1,63 @@ +{ config, lib, pkgs, ... }: + +let + pkg = + pkgs.fetchgit { + url = "https://git.shackspace.de/rz/shackdns"; + rev = "e55cc906c734b398683f9607b93f1ad6435d8575"; + sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq"; + }; + home = "/var/lib/shackDNS"; + port = "8083"; + config_file = pkgs.writeText "config" '' + # Points to a bind configuration file + dns-db = ${home}/db.shack + + # Points to a shackles configuration file + # See `shackles.json` in repo + shackles-db = ${home}/shackles.json + + # Points to a REST service with the DHCP leases + leases-api = http://dhcp.shack/dhcpd.leases + + # Wrap this binding with https proxy or similar + binding = http://localhost:${port}/ + ''; +in { + # receive response from light.shack / standby.shack + networking.firewall.allowedTCPPorts = [ ]; + + users.users.shackDNS = { + inherit home; + createHome = true; + }; + services.nginx.virtualHosts."leases.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + services.nginx.virtualHosts."shackdns.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + services.nginx.virtualHosts."shackles.shack" = { + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; + + systemd.services.shackDNS = { + description = "shackDNS provides an overview over DHCP and DNS as well as a replacement for shackles"; + wantedBy = [ "multi-user.target" ]; + environment.PORT = port; + serviceConfig = { + User = "shackDNS"; + WorkingDirectory = home; + ExecStart = "${pkgs.mono6}/bin/mono ${pkg}/shackDNS.exe ${config_file}"; + PrivateTmp = true; + Restart = "always"; + RestartSec = "15"; + }; + }; +} diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 9c7f507f1..95c869bc9 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -4,6 +4,7 @@ config.krebs.users."0x4A6F".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey + config.krebs.users.xq.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci ]; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 6e3ac9f5c..059e22866 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -464,6 +464,10 @@ in { mail = "0x4a6f@shackspace.de"; pubkey = ssh-for "0x4A6F"; }; + xq = { + mail = "xq@shackspace.de"; + pubkey = ssh-for "xq"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/xq.pub b/krebs/3modules/external/ssh/xq.pub new file mode 100644 index 000000000..2c23970e3 --- /dev/null +++ b/krebs/3modules/external/ssh/xq.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZR8LsswO/5f9/jc+tKNHHWtty5HTs13Vytbyz8DzJZrGJgOKeVA6OFPgWtaAKvxL/DUTVVVvqpOng2vACTC+CoPaCxE8yJchitkVQNg3zwsf8a8RdWsJAvZklfPz9qmmz+tM37yLpowiMNmCR5vrteRDso6GK4pUjikS5YvjT+vsvRWcVQpmjnAVYsBPgS9NIBjMDR3etoJgpSaF/oU4rDE2JElm/qOQ04W45JiJKVB2BkFomQ1EFl8oORYiMQzvaYA2BCsciBb6X+Jf0RZkVChErfawPzABhAcYpyNRhamaqiSWirw5o4l+ZaDkgezUf3ue6QuHjzuS02+3qIwXP felix@denkplatte diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 72c16711c..de09b4251 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -34,6 +34,35 @@ with import <stockholm/lib>; }); in { hosts = mapAttrs hostDefaults ({ + filebitch = { + ci = true; + cores = 4; + nets = { + shack = { + ip4.addr = "10.42.0.50" ; + aliases = [ + "filebitch.shack" + ]; + }; + retiolum = { + ip4.addr = "10.243.189.130"; + aliases = [ "filebitch.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa + FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX + VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ + 5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU + UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf + eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB + -----END RSA PUBLIC KEY----- + Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64"; + }; hotdog = { ci = true; nets = { diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index f9e8d485c..dcfee59b3 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -283,14 +283,6 @@ in { }; }; - filebitch = rec { - cores = 4; - nets = { - retiolum = { - ip4.addr = "10.243.189.130"; - }; - }; - }; shackdev = rec { # router@shack cores = 1; diff --git a/krebs/3modules/makefu/retiolum/filebitch.pub b/krebs/3modules/makefu/retiolum/filebitch.pub deleted file mode 100644 index fe31accda..000000000 --- a/krebs/3modules/makefu/retiolum/filebitch.pub +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d -fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs -e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1 -KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99 -oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf -wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB ------END RSA PUBLIC KEY----- diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix index c4fef1bfc..4e9ac0ee3 100644 --- a/makefu/2configs/homeautomation/default.nix +++ b/makefu/2configs/homeautomation/default.nix @@ -108,7 +108,6 @@ in { ]; services.home-assistant = { - package = pkgs.home-assistant.override { python3 = pkgs.python36; }; config = { homeassistant = { name = "Home"; time_zone = "Europe/Berlin"; diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index e556b43c0..972753080 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -5,6 +5,7 @@ hardware.pulseaudio = { enable = true; package = pkgs.pulseaudioFull; + extraModules = [ pkgs.pulseaudio-modules-bt ]; # systemWide = true; support32Bit = true; configFile = pkgs.writeText "default.pa" '' @@ -23,7 +24,7 @@ load-module module-switch-on-port-available ''; }; - + services.blueman.enable = true; # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink @@ -32,10 +33,17 @@ hardware.bluetooth = { enable = true; powerOnBoot = false; + extraConfig = '' [general] Enable=Source,Sink,Media,Socket ''; }; services.dbus.packages = [ pkgs.blueman ]; + nixpkgs.overlays = [ + (self: super: { + blueman = super.blueman.overrideAttrs (oldAttrs: { + buildInputs = oldAttrs.buildInputs ++ [ self.gnome3.adwaita-icon-theme ]; + }); + })]; } diff --git a/makefu/2configs/hw/network-manager.nix b/makefu/2configs/hw/network-manager.nix index d7b262b91..1004ea06e 100644 --- a/makefu/2configs/hw/network-manager.nix +++ b/makefu/2configs/hw/network-manager.nix @@ -20,13 +20,17 @@ RestartSec = "5"; }; }; - networking.networkmanager.enable = true; # nixOSUnstable + networking.networkmanager.enable = true; networking.networkmanager.wifi = { powersave = true; scanRandMacAddress = true; + backend = "iwd"; }; + services.gnome3.gnome-keyring.enable = true; + networking.wireless.iwd.enable = true; + state = [ "/etc/NetworkManager/system-connections" #NM stateful config files ]; diff --git a/makefu/5pkgs/studio-link/default.nix b/makefu/5pkgs/studio-link/default.nix index 6fa40139b..8c796b43b 100644 --- a/makefu/5pkgs/studio-link/default.nix +++ b/makefu/5pkgs/studio-link/default.nix @@ -1,44 +1,13 @@ |