diff options
65 files changed, 926 insertions, 2063 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index b0bd83248..ffdd99274 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -235,6 +235,7 @@ in { maps.work.euer IN A ${nets.internet.ip4.addr} play.work.euer IN A ${nets.internet.ip4.addr} ul.work.euer IN A ${nets.internet.ip4.addr} + music.euer IN A ${nets.internet.ip4.addr} ''; }; cores = 8; diff --git a/makefu/0tests/data/secrets/lego-binaergewitter b/makefu/0tests/data/secrets/lego-binaergewitter new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/lego-binaergewitter diff --git a/makefu/0tests/data/wg-thierry.key b/makefu/0tests/data/wg-thierry.key new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/wg-thierry.key diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix index 3befa201d..8b9812cf4 100644 --- a/makefu/1systems/cake/config.nix +++ b/makefu/1systems/cake/config.nix @@ -5,11 +5,14 @@ in { imports = [ <stockholm/makefu> ./hardware-config.nix + <stockholm/makefu/2configs/home-manager> + <stockholm/makefu/2configs/home/3dprint.nix> + #./hardware-config.nix { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];} # <stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/binary-cache/nixos.nix> #<stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/homeautomation/default.nix> + # <stockholm/makefu/2configs/homeautomation/default.nix> # <stockholm/makefu/2configs/homeautomation/google-muell.nix> # configure your hw: # <stockholm/makefu/2configs/save-diskspace.nix> @@ -19,9 +22,11 @@ in { tinc.retiolum.enable = true; build.host = config.krebs.hosts.cake; }; + # ensure disk usage is limited + services.journald.extraConfig = "Storage=volatile"; networking.firewall.trustedInterfaces = [ primaryInterface ]; documentation.info.enable = false; documentation.man.enable = false; - services.nixosManual.enable = false; + documentation.nixos.enable = false; sound.enable = false; } diff --git a/makefu/1systems/cake/hardware-config.nix b/makefu/1systems/cake/hardware-config.nix index d021f9458..a0cd4fac1 100644 --- a/makefu/1systems/cake/hardware-config.nix +++ b/makefu/1systems/cake/hardware-config.nix @@ -1,42 +1,14 @@ { pkgs, lib, ... }: { - # raspi3 - boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ]; - boot.loader.grub.enable = false; - boot.loader.raspberryPi.enable = true; - boot.loader.raspberryPi.version = 3; - boot.loader.raspberryPi.uboot.enable = true; - boot.loader.raspberryPi.uboot.configurationLimit = 3; - boot.loader.raspberryPi.firmwareConfig = '' - gpu_mem=32 - arm_freq=1350 - core_freq=500 - over_voltage=4 - disable_splash=1 - # bye bye warranty - force_turbo=1 - ''; - boot.loader.generationsDir.enable = lib.mkDefault false; - - boot.tmpOnTmpfs = lib.mkForce false; - boot.cleanTmpDir = true; - hardware.enableRedistributableFirmware = true; - - ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747 - # boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelPackages = pkgs.linuxPackages_latest; - environment.systemPackages = [ pkgs.raspberrypi-tools ]; - networking.wireless.enable = true; - # File systems configuration for using the installer's partition layout - swapDevices = [ { device = "/var/swap"; size = 2048; } ]; + environment.systemPackages = [ pkgs.libraspberrypi ]; + imports = [ <nixos-hardware/raspberry-pi/4> ]; + boot.kernelPackages = pkgs.linuxPackages_rpi4; fileSystems = { - "/boot" = { - device = "/dev/disk/by-label/NIXOS_BOOT"; - fsType = "vfat"; - }; "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; + options = [ "noatime" ]; }; }; + #hardware.raspberry-pi."4".fkms-3d.enable = true; } diff --git a/makefu/1systems/cake/source.nix b/makefu/1systems/cake/source.nix index 22c40039e..8fc2fff2d 100644 --- a/makefu/1systems/cake/source.nix +++ b/makefu/1systems/cake/source.nix @@ -1,4 +1,6 @@ { name="cake"; full = true; + home-manager = true; + hw = true; } diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index 69e401d97..44fa14812 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -30,7 +30,7 @@ in { # Storage <stockholm/makefu/2configs/share> - <stockholm/makefu/2configs/share/hetzner-client.nix> + # <stockholm/makefu/2configs/share/hetzner-client.nix> # Services: <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> @@ -42,7 +42,7 @@ in { # local usage: <stockholm/makefu/2configs/mosh.nix> - <stockholm/makefu/2configs/bitlbee.nix> + # Supervision <stockholm/makefu/2configs/nix-community/supervision.nix> @@ -53,6 +53,9 @@ in { # backup <stockholm/makefu/2configs/backup/state.nix> + # migrated: + # <stockholm/makefu/2configs/bitlbee.nix> + ]; krebs = { diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index ee29c03d2..3ff1d0238 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -53,7 +53,6 @@ in { <stockholm/makefu/2configs/share> <stockholm/makefu/2configs/share/omo.nix> <stockholm/makefu/2configs/share/gum-client.nix> - <stockholm/makefu/2configs/share/hetzner-client.nix> <stockholm/makefu/2configs/sync> <stockholm/makefu/2configs/dcpp/airdcpp.nix> { krebs.airdcpp.dcpp.shares = let diff --git a/makefu/1systems/omo/source.nix b/makefu/1systems/omo/source.nix index af508fbd6..b56e855fc 100644 --- a/makefu/1systems/omo/source.nix +++ b/makefu/1systems/omo/source.nix @@ -1,6 +1,6 @@ { name="omo"; torrent = true; - #unstable = true; + unstable = true; home-manager = true; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 0377c336f..3f9e071e6 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -137,7 +137,6 @@ # <stockholm/makefu/2configs/share/anon-ftp.nix> # <stockholm/makefu/2configs/share/anon-sftp.nix> <stockholm/makefu/2configs/share/gum-client.nix> - <stockholm/makefu/2configs/share/hetzner-client.nix> <stockholm/makefu/2configs/share> # <stockholm/makefu/2configs/share/temp-share-samba.nix> diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 1cf21f213..d49ad158b 100644 --- a/makefu/2configs/bgt/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -59,6 +59,11 @@ in { systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/spool/nginx/logs/" ]; + security.acme.certs."download.binaergewitter.de" = { + dnsProvider = "cloudflare"; + credentialsFile = toString <secrets/lego-binaergewitter>; + webroot = lib.mkForce null; + }; services.nginx = { appendHttpConfig = '' @@ -70,6 +75,8 @@ in { recommendedGzipSettings = true; recommendedOptimisation = true; virtualHosts."download.binaergewitter.de" = { + addSSL = true; + enableACME = true; serverAliases = [ "dl2.binaergewitter.de" ]; root = "/var/www/binaergewitter"; extraConfig = '' diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index 52b5d68a5..21626d406 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -2,7 +2,7 @@ { services.bitlbee = { enable = true; - libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; + # libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; }; users.users.makefu.packages = with pkgs; [ weechat tmux ]; state = [ "/var/lib/bitlbee" ]; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 7905cf4eb..66c77e1eb 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -52,6 +52,7 @@ with import <stockholm/lib>; gnumake rxvt_unicode.terminfo htop + nix-output-monitor ]; programs.bash.enableCompletion = true; @@ -86,8 +87,9 @@ with import <stockholm/lib>; ''; environment.pathsToLink = [ "/share" ]; security.acme = { - email = "letsencrypt@syntax-fehler.de"; + defaults.email = "letsencrypt@syntax-fehler.de"; acceptTerms = true; }; system.stateVersion = lib.mkDefault "20.03"; + services.postgresql.package = pkgs.postgresql_14; } diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index e5c7e48de..b660720e5 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -57,7 +57,7 @@ systemd.services.postgresqlBackup-nextcloud.serviceConfig.SupplementaryGroups = users.users.nextcloud.extraGroups = [ "download" ]; services.nextcloud = { enable = true; - package = pkgs.nextcloud23; + package = pkgs.nextcloud24; hostName = "o.euer.krebsco.de"; # Use HTTPS for links https = true; diff --git a/makefu/2configs/home/3dprint.nix b/makefu/2configs/home/3dprint.nix new file mode 100644 index 000000000..859a18840 --- /dev/null +++ b/makefu/2configs/home/3dprint.nix @@ -0,0 +1,45 @@ +{ pkgs, ... }: +{ + services.mjpg-streamer = { + enable = true; + inputPlugin = "input_uvc.so -d /dev/web_cam -r 1280x960"; + }; + users.users.octoprint.extraGroups = [ "video" ]; + # allow octoprint to access /dev/vchiq + # also ensure that the webcam always comes up under the same name + services.udev.extraRules = '' + SUBSYSTEM=="vchiq",GROUP="video",MODE="0660" + SUBSYSTEM=="video4linux", ATTR{name}=="UVC Camera (046d:0825)",SYMLINK+="web_cam", MODE="0666", GROUP="video" + ''; + systemd.services.octoprint = { + path = [ pkgs.libraspberrypi ]; + }; + services.octoprint = { + enable = true; + plugins = plugins: with plugins;[ + costestimation + displayprogress + mqtt + stlviewer + themeify + # octolapse + (buildPlugin rec { + pname = "OctoPrint-HomeAssistant"; + version = "3.6.2"; + src = pkgs.fetchFromGitHub { + owner = "cmroche"; + repo = pname; + rev = version; + hash = "sha256-oo9OBmHoJFNGK7u9cVouMuBuUcUxRUrY0ppRq0OS1ro="; + }; + }) + ]; + extraConfig.plugins.mqtt.broker = { + url = "omo.lan"; + # TODO TODO TODO + username = "hass"; + password = "lksue43jrf"; + # TODO TODO TODO + }; + }; +} diff --git a/makefu/2configs/home/ham/automation/buttonboard.nix b/makefu/2configs/home/ham/automation/buttonboard.nix new file mode 100644 index 000000000..533311fc5 --- /dev/null +++ b/makefu/2configs/home/ham/automation/buttonboard.nix @@ -0,0 +1,4 @@ +# good, bad radio +# stop +# start radio +# lauter, leister diff --git a/makefu/2configs/home/ham/automation/bye.txt.j2 b/makefu/2configs/home/ham/automation/bye.txt.j2 new file mode 100644 index 000000000..8a5ba7257 --- /dev/null +++ b/makefu/2configs/home/ham/automation/bye.txt.j2 @@ -0,0 +1,2 @@ +Endlich ist Pappa fertig mit arbeit! +Heute hast du {{ states("sensor.felix_at_work_today") |round(1) }} Stunden gearbeitet. diff --git a/makefu/2configs/home/ham/automation/check-in.nix b/makefu/2configs/home/ham/automation/check-in.nix index d589a6971..db051757e 100644 --- a/makefu/2configs/home/ham/automation/check-in.nix +++ b/makefu/2configs/home/ham/automation/check-in.nix @@ -7,6 +7,21 @@ let in { services.home-assistant.config.input_boolean.felix_at_work.name = "Felix auf Arbeit"; + services.home-assistant.config.timer.felix_at_work = { + name = "Felix auf Arbeit Timer"; + duration = "10:00:00"; + }; + services.home-assistant.config.sensor = [ + { + platform = "history_stats"; + name = "Felix at work today"; + entity_id = "input_boolean.felix_at_work"; + state = "on"; + type = "time"; + start = "{{ now().replace(hour=0, minute=0, second=0) }}"; + end = "{{ now() }}"; + } + ]; services.home-assistant.config.script.start_office_radio.sequence = [ { service = "media_player.play_media"; @@ -19,13 +34,41 @@ in ]; services.home-assistant.config.automation = [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://radio.lassul.us:8000/radio.mp3"; - media_content_type = "music"; - }; - target.entity_id = "media_player.office"; - } + { alias = "Zu lange Felix!"; + trigger = + { platform = "event"; + event_type = "timer.finished"; + event_data.entity_id = "timer.felix_at_work"; + }; + + condition = + { + condition = "state"; + entity_id = at_work; + state = "off"; + }; + + action = (say "Felix, die zehn Stunden sind um, aufhören jetzt"); + } + { alias = "Turn off at work sensor"; + trigger = [ + { platform = "time"; at = "00:00:00"; } + ]; + condition = + { + condition = "state"; + entity_id = at_work; + state = "off"; + }; + action = + [ + # felix forgot to stamp out ... + { + service = "homeassistant.turn_off"; + entity_id = [ at_work ]; + } + ]; + } { alias = "Push Check-in Button Felix with button"; trigger = [ { @@ -54,15 +97,12 @@ in { service = "homeassistant.turn_on"; entity_id = at_work; } - ] ++ (say "Willkommen auf Arbeit") ++ - [ - { service = "media_player.play_media"; - data = { - media_content_id = "http://radio.lassul.us:8000/radio.mp3"; - media_content_type = "music"; - }; - target.entity_id = "media_player.office"; + { service = "timer.start"; + entity_id = [ "timer.felix_at_work" ] ; } + ] ++ (say (builtins.readFile ./welcome.txt.j2)) ++ + [ + { service = "script.start_office_radio"; } |