diff options
34 files changed, 672 insertions, 158 deletions
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1d73fade2..b437456ec 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -373,6 +373,30 @@ in { syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC"; nets = {}; }; + catalonia = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.13.12"; + aliases = [ "catalonia.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y + gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA + VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE + Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e + FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ + HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 + mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 + zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 + sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 + ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf + vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { ciko = { @@ -421,6 +445,7 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; + xkey = {}; miaoski = { }; filly = { diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 837a9bea7..fcc453fa4 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -45,6 +45,10 @@ with import <stockholm/lib>; default = self.config.port == "6697"; type = types.bool; }; + API.listen = mkOption { + default = null; + type = types.nullOr types.str; + }; }; })); }; @@ -65,9 +69,11 @@ with import <stockholm/lib>; ExecStart = let configFile = pkgs.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; - configValue = recursiveUpdate { - logTime = false; - } (removeAttrs cfg ["_module"]); + configValue = stripAttr ( + recursiveUpdate { + logTime = false; + } (removeAttrs cfg ["_module"]) + ); in "${pkgs.reaktor2}/bin/reaktor ${configFile}"; Restart = "always"; RestartSec = "30"; diff --git a/krebs/5pkgs/haskell/reaktor2.nix b/krebs/5pkgs/haskell/reaktor2.nix index f06e79121..ae242efea 100644 --- a/krebs/5pkgs/haskell/reaktor2.nix +++ b/krebs/5pkgs/haskell/reaktor2.nix @@ -1,17 +1,18 @@ { mkDerivation, aeson, async, attoparsec, base, blessings , bytestring, containers, data-default, fetchgit, filepath , hashable, lens, lens-aeson, network, network-simple -, network-simple-tls, pcre-light, process, random, stdenv -, string-conversions, stringsearch, text, time, transformers -, unagi-chan, unix, unordered-containers, vector +, network-simple-tls, network-uri, pcre-light, process, random +, servant-server, stdenv, string-conversions, stringsearch, text +, time, transformers, unagi-chan, unix, unordered-containers +, vector, wai, warp }: mkDerivation { pname = "reaktor2"; - version = "0.2.2"; + version = "0.3.0"; src = fetchgit { url = "https://cgit.krebsco.de/reaktor2"; - sha256 = "1kyr5i5zdzvc7fcyac1i1yvi88kcxafrgp8p79c1b9l4g9sjnv78"; - rev = "9f4e2644188f985d7cd806c13e2c0dee1688b9f0"; + sha256 = "02hqpq8wcfd6rvi8qk10zy3f3lrzzqnjwqal4cbvksjn3vahz36h"; + rev = "a6893c00f78a8acd0a4bfe7da87ab6889eabcf21"; fetchSubmodules = true; }; isLibrary = false; @@ -19,9 +20,9 @@ mkDerivation { executableHaskellDepends = [ aeson async attoparsec base blessings bytestring containers data-default filepath hashable lens lens-aeson network - network-simple network-simple-tls pcre-light process random - string-conversions stringsearch text time transformers unagi-chan - unix unordered-containers vector + network-simple network-simple-tls network-uri pcre-light process + random servant-server string-conversions stringsearch text time + transformers unagi-chan unix unordered-containers vector wai warp ]; license = stdenv.lib.licenses.mit; } diff --git a/krebs/5pkgs/simple/go-shortener/node-packages.nix b/krebs/5pkgs/simple/go-shortener/node-packages.nix index 526cd5a11..613e31ba0 100644 --- a/krebs/5pkgs/simple/go-shortener/node-packages.nix +++ b/krebs/5pkgs/simple/go-shortener/node-packages.nix @@ -1,34 +1,43 @@ -# This file has been generated by node2nix 1.5.3. Do not edit! +# This file has been generated by node2nix 1.7.0. Do not edit! {nodeEnv, fetchurl, fetchgit, globalBuildInputs ? []}: let sources = { - "double-ended-queue-2.1.0-0" = { - name = "double-ended-queue"; - packageName = "double-ended-queue"; - version = "2.1.0-0"; + "denque-1.4.1" = { + name = "denque"; + packageName = "denque"; + version = "1.4.1"; src = fetchurl { - url = "https://registry.npmjs.org/double-ended-queue/-/double-ended-queue-2.1.0-0.tgz"; - sha1 = "103d3527fd31528f40188130c841efdd78264e5c"; + url = "https://registry.npmjs.org/denque/-/denque-1.4.1.tgz"; + sha512 = "OfzPuSZKGcgr96rf1oODnfjqBFmr1DVoc/TrItj3Ohe0Ah1C5WX5Baquw/9U9KovnQ88EqmJbD66rKYUQYN1tQ=="; }; }; - "redis-commands-1.3.5" = { + "redis-commands-1.5.0" = { name = "redis-commands"; packageName = "redis-commands"; - version = "1.3.5"; + version = "1.5.0"; src = fetchurl { - url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.3.5.tgz"; - sha512 = "2q8pai3gf0dczb03jjig3mpaz4j2kvw8icpgf8hp4fryr3d6c0mjkvxxdmlyhainybx4zhgqsw9ghc9p986alzdzd2n2p4cxvr8b0by"; + url = "https://registry.npmjs.org/redis-commands/-/redis-commands-1.5.0.tgz"; + sha512 = "6KxamqpZ468MeQC3bkWmCB1fp56XL64D4Kf0zJSwDZbVLLm7KFkoIcHrgRvQ+sk8dnhySs7+yBg94yIkAK7aJg=="; }; }; - "redis-parser-2.6.0" = { + "redis-errors-1.2.0" = { + name = "redis-errors"; + packageName = "redis-errors"; + version = "1.2.0"; + src = fetchurl { + url = "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz"; + sha1 = "eb62d2adb15e4eaf4610c04afe1529384250abad"; + }; + }; + "redis-parser-3.0.0" = { name = "redis-parser"; packageName = "redis-parser"; - version = "2.6.0"; + version = "3.0.0"; src = fetchurl { - url = "https://registry.npmjs.org/redis-parser/-/redis-parser-2.6.0.tgz"; - sha1 = "52ed09dacac108f1a631c07e9b69941e7a19504b"; + url = "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz"; + sha1 = "b66d828cdcafe6b4b8a428a7def4c6bcac31c8b4"; }; }; }; @@ -37,40 +46,43 @@ in formidable = nodeEnv.buildNodePackage { name = "formidable"; packageName = "formidable"; - version = "1.2.1"; + version = "1.2.2"; src = fetchurl { - url = "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz"; - sha512 = "1x0n2rfaiasdjbw1mm7s29z84f68c7iji7lb1gkxvpknvv6q7bwns7z55ijcf4vkh4kvis12rbgaaih49jf9lj53s30mllb1d35bkqn"; + url = "https://registry.npmjs.org/formidable/-/formidable-1.2.2.tgz"; + sha512 = "V8gLm+41I/8kguQ4/o1D3RIHRmhYFG4pnNyonvua+40rqcEmT4+V71yaZ3B457xbbgCsCfjSPi65u/W6vK1U5Q=="; }; buildInputs = globalBuildInputs; meta = { description = "A node.js module for parsing form data, especially file uploads."; - homepage = https://github.com/felixge/node-formidable; + homepage = https://github.com/node-formidable/formidable; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; redis = nodeEnv.buildNodePackage { name = "redis"; packageName = "redis"; - version = "2.8.0"; + version = "3.0.2"; src = fetchurl { - url = "https://registry.npmjs.org/redis/-/redis-2.8.0.tgz"; - sha512 = "3a3044ax6qdvss83xgjfx10h5q91ls0mwgs3wpsnxcdsiipq3cnmqzsh6glyq0r7vsmpw49jp84c2jnfrhi2bgycrkd9hhhf6ia8lrk"; + url = "https://registry.npmjs.org/redis/-/redis-3.0.2.tgz"; + sha512 = "PNhLCrjU6vKVuMOyFu7oSP296mwBkcE6lrAjruBYG5LgdSqtRBoVQIylrMyVZD/lkF24RSNNatzvYag6HRBHjQ=="; }; dependencies = [ - sources."double-ended-queue-2.1.0-0" - sources."redis-commands-1.3.5" - sources."redis-parser-2.6.0" + sources."denque-1.4.1" + sources."redis-commands-1.5.0" + sources."redis-errors-1.2.0" + sources."redis-parser-3.0.0" ]; buildInputs = globalBuildInputs; meta = { - description = "Redis client library"; - homepage = https://github.com/NodeRedis/node_redis; + description = "A high performance Redis client."; + homepage = https://github.com/NodeRedis/node-redis; license = "MIT"; }; production = true; bypassCache = true; + reconstructLock = true; }; }
\ No newline at end of file diff --git a/krebs/5pkgs/simple/go-shortener/update.sh b/krebs/5pkgs/simple/go-shortener/update.sh index 0c1ecc58c..1a58d0367 100755 --- a/krebs/5pkgs/simple/go-shortener/update.sh +++ b/krebs/5pkgs/simple/go-shortener/update.sh @@ -1,2 +1,4 @@ -node2nix -8 -i pkgs.json -c combine.nix +#!/usr/bin/env nix-shell +#! nix-shell -i bash -p nodePackages_10_x.node2nix +node2nix -10 -i pkgs.json -c combine.nix rm node-env.nix combine.nix diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index c511458f9..057983fec 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -138,7 +138,7 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' # remove snow from ice map if needs_rebuild ice.png ice-raw.jpg; then - convert ice-raw.jpg -fuzz 20% -fill black -opaque white -scale "$in_size" ice.png + convert ice-raw.jpg -fuzz 20% -fill black -opaque white -colorspace gray -blur 0x6 -scale "$in_size" ice.png fi if needs_rebuild snow.png snow-raw.jpg; then diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 847e3c61e..8f426cc05 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "d96bd3394b734487d1c3bfbac0e8f17465e03afe", - "date": "2020-03-19T15:32:34+01:00", - "sha256": "05n27wz5ln9ni5cy5rhjcy612i44gmblkq5m0g827v8pd0nk00da", + "rev": "b61999e4ad60c351b4da63ae3ff43aae3c0bbdfb", + "date": "2020-04-16T08:43:36-04:00", + "sha256": "0cggpdks4qscyirqwfprgdl91mlhjlw24wkg0riapk5f2g2llbpq", "fetchSubmodules": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index 123d624d8..3c4afe8bb 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,7 @@ { "url": "https://github.com/NixOS/nixpkgs-channels", - "rev": "598a9cbed6348ebda43c6b1a9a3061e0206297e7", - "date": "2020-03-28T03:06:32+01:00", - "sha256": "12m910j2sfhm3a6skw4janxy010gzdxp15bn8v9w7w9hhjzvdw8c", + "rev": "5272327b81ed355bbed5659b8d303cf2979b6953", + "date": "2020-04-20T11:58:47-04:00", + "sha256": "0182ys095dfx02vl2a20j1hz92dx3mfgz2a6fhn31bqlp1wa8hlq", "fetchSubmodules": false } diff --git a/krebs/update-nixpkgs.sh b/krebs/update-nixpkgs.sh index 9b5d7ccd8..bb4b54793 100755 --- a/krebs/update-nixpkgs.sh +++ b/krebs/update-nixpkgs.sh @@ -3,7 +3,7 @@ dir=$(dirname $0) oldrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') nix-shell -p nix-prefetch-git --run 'nix-prefetch-git \ --url https://github.com/NixOS/nixpkgs-channels \ - --rev refs/heads/nixos-19.09' \ + --rev refs/heads/nixos-20.03' \ > $dir/nixpkgs.json newrev=$(cat $dir/nixpkgs.json | jq -r .rev | sed 's/\(.\{7\}\).*/\1/') git commit $dir/nixpkgs.json -m "nixpkgs: $oldrev -> $newrev" diff --git a/lass/1systems/icarus/physical.nix b/lass/1systems/icarus/physical.nix index 861bd8b0b..bd74c29f3 100644 --- a/lass/1systems/icarus/physical.nix +++ b/lass/1systems/icarus/physical.nix @@ -46,6 +46,15 @@ ''; services.thinkfan.enable = true; + services.thinkfan.levels = '' + (0, 0, 55) + (1, 48, 60) + (2, 50, 61) + (3, 52, 63) + (6, 60, 65) + (7, 80, 85) + (127, 90, 32767) + ''; services.logind.lidSwitch = "ignore"; services.logind.lidSwitchDocked = "ignore"; diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index c6e0400bf..d8bb14d0a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -263,8 +263,6 @@ with import <stockholm/lib>; } { users.users.download.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - config.krebs.users.palo.pubkey ]; } { @@ -382,6 +380,9 @@ with import <stockholm/lib>; lass.pubkey lass-android.pubkey makefu.pubkey + palo.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" + "AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki11:15 <Profpatsch> AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ECL9NSCWqs4KVe+FF+2BPtl5Bv5aQPHqnXllCyiESZykwRKLx6/AbF5SbUAUMVZtp9oDSdp28m3BvVeWJ/q7hAbIxUtfd/jp+JBRZ8Kj6K5GzUO7Bhgl/o0A7xEjAeOKHiYuLjdPMcFUyl6Ah4ey/mcQYf6AdU0+hYUDeUlKe/YxxYD6202W0GJq2xGdIqs/TbopT9iaX+sv0wdXDVfFY72nFqOUwJW3u6O2viKKRugrz/eo50Eo3ts7pYz/FpDXExrUvV9Vu/bQ34pa8nKgF3/AKQHgmzljNQSVZKyAV8OY0UFonjBMXCBg2tXtwfnlzdx2SyuQVv55x+0AuRKsi85G2xLpXu1A3921pseBTW6Q6kbYK9eqxAay2c/kNbwNqFnO+nCvQ6Ier/hvGddOtItMu96IuU2E7mPN6WgvM8/3fjJRFWnZxFxqu/k7iH+yYT8qwRgdiSqZc76qvkYEuabdk2itstTRY0A3SpI3hFMZDw/7bxgMZtqpfyoRk5s= philip@shiki" ]; }; }; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 9bb31191c..831e03f79 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -19,7 +19,9 @@ with import <stockholm/lib>; <stockholm/lass/2configs/ssh-cryptsetup.nix> <stockholm/lass/2configs/nfs-dl.nix> <stockholm/lass/2configs/gg23.nix> + <stockholm/lass/2configs/hass> <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/uriel/config.nix b/lass/1systems/uriel/config.nix index 3eddcfc52..b50dc63f5 100644 --- a/lass/1systems/uriel/config.nix +++ b/lass/1systems/uriel/config.nix @@ -12,6 +12,7 @@ with import <stockholm/lib>; i18n.defaultLocale ="de_DE.UTF-8"; time.timeZone = "Europe/Berlin"; services.xserver.enable = true; + services.xserver.libinput.enable = false; users.users.locke = { uid = genid "locke"; home = "/home/locke"; diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 52d694c46..b3340cb31 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -71,12 +71,14 @@ in { gitAndTools.qgit git-preview gnome3.dconf + iodine lm_sensors ncdu nix-index nix-review nmap pavucontrol + ponymix powertop rxvt_unicode-with-plugins sxiv diff --git a/lass/2configs/blue.nix b/lass/2configs/blue.nix index aad8411b1..a4000cada 100644 --- a/lass/2configs/blue.nix +++ b/lass/2configs/blue.nix @@ -19,6 +19,7 @@ with (import <stockholm/lib>); ]; services.tor.enable = true; + services.tor.client.enable = true; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-i retiolum -p udp --dport 60000:61000"; target = "ACCEPT";} diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 08a226e6d..82839beba 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -113,6 +113,8 @@ ]; in { + environment.systemPackages = [ pkgs.review-mail-queue ]; + krebs.exim-smarthost = { enable = true; dkim = [ diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index b23494b28..3d4c1e306 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -20,12 +20,13 @@ with import <stockholm/lib>; } ''; machines = [ - { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; } + { ethernetAddress = "a8:a6:48:65:ce:4c"; hostName = "tv"; ipAddress = "10.42.0.3"; } { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; } - { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; } + { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-tv"; ipAddress = "10.42.0.10"; } { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; } - { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; } + { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-wasch"; ipAddress = "10.42.0.12"; } { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; } + { ethernetAddress = "ec:b5:fa:07:78:16"; hostName = "hue-bridge"; ipAddress = "10.42.0.21"; } { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; } ]; }; @@ -45,9 +46,6 @@ with import <stockholm/lib>; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass - { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass - { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns ]; krebs.iptables.tables.filter.FORWARD.rules = [ @@ -62,72 +60,5 @@ with import <stockholm/lib>; krebs.iptables.tables.nat.POSTROUTING.rules = [ { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; } ]; - - services.home-assistant = let - tasmota_s20 = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "stat/${topic}/POWER"; - command_topic = "cmnd/${topic}/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - }; - in { - enable = true; - package = pkgs.home-assistant.override { - #extraComponents = [ - # (pkgs.fetchgit { - # url = "https://github.com/marcschumacher/dwd_pollen"; - # rev = "0.1"; - # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; - # }) - #]; - }; - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - elevation = 247; - }; - sun.elevation = 66; - discovery = {}; - frontend = { }; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "gg23"; - password = "gg23-mqtt"; - keepalive = 60; - protocol = 3.1; - }; - sensor = [ - ]; - switch = [ - (tasmota_s20 "Drucker Strom" "drucker") - (tasmota_s20 "Bett Licht" "bett") - (tasmota_s20 "Kueche Licht" "kueche") - ]; - device_tracker = [ - { - platform = "luci"; - } - ]; - }; - }; - - services.mosquitto = { - enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - users.gg23 = { - password = "gg23-mqtt"; - acl = [ "topic readwrite #" ]; - }; - }; - environment.systemPackages = [ pkgs.mosquitto ]; - } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix new file mode 100644 index 000000000..ef9361102 --- /dev/null +++ b/lass/2configs/hass/default.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./zigbee.nix + ./rooms/bett.nix + ]; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto + { predicate = "-i docker0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto + { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass + ]; + + services.home-assistant = { + enable = true; + package = pkgs.home-assistant.override { + # extraComponents = [ "hue" ]; + }; + configWritable = true; + }; + + lass.hass.config = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + homeassistant = { + name = "Home"; + time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + config = {}; + sun.elevation = 66; + discovery = {}; + frontend = {}; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + + discovery = true; + birth_message = { + topic = "/hass/status"; + payload = "online"; + }; + will_message = { + topic = "/hass/status"; + payload = "offline"; + }; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "TV" "tv") + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Waschmaschine" "wasch") + (tasmota_s20 "Stereo Anlage" "stereo") + ]; + mobile_app = {}; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + + environment.systemPackages = [ pkgs.mosquitto ]; +} diff --git a/lass/2configs/hass/lib.nix b/lass/2configs/hass/lib.nix new file mode 100644 index 000000000..c69f5e887 --- /dev/null +++ b/lass/2configs/hass/lib.nix @@ -0,0 +1,83 @@ +{ + lights = { + bett = "light.0x0017880106ed3bd8_light"; + essen = "light.0x0017880108327622_light"; + arbeit = "light.0x0017880106ee2865_light"; + nass = "light.0x00178801082e9f2f_light"; + }; + + sensors = { + bett = "0x00178801086ac38c"; + }; + + lightswitch = switch: light: { + automation = [ + { + trigger = { + platform = "mqtt"; + topic = "zigbee/${switch}"; + }; + condition = { + condition = "or"; + conditions = [ + { + condition = "template"; + value_template = "{{ trigger.payload_json.action == 'on-press' }}"; + } + { + condition = "template"; + value_template = "{{ trigger.payload_json.action == 'up-press' }}"; + } + { + condition = "and"; + conditions = [ + { + condition = "template"; + value_template = "{{ trigger.payload_json.action == 'd |