diff options
52 files changed, 956 insertions, 259 deletions
diff --git a/kartei/makefu/default.nix b/kartei/makefu/default.nix index bf49a1766..5e236d574 100644 --- a/kartei/makefu/default.nix +++ b/kartei/makefu/default.nix @@ -74,6 +74,11 @@ in { retiolum.ip4.addr = "10.243.12.12"; }; }; + snake = { + nets = { + retiolum.ip4.addr = "10.243.12.13"; + }; + }; studio = rec { ci = false; @@ -145,6 +150,7 @@ in { telex.nets.wiregrill = { aliases = ["telex.w"]; ip6.addr = (krebs.genipv6 "wiregrill" "makefu" { hostName = "telex"; }).address; + ip4.addr = "10.244.245.4"; }; latte = rec { diff --git a/kartei/makefu/retiolum/snake.pub b/kartei/makefu/retiolum/snake.pub new file mode 100644 index 000000000..ae69a162f --- /dev/null +++ b/kartei/makefu/retiolum/snake.pub @@ -0,0 +1,13 @@ +-----BEGIN RSA PUBLIC KEY----- +MIICCgKCAgEApRUsm8oiTCx5kqFqCUaDyI3iesCajS76lzCGa1HdeBVLvejyit4s +Vx848/Gr2Axbtqx8Fm3RUj29CEUTCUKQdEEOVE58bQ+euSRL/V7g+v+1NSGYSEwp +Xvojczppjm0e56kI0yngZh++6AM4/6eMWEQl3u45ZRFXH11ZfoZb+Z3jRAUk1FXt +rWyrNQ5kGOwNaTk0+mXB8irtYrjyehfZuzyE2z1GelKrSMM03jCFFzVqPu5irYIm +TghRhFMXIG9bm+gM+bj/GNHs2RHL633PUqI/I5Hj6trNBfqbcu7gpB9F6Edtqgtb +lQm0Qei/l4AQIxfA3LqNuTHaXp4LBG9IH2qvXSxsqWlgDnjg3CEJ8ZwpOzT7xFG2 +0NSRcAl+4i55j24ZxwWgS9H0Al3LMLzwVsToUfH9fGm1vtJ8ku8sx0AALVzVyabR +M5ywyi5oRhan/JZywFsACLDUFMiFqI/MIj6ao0pSZYaUXfKMtMCgJJ03NqWak8lc +yInBgIlEQgxljKW0LHeHoToBzuXhy70gtNswS61iKpuMDxbBYtyK1HuN8PS+vzS8 +svtbV3lvqJA2KcVlqwwgDwvzPX+T0kbI4UL3EjFIU2nepGNaRA1AWmTMrpdEPNdx +4RPg5EZDVp+Jeihjxpa8aOb3yjkE5i6K00TyjsSIJqWy296PfJC4VBsCAwEAAQ== +-----END RSA PUBLIC KEY----- diff --git a/kartei/makefu/retiolum/snake_ed25519.pub b/kartei/makefu/retiolum/snake_ed25519.pub new file mode 100644 index 000000000..a7f9f749b --- /dev/null +++ b/kartei/makefu/retiolum/snake_ed25519.pub @@ -0,0 +1 @@ +Ed25519PublicKey = lKMWnuEVjcSoSEUWrj+51pwDQrQj2TqloL3aBKVWBbO diff --git a/kartei/makefu/sshd/snake.pub b/kartei/makefu/sshd/snake.pub new file mode 100644 index 000000000..eceeae899 --- /dev/null +++ b/kartei/makefu/sshd/snake.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBfIivSIxnkH212vtHiWPiUJcjSRrv3d4eVfkIahJA7S makefu@x diff --git a/kartei/tv/hosts/ru.nix b/kartei/tv/hosts/ru.nix new file mode 100644 index 000000000..334df5d07 --- /dev/null +++ b/kartei/tv/hosts/ru.nix @@ -0,0 +1,24 @@ +{ + ci = true; + nets = { + retiolum = { + ip4.addr = "10.243.13.42"; + aliases = [ + "ru.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEAr4xgpXPr/OGrLO5vwur35esesbAwREwShGJf9btt65UQXst090tD + GWev8Yfi3Mr241r1TG7zpW3Idh5nth2yhzVvqGc9m6QmK27v2MKpb+ppjOKab7RL + 1KfdBAwjdrWdL2xO3XAYOUljxWoIV4VKX8kEBvjJEDOwl/u+g5mB3yLWebtIT7Wk + EneMU6wvCVKhOPeqyXmbqO/+j6+bqxkKP2/5hHcX3a91+15YbR3SvREK2rUm9stx + Rc3kmGUO/DiGK6MmUmt+qieGo/4vheK8hij57dY0uXFIC7U680QzV7jsUmtlKGBL + PoK/Xn6TLLG6nozgmF+q8esYyaYQFrwU2QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + tinc.pubkey_ed25519 = "Eg9l+RxFSNrQ9RkTd8tSkoTIG2m7zhQpjUJBWJRft1J"; + }; + }; + secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcNClgsey79WzdEQs/8qkLMHzc1SCU/MqyMerPcUi8X root@ru"; +} diff --git a/krebs/3modules/github/known-hosts.nix b/krebs/3modules/github/known-hosts.nix index f2705caa4..c0d0b588a 100644 --- a/krebs/3modules/github/known-hosts.nix +++ b/krebs/3modules/github/known-hosts.nix @@ -3,8 +3,7 @@ hostNames = ["github.com"] ++ - # List generated with (IPv6 addresses are currently ignored): - # curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | nix-shell -p cidr2glob --run cidr2glob | jq -Rs 'split("\n")|map(select(.!=""))' > known-hosts.json + # update known-hosts.json using ./update lib.importJSON ./known-hosts.json ; publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; diff --git a/krebs/3modules/github/update b/krebs/3modules/github/update new file mode 100755 index 000000000..3952dabae --- /dev/null +++ b/krebs/3modules/github/update @@ -0,0 +1,15 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p cidr2glob curl git jq + +# update known-hosts.json +# +# usage: ./update + +set -efu + +# XXX IPv6 addresses are currently ignored +curl -sS https://api.github.com/meta | jq -r .git[] | grep -v : | cidr2glob | jq -Rs 'split("\n")|map(select(.!=""))' > known-hosts.json + +if git diff --exit-code known-hosts.json; then + echo known-hosts.json is up to date: nothing to do >&2 +fi diff --git a/krebs/5pkgs/simple/syncthing-device-id.nix b/krebs/5pkgs/simple/syncthing-device-id.nix index 9533800fd..74983fc18 100644 --- a/krebs/5pkgs/simple/syncthing-device-id.nix +++ b/krebs/5pkgs/simple/syncthing-device-id.nix @@ -1,12 +1,13 @@ -{ openssl, writePython2Bin }: +{ openssl, writePython3Bin }: -writePython2Bin "syncthing-device-id" { +writePython3Bin "syncthing-device-id" { flakeIgnore = [ "E226" "E302" "E305" "E501" "F401" + "W504" ]; } /* python */ '' import base64 diff --git a/makefu/1systems/snake/config.nix b/makefu/1systems/snake/config.nix new file mode 100644 index 000000000..1c6068e98 --- /dev/null +++ b/makefu/1systems/snake/config.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +let + primaryInterface = "eth0"; +in { + imports = [ + <stockholm/makefu> + ./hardware-config.nix + <stockholm/makefu/2configs/home-manager> + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/binary-cache/nixos.nix> + + <stockholm/makefu/2configs/home/rhasspy> + <stockholm/makefu/2configs/home/rhasspy/led-control.nix> + ]; + krebs = { + enable = true; + tinc.retiolum.enable = true; + build.host = config.krebs.hosts.snake; + }; + # ensure disk usage is limited + services.journald.extraConfig = "Storage=volatile"; + networking.firewall.trustedInterfaces = [ primaryInterface ]; + documentation.info.enable = false; + documentation.man.enable = false; + documentation.nixos.enable = false; +} diff --git a/makefu/1systems/snake/disk.nix b/makefu/1systems/snake/disk.nix new file mode 100644 index 000000000..f9e14844f --- /dev/null +++ b/makefu/1systems/snake/disk.nix @@ -0,0 +1,64 @@ +{ disks ? [ "/dev/sda" ], ... }: { + disk = { + x = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "boot"; + type = "partition"; + start = "0"; + end = "1M"; + part-type = "primary"; + flags = ["bios_grub"]; + } + { + type = "partition"; + name = "ESP"; + start = "1M"; + end = "512MiB"; + fs-type = "fat32"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + type = "partition"; + name = "zfs"; + start = "512MiB"; + end = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + } + ]; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + rootFsOptions.compression = "lz4"; + mountpoint = "/"; + + datasets = { + home = { + zfs_type = "filesystem"; + mountpoint = "/home"; + options.mountpoint = "legacy"; + }; + reserved = { + zfs_type = "filesystem"; + options.refreservation = "1G"; + }; + }; + }; + }; +} diff --git a/makefu/1systems/snake/hardware-config.nix b/makefu/1systems/snake/hardware-config.nix new file mode 100644 index 000000000..827c1d3eb --- /dev/null +++ b/makefu/1systems/snake/hardware-config.nix @@ -0,0 +1,21 @@ +{ pkgs, lib, ... }: +{ + imports = [ + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; + boot.kernelModules = [ "kvm-amd" ]; + disko.devices = import ./disk.nix; + + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + + boot.kernelParams = [ "net.ifnames=0" ]; + networking.hostId = "0123AABB"; +} diff --git a/makefu/1systems/snake/source.nix b/makefu/1systems/snake/source.nix new file mode 100644 index 000000000..b9a32a2c4 --- /dev/null +++ b/makefu/1systems/snake/source.nix @@ -0,0 +1,7 @@ +{ + name="cake"; + full = true; + home-manager = true; + hw = true; + disko = true; +} diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix index d4d0f4b69..5cf5eb5c8 100644 --- a/makefu/1systems/wbob/config.nix +++ b/makefu/1systems/wbob/config.nix @@ -22,6 +22,7 @@ in { # <stockholm/makefu/2configs/virtualisation/virtualbox.nix> <stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/gui/wbob-kiosk.nix> + { environment.systemPackages = [ pkgs.kodi pkgs.nano ]; } # <stockholm/makefu/2configs/gui/studio-virtual.nix> # <stockholm/makefu/2configs/audio/jack-on-pulse.nix> diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 44690271d..cd162ba3b 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -10,6 +10,7 @@ in { # ./puppy-proxy.nix ./zigbee2mqtt + ./rhasspy.nix # hass config ## complex configs @@ -64,6 +65,7 @@ in { extraOptions = ["--net=host" ]; volumes = [ "${confdir}:/config" + "/data/music:/config/media" #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" ]; }; diff --git a/makefu/2configs/bureautomation/rhasspy.nix b/makefu/2configs/bureautomation/rhasspy.nix new file mode 100644 index 000000000..8fbfd9312 --- /dev/null +++ b/makefu/2configs/bureautomation/rhasspy.nix @@ -0,0 +1,41 @@ +{ config, ... }: +let + profiles = "/var/lib/rhasspy"; + kiosk_id = toString config.users.users.kiosk.uid; +in +{ + virtualisation.oci-containers.containers.rhasspy = { + image = "rhasspy/rhasspy:latest"; + + environment = { + TZ = "Europe/Berlin"; + #PULSE_SERVER = "unix:/run/user/0/pulse/native"; + PULSE_SERVER = "tcp:${ config.krebs.build.host.name }:4713"; + + }; + + ports = [ + "12101:12101" + # "12183:12183" + ]; + #user = kiosk_id; + + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "${profiles}:/profiles" + # TODO pulseaudio + #"/run/user/${kiosk_id}/pulse/native:/run/user/0/pulse/native" + #"${config.users.users.kiosk.home}/.config/pulse/cookie:/root/.config/pulse/cookie:ro" + ]; + + cmd = [ "--user-profiles" "/profiles" "--profile" "de" ]; + extraOptions = [ + "--device=/dev/snd:/dev/snd" "--group-add=audio" + "--net=host" + ]; + }; + systemd.tmpfiles.rules = [ + "d ${profiles} 0770 root root - -" + ]; + systemd.services.docker-rhasspy.after = [ "desktop-manager.service" ]; +} diff --git a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix index b35019793..d42abd790 100644 --- a/makefu/2configs/bureautomation/zigbee2mqtt/default.nix +++ b/makefu/2configs/bureautomation/zigbee2mqtt/default.nix @@ -16,6 +16,7 @@ in permit_join = true; serial.port = "/dev/cc2531"; homeassistant = true; + frontend.port = 8521; }; }; diff --git a/makefu/2configs/default.nix b/makefu/2configs/default.nix index 9a08a4497..ef4f8fbcd 100644 --- a/makefu/2configs/default.nix +++ b/makefu/2configs/default.nix @@ -68,7 +68,7 @@ with import <stockholm/lib>; }; nixpkgs.config.packageOverrides = pkgs: { - nano = pkgs.runCommand "empty" {} "mkdir -p $out"; + #nano = pkgs.runCommand "empty" {} "mkdir -p $out"; tinc = pkgs.tinc_pre; }; diff --git a/makefu/2configs/editor/vim.nix b/makefu/2configs/editor/vim.nix index b37f2409a..f53be58ff 100644 --- a/makefu/2configs/editor/vim.nix +++ b/makefu/2configs/editor/vim.nix @@ -11,7 +11,8 @@ "YouCompleteMe" #"UltiSnips" # vim-nix handles indentation better but does not perform sanity - "vim-addon-nix" + "vim-nix" + # "vim-addon-nix" "vim-better-whitespace" ]; }; diff --git a/makefu/2configs/editor/vimrc b/makefu/2configs/editor/vimrc index 309e81a05..e24d29974 100644 --- a/makefu/2configs/editor/vimrc +++ b/makefu/2configs/editor/vimrc @@ -7,7 +7,7 @@ set listchars=tab:▸\ filetype off filetype plugin indent on -colorscheme darkblue +colorscheme desert set background=dark set number @@ -49,6 +49,10 @@ set matchtime=3 set hlsearch autocmd ColorScheme * highlight ExtraWhitespace ctermbg=red guibg=red +hi MatchParen cterm=none ctermbg=green ctermfg=blue + +let g:better_whitespace_enabled=1 +let g:strip_whitespace_on_save=1 " save on focus lost diff --git a/makefu/2configs/home/ham/sensor/outside.nix b/makefu/2configs/home/ham/sensor/outside.nix index d05e8a1f6..e7467617b 100644 --- a/makefu/2configs/home/ham/sensor/outside.nix +++ b/makefu/2configs/home/ham/sensor/outside.nix @@ -26,5 +26,19 @@ { platform = "met"; } + { + platform = "openweathermap"; + api_key = "!secret openweathermap"; + language = "de"; + mode = "hourly"; + } + { + platform = "tomorrowio"; + api_key = "!secret tomorrowio"; + } + { platform = "octoprint"; } + { platform = "accuweather"; + api_key = "!secret accuweather"; + } ]; } diff --git a/makefu/5pkgs/HermesLedControl/default.nix b/makefu/5pkgs/HermesLedControl/default.nix new file mode 100644 index 000000000..88aed898d --- /dev/null +++ b/makefu/5pkgs/HermesLedControl/default.nix @@ -0,0 +1,54 @@ +{ lib, pkgs, python3Packages, makeWrapper, ... }: + +# How to use: +# create configuration .config/HermesLedControl/configuration.yml: +# engine: "rhasspy" +# pathToConfig: "/var/lib/rhasspy/de/profile.json" +# hardware: "respeaker4MicArray" +# pattern: "fake-name" +# enableDoA: false + + +with python3Packages; buildPythonApplication rec { + name = "HermesLedControl-${version}"; + format = "other"; + version = "3.0.4"; + + src = pkgs.fetchFromGitHub { + owner = "project-alice-assistant"; + repo = "HermesLedControl"; + rev = "v${version}"; + hash = "sha256-fVbTQPSo3fNjLb8PDDDqhMC9Hez01rTH46cKz/mfwoU="; + }; + + patches = [ + ./remove-logger.patch + ]; + + execWrapper = '' + #!/bin/sh + cd $out/lib/HermesLedControl && \ + PYTHONPATH="${makePythonPath propagatedBuildInputs}" exec \ + ${python}/bin/python "$out/lib/HermesLedControl/main.py" "$@" + ''; + + installPhase = '' + install -d "$out/lib/" + install -d "$out/bin" + cp -r . $out/lib/HermesLedControl + + echo "${execWrapper}" > HermesLedControl + install -Dm755 HermesLedControl $out/bin/HermesLedControl + + ''; + + propagatedBuildInputs = [ + spidev gpiozero rpi-gpio pyyaml paho-mqtt types-pyyaml makeWrapper + ]; + + meta = { + homepage = "https://github.com/project-alice-assistant/HermesLedControl"; + description = "Provides an easy way to control your leds in an Hermes environment"; + license = lib.licenses.gpl3; + }; +} diff --git a/makefu/5pkgs/HermesLedControl/remove-logger.patch b/makefu/5pkgs/HermesLedControl/remove-logger.patch new file mode 100644 index 000000000..a6b757d35 --- /dev/null +++ b/makefu/5pkgs/HermesLedControl/remove-logger.patch @@ -0,0 +1,31 @@ +diff --git a/main.py b/main.py +old mode 100644 +new mode 100755 +index 9b5a269..350d443 +--- a/main.py ++++ b/main.py +@@ -1,3 +1,4 @@ ++#!/usr/bin/env python3 + from logging import handlers + + import logging +@@ -17,18 +18,6 @@ _logger.setLevel(logging.DEBUG) + + date = int(datetime.now().strftime('%Y%m%d')) + +-handler = logging.FileHandler(filename='logs.log', mode='w') +-rotatingHandler = handlers.RotatingFileHandler(filename=f'./logs/{date}-logs.log', mode='a', maxBytes=100000, backupCount=5) +-streamHandler = logging.StreamHandler() +- +-handler.setFormatter(formatter) +-rotatingHandler.setFormatter(formatter) +-streamHandler.setFormatter(formatter) +- +-_logger.addHandler(handler) +-_logger.addHandler(rotatingHandler) +-_logger.addHandler(streamHandler) +- + + def stopHandler(_signum, frame): + onStop() + diff --git a/makefu/5pkgs/foomatic-db-engine/default.nix b/makefu/5pkgs/foomatic-db-engine/default.nix deleted file mode 100644 index 242232c88..000000000 --- a/makefu/5pkgs/foomatic-db-engine/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ lib, stdenv -, fetchFromGitHub -, autoreconfHook -, gd -, libusb1 -, cups -, libpng -, perl -, perlPackages -, libxml2 -, ghostscript -, a2ps -, wget -, file -, foomatic-filters -, makeWrapper -}: - -stdenv.mkDerivation rec { - pname = "foomatic-db-engine"; - version = "2020-01-31"; - - src = fetchFromGitHub { - owner = "OpenPrinting"; - repo = "foomatic-db-engine-4"; - rev = "bd265b77a9f66f672bf1e3f0803145f2eccabf06"; - sha256 = "1f53kd3b0sxgx7hg2dvw2624bpwdfcx0zh4dn0h89l84mirgw1bs"; - }; - - nativeBuildInputs = [ - autoreconfHook - perl - makeWrapper - ]; - |