diff options
27 files changed, 512 insertions, 190 deletions
diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 118a8b2d5..a16661c9f 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -10,6 +10,11 @@ with import <stockholm/lib>; (s: substring 1 (stringLength s - 2) s) (toJSON value); + to-lsearch = concatMapStrings ({ from, to, ... }: "${from}: ${to}\n"); + lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({ + inherit (cfg) system-aliases; + }); + in { options.krebs.exim-retiolum = { enable = mkEnableOption "krebs.exim-retiolum"; @@ -59,6 +64,19 @@ in { }; }; }; + system-aliases = mkOption { + type = types.listOf (types.submodule ({ + options = { + from = mkOption { + type = types.str; # TODO e-mail address + }; + to = mkOption { + type = types.str; # TODO e-mail address / TODO listOf + }; + }; + })); + default = []; + }; }; imports = [ { @@ -145,6 +163,11 @@ in { begin routers + system_aliases: + debug_print = "R: system_aliases for $local_part@$domain" + driver = redirect + data = ''${lookup{$local_part}lsearch{${lsearch.system-aliases}}} + local: driver = accept domains = +local_domains diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index d14526703..277169e11 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -608,6 +608,10 @@ in { mail = "joerg@thalheim.io"; pubkey = ssh-for "mic92"; }; + shannan = { + mail = "shannan@lekwati.com"; + pubkey = ssh-for "shannan"; + }; qubasa = { mail = "luis.nixos@gmail.com"; pubkey = ssh-for "qubasa"; diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index 39d738337..29d0b27fa 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -347,7 +347,10 @@ in { nets = { retiolum = { ip4.addr = "10.243.29.171"; - aliases = [ "rock.r" ]; + aliases = [ + "rock.r" + "loki.r" + ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0uhNk3XXVxQcIVhD1Ime @@ -465,6 +468,7 @@ in { aliases = [ "eva.r" "prometheus.r" + "alertmanager.r" ]; tinc.pubkey = '' -----BEGIN PUBLIC KEY----- @@ -508,5 +512,33 @@ in { }; }; }; + bernie = { + owner = config.krebs.users.mic92; + nets = rec { + retiolum = { + addrs = [ + config.krebs.hosts.bernie.nets.retiolum.ip4.addr + config.krebs.hosts.bernie.nets.retiolum.ip6.addr + ]; + ip4.addr = "10.243.29.169"; + aliases = [ "bernie.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEApH5nG/Lwe/LiBkdL38vk1QcjOG/kf8dUqifouB56OQqe+MXASTSM + vhipszZqXVGgWRVrSH3WSZt0YAXTQQGEjtnAr6fSSnUek21omRGFgr47LiGJp9R8 + OuhGPQs1sykIyl3HNSvDxj2EfWrXO73bKQPYdGIlfJWmsL69akWGlyYdEK1kloLC + ld5+eYICjiTtqAQ8snZQNaPIucW4cGOa0sATUP4H1jbDWtFCKE2/mR/gGo/W/opC + oOcJM7d5mb63blWVp9Zji/Gb64QltR50N3qvwc6W5ANHXIV97jYcNhSGqTsV0CEd + n0cqUqymh2e8fJdmbB4DvwqhWITn6nwuFOWoVCSFMmbiidyTm3RAH9ztZARzsQRL + Nj8OmeAr+plrzNH7AJpSkz30zukawCnbt+qWjqXLULH4kxJfOwzVh+KDfLzy7iLe + OWWrblgJZA2GHKzCC5zntNujW6Nr2AliSY2Hch2XfkLTWeNtclKIEXMkRxif5oxm + XpEJJ3lqdXz9/e37R/mkWVrdhpVfll2/v5c/PlnKMzky2mgkGpzegO0IiQcdJjrl + fuXAsh5UbnE5kt6vKL5aducScatyd5FRkNumKG5ji26eZR4lZmXn380JLDInV4n7 + SODZL2fQFBnSD1wTWcq9Q/luPh4FitzJUZzHexvNxR/KBZycZJtdVw8CAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; } diff --git a/krebs/3modules/external/ssh/shannan.pub b/krebs/3modules/external/ssh/shannan.pub new file mode 100644 index 000000000..ed89d702a --- /dev/null +++ b/krebs/3modules/external/ssh/shannan.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBXTForyB6oNMK5bbGpALKU4lPsKRGxNLhrE/PnHHq7 shannan@bernie diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index d2a945284..3466ef8eb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -645,6 +645,45 @@ in { ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPARXXe0HaP1r0pLqtInhnbYSZsP0g4VC6aaWP7qi5+w"; syncthing.id = "J6PHKTS-2JG5NOL-H5ZWOF6-6L6ENA7-L4RO6DV-BQHU7YL-CHOLDCC-S5YX3AC"; }; + styx = { + cores = 1; + nets = { + retiolum = { + ip4.addr = "10.243.11.1"; + ip6.addr = r6 "111"; + aliases = [ + "styx.r" + ]; + tinc.pubkey = '' + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMJFklzpbxoDGD8LQ3tn + ETYrLu/TJjq5iSQx/JbbonJriMS3X/0+m8JREzeol67svQDuZEXTEg5EfEldxrrU + aZpNmTSmFbj2NLLCIfNBL/oLOvg9ElzhN+f+4jvakfEKi7Y7LekV25VVGrHbOEVE + 3G6XWfHx5qO5Vd6kqNWQKD3LG38aZ/Lx9XYDMbujYxPGCtOsabtAz8BKo/RgOZzi + 6A/54RFhdecJm0VoQk3iKpp2YqyCN6dLfJVLil4cREs4sW6nDyF4Y4l3dtZdfskq + m/MoZt6fwOjNIKuI9DGdU4/X1hQelnemstzxY5x1XwG52cz+ww0h7pMF2aggsHqn + Vmaq3b0fXrbn066Ybkbhz3UEIU9zKQGYaANGCnXxbvkd5lWbIN60GEXGE3zYJSAt + EH3FLDTGa27fTNgAnbdnSV40KWKN4FM0iY/xrt3aOXfneTP9S2fqzTVEL9vd04C/ + 7RWvRjvZ7mlAi+kVKSHkOibFVjeo+Z4Pvw5YxCAavrjXCiWj8zP8o3MNWcq/bMao + Uk9zBMXymm8zX43w5LNnhf59oitBjiY/mzZ3NDI9N3szMvJsaUEnhO4Kq1CWtMs2 + 6/TpEyRSmen1UmNwgKKFx3rELuctwMmNbOLL8cGLotEBhIk7vnZKD7NvLVX7xtOF + wzhy2N6a3ypB4XqM7dBzzAUCAwEAAQ== + -----END PUBLIC KEY----- + ''; + }; + wiregrill = { + ip6.addr = w6 "111"; + aliases = [ + "styx.w" + ]; + wireguard.pubkey = '' + 0BZfd8f0pZMRfyoHrdYZY0cR5zfFvJcS8gQLn6xGuFs= + ''; + }; + }; + ssh.privkey.path = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3OpzRB3382d7c2apdHC+U/R0ZlaWxXZa3GFAj54ZhU "; + }; }; users = rec { lass = lass-blue; diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index 0f5e1aa83..4252c8d3b 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -112,13 +112,15 @@ let hostsArchive = mkOption { type = types.package; - default = pkgs.runCommand "retiolum-hosts.tar.bz2" {} '' + default = pkgs.runCommand "retiolum-hosts.tar.bz2" { + nativeBuildInputs = [ pkgs.gnutar pkgs.coreutils ]; + } '' cp \ --no-preserve=mode \ --recursive \ ${tinc.config.hostsPackage} \ hosts - ${pkgs.gnutar}/bin/tar -cjf $out hosts + tar -cjf $out hosts ''; readOnly = true; }; diff --git a/krebs/5pkgs/haskell/email-header.nix b/krebs/5pkgs/haskell/email-header.nix index b1e8e1153..94b33e28b 100644 --- a/krebs/5pkgs/haskell/email-header.nix +++ b/krebs/5pkgs/haskell/email-header.nix @@ -10,6 +10,11 @@ with import <stockholm/lib>; rev = "7b179bd31192ead8afe7a0b6e34bcad4039deaa8"; sha256 = "12j2n3sbvzjnw99gga7kkdygm8n3qx2lh8q26ad6a53xm5whnz59"; }; + "20.03" = { + version = "0.4.1-tv1"; + rev = "refs/tags/v${cfg.version}"; + sha256 = "11xjivpj495r2ss9aqljnpzzycb57cm4sr7yzmf939rzwsd3ib0x"; + }; }.${versions.majorMinor version} or { version = "0.4.1-tv2"; rev = "refs/tags/v${cfg.version}"; diff --git a/krebs/5pkgs/simple/realwallpaper/default.nix b/krebs/5pkgs/simple/realwallpaper/default.nix index 72a314ba9..56a7dfb98 100644 --- a/krebs/5pkgs/simple/realwallpaper/default.nix +++ b/krebs/5pkgs/simple/realwallpaper/default.nix @@ -108,7 +108,10 @@ pkgs.writers.writeDashBin "generate-wallpaper" '' 'https://neo.sci.gsfc.nasa.gov/view.php?datasetId=MOD14A1_E_FIRE') & # regular fetches - fetch marker.json "$marker_url" & + fetch marker.json.tmp "$marker_url" + if [ -s marker.json.tmp ]; then + mv marker.json.tmp marker.json + fi fetch sun-raw.jpg 'https://sdo.gsfc.nasa.gov/assets/img/latest/latest_512_0171.jpg' & wait diff --git a/krebs/nixpkgs-unstable.json b/krebs/nixpkgs-unstable.json index 9ea1d4141..4f07b0e88 100644 --- a/krebs/nixpkgs-unstable.json +++ b/krebs/nixpkgs-unstable.json @@ -1,7 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "34ad166a830d3ac1541dcce571c52231f2f0865a", - "date": "2020-11-02T21:18:15-05:00", - "sha256": "1jvi1562x3kq65w642vfimpszv65zbc7c2nv8gakhzcx4n3f47xq", - "fetchSubmodules": false + "rev": "e9158eca70ae59e73fae23be5d13d3fa0cfc78b4", + "date": "2020-12-09T15:09:49+01:00", + "path": "/nix/store/cx4wf6pi1l2p01sz7png891m65kinfz3-nixpkgs", + "sha256": "0cnmvnvin9ixzl98fmlm3g17l6w95gifqfb3rfxs55c0wj2ddy53", + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false } diff --git a/krebs/nixpkgs.json b/krebs/nixpkgs.json index b21087764..44e373b81 100644 --- a/krebs/nixpkgs.json +++ b/krebs/nixpkgs.json @@ -1,7 +1,10 @@ { "url": "https://github.com/NixOS/nixpkgs", - "rev": "f41c0fc7d8e49d94220f74495d4d702922df2a67", - "date": "2020-11-15T21:38:00-06:00", - "sha256": "01wim7ayn69y056q28ifw2f0mdypidpc0z15dda54aj5yy5vai09", - "fetchSubmodules": false + "rev": "3d2d8f281a27d466fa54b469b5993f7dde198375", + "date": "2020-12-20T14:17:36+01:00", + "path": "/nix/store/mqn37480fj6x9xbq3igz4haw3m2lc7fm-nixpkgs", + "sha256": "1hfis53xyzy6hfdivlwkwdy7irbhk7c500a4lf7x43cfkijx5ks1", + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false } diff --git a/lass/1systems/green/source.nix b/lass/1systems/green/source.nix index 21f3a8bd5..48499c9db 100644 --- a/lass/1systems/green/source.nix +++ b/lass/1systems/green/source.nix @@ -1,14 +1,5 @@ { lib, pkgs, ... }: { - nixpkgs = lib.mkForce { - file = { - path = toString (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../krebs/nixpkgs.json).rev; - sha256 = (lib.importJSON ../../../krebs/nixpkgs.json).sha256; - }); - useChecksum = true; - }; - }; + nixpkgs-unstable = lib.mkForce { file = "/var/empty"; }; + nixpkgs.git.shallow = true; } diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 944a68beb..f63c6a05a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -6,6 +6,7 @@ with import <stockholm/lib>; <stockholm/lass> <stockholm/lass/2configs/retiolum.nix> <stockholm/lass/2configs/libvirt.nix> + <stockholm/lass/2configs/tv.nix> { services.nginx.enable = true; imports = [ @@ -120,6 +121,7 @@ with import <stockholm/lib>; <stockholm/lass/2configs/reaktor-coders.nix> <stockholm/lass/2configs/ciko.nix> <stockholm/lass/2configs/container-networking.nix> + <stockholm/lass/2configs/jitsi.nix> { # quasi bepasty.nix imports = [ <stockholm/lass/2configs/bepasty.nix> @@ -392,6 +394,15 @@ with import <stockholm/lib>; ]; } { + users.users.shannan = { + uid = genid_uint31 "shannan"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + config.krebs.users.shannan.pubkey + ]; + }; + } + { nix.trustedUsers = [ "mic92" ]; users.users.mic92 = { uid = genid_uint31 "mic92"; diff --git a/lass/1systems/styx/config.nix b/lass/1systems/styx/config.nix new file mode 100644 index 000000000..4c3ae1411 --- /dev/null +++ b/lass/1systems/styx/config.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: + +with import <stockholm/lib>; +{ + imports = [ + <stockholm/lass> + + <stockholm/lass/2configs/mouse.nix> + <stockholm/lass/2configs/retiolum.nix> + <stockholm/lass/2configs/baseX.nix> + <stockholm/lass/2configs/exim-retiolum.nix> + <stockholm/lass/2configs/browsers.nix> + <stockholm/lass/2configs/programs.nix> + <stockholm/lass/2configs/nfs-dl.nix> + # <stockholm/lass/2configs/gg23.nix> + # <stockholm/lass/2configs/hass> + # <stockholm/lass/2configs/br.nix> + <stockholm/lass/2configs/fetchWallpaper.nix> + <stockholm/lass/2configs/home-media.nix> + # <stockholm/lass/2configs/syncthing.nix> + # <stockholm/lass/2configs/sync/sync.nix> + # <stockholm/lass/2configs/idc.nix> + ]; + + krebs.build.host = config.krebs.hosts.styx; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport ${toString config.services.smokeping.port}"; target = "ACCEPT"; } + ]; + services.smokeping = { + enable = true; + targetConfig = '' + probe = FPing + menu = top + title = top + + + Local + menu = Local + title = Local Network + ++ LocalMachine + menu = Local Machine + title = This host + host = localhost + + + Internet + menu = internet + title = internet + + ++ CloudflareDNS + menu = Cloudflare DNS + title = Cloudflare DNS server + host = 1.1.1.1 + + ++ GoogleDNS + menu = Google DNS + title = Google DNS server + host = 8.8.8.8 + + + retiolum + menu = retiolum + title = retiolum + + ++ gum + menu = gum.r + title = gum.r + host = gum.r + + ++ ni + menu = ni.r + title = ni.r + host = ni.r + + ++ prism + menu = prism.r + title = prism.r + host = prism.r + ''; + }; +} + diff --git a/lass/1systems/styx/physical.nix b/lass/1systems/styx/physical.nix new file mode 100644 index 000000000..a3899f87d --- /dev/null +++ b/lass/1systems/styx/physical.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/ata-SanDisk_SSD_G5_BICS4_20248F446514"; + boot.loader.grub.efiInstallAsRemovable = true; + + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ee5c9099-17fa-401e-852e-67cb4ae068f4"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EAA5-88A9"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index babcb51de..1cf421fed 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -222,4 +222,5 @@ with import <stockholm/lib>; # use 24:00 time format, the default got sneakily changed around 20.03 i18n.defaultLocale = mkDefault "C.UTF-8"; + system.stateVersion = mkDefault "20.03"; } diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 66d430cd1..78379ba1c 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -26,7 +26,7 @@ with import ./lib.nix { inherit lib; }; lovelaceConfigWritable = true; }; - lass.hass.config = let + services.home-assistant.config = let tasmota_s20 = name: topic: { platform = "mqtt"; inherit name; diff --git a/lass/2configs/hass/rooms/bett.nix b/lass/2configs/hass/rooms/bett.nix index 16227fcb6..48a1f72d7 100644 --- a/lass/2configs/hass/rooms/bett.nix +++ b/lass/2configs/hass/rooms/bett.nix @@ -2,38 +2,38 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (lightswitch switches.dimmer.bett lights.bett) ]; - lass.hass.love = { - resources = [{ - url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; - type = "js"; - }]; - views = [{ - title = "bett"; - cards = [ - { - type = "markdown"; - title = "hello world"; - content = "This is just a test"; - } - { - type = "light"; - entity = "light.${lights.bett}"; - } - { - type = "custom:light-entity-card"; - entity = "light.${lights.bett}"; - } - { - type = "history-graph"; - entities = [ - "light.${lights.bett}" - ]; - } - ]; - }]; - }; + # lass.hass.love = { + # resources = [{ + # url = "https://raw.githubusercontent.com/ljmerza/light-entity-card/master/dist/light-entity-card.js.map"; + # type = "js"; + # }]; + # views = [{ + # title = "bett"; + # cards = [ + # { + # type = "markdown"; + # title = "hello world"; + # content = "This is just a test"; + # } + # { + # type = "light"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "custom:light-entity-card"; + # entity = "light.${lights.bett}"; + # } + # { + # type = "history-graph"; + # entities = [ + # "light.${lights.bett}" + # ]; + # } + # ]; + # }]; + # }; } diff --git a/lass/2configs/hass/rooms/essen.nix b/lass/2configs/hass/rooms/essen.nix index f74996154..eeb3d30d2 100644 --- a/lass/2configs/hass/rooms/essen.nix +++ b/lass/2configs/hass/rooms/essen.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.essen lights.essen 10) (lightswitch switches.dimmer.essen lights.essen) ]; diff --git a/lass/2configs/hass/rooms/nass.nix b/lass/2configs/hass/rooms/nass.nix index 163f4fc48..7e6298738 100644 --- a/lass/2configs/hass/rooms/nass.nix +++ b/lass/2configs/hass/rooms/nass.nix @@ -2,7 +2,7 @@ with import ../lib.nix { inherit lib; }; { - lass.hass.config = lib.mkMerge [ + services.home-assistant.config = lib.mkMerge [ (detect_movement sensors.movement.nass lights.nass 100) (lightswitch switches.dimmer.nass lights.nass) ]; diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix index 6d091066e..789a7fb92 100644 --- a/lass/2configs/hass/zigbee.nix +++ b/lass/2configs/hass/zigbee.nix @@ -1,41 +1,43 @@ {config, pkgs, lib, ...}: let - zigbee2mqtt_cfg = pkgs.writeText "zigbee2mqtt.json" (builtins.toJSON { - homeassistant = true; - permit_join = false; - mqtt = { - discovery = true; - base_topic = "zigbee"; - server = "mqtt://10.42.0.1"; - user = "gg23"; - password = "gg23-mqtt"; - }; - serial.port = "/dev/cc2531"; - }); + unstable-pkgs = import <nixpkgs-unstable> {}; in { # symlink the zigbee controller services.udev.extraRules = '' - SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dailout" - ''; - - system.activationScripts.installZigbee = '' - install -d /var/lib/zigbee2mqtt - install ${zigbee2mqtt_cfg} /var/lib/zigbee2mqtt/configuration.yaml + SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout" + SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="cc2652", MODE="0660", GROUP="dialout" ''; - # hack to restart docker container on config change - systemd.services.docker-zigbee2mqtt.environment.cfg = zigbee2mqtt_cfg; + # needed to use unstable package + systemd.services.zigbee2mqtt.environment.ZIGBEE2MQTT_DATA = "/var/lib/zigbee2mqtt"; - docker-containers.zigbee2mqtt = { - image = "koenkk/zigbee2mqtt"; - extraDockerOptions = [ - "--device=/dev/cc2531:/dev/cc2531" - ]; - volumes = ["/var/lib/zigbee2mqtt:/app/data"]; + services.zigbee2mqtt = { + enable = true; + package = unstable-pkgs.zigbee2mqtt; + config = { + homeassistant = true; + frontend.port = 1337; + experimental.new_api = true; + permit_join = false; + mqtt = { + discovery = true; + base_topic = "zigbee"; + server = "mqtt://10.42.0.1"; + user = "gg23"; + password = "gg23-mqtt"; + }; + serial = { + port = "/dev/cc2652"; + # disable_led = true; + }; + advanced = { + pan_id = 4222; + }; + }; }; - lass.hass.config = { + services.home-assistant.config = { sensor = [ # Sensor for monitoring the bridge state { @@ -93,7 +95,6 @@ in { { id = "zigbee_join_enabled"; alias = ""; - hide_entity = "true"; trigger = { platform = "state"; entity_id = "switch.zigbee2mqtt_join"; @@ -107,7 +108,6 @@ in { # Automation to stop timer when switch turned off and turn off switch when timer finished { id = "zigbee_join_disabled"; - hide_entity = "true"; trigger = [ { platform = "event"; diff --git a/lass/2configs/jitsi.nix b/lass/2configs/jitsi.nix new file mode 100644 index 000000000..1435ccb5c --- /dev/null +++ b/lass/2configs/jitsi.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: +{ + + services.jitsi-meet = { + enable = true; + hostName = "jitsi.lassul.us"; + config = { + enableWelcomePage = true; + requireDisplayName = true; + }; + interfaceConfig = { + SHOW_JITSI_WATERMARK = false; + SHOW_WATERMARK_FOR_GUESTS = false; + }; + }; + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 4443"; target = "ACCEPT"; } + { predicate = "-p udp --dport 10000"; target = "ACCEPT"; } + ]; +} diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index 3e8d12381..8c95b535d 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -6,9 +6,6 @@ let name = "radio"; mainUser = config.users.extraUsers.mainUser; - admin-password = import <secrets/icecast-admin-pw>; - source-password = import <secrets/icecast-source-pw>; - music_dir = "/home/radio/music"; add_random = pkgs.writeDashBin "add_random" '' @@ -138,54 +135,19 @@ in { auto_update "yes" audio_output { - type "shout" - encoding "lame" - name "the_playlist_mp3" - host "localhost" - port "8000" - mount "/radio.mp3" - password "${source-password}" - bitrate "128" - - format "44100:16:2" - - user "source" - genre "good music" - } - audio_output { - type "shout" - encoding "ogg" - name "the_playlist_ogg" - host "localhost" - port "8000" - mount "/radio.ogg" - password "${source-password}" - bitrate "128" - - format "44100:16:2" - - user "source" - genre "good music" + type "httpd" + name "lassulus radio" + encoder "vorbis" # optional + port "8000" + quality "5.0" # do not define if bitrate is defined + # bitrate "128" # do not define if quality is defined + format "44100:16:2" + always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped. + tags "yes" # httpd supports sending tags to listening streams. } ''; }; - services.icecast = { - enable = true; - hostname = "radio.lassul.us"; - admin.password = admin-password; - extraConf = '' - <mount> - <mount-name>/radio.mp3</mount-name> - <password>${source-password}</password> - </mount> - <mount> - <mount-name>/radio.ogg</mount-name> - <password>${source-password}</password> - </mount> - ''; - }; - krebs.iptables = { tables = { filter.INPUT.rules = [ @@ -206,7 +168,7 @@ in { systemd.services.radio = let autoAdd = pkgs.writeDash "autoAdd" '' - LIMIT=$1 #in secconds + LIMIT=$1 #in seconds timeLeft () { playlistDuration=$(${pkgs.mpc_cli}/bin/mpc --format '%time%' playlist | ${pkgs.gawk}/bin/awk -F ':' 'BEGIN{t=0} {t+=$1*60+$2} END{print t}') @@ -238,8 +200,7 @@ in { ${pkgs.mpc_cli}/bin/mpc idle player > /dev/null ${pkgs.mpc_cli}/bin/mpc current -f %file% done | while read trac |