summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs')
-rw-r--r--krebs/1systems/puyak/config.nix4
-rw-r--r--krebs/1systems/wolf/config.nix55
-rw-r--r--krebs/2configs/default.nix14
-rw-r--r--krebs/2configs/shack/glados/default.nix136
-rw-r--r--krebs/2configs/shack/glados/deps/dwd_pollen.nix32
-rw-r--r--krebs/2configs/shack/glados/deps/gtts-token.nix27
-rw-r--r--krebs/2configs/shack/glados/deps/pyhaversion.nix33
-rw-r--r--krebs/2configs/shack/glados/multi/shackopen.nix23
-rw-r--r--krebs/2configs/shack/glados/multi/wasser.nix65
-rw-r--r--krebs/2configs/shack/glados/sensors/hass.nix22
-rw-r--r--krebs/2configs/shack/glados/sensors/power.nix27
-rw-r--r--krebs/2configs/shack/grafana.nix19
-rw-r--r--krebs/2configs/shack/graphite.nix (renamed from krebs/2configs/graphite.nix)20
-rw-r--r--krebs/2configs/shack/influx.nix33
-rw-r--r--krebs/2configs/shack/mqtt.nix1
-rw-r--r--krebs/2configs/shack/prometheus/server.nix13
-rw-r--r--krebs/2configs/stats/shack-client.nix (renamed from krebs/2configs/stats/wolf-client.nix)12
-rw-r--r--krebs/2configs/stats/shack-debugging.nix (renamed from krebs/2configs/collectd-base.nix)4
-rw-r--r--krebs/3modules/external/default.nix30
-rw-r--r--krebs/3modules/external/ssh/qubasa.pub2
-rw-r--r--krebs/nixpkgs.json6
21 files changed, 508 insertions, 70 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index ea73e4bd2..6321b6cc4 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -15,6 +15,10 @@
<stockholm/krebs/2configs/news-spam.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
+
+ ## Collect local statistics via collectd and send to collectd
+ <stockholm/krebs/2configs/stats/shack-client.nix>
+ <stockholm/krebs/2configs/stats/shack-debugging.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 9ae65466c..6e53637e6 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -1,7 +1,6 @@
{ config, pkgs, ... }:
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
- influx-host = "127.0.0.1";
ext-if = "et0";
external-mac = "52:54:b0:0b:af:fe";
@@ -39,56 +38,44 @@ in
# mobile.lounge.mpd.shack
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
+
+ # hass.shack
+ <stockholm/krebs/2configs/shack/glados>
+
# connect to git.shackspace.de as group runner for rz
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
- # Statistics collection and visualization
- <stockholm/krebs/2configs/graphite.nix>
+ # Statistics collection and visualization
+ <stockholm/krebs/2configs/shack/graphite.nix>
## Collect data from mqtt.shack and store in graphite database
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
## mqtt.shack
<stockholm/krebs/2configs/shack/mqtt.nix>
- ## Collect local statistics via collectd and send to collectd
- <stockholm/krebs/2configs/stats/wolf-client.nix>
+ ## influx.shack
+ <stockholm/krebs/2configs/shack/influx.nix>
- { services.influxdb.enable = true; }
+ ## Collect local statistics via collectd and send to collectd
+ <stockholm/krebs/2configs/stats/shack-client.nix>
+ <stockholm/krebs/2configs/stats/shack-debugging.nix>
<stockholm/krebs/2configs/shack/netbox.nix>
+ # prometheus.shack
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
- <stockholm/krebs/2configs/collectd-base.nix> # home-assistant
- { services.influxdb.enable = true; }
+ # grafana.shack
+ <stockholm/krebs/2configs/shack/grafana.nix>
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
-
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
- services.grafana = {
- enable = true;
- addr = "0.0.0.0";
- users.allowSignUp = true;
- users.allowOrgCreate = true;
- users.autoAssignOrg = true;
- auth.anonymous.enable = true;
- security = import <secrets/grafana_security.nix>;
- };
- nix = {
- # use the up to date prism cache
- binaryCaches = [
- "https://cache.nixos.org/"
- ];
- binaryCachePublicKeys = [
- "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
- ];
- };
networking = {
firewall.enable = false;
@@ -133,23 +120,27 @@ in
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
- # fallout of ipv6calypse
- networking.extraHosts = ''
- hass.shack 10.42.2.191
- '';
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users."0x4A6F".pubkey
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
- config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
];
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
time.timeZone = "Europe/Berlin";
sound.enable = false;
+
+ # avahi
+ services.avahi = {
+ enable = true;
+ wideArea = false;
+ };
+ environment.systemPackages = [ pkgs.avahi ];
+
}
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 8771c0e1d..d7d6fbf37 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -14,18 +14,13 @@ with import <stockholm/lib>;
];
krebs.announce-activation.enable = true;
krebs.enable = true;
- krebs.tinc.retiolum.enable = true;
+ krebs.tinc.retiolum.enable = mkDefault true;
krebs.build.user = mkDefault config.krebs.users.krebs;
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = 1;
- nix.trustedBinaryCaches = [
- "https://cache.nixos.org"
- "http://cache.nixos.org"
- "http://hydra.nixos.org"
- ];
nix.useSandbox = true;
environment.systemPackages = with pkgs; [
@@ -39,8 +34,6 @@ with import <stockholm/lib>;
defaultLocale = lib.mkForce "C";
};
-
-
programs.ssh.startAgent = false;
services.openssh = {
@@ -55,18 +48,13 @@ with import <stockholm/lib>;
users.mutableUsers = false;
users.extraUsers.root.openssh.authorizedKeys.keys = [
- # TODO
config.krebs.users.jeschli-brauerei.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey
- # TODO HARDER:
- config.krebs.users.makefu-omo.pubkey
config.krebs.users.tv.pubkey
];
-
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
-
}
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
new file mode 100644
index 000000000..54e7aef5c
--- /dev/null
+++ b/krebs/2configs/shack/glados/default.nix
@@ -0,0 +1,136 @@
+{ config, pkgs, lib, ... }:
+let
+ shackopen = import ./multi/shackopen.nix;
+ wasser = import ./multi/wasser.nix;
+in {
+ services.nginx.virtualHosts."hass.shack".locations."/" = {
+ proxyPass = "http://localhost:8123";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+
+ proxy_buffering off;
+ '';
+ };
+ services.home-assistant = let
+ dwd_pollen = pkgs.fetchFromGitHub {
+ owner = "marcschumacher";
+ repo = "dwd_pollen";
+ rev = "0.1";
+ sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
+ };
+ in {
+ enable = true;
+ package = (pkgs.home-assistant.overrideAttrs (old: {
+ # TODO: find correct python package
+ installCheckPhase = ''
+ echo LOLLLLLLLLLLLLLL
+ '';
+ postInstall = ''
+ cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen
+ '';
+ })).override {
+ extraPackages = ps: with ps; [
+ python-forecastio jsonrpc-async jsonrpc-websocket mpd2
+ (callPackage ./deps/gtts-token.nix { })
+ (callPackage ./deps/pyhaversion.nix { })
+ ];
+ };
+ autoExtraComponents = true;
+ config = {
+ homeassistant = {
+ name = "Bureautomation";
+ time_zone = "Europe/Berlin";
+ latitude = "48.8265";
+ longitude = "9.0676";
+ elevation = 303;
+ auth_providers = [
+ { type = "homeassistant";}
+ { type = "legacy_api_password";}
+ { type = "trusted_networks";
+ # allow_bypass_login = true;
+ }
+ ];
+ };
+ # https://www.home-assistant.io/components/influxdb/
+ influxdb = {
+ database = "hass";
+ tags = {
+ instance = "wolf";
+ source = "hass";
+ };
+ };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ keepalive = 60;
+ protocol = 3.1;
+ birth_message = {
+ topic = "glados/hass/status/LWT";
+ payload = "Online";
+ qos = 1;
+ retain = true;
+ };
+ will_message = {
+ topic = "glados/hass/status/LWT";
+ payload = "Offline";
+ qos = 1;
+ retain = true;
+ };
+ };
+ switch = wasser.switch;
+ light = [];
+ media_player = [
+ { platform = "mpd";
+ host = "lounge.mpd.shack";
+ }
+ ];
+
+ sensor =
+ [{ platform = "version"; }]
+ ++ (import ./sensors/hass.nix)
+ ++ (import ./sensors/power.nix)
+ ++ shackopen.sensor;
+
+ binary_sensor = shackopen.binary_sensor;
+
+ camera = [];
+
+ frontend = { };
+ http = {
+ # TODO: https://github.com/home-assistant/home-assistant/issues/16149
+ base_url = "http://hass.shack";
+ use_x_forwarded_for = true;
+ trusted_proxies = "127.0.0.1";
+ api_password = "shackit";
+ trusted_networks = [
+ "127.0.0.1/32"
+ "10.42.0.0/16"
+ "::1/128"
+ "fd00::/8"
+ ];
+ };
+ conversation = {};
+ history = {};
+ logbook = {};
+ tts = [
+ { platform = "google";
+ language = "de";
+ }
+ { platform = "picotts";
+ language = "de-DE";
+ }
+ ];
+ recorder = {};
+ sun = {};
+
+ automation = wasser.automation;
+ device_tracker = [];
+ };
+ };
+}
diff --git a/krebs/2configs/shack/glados/deps/dwd_pollen.nix b/krebs/2configs/shack/glados/deps/dwd_pollen.nix
new file mode 100644
index 000000000..39d9c3069
--- /dev/null
+++ b/krebs/2configs/shack/glados/deps/dwd_pollen.nix
@@ -0,0 +1,32 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, python
+, voluptuous
+}:
+
+buildPythonPackage rec {
+ format = "other";
+ pname = "dwd_pollen";
+ version = "0.1";
+
+ src = fetchFromGitHub {
+ owner = "marcschumacher";
+ repo = "dwd_pollen";
+ rev = version;
+ sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
+ };
+ propagatedBuildInputs = [
+ voluptuous
+ ];
+ installPhase = ''
+ install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen *
+ '';
+
+ meta = with lib; {
+ description = "Home Assistant component to retrieve Pollen data from DWD (Germany)";
+ homepage = https://github.com/marcschumacher/dwd_pollen;
+ license = licenses.mit;
+ maintainers = [ maintainers.makefu ];
+ };
+}
diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix
new file mode 100644
index 000000000..69640f03d
--- /dev/null
+++ b/krebs/2configs/shack/glados/deps/gtts-token.nix
@@ -0,0 +1,27 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, requests
+}:
+
+buildPythonPackage rec {
+ pname = "gtts-token";
+ version = "1.1.3";
+
+ src = fetchPypi {
+ pname = "gTTS-token";
+ inherit version;
+ sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5";
+ };
+
+ propagatedBuildInputs = [
+ requests
+ ];
+
+ meta = with lib; {
+ description = "Calculates a token to run the Google Translate text to speech";
+ homepage = https://github.com/boudewijn26/gTTS-token;
+ license = licenses.mit;
+ # maintainers = [ maintainers. ];
+ };
+}
diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix
new file mode 100644
index 000000000..a75c6a976
--- /dev/null
+++ b/krebs/2configs/shack/glados/deps/pyhaversion.nix
@@ -0,0 +1,33 @@
+{ lib
+, buildPythonPackage
+, fetchpatch
+, fetchPypi
+, aiohttp
+, async-timeout
+}:
+
+buildPythonPackage rec {
+ pname = "pyhaversion";
+ version = "2.2.1";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f";
+ };
+ patches = [
+ (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch";
+ sha256 =
+ "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";})
+ ];
+ doCheck = false;
+ propagatedBuildInputs = [
+ aiohttp
+ async-timeout
+ ];
+
+ meta = with lib; {
+ description = "";
+ homepage = https://github.com/ludeeus/pyhaversion;
+ # maintainers = [ maintainers. ];
+ };
+}
diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix
new file mode 100644
index 000000000..354405d06
--- /dev/null
+++ b/krebs/2configs/shack/glados/multi/shackopen.nix
@@ -0,0 +1,23 @@
+{
+ binary_sensor = [
+ { platform = "mqtt";
+ name = "Portal Lock";
+ device_class = "door";
+ state_topic = "portal/gateway/status";
+ availability_topic = "portal/gateway/lwt";
+ payload_on = "open";
+ payload_off = "closed";
+ payload_available = "online";
+ payload_not_available = "offline";
+ }
+ ];
+ sensor = [
+ { platform = "mqtt";
+ name = "Keyholder";
+ state_topic = "portal/gateway/keyholder";
+ availability_topic = "portal/gateway/lwt";
+ payload_available = "online";
+ payload_not_available = "offline";
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix
new file mode 100644
index 000000000..a2c80851b
--- /dev/null
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@@ -0,0 +1,65 @@
+let
+ tasmota_plug = name: topic:
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "sonoff/stat/${topic}/POWER1";
+ command_topic = "sonoff/cmnd/${topic}/POWER1";
+ availability_topic = "sonoff/tele/${topic}/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ retain = false;
+ qos = 1;
+ };
+in
+{
+ switch = [
+ (tasmota_plug "Wasser" "plug")
+ ];
+ automation =
+ [
+ { alias = "Water the plant for 10 seconds";
+ trigger = [
+ { # trigger at 20:00 no matter what
+ # TODO: retry or run only if switch.wasser is available
+ platform = "time";
+ at = "20:00:00";
+ }
+ ];
+ action =
+ [
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [
+ "switch.wasser"
+ ];
+ }
+ { delay.seconds = 10; }
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [
+ "switch.wasser"
+ ];
+ }
+ ];
+ }
+ { alias = "Always turn off water after 15 seconds";
+ trigger = [
+ {
+ platform = "state";
+ entity_id = "switch.wasser";
+ to = "on";
+ for.seconds = 15;
+ }
+ ];
+ action =
+ [
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [ "switch.wasser" ];
+ }
+ ];
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix
new file mode 100644
index 000000000..634758701
--- /dev/null
+++ b/krebs/2configs/shack/glados/sensors/hass.nix
@@ -0,0 +1,22 @@
+let
+ esphome_temp = name:
+ { platform = "mqtt";
+ name = "${name} Temperature";
+ device_class = "temperature";
+ state_topic = "glados/${name}/sensor/temperature/state";
+ availability_topic = "glados/${name}/status";
+ payload_available = "online";
+ payload_not_available = "offline";
+ };
+ esphome_hum = name:
+ { platform = "mqtt";
+ device_class = "humidity";
+ name = "${name} Humidity";
+ state_topic = "glados/${name}/sensor/humidity/state";
+ availability_topic = "glados/${name}/status";
+ payload_available = "online";
+ payload_not_available = "offline";
+ };
+in
+ (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
+ ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix
new file mode 100644
index 000000000..1aa250a19
--- /dev/null
+++ b/krebs/2configs/shack/glados/sensors/power.nix
@@ -0,0 +1,27 @@
+let
+ power_x = name: phase:
+ { platform = "mqtt";
+ name = "${phase} ${name}";
+ # device_class = "power";
+ state_topic = "/power/total/${phase}/${name}";
+ availability_topic = "/power/lwt";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+ power_consumed =
+ { platform = "mqtt";
+ name = "Power Consumed";
+ #device_class = "power";
+ state_topic = "/power/total/consumed";
+ availability_topic = "/power/lwt";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+ power_volt = power_x "Voltage";
+ power_watt = power_x "Power";
+ power_curr = power_x "Current";
+in
+ (map power_volt [ "L1" "L2" "L3" ])
+++ (map power_watt [ "L1" "L2" "L3" ])
+++ (map power_curr [ "L1" "L2" "L3" ])
+++ [ power_consumed ]
diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix
new file mode 100644
index 000000000..adf0a4bc3
--- /dev/null
+++ b/krebs/2configs/shack/grafana.nix
@@ -0,0 +1,19 @@
+let
+ port = 3000;
+in {
+
+ networking.firewall.allowedTCPPorts = [ port ]; # legacy
+ services.nginx.virtualHosts."grafana.shack" = {
+ locations."/".proxyPass = "http://localhost:${toString port}";
+ };
+ services.grafana = {
+ enable = true;
+ port = port;
+ addr = "0.0.0.0";
+ users.allowSignUp = true;
+ users.allowOrgCreate = true;
+ users.autoAssignOrg = true;
+ auth.anonymous.enable = true;
+ security = import <secrets/grafana_security.nix>;
+ };
+}
diff --git a/krebs/2configs/graphite.nix b/krebs/2configs/shack/graphite.nix
index 64222e43a..1c8ec6a8b 100644
--- a/krebs/2configs/graphite.nix
+++ b/krebs/2configs/shack/graphite.nix
@@ -1,16 +1,22 @@
{ config, lib, pkgs, ... }:
+# hostname: graphite.shack
+
# graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp)
-
-# TODO: krebs.graphite.minimal.enable
-# TODO: configure firewall
-with import <stockholm/lib>;
-{
- imports = [ ];
-
+let
+ port = 8080;
+in {
+ networking.firewall.allowedTCPPorts = [ 2003 port ];
+ networking.firewall.allowedUDPPorts = [ 2003 ];
+ services.nginx.virtualHosts."graphite.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${toString port}/";
+ };
+ };
services.graphite = {
api = {
+ inherit port;
enable = true;
listenAddress = "0.0.0.0";
};
diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix
new file mode 100644
index 000000000..92cb24bf3
--- /dev/null
+++ b/krebs/2configs/shack/influx.nix
@@ -0,0 +1,33 @@
+{pkgs, ... }: # hostname: influx.shack
+let
+ port = 8086;
+ collectd-port = 25826;
+ db = "collectd_db";
+in
+{
+ networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications
+ networking.firewall.allowedUDPPorts = [ collectd-port ];
+ services.nginx.virtualHosts."influx.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${toString port}/";
+ };
+ };
+ services.influxdb = {
+ enable = true;
+ extraConfig = {
+ http.bind-address = "0.0.0.0:${toString port}";
+ http.log-enabled = false;
+ http.write-tracing = false;
+ http.suppress-write-log = true;
+ data.trace-logging-enabled = false;
+ data.query-log-enabled = false;
+ monitoring.enabled = false;
+ collectd = [{
+ enabled = true;
+ typesdb = "${pkgs.collectd}/share/collectd/types.db";
+ database = db;
+ bind-address = ":${toString collectd-port}";
+ }];
+ };
+ };
+}
diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix
index 8e5438db2..e78f0f974 100644
--- a/krebs/2configs/shack/mqtt.nix
+++ b/krebs/2configs/shack/mqtt.nix
@@ -1,3 +1,4 @@
+# hostname: mqtt.shack
{
networking.firewall.allowedTCPPorts = [ 1883 ];
networking.firewall.allowedUDPPorts = [ 1883 ];
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index c936f2531..12f757e89 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -3,18 +3,23 @@
{
networking = {
firewall.allowedTCPPorts = [
- 3000 # grafana
9090 # prometheus
9093 # alertmanager
];
- useDHCP = true;
};
-
services = {
+ nginx.virtualHosts = {
+ "prometheus.shack" = {
+ locations."/".proxyPass = "http://localhost:9090";
+ };
+ "alert.prometheus.shack" = {
+ locations."/".proxyPass = "http://localhost:9093";
+ };
+ };
prometheus = {
enable = true;
extraFlags = [
- "-storage.local.retention 8760h"
+ "-storage.local.retention 720h"
"-storage.local.series-file-shrink-ratio 0.3"
"-storage.local.memory-chunks 2097152"
"-storage.local.max-chunks-to-persist 1048576"
diff --git a/krebs/2configs/stats/wolf-client.nix b/krebs/2configs/stats/shack-client.nix
index 0412eba9a..5131b0f78 100644
--- a/krebs/2configs/stats/wolf-client.nix
+++ b/krebs/2configs/stats/shack-client.nix
@@ -17,6 +17,8 @@
Interface "lo"
Interface "vboxnet*"
Interface "virbr*"
+ Interface "veth*"
+ Interface "br-*"
IgnoreSelected true
</Plugin>
@@ -53,15 +55,7 @@
LoadPlugin network
<Plugin "network">
- Server "stats.makefu.r" "25826"
- </Plugin>
-
- LoadPlugin curl
- <Plugin curl>
- <Page "smarthome">
- URL "http://smarthome.shack/";
- MeasureResponseTime true
- </Page>
+ Server "influx.shack" "25826"
</Plugin>
'';
};
diff --git a/krebs/2configs/collectd-base.nix b/krebs/2configs/stats/shack-debugging.nix
index 71a00be3a..b5a0cf05e 100644
--- a/krebs/2configs/collectd-base.nix
+++ b/krebs/2configs/stats/shack-debugging.nix
@@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de"
+ target "localhost:22" "google.com" "google.de" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de""10.0.1.3" "10.0.0.3:22" "10.0.0.4:22"
interval 10
</Module>
</Plugin>
@@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "wolf.r"
+ Host "graphite.shack"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix
index aac67f2e3..f12dda097 100644
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@@ -229,6 +229,32 @@ in {
};
};
};
+ jongepad = {
+ owner = config.krebs.users.jonge;
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.5.6";
+ aliases = [
+ "jongepad.r"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIICCgKCAgEAtJsF5jL/M72PCptLFC5iIEt0qAL544H/VLijvZEG9gnoqbs94aNJ
+ MM5Sr3yMB01WkcT1Lph3r4dxV0/QECu3Ca4xxuUntu42tFXhkikQGcZLuo2h4zr4
+ +wReudCCc7VqMcJDxriyyoW3i7smZnQGzo36gpKHbZfil8dJo0QE8mnujqkQCA0G
+ hjR7xdG+/usDgRUarfpNgoHKyZfLcomQLUuR8I3aHsdaCLgMJ8v5DjGymp2bIswT
+ puPx3IEZSXH8y6MZoISvLn+hwcWat34Bj1PF7vfgldivqHaDFpifpXvjbCmxcel9
+ WVZRSEvLSVT4FnpaJ7JkAaUpG+GOHVlPWARq9t9AZXKR1Zex9MIkHzWi/TIIkawj
+ wJNvUwvBYJ1UCuCby4/3nKlY7zWjj23YM6dTJDGMhJKR5m2SHp9SC0m0QdfSjN5z
+ 8sJauCigGZ6rlmxkO4/2BBGshY8jWDl/z2oFiQfo7R2oZkJdWNHLGKtTZtqQQ3e6
+ SAE/HQvipiv35rMzHw3E9AJBhhQqT3vTLLZvMTBS6BRFvpqDNhXik1aFenNV4tjZ
+ XeYU1eXI4XzQqoW/avPTuLt8O0Ya/nziLXCaIy+hlx5Hd49hkGb+1saQ5yPUgoEt
+ wE9sy5+9b5ebn8B+N0yw7wnUYN8V8dmPmRwLt71IuBwHn/aAoXyWwFsCAwEAAQ==
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
rose = {
owner = config.krebs.users.Mic92;
nets = rec {
@@ -685,6 +711,9 @@ in {
jan = {
mail = "jan.heidbrink@posteo.de";
};
+ jonge = {
+ mail = "jacek.galowicz@gmail.com";
+ };
kmein = {
mail = "kieran.meinhardt@gmail.com";
pubkey = ssh-for "kmein";
@@ -695,6 +724,7 @@ in {
};
qubasa = {
mail = "luis.nixos@gmail.com";
+ pubkey = ssh-for "qubasa";
};
raute = {
mail = "macxylo@gmail.com";
diff --git a/krebs/3modules/external/ssh/qubasa.pub b/krebs/3modules/external/ssh/qubasa.pub
new file mode 100644
index 000000000..e9e1e6a29
--- /dev/null
+++ b/krebs/3modules/external/ssh/qubasa.pub
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MP