diff options
Diffstat (limited to 'krebs')
21 files changed, 508 insertions, 70 deletions
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index ea73e4bd2..6321b6cc4 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -15,6 +15,10 @@ <stockholm/krebs/2configs/news-spam.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> <stockholm/krebs/2configs/shack/gitlab-runner.nix> + + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> ]; krebs.build.host = config.krebs.hosts.puyak; diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix index 9ae65466c..6e53637e6 100644 --- a/krebs/1systems/wolf/config.nix +++ b/krebs/1systems/wolf/config.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: let shack-ip = config.krebs.build.host.nets.shack.ip4.addr; - influx-host = "127.0.0.1"; ext-if = "et0"; external-mac = "52:54:b0:0b:af:fe"; @@ -39,56 +38,44 @@ in # mobile.lounge.mpd.shack <stockholm/krebs/2configs/shack/mobile.mpd.nix> + + # hass.shack + <stockholm/krebs/2configs/shack/glados> + # connect to git.shackspace.de as group runner for rz <stockholm/krebs/2configs/shack/gitlab-runner.nix> - # Statistics collection and visualization - <stockholm/krebs/2configs/graphite.nix> + # Statistics collection and visualization + <stockholm/krebs/2configs/shack/graphite.nix> ## Collect data from mqtt.shack and store in graphite database <stockholm/krebs/2configs/shack/mqtt_sub.nix> ## Collect radioactive data and put into graphite <stockholm/krebs/2configs/shack/radioactive.nix> ## mqtt.shack <stockholm/krebs/2configs/shack/mqtt.nix> - ## Collect local statistics via collectd and send to collectd - <stockholm/krebs/2configs/stats/wolf-client.nix> + ## influx.shack + <stockholm/krebs/2configs/shack/influx.nix> - { services.influxdb.enable = true; } + ## Collect local statistics via collectd and send to collectd + <stockholm/krebs/2configs/stats/shack-client.nix> + <stockholm/krebs/2configs/stats/shack-debugging.nix> <stockholm/krebs/2configs/shack/netbox.nix> + # prometheus.shack <stockholm/krebs/2configs/shack/prometheus/server.nix> <stockholm/krebs/2configs/shack/prometheus/node.nix> <stockholm/krebs/2configs/shack/prometheus/unifi.nix> - <stockholm/krebs/2configs/collectd-base.nix> # home-assistant - { services.influxdb.enable = true; } + # grafana.shack + <stockholm/krebs/2configs/shack/grafana.nix> ]; # use your own binary cache, fallback use cache.nixos.org (which is used by # apt-cacher-ng in first place) - # local discovery in shackspace nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; - services.grafana = { - enable = true; - addr = "0.0.0.0"; - users.allowSignUp = true; - users.allowOrgCreate = true; - users.autoAssignOrg = true; - auth.anonymous.enable = true; - security = import <secrets/grafana_security.nix>; - }; - nix = { - # use the up to date prism cache - binaryCaches = [ - "https://cache.nixos.org/" - ]; - binaryCachePublicKeys = [ - "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" - ]; - }; networking = { firewall.enable = false; @@ -133,23 +120,27 @@ in swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; - # fallout of ipv6calypse - networking.extraHosts = '' - hass.shack 10.42.2.191 - ''; users.extraUsers.root.openssh.authorizedKeys.keys = [ config.krebs.users."0x4A6F".pubkey config.krebs.users.ulrich.pubkey config.krebs.users.raute.pubkey - config.krebs.users.makefu-omo.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci ]; + services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; time.timeZone = "Europe/Berlin"; sound.enable = false; + + # avahi + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = [ pkgs.avahi ]; + } diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 8771c0e1d..d7d6fbf37 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -14,18 +14,13 @@ with import <stockholm/lib>; ]; krebs.announce-activation.enable = true; krebs.enable = true; - krebs.tinc.retiolum.enable = true; + krebs.tinc.retiolum.enable = mkDefault true; krebs.build.user = mkDefault config.krebs.users.krebs; networking.hostName = config.krebs.build.host.name; nix.maxJobs = 1; - nix.trustedBinaryCaches = [ - "https://cache.nixos.org" - "http://cache.nixos.org" - "http://hydra.nixos.org" - ]; nix.useSandbox = true; environment.systemPackages = with pkgs; [ @@ -39,8 +34,6 @@ with import <stockholm/lib>; defaultLocale = lib.mkForce "C"; }; - - programs.ssh.startAgent = false; services.openssh = { @@ -55,18 +48,13 @@ with import <stockholm/lib>; users.mutableUsers = false; users.extraUsers.root.openssh.authorizedKeys.keys = [ - # TODO config.krebs.users.jeschli-brauerei.pubkey config.krebs.users.lass.pubkey config.krebs.users.lass-mors.pubkey config.krebs.users.makefu.pubkey - # TODO HARDER: - config.krebs.users.makefu-omo.pubkey config.krebs.users.tv.pubkey ]; - # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "17.03"; - } diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix new file mode 100644 index 000000000..54e7aef5c --- /dev/null +++ b/krebs/2configs/shack/glados/default.nix @@ -0,0 +1,136 @@ +{ config, pkgs, lib, ... }: +let + shackopen = import ./multi/shackopen.nix; + wasser = import ./multi/wasser.nix; +in { + services.nginx.virtualHosts."hass.shack".locations."/" = { + proxyPass = "http://localhost:8123"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + proxy_buffering off; + ''; + }; + services.home-assistant = let + dwd_pollen = pkgs.fetchFromGitHub { + owner = "marcschumacher"; + repo = "dwd_pollen"; + rev = "0.1"; + sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; + }; + in { + enable = true; + package = (pkgs.home-assistant.overrideAttrs (old: { + # TODO: find correct python package + installCheckPhase = '' + echo LOLLLLLLLLLLLLLL + ''; + postInstall = '' + cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen + ''; + })).override { + extraPackages = ps: with ps; [ + python-forecastio jsonrpc-async jsonrpc-websocket mpd2 + (callPackage ./deps/gtts-token.nix { }) + (callPackage ./deps/pyhaversion.nix { }) + ]; + }; + autoExtraComponents = true; + config = { + homeassistant = { + name = "Bureautomation"; + time_zone = "Europe/Berlin"; + latitude = "48.8265"; + longitude = "9.0676"; + elevation = 303; + auth_providers = [ + { type = "homeassistant";} + { type = "legacy_api_password";} + { type = "trusted_networks"; + # allow_bypass_login = true; + } + ]; + }; + # https://www.home-assistant.io/components/influxdb/ + influxdb = { + database = "hass"; + tags = { + instance = "wolf"; + source = "hass"; + }; + }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "glados/hass/status/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "glados/hass/status/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; + switch = wasser.switch; + light = []; + media_player = [ + { platform = "mpd"; + host = "lounge.mpd.shack"; + } + ]; + + sensor = + [{ platform = "version"; }] + ++ (import ./sensors/hass.nix) + ++ (import ./sensors/power.nix) + ++ shackopen.sensor; + + binary_sensor = shackopen.binary_sensor; + + camera = []; + + frontend = { }; + http = { + # TODO: https://github.com/home-assistant/home-assistant/issues/16149 + base_url = "http://hass.shack"; + use_x_forwarded_for = true; + trusted_proxies = "127.0.0.1"; + api_password = "shackit"; + trusted_networks = [ + "127.0.0.1/32" + "10.42.0.0/16" + "::1/128" + "fd00::/8" + ]; + }; + conversation = {}; + history = {}; + logbook = {}; + tts = [ + { platform = "google"; + language = "de"; + } + { platform = "picotts"; + language = "de-DE"; + } + ]; + recorder = {}; + sun = {}; + + automation = wasser.automation; + device_tracker = []; + }; + }; +} diff --git a/krebs/2configs/shack/glados/deps/dwd_pollen.nix b/krebs/2configs/shack/glados/deps/dwd_pollen.nix new file mode 100644 index 000000000..39d9c3069 --- /dev/null +++ b/krebs/2configs/shack/glados/deps/dwd_pollen.nix @@ -0,0 +1,32 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, python +, voluptuous +}: + +buildPythonPackage rec { + format = "other"; + pname = "dwd_pollen"; + version = "0.1"; + + src = fetchFromGitHub { + owner = "marcschumacher"; + repo = "dwd_pollen"; + rev = version; + sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1"; + }; + propagatedBuildInputs = [ + voluptuous + ]; + installPhase = '' + install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen * + ''; + + meta = with lib; { + description = "Home Assistant component to retrieve Pollen data from DWD (Germany)"; + homepage = https://github.com/marcschumacher/dwd_pollen; + license = licenses.mit; + maintainers = [ maintainers.makefu ]; + }; +} diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix new file mode 100644 index 000000000..69640f03d --- /dev/null +++ b/krebs/2configs/shack/glados/deps/gtts-token.nix @@ -0,0 +1,27 @@ +{ lib +, buildPythonPackage +, fetchPypi +, requests +}: + +buildPythonPackage rec { + pname = "gtts-token"; + version = "1.1.3"; + + src = fetchPypi { + pname = "gTTS-token"; + inherit version; + sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; + }; + + propagatedBuildInputs = [ + requests + ]; + + meta = with lib; { + description = "Calculates a token to run the Google Translate text to speech"; + homepage = https://github.com/boudewijn26/gTTS-token; + license = licenses.mit; + # maintainers = [ maintainers. ]; + }; +} diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix new file mode 100644 index 000000000..a75c6a976 --- /dev/null +++ b/krebs/2configs/shack/glados/deps/pyhaversion.nix @@ -0,0 +1,33 @@ +{ lib +, buildPythonPackage +, fetchpatch +, fetchPypi +, aiohttp +, async-timeout +}: + +buildPythonPackage rec { + pname = "pyhaversion"; + version = "2.2.1"; + + src = fetchPypi { + inherit pname version; + sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; + }; + patches = [ + (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; + sha256 = + "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) + ]; + doCheck = false; + propagatedBuildInputs = [ + aiohttp + async-timeout + ]; + + meta = with lib; { + description = ""; + homepage = https://github.com/ludeeus/pyhaversion; + # maintainers = [ maintainers. ]; + }; +} diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix new file mode 100644 index 000000000..354405d06 --- /dev/null +++ b/krebs/2configs/shack/glados/multi/shackopen.nix @@ -0,0 +1,23 @@ +{ + binary_sensor = [ + { platform = "mqtt"; + name = "Portal Lock"; + device_class = "door"; + state_topic = "portal/gateway/status"; + availability_topic = "portal/gateway/lwt"; + payload_on = "open"; + payload_off = "closed"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; + sensor = [ + { platform = "mqtt"; + name = "Keyholder"; + state_topic = "portal/gateway/keyholder"; + availability_topic = "portal/gateway/lwt"; + payload_available = "online"; + payload_not_available = "offline"; + } + ]; +} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix new file mode 100644 index 000000000..a2c80851b --- /dev/null +++ b/krebs/2configs/shack/glados/multi/wasser.nix @@ -0,0 +1,65 @@ +let + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "sonoff/stat/${topic}/POWER1"; + command_topic = "sonoff/cmnd/${topic}/POWER1"; + availability_topic = "sonoff/tele/${topic}/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + retain = false; + qos = 1; + }; +in +{ + switch = [ + (tasmota_plug "Wasser" "plug") + ]; + automation = + [ + { alias = "Water the plant for 10 seconds"; + trigger = [ + { # trigger at 20:00 no matter what + # TODO: retry or run only if switch.wasser is available + platform = "time"; + at = "20:00:00"; + } + ]; + action = + [ + { + service = "homeassistant.turn_on"; + entity_id = [ + "switch.wasser" + ]; + } + { delay.seconds = 10; } + { + service = "homeassistant.turn_off"; + entity_id = [ + "switch.wasser" + ]; + } + ]; + } + { alias = "Always turn off water after 15 seconds"; + trigger = [ + { + platform = "state"; + entity_id = "switch.wasser"; + to = "on"; + for.seconds = 15; + } + ]; + action = + [ + { + service = "homeassistant.turn_off"; + entity_id = [ "switch.wasser" ]; + } + ]; + } + ]; +} diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix new file mode 100644 index 000000000..634758701 --- /dev/null +++ b/krebs/2configs/shack/glados/sensors/hass.nix @@ -0,0 +1,22 @@ +let + esphome_temp = name: + { platform = "mqtt"; + name = "${name} Temperature"; + device_class = "temperature"; + state_topic = "glados/${name}/sensor/temperature/state"; + availability_topic = "glados/${name}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; + esphome_hum = name: + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} Humidity"; + state_topic = "glados/${name}/sensor/humidity/state"; + availability_topic = "glados/${name}/status"; + payload_available = "online"; + payload_not_available = "offline"; + }; +in + (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) + ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ]) diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix new file mode 100644 index 000000000..1aa250a19 --- /dev/null +++ b/krebs/2configs/shack/glados/sensors/power.nix @@ -0,0 +1,27 @@ +let + power_x = name: phase: + { platform = "mqtt"; + name = "${phase} ${name}"; + # device_class = "power"; + state_topic = "/power/total/${phase}/${name}"; + availability_topic = "/power/lwt"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + power_consumed = + { platform = "mqtt"; + name = "Power Consumed"; + #device_class = "power"; + state_topic = "/power/total/consumed"; + availability_topic = "/power/lwt"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; + power_volt = power_x "Voltage"; + power_watt = power_x "Power"; + power_curr = power_x "Current"; +in + (map power_volt [ "L1" "L2" "L3" ]) +++ (map power_watt [ "L1" "L2" "L3" ]) +++ (map power_curr [ "L1" "L2" "L3" ]) +++ [ power_consumed ] diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix new file mode 100644 index 000000000..adf0a4bc3 --- /dev/null +++ b/krebs/2configs/shack/grafana.nix @@ -0,0 +1,19 @@ +let + port = 3000; +in { + + networking.firewall.allowedTCPPorts = [ port ]; # legacy + services.nginx.virtualHosts."grafana.shack" = { + locations."/".proxyPass = "http://localhost:${toString port}"; + }; + services.grafana = { + enable = true; + port = port; + addr = "0.0.0.0"; + users.allowSignUp = true; + users.allowOrgCreate = true; + users.autoAssignOrg = true; + auth.anonymous.enable = true; + security = import <secrets/grafana_security.nix>; + }; +} diff --git a/krebs/2configs/graphite.nix b/krebs/2configs/shack/graphite.nix index 64222e43a..1c8ec6a8b 100644 --- a/krebs/2configs/graphite.nix +++ b/krebs/2configs/shack/graphite.nix @@ -1,16 +1,22 @@ { config, lib, pkgs, ... }: +# hostname: graphite.shack + # graphite-web on port 8080 # carbon cache on port 2003 (tcp/udp) - -# TODO: krebs.graphite.minimal.enable -# TODO: configure firewall -with import <stockholm/lib>; -{ - imports = [ ]; - +let + port = 8080; +in { + networking.firewall.allowedTCPPorts = [ 2003 port ]; + networking.firewall.allowedUDPPorts = [ 2003 ]; + services.nginx.virtualHosts."graphite.shack" = { + locations."/" = { + proxyPass = "http://localhost:${toString port}/"; + }; + }; services.graphite = { api = { + inherit port; enable = true; listenAddress = "0.0.0.0"; }; diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix new file mode 100644 index 000000000..92cb24bf3 --- /dev/null +++ b/krebs/2configs/shack/influx.nix @@ -0,0 +1,33 @@ +{pkgs, ... }: # hostname: influx.shack +let + port = 8086; + collectd-port = 25826; + db = "collectd_db"; +in +{ + networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications + networking.firewall.allowedUDPPorts = [ collectd-port ]; + services.nginx.virtualHosts."influx.shack" = { + locations."/" = { + proxyPass = "http://localhost:${toString port}/"; + }; + }; + services.influxdb = { + enable = true; + extraConfig = { + http.bind-address = "0.0.0.0:${toString port}"; + http.log-enabled = false; + http.write-tracing = false; + http.suppress-write-log = true; + data.trace-logging-enabled = false; + data.query-log-enabled = false; + monitoring.enabled = false; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + bind-address = ":${toString collectd-port}"; + }]; + }; + }; +} diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix index 8e5438db2..e78f0f974 100644 --- a/krebs/2configs/shack/mqtt.nix +++ b/krebs/2configs/shack/mqtt.nix @@ -1,3 +1,4 @@ +# hostname: mqtt.shack { networking.firewall.allowedTCPPorts = [ 1883 ]; networking.firewall.allowedUDPPorts = [ 1883 ]; diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index c936f2531..12f757e89 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -3,18 +3,23 @@ { networking = { firewall.allowedTCPPorts = [ - 3000 # grafana 9090 # prometheus 9093 # alertmanager ]; - useDHCP = true; }; - services = { + nginx.virtualHosts = { + "prometheus.shack" = { + locations."/".proxyPass = "http://localhost:9090"; + }; + "alert.prometheus.shack" = { + locations."/".proxyPass = "http://localhost:9093"; + }; + }; prometheus = { enable = true; extraFlags = [ - "-storage.local.retention 8760h" + "-storage.local.retention 720h" "-storage.local.series-file-shrink-ratio 0.3" "-storage.local.memory-chunks 2097152" "-storage.local.max-chunks-to-persist 1048576" diff --git a/krebs/2configs/stats/wolf-client.nix b/krebs/2configs/stats/shack-client.nix index 0412eba9a..5131b0f78 100644 --- a/krebs/2configs/stats/wolf-client.nix +++ b/krebs/2configs/stats/shack-client.nix @@ -17,6 +17,8 @@ Interface "lo" Interface "vboxnet*" Interface "virbr*" + Interface "veth*" + Interface "br-*" IgnoreSelected true </Plugin> @@ -53,15 +55,7 @@ LoadPlugin network <Plugin "network"> - Server "stats.makefu.r" "25826" - </Plugin> - - LoadPlugin curl - <Plugin curl> - <Page "smarthome"> - URL "http://smarthome.shack/"; - MeasureResponseTime true - </Page> + Server "influx.shack" "25826" </Plugin> ''; }; diff --git a/krebs/2configs/collectd-base.nix b/krebs/2configs/stats/shack-debugging.nix index 71a00be3a..b5a0cf05e 100644 --- a/krebs/2configs/collectd-base.nix +++ b/krebs/2configs/stats/shack-debugging.nix @@ -9,7 +9,7 @@ let ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/" Import "collectd_connect_time" <Module collectd_connect_time> - target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de" + target "localhost:22" "google.com" "google.de" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de""10.0.1.3" "10.0.0.3:22" "10.0.0.4:22" interval 10 </Module> </Plugin> @@ -18,7 +18,7 @@ let LoadPlugin write_graphite <Plugin "write_graphite"> <Carbon> - Host "wolf.r" + Host "graphite.shack" Port "2003" Prefix "retiolum." EscapeCharacter "_" diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index aac67f2e3..f12dda097 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -229,6 +229,32 @@ in { }; }; }; + jongepad = { + owner = config.krebs.users.jonge; + nets = { + retiolum = { + ip4.addr = "10.243.5.6"; + aliases = [ + "jongepad.r" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAtJsF5jL/M72PCptLFC5iIEt0qAL544H/VLijvZEG9gnoqbs94aNJ + MM5Sr3yMB01WkcT1Lph3r4dxV0/QECu3Ca4xxuUntu42tFXhkikQGcZLuo2h4zr4 + +wReudCCc7VqMcJDxriyyoW3i7smZnQGzo36gpKHbZfil8dJo0QE8mnujqkQCA0G + hjR7xdG+/usDgRUarfpNgoHKyZfLcomQLUuR8I3aHsdaCLgMJ8v5DjGymp2bIswT + puPx3IEZSXH8y6MZoISvLn+hwcWat34Bj1PF7vfgldivqHaDFpifpXvjbCmxcel9 + WVZRSEvLSVT4FnpaJ7JkAaUpG+GOHVlPWARq9t9AZXKR1Zex9MIkHzWi/TIIkawj + wJNvUwvBYJ1UCuCby4/3nKlY7zWjj23YM6dTJDGMhJKR5m2SHp9SC0m0QdfSjN5z + 8sJauCigGZ6rlmxkO4/2BBGshY8jWDl/z2oFiQfo7R2oZkJdWNHLGKtTZtqQQ3e6 + SAE/HQvipiv35rMzHw3E9AJBhhQqT3vTLLZvMTBS6BRFvpqDNhXik1aFenNV4tjZ + XeYU1eXI4XzQqoW/avPTuLt8O0Ya/nziLXCaIy+hlx5Hd49hkGb+1saQ5yPUgoEt + wE9sy5+9b5ebn8B+N0yw7wnUYN8V8dmPmRwLt71IuBwHn/aAoXyWwFsCAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; rose = { owner = config.krebs.users.Mic92; nets = rec { @@ -685,6 +711,9 @@ in { jan = { mail = "jan.heidbrink@posteo.de"; }; + jonge = { + mail = "jacek.galowicz@gmail.com"; + }; kmein = { mail = "kieran.meinhardt@gmail.com"; pubkey = ssh-for "kmein"; @@ -695,6 +724,7 @@ in { }; qubasa = { mail = "luis.nixos@gmail.com"; + pubkey = ssh-for "qubasa"; }; raute = { mail = "macxylo@gmail.com"; diff --git a/krebs/3modules/external/ssh/qubasa.pub b/krebs/3modules/external/ssh/qubasa.pub new file mode 100644 index 000000000..e9e1e6a29 --- /dev/null +++ b/krebs/3modules/external/ssh/qubasa.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MP |