diff options
Diffstat (limited to 'lass/3modules')
| -rw-r--r-- | lass/3modules/default.nix | 1 | ||||
| -rw-r--r-- | lass/3modules/ejabberd/config.nix | 4 | ||||
| -rw-r--r-- | lass/3modules/ejabberd/default.nix | 18 | ||||
| -rw-r--r-- | lass/3modules/power-action.nix | 12 | ||||
| -rw-r--r-- | lass/3modules/umts.nix | 91 |
5 files changed, 116 insertions, 10 deletions
diff --git a/lass/3modules/default.nix b/lass/3modules/default.nix index b3037205e..6a3b41ca4 100644 --- a/lass/3modules/default.nix +++ b/lass/3modules/default.nix @@ -5,6 +5,7 @@ _: ./folderPerms.nix ./mysql-backup.nix ./power-action.nix + ./umts.nix ./urxvtd.nix ./wordpress_nginx.nix ./xresources.nix diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 9a4882644..83ca5dc2a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -10,7 +10,7 @@ in toFile "ejabberd.conf" '' [ {5222, ejabberd_c2s, [ starttls, - {certfile, ${toErlang cfg.certfile}}, + {certfile, ${toErlang cfg.certfile.path}}, {access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536} @@ -27,7 +27,7 @@ in toFile "ejabberd.conf" '' ]} ]}. {s2s_use_starttls, required}. - {s2s_certfile, ${toErlang cfg.s2s_certfile}}. + {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}. {auth_method, internal}. {shaper, normal, {maxrate, 1000}}. {shaper, fast, {maxrate, 50000}}. diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index c68f32ef0..18c7cd656 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -4,7 +4,12 @@ in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; certfile = mkOption { - type = types.str; + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = "/var/lib/acme/lassul.us/full.pem"; + }; }; hosts = mkOption { type = with types; listOf str; @@ -17,12 +22,11 @@ in { export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ "$@" ''; }; s2s_certfile = mkOption { - type = types.str; + type = types.secret-file; default = cfg.certfile; }; user = mkOption { @@ -36,9 +40,15 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; diff --git a/lass/3modules/power-action.nix b/lass/3modules/power-action.nix index 06a316270..30875c9a9 100644 --- a/lass/3modules/power-action.nix +++ b/lass/3modules/power-action.nix @@ -12,6 +12,10 @@ let api = { enable = mkEnableOption "power-action"; + battery = mkOption { + type = types.str; + default = "BAT0"; + }; user = mkOption { type = types.user; default = { @@ -80,13 +84,13 @@ let "if [ $power -ge ${toString plan.lowerLimit} ] && [ $power -le ${toString plan.upperLimit} ] ${charging_check plan}; then ${plan.action}; fi"; powerlvl = pkgs.writeDash "powerlvl" '' - cat /sys/class/power_supply/BAT0/capacity + cat /sys/class/power_supply/${cfg.battery}/capacity ''; state = pkgs.writeDash "state" '' - if [ "$(cat /sys/class/power_supply/BAT0/status)" = "Charging" ] - then echo "true" - else echo "false" + if [ "$(cat /sys/class/power_supply/${cfg.battery}/status)" = "Discharging" ] + then echo "false" + else echo "true" fi ''; diff --git a/lass/3modules/umts.nix b/lass/3modules/umts.nix new file mode 100644 index 000000000..01adc0409 --- /dev/null +++ b/lass/3modules/umts.nix @@ -0,0 +1,91 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + cfg = config.lass.umts; + + out = { + options.lass.umts = api; + config = lib.mkIf cfg.enable imp; + }; + + api = { + enable = mkEnableOption "umts"; + modem = mkOption { + type = types.str; + default = "/dev/ttyUSB0"; + }; + initstrings = mkOption { + type = types.str; + default = '' + Init1 = ATZ + Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 + ''; + }; + username = mkOption { + type = types.str; + default = "default"; + }; + password = mkOption { + type = types.str; + default = "default"; + }; + }; + + nixpkgs-1509 = import (pkgs.fetchFromGitHub { + owner = "NixOS"; repo = "nixpkgs-channels"; + rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; + sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + }) {}; + + wvdial = nixpkgs-1509.wvdial; # https://github.com/NixOS/nixpkgs/issues/16113 + + #modem-device = "/dev/serial/by-id/usb-Lenovo_F5521gw_38214921FBBBC7B0-if09"; + modem-device = "/dev/serial/by-id/usb-HUAWEI_Technologies_HUAWEI_Mobile-if00-port0"; + + # TODO: currently it is only netzclub + umts-bin = pkgs.writeScriptBin "umts" '' + #!/bin/sh + set -euf + systemctl start umts + trap "systemctl stop umts;trap - INT TERM EXIT;exit" INT TERM EXIT + echo nameserver 8.8.8.8 | tee -a /etc/resolv.conf + journalctl -xfu umts + ''; + + wvdial-defaults = '' + Modem = ${cfg.modem} + ${cfg.initstrings} + Modem Type = Analog Modem + Baud = 460800 + phone= *99# + Username = ${cfg.username} + Password = ${cfg.password} + Stupid Mode = 1 + Idle Seconds = 0 + ''; + + imp = { + environment.shellAliases = { + umts = "sudo ${umts-bin}/bin/umts"; + }; + + security.sudo.extraConfig = '' + lass ALL= (root) NOPASSWD: ${umts-bin}/bin/umts + ''; + + environment.wvdial.dialerDefaults = wvdial-defaults; + + systemd.services.umts = { + description = "UMTS wvdial Service"; + serviceConfig = { + Type = "simple"; + Restart = "always"; + RestartSec = "10s"; + ExecStart = "${wvdial}/bin/wvdial -n"; + }; + }; + }; + +in out |