diff options
Diffstat (limited to 'makefu/2configs')
23 files changed, 184 insertions, 85 deletions
diff --git a/makefu/2configs/bgt/auphonic.pub b/makefu/2configs/bgt/auphonic.pub new file mode 100644 index 000000000..37b8e0599 --- /dev/null +++ b/makefu/2configs/bgt/auphonic.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvP50lgtHhlC3LKzC1/4yzJNxkZFDSIBvEfavNfchNKJUEBPo82oVtfFgJR5XfjI7c2U9dHl+0q4qMl+9ZiZWr2YgDpAr78kpur4gjWKrnBa2eT9GIfXB3Tm1+OpI2HoeOHUKEK1gKqqe9tJfS+CLb7DLCjulW8zdLiiH6KmvyaH78hGjZv+bpx7H4rItAinl8vGe+ceRIk4tZbmkyhphXbQZa3Ov+imiJXIr7fmX3tkOhUp4YwrVlUK8J0MEa1Kf7ZYWRqvGnKYFQ73LwLPz7UIOZ93zPF4d0R7xqvdEEhIx+u1/gToQZSMUczbVqg3dixr3yeBhFA/6h0lTA61mx diff --git a/makefu/2configs/nginx/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix index 6b5687e72..6d64848f5 100644 --- a/makefu/2configs/nginx/download.binaergewitter.de.nix +++ b/makefu/2configs/bgt/download.binaergewitter.de.nix @@ -1,12 +1,25 @@ { config, lib, pkgs, ... }: +with import <stockholm/lib>; let - ident = (toString <secrets>) + "/mirrorsync.gum.id_ed25519"; + ident = (builtins.readFile ./auphonic.pub); in { - systemd.services.mirrorsync = { - startAt = "08:00:00"; - path = with pkgs; [ rsync openssh ]; - script = ''rsync -av -e "ssh -i ${ident}" mirrorsync@159.69.132.234:/var/www/html/ /var/www/binaergewitter''; + services.openssh = { + allowSFTP = true; + sftpFlags = [ "-l VERBOSE" ]; + extraConfig = '' + Match User auphonic + ForceCommand internal-sftp + AllowTcpForwarding no + X11Forwarding no + PasswordAuthentication no + ''; + }; + users.users.auphonic = { + uid = genid "auphonic"; + group = "nginx"; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ ident config.krebs.users.makefu.pubkey ]; }; services.nginx = { enable = lib.mkDefault true; diff --git a/makefu/2configs/deployment/bgt/hidden_service.nix b/makefu/2configs/bgt/hidden_service.nix index c1a31b8dc..c1a31b8dc 100644 --- a/makefu/2configs/deployment/bgt/hidden_service.nix +++ b/makefu/2configs/bgt/hidden_service.nix diff --git a/makefu/2configs/binary-cache/lass.nix b/makefu/2configs/binary-cache/lass.nix index 46b386e14..51b4a1afc 100644 --- a/makefu/2configs/binary-cache/lass.nix +++ b/makefu/2configs/binary-cache/lass.nix @@ -3,7 +3,7 @@ { nix = { binaryCaches = [ - "http://cache.prism.r" + "https://cache.krebsco.de" ]; binaryCachePublicKeys = [ "cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU=" diff --git a/makefu/2configs/bitlbee.nix b/makefu/2configs/bitlbee.nix index 17efa7113..e955384d6 100644 --- a/makefu/2configs/bitlbee.nix +++ b/makefu/2configs/bitlbee.nix @@ -3,6 +3,6 @@ { services.bitlbee = { enable = true; - libpurple_plugins = [ pkgs.telegram-purple ]; + libpurple_plugins = [ pkgs.telegram-purple pkgs.pidgin-skypeweb]; }; } diff --git a/makefu/2configs/deployment/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 3897537ea..3897537ea 100644 --- a/makefu/2configs/deployment/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 443484a34..a89a4813f 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -112,7 +112,6 @@ in { "temperature" # "temperature_high" "temperature_low" "apparent_temperature" "hourly_summary" # next 24 hours text - "minutely_summary" "humidity" "pressure" "uv_index" ]; @@ -212,27 +211,44 @@ in { to = "on"; }; action = { - service= "homeassistant.turn_on"; - entity_id= "switch.fernseher"; + service = "homeassistant.turn_on"; + entity_id = [ "switch.fernseher" "switch.blitzdings" ]; }; } { alias = "Turn off Fernseher 10 minutes after last movement"; - trigger = { + trigger = [ + { # trigger when movement was detected at the time platform = "state"; entity_id = "binary_sensor.motion"; to = "off"; for.minutes = 10; - }; + } + { # trigger at 20:00 no matter what + # to avoid 'everybody left before 18:00:00' + platform = "time"; + at = "18:00:00"; + } + ]; action = { - service= "homeassistant.turn_off"; - entity_id= "switch.fernseher"; + service = "homeassistant.turn_off"; + entity_id = [ "switch.fernseher" "switch.blitzdings" ]; + }; + condition = + { condition = "and"; + conditions = [ + { + condition = "time"; + before = "06:30:00"; #only turn off between 6:30 and 18:00 + after = "18:00:00"; + # weekday = [ "mon" "tue" "wed" "thu" "fri" ]; + } + { + condition = "state"; + entity_id = "binary_sensor.motion"; + state = "off"; + } + ]; }; - condition = [{ - condition = "time"; - before = "06:30:00"; #only turn off between 6:30 and 18:00 - after = "18:00:00"; - weekday = [ "mon" "tue" "wed" "thu" "fri" ]; - }]; } ]; }; diff --git a/makefu/2configs/deployment/bureautomation/mpd.nix b/makefu/2configs/bureautomation/mpd.nix index 1f5acb357..1f5acb357 100644 --- a/makefu/2configs/deployment/bureautomation/mpd.nix +++ b/makefu/2configs/bureautomation/mpd.nix diff --git a/makefu/2configs/elchos/search.nix b/makefu/2configs/elchos/search.nix index 521bfc80a..e7b91e6a8 100644 --- a/makefu/2configs/elchos/search.nix +++ b/makefu/2configs/elchos/search.nix @@ -32,7 +32,7 @@ let ${user} protocol=dyndns2 - usev5=if, if=${primary-itf} + usev6=if, if=${primary-itf} ssl=yes server=ipv6.nsupdate.info login=${user} diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix index 94799b11d..596d0002a 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/homeautomation/default.nix @@ -31,7 +31,7 @@ let brightness_scale = 100; # color rgb_state_topic = "/ham/${topic}/stat/Color"; - rgb_command_topic = "/ham/${topic}/cmnd/Color2"; + rgb_command_topic = "/ham/${topic}/cmnd/MEM1"; # use enabled tasmota rule rgb_command_mode = "hex"; rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; # effects diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/homeautomation/google-muell.nix index 235cc1546..235cc1546 100644 --- a/makefu/2configs/deployment/google-muell.nix +++ b/makefu/2configs/homeautomation/google-muell.nix diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/homeautomation/mqtt.nix index cd1c328d7..cd1c328d7 100644 --- a/makefu/2configs/deployment/homeautomation/mqtt.nix +++ b/makefu/2configs/homeautomation/mqtt.nix diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix index f079d7f41..f8f82e76b 100644 --- a/makefu/2configs/mail/mail.euer.nix +++ b/makefu/2configs/mail/mail.euer.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { imports = [ - (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.0/nixos-mailserver-v2.2.0.tar.gz") ]; mailserver = { diff --git a/makefu/2configs/minimal.nix b/makefu/2configs/minimal.nix index d764e5624..cb2ef09e3 100644 --- a/makefu/2configs/minimal.nix +++ b/makefu/2configs/minimal.nix @@ -7,8 +7,8 @@ # the only true timezone (even after the the removal of DST) time.timeZone = "Europe/Berlin"; - networking.hostName = config.krebs.build.host.name; - nix.buildCores = config.krebs.build.host.cores; + networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; + nix.buildCores = 0; # until https://github.com/NixOS/nixpkgs/pull/50440 is in stable # we use gpg if necessary (or nothing at all) programs.ssh.startAgent = false; @@ -85,4 +85,6 @@ "net.ipv6.conf.all.use_tempaddr" = 2; "net.ipv6.conf.default.use_tempaddr" = 2; }; + + services.nscd.enable = false; } diff --git a/makefu/2configs/nginx/gum.krebsco.de.nix b/makefu/2configs/nginx/gum.krebsco.de.nix new file mode 100644 index 000000000..3e96e6826 --- /dev/null +++ b/makefu/2configs/nginx/gum.krebsco.de.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let +in { + services.nginx = { + enable = mkDefault true; + virtualHosts."gum.krebsco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { + # proxyPass = "http://localhost:8000/"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + }; + }; + }; +} diff --git a/makefu/2configs/shack/events-publisher/default.nix b/makefu/2configs/shack/events-publisher/default.nix index 531d2525e..964e5ccbb 100644 --- a/makefu/2configs/shack/events-publisher/default.nix +++ b/makefu/2configs/shack/events-publisher/default.nix @@ -2,8 +2,8 @@ with import <stockholm/lib>; let shack-announce = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/makefu/events-publisher/archive/670f4d7182a41b6763296e301612499d2986f213.tar.gz"; - sha256 = "1yf9cb08v4rc6x992yx5lcyn62sm3p8i2b48rsmr4m66xdi4bpnd"; + url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz"; + sha256 = "0rn1ykgjbd79zg03maa49kzi6hpzn4xzf4j93qgx5wax7h12qjx0"; }) {} ; home = "/var/lib/shackannounce"; user = "shackannounce"; diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index e4fef7c3c..ed5066787 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -30,6 +30,12 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + audiobook = { + path = "/media/crypt1/audiobooks"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; crypt0 = { path = "/media/crypt0"; "read only" = "yes"; diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix index 7d3fc38fe..9695751ff 100644 --- a/makefu/2configs/share/wbob.nix +++ b/makefu/2configs/share/wbob.nix @@ -8,6 +8,7 @@ home = "/home/share"; createHome = true; }; + users.groups.mpd.members = [ "makefu" ]; services.samba = { enable = true; enableNmbd = true; @@ -24,6 +25,12 @@ browseable = "yes"; "guest ok" = "yes"; }; + music-rw = { + path = "/data/music"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "no"; + }; }; extraConfig = '' guest account = smbguest diff --git a/makefu/2configs/stats/client.nix b/makefu/2configs/stats/client.nix index cfb5e3fd2..b88515a35 100644 --- a/makefu/2configs/stats/client.nix +++ b/makefu/2configs/stats/client.nix @@ -1,61 +1,7 @@ -{pkgs, config, ...}: { - services.collectd = { + makefu.netdata = { enable = true; - autoLoadPlugin = true; - extraConfig = '' - Hostname ${config.krebs.build.host.name} - LoadPlugin load - LoadPlugin disk - LoadPlugin memory - LoadPlugin df - Interval 30.0 - - LoadPlugin interface - <Plugin "interface"> - Interface "*Link" - Interface "lo" - Interface "vboxnet*" - Interface "virbr*" - IgnoreSelected true - </Plugin> - - LoadPlugin df - <Plugin "df"> - MountPoint "/nix/store" - # MountPoint "/run*" - # MountPoint "/sys*" - # MountPoint "/dev" - # MountPoint "/dev/shm" - # MountPoint "/tmp" - FSType "tmpfs" - FSType "binfmt_misc" - FSType "debugfs" - FSType "tracefs" - FSType "mqueue" - FSType "hugetlbfs" - FSType "systemd-1" - FSType "cgroup" - FSType "securityfs" - FSType "ramfs" - FSType "proc" - FSType "devpts" - FSType "devtmpfs" - MountPoint "/var/lib/docker/devicemapper" - IgnoreSelected true - </Plugin> - - LoadPlugin cpu - <Plugin cpu> - ReportByCpu true - ReportByState true - ValuesPercentage true - </Plugin> - - LoadPlugin network - <Plugin "network"> - Server "${config.makefu.stats-server}" "25826" - </Plugin> - ''; + stream.role = "slave"; + # stream.destination = "netdata.makefu.r"; }; } diff --git a/makefu/2configs/stats/collectd-client.nix b/makefu/2configs/stats/collectd-client.nix new file mode 100644 index 000000000..cfb5e3fd2 --- /dev/null +++ b/makefu/2configs/stats/collectd-client.nix @@ -0,0 +1,61 @@ +{pkgs, config, ...}: +{ + services.collectd = { + enable = true; + autoLoadPlugin = true; + extraConfig = '' + Hostname ${config.krebs.build.host.name} + LoadPlugin load + LoadPlugin disk + LoadPlugin memory + LoadPlugin df + Interval 30.0 + + LoadPlugin interface + <Plugin "interface"> + Interface "*Link" + Interface "lo" + Interface "vboxnet*" + Interface "virbr*" + IgnoreSelected true + </Plugin> + + LoadPlugin df + <Plugin "df"> + MountPoint "/nix/store" + # MountPoint "/run*" + # MountPoint "/sys*" + # MountPoint "/dev" + # MountPoint "/dev/shm" + # MountPoint "/tmp" + FSType "tmpfs" + FSType "binfmt_misc" + FSType "debugfs" + FSType "tracefs" + FSType "mqueue" + FSType "hugetlbfs" + FSType "systemd-1" + FSType "cgroup" + FSType "securityfs" + FSType "ramfs" + FSType "proc" + FSType "devpts" + FSType "devtmpfs" + MountPoint "/var/lib/docker/devicemapper" + IgnoreSelected true + </Plugin> + + LoadPlugin cpu + <Plugin cpu> + ReportByCpu true + ReportByState true + ValuesPercentage true + </Plugin> + + LoadPlugin network + <Plugin "network"> + Server "${config.makefu.stats-server}" "25826" + </Plugin> + ''; + }; +} diff --git a/makefu/2configs/stats/netdata-server.nix b/makefu/2configs/stats/netdata-server.nix new file mode 100644 index 000000000..5fec3583c --- /dev/null +++ b/makefu/2configs/stats/netdata-server.nix @@ -0,0 +1,17 @@ +{ + makefu.netdata = { + enable = true; + stream.role = "master"; + }; + + services.nginx = { + virtualHosts."netdata.euer.krebsco.de" = { + addSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:19999"; + }; + virtualHosts."netdata.makefu.r" = { + locations."/".proxyPass = "http://localhost:19999"; + }; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index c8e768c99..bb8fd1750 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -21,6 +21,13 @@ in { services.influxdb.extraConfig = { meta.hostname = config.krebs.build.host.name; # meta.logging-enabled = true; + logging.level = "info"; + http.log-enabled = true; + http.write-tracing = false; + http.suppress-write-log = true; + data.trace-logging-enabled = false; + data.query-log-enabled = false; + http.bind-address = ":${toString influx-port}"; admin.bind-address = ":8083"; monitoring = { diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index 98abb2406..0d2774209 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,8 +1,10 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; environment.systemPackages = [ pkgs.tinc ]; + networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; + networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; } |