From 2f70dd3a67832579c34f1ea50d77b8b03d69040a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 8 Dec 2021 08:50:32 +0100 Subject: users: add xkey ssh key, use for logging into puyak --- krebs/2configs/shack/ssh-keys.nix | 1 + krebs/3modules/external/default.nix | 4 +++- krebs/3modules/external/ssh/xkey.pub | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 krebs/3modules/external/ssh/xkey.pub diff --git a/krebs/2configs/shack/ssh-keys.nix b/krebs/2configs/shack/ssh-keys.nix index 50bb93809..80957f3a5 100644 --- a/krebs/2configs/shack/ssh-keys.nix +++ b/krebs/2configs/shack/ssh-keys.nix @@ -7,6 +7,7 @@ config.krebs.users.raute.pubkey config.krebs.users.ulrich.pubkey config.krebs.users.xq.pubkey + config.krebs.users.xkey.pubkey "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci ]; diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index d919c8129..65f835ca2 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -753,7 +753,9 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; - xkey = {}; + xkey = { + pubkey = ssh-for "xkey"; + }; miaoski = { }; filly = { diff --git a/krebs/3modules/external/ssh/xkey.pub b/krebs/3modules/external/ssh/xkey.pub new file mode 100644 index 000000000..cd09f06bb --- /dev/null +++ b/krebs/3modules/external/ssh/xkey.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZFKgFcAEGXcsssJxDeUVvOTKD0U4LlT2Yw85+WmMTj -- cgit v1.2.3 From 023a9749fced678f6108991170df510a518fdcec Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Dec 2021 08:48:36 +0100 Subject: ma music: cleanup, use navidrome --- makefu/1systems/omo/config.nix | 2 +- makefu/2configs/home/airsonic.nix | 29 ----------------------------- makefu/2configs/home/music.nix | 31 +++++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 30 deletions(-) delete mode 100644 makefu/2configs/home/airsonic.nix create mode 100644 makefu/2configs/home/music.nix diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 0b4aaacb3..3a216ea76 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -94,7 +94,7 @@ in { - + # diff --git a/makefu/2configs/home/airsonic.nix b/makefu/2configs/home/airsonic.nix deleted file mode 100644 index c6112be26..000000000 --- a/makefu/2configs/home/airsonic.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, ... }: -let - internal-ip = "192.168.111.11"; - port = 4040; -in -{ - # networking.firewall.allowedTCPPorts = [ 4040 ]; - services.airsonic = { - enable = true; - listenAddress = "0.0.0.0"; - inherit port; - }; - state = [ config.services.airsonic.home ]; - services.nginx.virtualHosts."airsonic" = { - serverAliases = [ - "airsonic.lan" - "music" "music.lan" - "musik" "musik.lan" - ]; - - locations."/".proxyPass = "http://localhost:${toString port}"; - locations."/".proxyWebsockets = true; - extraConfig = '' - if ( $server_addr != "${internal-ip}" ) { - return 403; - } - ''; - }; -} diff --git a/makefu/2configs/home/music.nix b/makefu/2configs/home/music.nix new file mode 100644 index 000000000..59f6d9170 --- /dev/null +++ b/makefu/2configs/home/music.nix @@ -0,0 +1,31 @@ +{ config, ... }: +let + internal-ip = "192.168.111.11"; + port = 4533; +in +{ + services.navidrome.enable = true; + services.navidrome.settings = { + MusicFolder = "/media/cryptX/music"; + Address = "0.0.0.0"; + }; + + state = [ "/var/lib/navidrome" ]; + # networking.firewall.allowedTCPPorts = [ 4040 ]; + # state = [ config.services.airsonic.home ]; + services.nginx.virtualHosts."navidrome" = { + serverAliases = [ + "navidrome.lan" + "music" "music.lan" + "musik" "musik.lan" + ]; + + locations."/".proxyPass = "http://localhost:${toString port}"; + locations."/".proxyWebsockets = true; + extraConfig = '' + if ( $server_addr != "${internal-ip}" ) { + return 403; + } + ''; + }; +} -- cgit v1.2.3 From ca36cf99ac38b35b748ad7d191ef58bfe05ebdeb Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 10 Dec 2021 08:48:58 +0100 Subject: ma home/mqtt: fix acl --- makefu/2configs/home/ham/mqtt.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/home/ham/mqtt.nix b/makefu/2configs/home/ham/mqtt.nix index c90afff4a..5e668e7a0 100644 --- a/makefu/2configs/home/ham/mqtt.nix +++ b/makefu/2configs/home/ham/mqtt.nix @@ -12,15 +12,15 @@ omitPasswordAuth = false; users.sensor = { hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; - acl = [ "topic readwrite #" ]; + acl = [ "readwrite #" ]; }; users.hass = { hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; - acl = [ "topic readwrite #" ]; + acl = [ "readwrite #" ]; }; users.stats = { hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; - acl = [ "topic read #" ]; + acl = [ "read #" ]; }; settings = { allow_anonymous = false; -- cgit v1.2.3