From a72d092a118dbe13b9da609d43b01d06b9f7ab54 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 11:40:48 +0200 Subject: l: add hilum.r --- lass/1systems/hilum/config.nix | 28 ++++++++++++++++++++++++++++ lass/1systems/hilum/physical.nix | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 lass/1systems/hilum/config.nix create mode 100644 lass/1systems/hilum/physical.nix (limited to 'lass/1systems') diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix new file mode 100644 index 00000000..998fa147 --- /dev/null +++ b/lass/1systems/hilum/config.nix @@ -0,0 +1,28 @@ +{ config, ... }: +{ + imports = [ + + + + + + + + + + ]; + + krebs.build.host = config.krebs.hosts.hilum; + + boot.loader.grub.extraEntries = '' + menuentry "grml" { + iso_path=/isos/grml.iso + export iso_path + search --set=root --file $iso_path + loopback loop $iso_path + root=(loop) + configfile /boot/grub/loopback.cfg + loopback --delete loop + } + ''; +} diff --git a/lass/1systems/hilum/physical.nix b/lass/1systems/hilum/physical.nix new file mode 100644 index 00000000..f8bab57d --- /dev/null +++ b/lass/1systems/hilum/physical.nix @@ -0,0 +1,35 @@ +{ lib, pkgs, ... }: + +{ + imports = [ + ./config.nix + + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.efiSupport = true; + boot.loader.grub.device = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0374116060006128-0:0"; + boot.loader.grub.efiInstallAsRemovable = true; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/6db29cdd-ff64-496d-b541-5f1616665dc2"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."usb_nix".device = "/dev/disk/by-uuid/3c8ab3af-57fb-4564-9e27-b2766404f5d4"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2B9E-5131"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} -- cgit v1.2.3 From 6d70d953edc50dbb44b02d3d57492c092b1d1cad Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 11:46:21 +0200 Subject: l prism.r: add kick-routing for riot --- lass/1systems/prism/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index eec8e34b..845cf943 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -31,7 +31,15 @@ with import ; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6o6sdTu/CX1LW2Ff5bNDqGEAGwAsjf0iIe5DCdC7YikCct+7x4LTXxY+nDlPMeGcOF88X9/qFwdyh+9E4g0nUAZaeL14Uc14QDqDt/aiKjIXXTepxE/i4JD9YbTqStAnA/HYAExU15yqgUdj2dnHu7OZcGxk0ZR1OY18yclXq7Rq0Fd3pN3lPP1T4QHM9w66r83yJdFV9szvu5ral3/QuxQnCNohTkR6LoJ4Ny2RbMPTRtb+jPbTQYTWUWwV69mB8ot5nRTP4MRM9pu7vnoPF4I2S5DvSnx4C5zdKzsb7zmIvD4AmptZLrXj4UXUf00Xf7Js5W100Ne2yhYyhq+35 riot@lagrange" ]; + packages = [ + (pkgs.writeDashBin "kick-routing" '' + /run/wrappers/bin/sudo ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + '') + ]; }; + security.sudo.extraConfig = '' + riot ALL=(root) NOPASSWD: ${pkgs.systemd}/bin/systemctl restart krebs-iptables.service + ''; # TODO write function for proxy_pass (ssl/nonssl) -- cgit v1.2.3 From 4e01c4c58bed5a949b4d95e76926b45461d8397b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 11:57:38 +0200 Subject: l prism.r: mount tank/backups --- lass/1systems/prism/physical.nix | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/prism/physical.nix b/lass/1systems/prism/physical.nix index 9a84e9d6..7458f5ff 100644 --- a/lass/1systems/prism/physical.nix +++ b/lass/1systems/prism/physical.nix @@ -20,6 +20,11 @@ fsType = "ext4"; }; + fileSystems."/backups" = { + device = "tank/backups"; + fsType = "zfs"; + }; + fileSystems."/srv/http" = { device = "tank/srv-http"; fsType = "zfs"; -- cgit v1.2.3 From c58b7f25838452483295260695c1a35d040bcfd6 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 11:59:38 +0200 Subject: l shodan.r: import nfs-dl --- lass/1systems/shodan/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 5de87d79..6513de48 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -17,6 +17,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; -- cgit v1.2.3 From ec525a30a3c7be4880761508b18f8049eb69d120 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 12:04:24 +0200 Subject: l mors.r: share the_playlist with xerxes --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 5076beee..1477d6d8 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -54,7 +54,7 @@ with import ; folders = { the_playlist = { path = "/home/lass/tmp/the_playlist"; - peers = [ "mors" "phone" "prism" ]; + peers = [ "mors" "phone" "prism" "xerxes" ]; }; free_music = { id = "mu9mn-zgvsw"; -- cgit v1.2.3 From 41342370581fd4cc0983b2ed846b4f068db45ab3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 12:08:42 +0200 Subject: l shodan.r: configure as media center --- lass/1systems/shodan/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 6513de48..cfb5988a 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -25,4 +25,16 @@ with import ; services.logind.extraConfig = '' HandleLidSwitch=ignore ''; + + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; } -- cgit v1.2.3 From c19f69898589546aa225b17feeaecbb59ac43ca7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 22 Sep 2019 12:09:11 +0200 Subject: l shodan.r: add hass config --- lass/1systems/shodan/config.nix | 74 +++++++++++++++++++++++++++++++++++++++ lass/1systems/shodan/physical.nix | 1 - 2 files changed, 74 insertions(+), 1 deletion(-) (limited to 'lass/1systems') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index cfb5988a..ad510283 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -37,4 +37,78 @@ with import ; enable = true; user = "media"; }; + + #hass + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } + # zerotierone + { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 41508127..7cfeba93 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -13,7 +13,6 @@ initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; } ]; initrd.luks.cryptoModules = [ "aes" "sha512" "sha1" "xts" ]; initrd.availableKernelModules = [ "xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; - #kernelModules = [ "kvm-intel" "msr" ]; }; fileSystems = { "/" = { -- cgit v1.2.3