From 3be10ef41a1f72ad39a11576df180f44b435d8c5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 13:56:24 +0200 Subject: ma iso.euer.krebsco.de: init --- makefu/2configs/nginx/iso.euer.nix | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 makefu/2configs/nginx/iso.euer.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix new file mode 100644 index 00000000..63ef380f --- /dev/null +++ b/makefu/2configs/nginx/iso.euer.nix @@ -0,0 +1,25 @@ +{config, pkgs, ... }: +let + system = builtins.currentSystem; #we can also build for other platforms + iso = (import + { inherit system; + modules = [ ../../1systems/iso/config.nix ]; } + + ); + image = iso.config.system.build.isoImage; + name = iso.config.isoImage.isoName; +in +{ + services.nginx = { + virtualHosts = { + "iso.euer.krebsco.de" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "${image}/iso"; + index = name; + }; + }; + }; + }; +} -- cgit v1.2.3 From 9d2749e5caa4b3c8e3208c821199d9c2484c349b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 14:56:24 +0200 Subject: ma iso.euer.krebsco.de: expose iso as drivedroid repo --- makefu/2configs/nginx/iso.euer.nix | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix index 63ef380f..522b7f6f 100644 --- a/makefu/2configs/nginx/iso.euer.nix +++ b/makefu/2configs/nginx/iso.euer.nix @@ -1,4 +1,4 @@ -{config, pkgs, ... }: +{ config, pkgs, ... }: let system = builtins.currentSystem; #we can also build for other platforms iso = (import @@ -8,6 +8,25 @@ let ); image = iso.config.system.build.isoImage; name = iso.config.isoImage.isoName; + + drivedroid-cfg = builtins.toJSON [{ + id = "stockholm"; + name = "stockholm"; + tags = [ "hybrid" ]; + url = http://krebsco.de; + releases = [ + { version = iso.config.system.nixos.label; + url = "/stockholm.iso"; + arch = system; } + ]; + # size = TODO; + }]; + web = pkgs.linkFarm "web" [{ + name = "drivedroid.json"; + path = pkgs.writeText "drivedroid.json" drivedroid-cfg; } + { name = "stockholm.iso"; + path = "${image}/iso/${name}"; } + ]; in { services.nginx = { @@ -15,10 +34,8 @@ in "iso.euer.krebsco.de" = { enableACME = true; forceSSL = true; - locations."/" = { - root = "${image}/iso"; - index = name; - }; + root = web; + locations."/".index = "drivedroid.json"; }; }; }; -- cgit v1.2.3 From b2a3bd38ea70307c8b136eba42de7cc882afd441 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 10 Sep 2018 17:13:24 +0200 Subject: ma iso.euer: add imageUrl --- makefu/2configs/nginx/iso.euer.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/nginx/iso.euer.nix b/makefu/2configs/nginx/iso.euer.nix index 522b7f6f..701609d4 100644 --- a/makefu/2configs/nginx/iso.euer.nix +++ b/makefu/2configs/nginx/iso.euer.nix @@ -11,6 +11,7 @@ let drivedroid-cfg = builtins.toJSON [{ id = "stockholm"; + imageUrl = http://krebsco.de/krebs-v2.png; name = "stockholm"; tags = [ "hybrid" ]; url = http://krebsco.de; -- cgit v1.2.3 From ea9fcce6944eb71ebb03862ced66cf280dad55a2 Mon Sep 17 00:00:00 2001 From: tv Date: Tue, 11 Sep 2018 18:49:19 +0200 Subject: shell.nix: RIP --- makefu/2configs/tools/dev.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index b652241b..0de65cce 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -20,7 +20,6 @@ brain gen-oath-safe cdrtools - stockholm # nix related nix-repl nix-index -- cgit v1.2.3 From b658de054d724064a3531de2d4a53a7a28cdc6ac Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 16:17:39 +0200 Subject: ma omo.r: split hardware config, use disko for tsp hardware --- makefu/2configs/dcpp/hub.nix | 102 +++++++++++++++++++++++++++++++++++++++++++ makefu/2configs/hub.nix | 102 ------------------------------------------- 2 files changed, 102 insertions(+), 102 deletions(-) create mode 100644 makefu/2configs/dcpp/hub.nix delete mode 100644 makefu/2configs/hub.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix new file mode 100644 index 00000000..a121157d --- /dev/null +++ b/makefu/2configs/dcpp/hub.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import ; +let + ddclientUser = "ddclient"; + sec = toString ; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp ${toString } /tmp/uhub.crt + cp ${toString } /tmp/uhub.key + cp ${toString } /tmp/uhub.sql + chown uhub /tmp/* + ''; + + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = /tmp/uhub.crt + tls_private_key = /tmp/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "/tmp/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix deleted file mode 100644 index a121157d..00000000 --- a/makefu/2configs/hub.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import ; -let - ddclientUser = "ddclient"; - sec = toString ; - nsupdate = import "${sec}/nsupdate-hub.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ext-if = config.makefu.server.primary-itf; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - protocol=dyndns2 - use=web, web=http://ipv4.nsupdate.info/myip - ssl=yes - server=ipv4.nsupdate.info - login=${user} - password='${pass}' - ${user} - - '') dict)} - ''; - -in { - users.extraUsers = singleton { - name = ddclientUser; - uid = genid "ddclient"; - description = "ddclient daemon user"; - home = stateDir; - createHome = true; - }; - - systemd.services = { - redis.serviceConfig.LimitNOFILE=10032; - ddclient-nsupdate-uhub = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; - - networking.firewall.extraCommands = '' - iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 - ''; - systemd.services.uhub.serviceConfig = { - PrivateTmp = true; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString } /tmp/uhub.crt - cp ${toString } /tmp/uhub.key - cp ${toString } /tmp/uhub.sql - chown uhub /tmp/* - ''; - - }; - services.uhub = { - enable = true; - port = 1511; - enableTLS = true; - hubConfig = '' - hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true - ''; - plugins = { - welcome = { - enable = true; - motd = "shareit"; - rules = "1. Don't be an asshole"; - }; - history = { - enable = true; - }; - authSqlite = { - enable = true; - file = "/tmp/uhub.sql"; - }; - - }; - }; - networking.firewall.allowedTCPPorts = [ 411 1511 ]; -} -- cgit v1.2.3 From babf8b1377c5d4551365ecc707b07c036da7550d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:29:29 +0200 Subject: ma deployment/homeautomation: init --- .../2configs/deployment/homeautomation/default.nix | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 makefu/2configs/deployment/homeautomation/default.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix new file mode 100644 index 00000000..1f935e2f --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -0,0 +1,61 @@ +{ pkgs, config, ... }: +let + firetv = "192.168.1.238"; +in { + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" + ]; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = "c73619e6ea79e553a585be06aacf3679"; + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "hourly_summary" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 10; + seconds = 0; + }; + } + ]; + frontend = { }; + http = { }; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; +} -- cgit v1.2.3 From 9cdcf9b7ebb36f78f20263ec02089bfd427d7e81 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:30:34 +0200 Subject: ma gum.r: clean up dangling code --- makefu/2configs/wireguard/server.nix | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 makefu/2configs/wireguard/server.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix new file mode 100644 index 00000000..e38fa05c --- /dev/null +++ b/makefu/2configs/wireguard/server.nix @@ -0,0 +1,52 @@ +{ config, ... }: +let + ext-if = config.makefu.server.primary-itf; +in { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; +} -- cgit v1.2.3 From bdf8d7a94d71e82a980392633f84842eb4084291 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:54:55 +0200 Subject: ma dcpp: add client --- makefu/2configs/dcpp/client.nix | 9 +++++++++ makefu/2configs/dcpp/hub.nix | 26 ++++++++++++++++++-------- 2 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 makefu/2configs/dcpp/client.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix new file mode 100644 index 00000000..3b27778e --- /dev/null +++ b/makefu/2configs/dcpp/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; +} + diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index a121157d..92977b4c 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -30,6 +30,7 @@ let '') dict)} ''; + uhubDir = "/var/lib/uhub"; in { users.extraUsers = singleton { @@ -65,22 +66,31 @@ in { PrivateTmp = true; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString } /tmp/uhub.crt - cp ${toString } /tmp/uhub.key - cp ${toString } /tmp/uhub.sql - chown uhub /tmp/* + cp -f ${toString } ${uhubDir}/uhub.crt + cp -f ${toString } ${uhubDir}/uhub.key + if test -d ${uhubDir};then + echo "Directory ${uhubDir} already exists, skipping db init" + else + echo "Copying sql user db" + cp ${toString } ${uhubDir}/uhub.sql + fi + chown -R uhub ${uhubDir} ''; }; + users.users.uhub = { + home = uhubDir; + createHome = true; + }; services.uhub = { enable = true; port = 1511; enableTLS = true; hubConfig = '' hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true + tls_certificate = ${uhubDir}/uhub.crt + tls_private_key = ${uhubDir}/uhub.key + registered_users_only = true ''; plugins = { welcome = { @@ -93,7 +103,7 @@ in { }; authSqlite = { enable = true; - file = "/tmp/uhub.sql"; + file = "${uhubDir}/uhub.sql"; }; }; -- cgit v1.2.3 From a881fe45f18194a32f737703181cdd11c422ec63 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Sep 2018 00:26:42 +0200 Subject: ma secrets: add completion --- makefu/2configs/tools/mobility.nix | 6 +++++- makefu/2configs/tools/secrets.nix | 12 ++++++++++++ makefu/2configs/zsh-user.nix | 2 ++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 makefu/2configs/tools/secrets.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a521..8a559dbb 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -3,7 +3,11 @@ users.users.makefu.packages = with pkgs;[ go-mtpfs mosh + sshfs + rclone + exfat + (pkgs.callPackage ./secrets.nix {}) ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix new file mode 100644 index 00000000..f88618cb --- /dev/null +++ b/makefu/2configs/tools/secrets.nix @@ -0,0 +1,12 @@ +{ pass, write, writeDash, ... }: + +write "secrets" { + "/bin/secrets".link = writeDash "brain" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/pass $@ + ''; + "/bin/secretsmenu".link = writeDash "secretsmenu" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 6be078f6..23ae572d 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -68,6 +68,8 @@ in compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" # ctrl-x ctrl-e autoload -U edit-command-line -- cgit v1.2.3 From 97012c2e2054e98bf87cb9b480e89317e715f5c7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:31:21 +0200 Subject: ma retroshare: prepare installation retroshare somewhat sucks though ;) --- makefu/2configs/retroshare.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 makefu/2configs/retroshare.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix new file mode 100644 index 00000000..4d2fc6af --- /dev/null +++ b/makefu/2configs/retroshare.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +let + port = 9024; +in { + users.users.makefu.packages = [ + pkgs.retroshare + ]; + networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedUDPPorts = [ port ]; +} -- cgit v1.2.3 From 6bb1a3318d4951dcb6ed555d816b73bfac368b35 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:32:22 +0200 Subject: ma weather2stats: add WIP --- makefu/2configs/stats/external/weather2stats.nix | 38 ++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 makefu/2configs/stats/external/weather2stats.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix new file mode 100644 index 00000000..870db99a --- /dev/null +++ b/makefu/2configs/stats/external/weather2stats.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import ; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} -- cgit v1.2.3 From 79ce9eb666182a07a542d9501514093732e5dec5 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:32:44 +0200 Subject: ma share: add time-mashine functionality for omo --- makefu/2configs/share/omo-timemachine.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 makefu/2configs/share/omo-timemachine.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix new file mode 100644 index 00000000..18cf0328 --- /dev/null +++ b/makefu/2configs/share/omo-timemachine.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services.samba = { + # support for timemachine in git + package = pkgs.sambaFull; + shares = { + time_machine = { + path = "/media/crypt3/backup/time_machine"; + "valid users" = "misa"; + public = "no"; + writeable = "yes"; + "force user" = "misa"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; + }; + }; +} -- cgit v1.2.3 From 443b88738aa064dd7f2d88b58d18751f5a2646e7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:35:36 +0200 Subject: ma mail.euer.krebsco.de: init with SimpleNixosMailServer --- makefu/2configs/mail/mail.euer.nix | 47 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 makefu/2configs/mail/mail.euer.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix new file mode 100644 index 00000000..f079d7f4 --- /dev/null +++ b/makefu/2configs/mail/mail.euer.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + ]; + + mailserver = { + enable = true; + fqdn = "euer.eloop.org"; + domains = [ "euer.eloop.org" ]; + loginAccounts = { + "makefu@euer.eloop.org" = { + hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; + aliases = [ "root@euer.eloop.org" ]; + catchAll = [ "euer.eloop.org" ]; + + }; + }; + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + + }; + + services.dovecot2.extraConfig = '' + ssl_dh = Date: Mon, 17 Sep 2018 00:40:34 +0200 Subject: ma bureautomation: re-indent --- makefu/2configs/deployment/bureautomation/hass.nix | 88 +++++++++++----------- 1 file changed, 42 insertions(+), 46 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index d5793f88..4605e893 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -1,48 +1,43 @@ { pkgs, lib, ... }: let - tasmota_plug = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - qos = 1; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain= false; - }; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER1"; + command_topic = "/bam/${topic}/cmnd/POWER1"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; espeasy_dht22 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - { - platform = "mqtt"; - device_class = "humidity"; - state_topic = "/bam/${name}/dht22/Temperature"; - unit_of_measurement = "C"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - }]; - espeasy_ds18 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - ]; + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; in { - + networking.firewall.allowedTCPPorts = [ 8123 ]; nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.65.5" ]; @@ -81,18 +76,19 @@ in { (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ - { # esp_easy - platform = "mqtt"; + { platform = "mqtt"; device_class = "motion"; + name = "Motion"; state_topic = "/bam/easy2/movement/Switch"; payload_on = "1"; payload_off = "0"; - availability_topic = "/bam/easy2/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; } ]; sensor = + (espeasy_dht22 "easy1") ++ (espeasy_dht22 "easy2") ++ [ (espeasy_ds18 "easy3" ) { platform = "luftdaten"; -- cgit v1.2.3 From b54f309eb9ed60a1fe9120a07dc9afda6ee20666 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:41:36 +0200 Subject: ma hw: disable on boot --- makefu/2configs/hw/bluetooth.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 85c3190f..313ca014 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -29,11 +29,14 @@ # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - hardware.bluetooth.extraConfig = ''; - [general] - Enable=Source,Sink,Media,Socket - ''; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + extraConfig = '' + [general] + Enable=Source,Sink,Media,Socket + ''; + }; } -- cgit v1.2.3 From 9adb8c9825de13b1a911863fd70d733029023042 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:42:16 +0200 Subject: ma euer.mon.krebsco.de: proxy to wbob --- makefu/2configs/nginx/euer.mon.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index c5a7e68a..765fef53 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -10,7 +10,12 @@ let in { services.nginx = { enable = mkDefault true; - virtualHosts."mon.euer.krebsco.de" = { + virtualHosts."mon.euer.krebsco.de" = let + # flesh_wrap + authFile = pkgs.writeText "influx.conf" '' + user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1 + ''; + in { forceSSL = true; enableACME = true; locations."/" = { @@ -21,6 +26,17 @@ in { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; + locations."/influxdb/" = { + proxyPass = "http://wbob.r:8086/"; + extraConfig = '' + auth_basic "Needs Autherization to visit"; + auth_basic_user_file ${authFile}; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + ''; + }; }; }; } -- cgit v1.2.3 From 25d6a582e55ad540f25c099ce80afe4b14638f03 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:46:26 +0200 Subject: ma google-muell: use new version, update hard-coded ip --- makefu/2configs/deployment/google-muell.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix index f23789ee..235cc154 100644 --- a/makefu/2configs/deployment/google-muell.nix +++ b/makefu/2configs/deployment/google-muell.nix @@ -5,7 +5,10 @@ let home = "/var/lib/ampel"; sec = "${toString }/google-muell.json"; ampelsec = "${home}/google-muell.json"; - esp = "192.168.1.23"; + cred = "${toString }/google-muell-creds.json"; + # TODO: generate this credential file locally + ampelcred = "${home}/google-muell-creds.json"; + esp = "192.168.8.204"; sleepval = "1800"; in { users.users.ampel = { @@ -21,10 +24,10 @@ in { serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' - cp ${sec} ${ampelsec} - chown ampel ${ampelsec} + install -m600 -o ampel ${sec} ${ampelsec} + install -m600 -o ampel ${cred} ${ampelcred} ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; -- cgit v1.2.3 From 30a4002029ac64a3c92007107898fd32154d6e3e Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:47:01 +0200 Subject: ma fs/single-partition: add documentation --- makefu/2configs/fs/single-partition-ext4.nix | 2 ++ 1 file changed, 2 insertions(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix index 1970c949..1655556a 100644 --- a/makefu/2configs/fs/single-partition-ext4.nix +++ b/makefu/2configs/fs/single-partition-ext4.nix @@ -1,5 +1,7 @@ {config, ...}: { + # fdisk /dev/sda + # mkfs.ext4 -L nixos /dev/sda1 boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; boot.loader.grub.version = 2; -- cgit v1.2.3 From 2807623ab6efb19f362c39e22a7dd01c389b3f98 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:47:28 +0200 Subject: ma git: add disko --- makefu/2configs/git/cgit-retiolum.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/2configs') diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 61182f6c..1a7f3d98 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -31,6 +31,7 @@ let ampel = { }; europastats = { }; arafetch = { }; + disko = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; -- cgit v1.2.3 From 767109e6ae8560e17bc1ef6de67ad38559f19d27 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:48:02 +0200 Subject: ma nginx: less alternative hostnames --- makefu/2configs/nginx/misa-felix-hochzeit.ml.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix index d0881a93..75261234 100644 --- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -3,7 +3,7 @@ services.nginx = { enable = lib.mkDefault true; virtualHosts."misa-felix-hochzeit.ml" = { - serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ]; forceSSL = true; enableACME = true; locations = { -- cgit v1.2.3 From f6b3e7e6ebc15d9acd7bb5ca72034b143f2995ab Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 00:48:35 +0200 Subject: ma slave: un-hardcode keys --- makefu/2configs/remote-build/slave.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index b6e000a3..89121ffd 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,10 @@ -{ +{config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { name = "nixBuild"; useDefaultShell = true; - # TODO: put this somewhere else openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + config.krebs.users.buildbotSlave.pubkey ]; }; } -- cgit v1.2.3 From 14cb17d0ce26f74434e68d2266ed2f3b8a1a3f0b Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:08:37 +0200 Subject: ma save-diskspace: use new "documentation" key --- makefu/2configs/save-diskspace.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix index 4fd56976..b6725e73 100644 --- a/makefu/2configs/save-diskspace.nix +++ b/makefu/2configs/save-diskspace.nix @@ -4,8 +4,8 @@ _: environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = "03:10"; - programs.info.enable = false; - programs.man.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; services.nixosManual.enable = false; } -- cgit v1.2.3 From 80250950625cceb084ed4251082a01fbd8de2bc1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:10:36 +0200 Subject: ma syncthing: track syncthing state --- makefu/2configs/syncthing.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix index 6b758ea2..bc7413a0 100644 --- a/makefu/2configs/syncthing.nix +++ b/makefu/2configs/syncthing.nix @@ -1,11 +1,17 @@ -{...}: +{ config, ... }: with import ; { services.syncthing = { enable = true; openDefaultPorts = true; - useInotify = true; group = "download"; }; users.extraGroups.download.gid = genid "download"; + state = map (x: config.services.syncthing.dataDir + "/" + x) [ + "key.pem" + "cert.pem" + "config.xml" + "https-cert.pem" + "https-key.pem" + ]; } -- cgit v1.2.3 From 0823d0cbdc2861defaabc232058d96c8862c0b24 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:11:57 +0200 Subject: ma: random cleanup --- makefu/2configs/mqtt.nix | 1 + makefu/2configs/share/gum-client.nix | 1 + makefu/2configs/stats/server.nix | 17 +++++++++-------- makefu/2configs/tinc/retiolum.nix | 3 ++- makefu/2configs/tools/core.nix | 4 +++- makefu/2configs/tools/extra-gui.nix | 1 + makefu/2configs/tools/media.nix | 7 +++++-- 7 files changed, 22 insertions(+), 12 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 39c9fdfd..c5652181 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -4,6 +4,7 @@ enable = true; host = "0.0.0.0"; users = {}; + # TODO: secure that shit allowAnonymous = true; }; } diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix index be9ab026..db2adfb1 100644 --- a/makefu/2configs/share/gum-client.nix +++ b/makefu/2configs/share/gum-client.nix @@ -17,6 +17,7 @@ in { "file_mode=0775" "dir_mode=0775" "uid=9001" + "vers=3" ]; }; diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 7548c733..c8e768c9 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,11 +2,11 @@ with import ; let - irc-server = "rc.r"; + irc-server = "irc.r"; irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; - grafana-port = 3000; # TODO nginx forward + grafana-port = 3000; db = "collectd_db"; logging-interface = config.makefu.server.primary-itf; in { @@ -72,15 +72,16 @@ in { iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; + state = [ "/var/lib/grafana/data/grafana.db" ]; } diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index c55b9446..98abb240 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,7 +1,8 @@ -_: +{ pkgs, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; + environment.systemPackages = [ pkgs.tinc ]; } diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 60428890..33e896d4 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -3,9 +3,11 @@ # tools i use when actually working with the host. # package version will now be maintained by nix-rebuild # -# essentially `nix-env -q` of the main user { environment.systemPackages = with pkgs; [ + ( pkgs.writeScriptBin "unknow" ''#!/bin/sh +${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts + '') at_spi2_core acpi bc diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 3d26cc57..1c28eeff 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,6 +6,7 @@ gimp inkscape libreoffice + quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 35faaa29..a61b6c88 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -3,11 +3,14 @@ { users.users.makefu.packages = with pkgs; [ kodi - streamripper - youtube-dl calibre vlc mumble mplayer + quodlibet + + plowshare + streamripper + youtube-dl ]; } -- cgit v1.2.3 From e576c3182a8d4bfc85ec0755d3eeae40603183d7 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 01:34:23 +0200 Subject: Revert "ma save-diskspace: use new "documentation" key" This reverts commit 14cb17d0ce26f74434e68d2266ed2f3b8a1a3f0b. --- makefu/2configs/save-diskspace.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix index b6725e73..4fd56976 100644 --- a/makefu/2configs/save-diskspace.nix +++ b/makefu/2configs/save-diskspace.nix @@ -4,8 +4,8 @@ _: environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = "03:10"; - documentation.info.enable = false; - documentation.man.enable = false; + programs.info.enable = false; + programs.man.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; services.nixosManual.enable = false; } -- cgit v1.2.3 From 20eebf0ca30f7fabf5cd818a81a9e60c487b0962 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 17 Sep 2018 21:52:41 +0200 Subject: ma homeautomation: add mqtt --- makefu/2configs/deployment/homeautomation/default.nix | 3 +++ makefu/2configs/deployment/homeautomation/mqtt.nix | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 makefu/2configs/deployment/homeautomation/mqtt.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index 1f935e2f..bd87193e 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -2,6 +2,9 @@ let firetv = "192.168.1.238"; in { + imports = [ + ./mqtt.nix + ]; systemd.services.firetv = { wantedBy = [ "multi-user.target" ]; serviceConfig = { diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix new file mode 100644 index 00000000..1d6a6a3a --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/mqtt.nix @@ -0,0 +1,16 @@ +{ pkgs, config, ... }: +{ + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + # see /mosquitto + users.sensor = { + hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ]; +} -- cgit v1.2.3 From 884c73d2c0542a303a8af93e522fc17e3578e622 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Sep 2018 02:16:12 +0200 Subject: ma homeautomation: add mqtt broker with acl --- .../2configs/deployment/homeautomation/default.nix | 79 +++++++++++++++++++++- makefu/2configs/deployment/homeautomation/mqtt.nix | 10 ++- 2 files changed, 87 insertions(+), 2 deletions(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix index bd87193e..f2a3b36e 100644 --- a/makefu/2configs/deployment/homeautomation/default.nix +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -1,6 +1,41 @@ { pkgs, config, ... }: + +# Ideas: +## wake-on-lan server +## let firetv = "192.168.1.238"; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/ham/${topic}/stat/POWER1"; + command_topic = "/ham/${topic}/cmnd/POWER1"; + availability_topic = "/ham/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; + tasmota_bme = name: topic: + [ { platform = "mqtt"; + name = "${name} Temperatur"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Temperature }}"; + unit_of_measurement = "°C"; + } + { platform = "mqtt"; + name = "${name} Luftfeuchtigkeit"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Humidity }}"; + unit_of_measurement = "%"; + } + { platform = "mqtt"; + name = "${name} Luftdruck"; + state_topic = "/ham/${topic}/tele/SENSOR"; + value_template = "{{ value_json.BME280.Pressure }}"; + unit_of_measurement = "hPa"; + } + ]; in { imports = [ ./mqtt.nix @@ -21,7 +56,17 @@ in { name = "Home"; time_zone = "Europe/Berlin"; latitude = "48.7687"; longitude = "9.2478"; + elevation = 247; }; + discovery = {}; + conversation = {}; + history = {}; + logbook = {}; + tts = [ + { platform = "google";} + ]; + sun.elevation = 247; + recorder = {}; media_player = [ { platform = "kodi"; host = firetv; @@ -30,7 +75,31 @@ in { # assumes python-firetv running } ]; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "hass"; + password = builtins.readFile ; + keepalive = 60; + protocol = 3.1; + birth_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Online"; + qos = 1; + retain = true; + }; + will_message = { + topic = "/ham/hass/tele/LWT"; + payload = "Offline"; + qos = 1; + retain = true; + }; + }; sensor = [ + { platform = "speedtest"; + monitored_conditions = [ "ping" "download" "upload" ]; + } { platform = "luftdaten"; name = "Ditzingen"; sensorid = "663"; @@ -54,9 +123,17 @@ in { seconds = 0; }; } - ]; + ] ++ (tasmota_bme "Schlafzimmer" "schlafzimmer"); frontend = { }; + #group = [ + # { default_view = { view = "yes"; entities = [ + # "sensor.luftdaten" + # ]} + #]; http = { }; + switch = [ + (tasmota_plug "Lichterkette Schlafzimmer" "schlafzimmer") + ]; }; enable = true; #configDir = "/var/lib/hass"; diff --git a/makefu/2configs/deployment/homeautomation/mqtt.nix b/makefu/2configs/deployment/homeautomation/mqtt.nix index 1d6a6a3a..cd1c328d 100644 --- a/makefu/2configs/deployment/homeautomation/mqtt.nix +++ b/makefu/2configs/deployment/homeautomation/mqtt.nix @@ -10,7 +10,15 @@ hashedPassword = "$6$2DXU7W1bvqXPqxkF$vtdz5KTd/T09hmoc9LjgEGFjvpwQbQth6vlVcr5hJNLgcBHv4U03YCKC8TKXbmQAa8xiJ76xJIg25kcL+KI3tg=="; acl = [ "topic readwrite #" ]; }; + users.hass = { + hashedPassword = "$6$SHuYGrE5kPSUc/hu$EomZ0KBy+vkxLt/6eJkrSBjYblCCeMjhDfUd2mwqXYJ4XsP8hGmZ59mMlmBCd3AvlFYQxb4DT/j3TYlrqo7cDA=="; + acl = [ "topic readwrite #" ]; + }; + users.stats = { + hashedPassword = "$6$j4H7KXD/YZgvgNmL$8e9sUKRXowDqJLOVgzCdDrvDE3+4dGgU6AngfAeN/rleGOgaMhee2Mbg2KS5TC1TOW3tYbk9NhjLYtjBgfRkoA=="; + acl = [ "topic read #" ]; + }; }; environment.systemPackages = [ pkgs.mosquitto ]; - networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ]; + # port open via trusted interface } -- cgit v1.2.3 From 7181901c9fa2f6a311a96560bbf407bb76853c8e Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Sep 2018 08:15:45 +0200 Subject: ma tools: remove nix-repl --- makefu/2configs/tools/dev.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'makefu/2configs') diff --git a/makefu/2configs/tools/dev.nix b/makefu/2configs/tools/dev.nix index 0de65cce..09ee6349 100644 --- a/makefu/2configs/tools/dev.nix +++ b/makefu/2configs/tools/dev.nix @@ -21,7 +21,6 @@ gen-oath-safe cdrtools # nix related - nix-repl nix-index # git-related tig -- cgit v1.2.3 From 375b01004e645acd645e5daac6361705ae504133 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 18 Sep 2018 12:46:39 +0200 Subject: ma telegraf/hamstats: init --- makefu/2configs/stats/telegraf/hamstats.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 makefu/2configs/stats/telegraf/hamstats.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/stats/telegraf/hamstats.nix b/makefu/2configs/stats/telegraf/hamstats.nix new file mode 100644 index 00000000..88c1b6d5 --- /dev/null +++ b/makefu/2configs/stats/telegraf/hamstats.nix @@ -0,0 +1,28 @@ +{ pkgs, ...}: + +let + genTopic = name: topic: tags: { + servers = [ "tcp://localhost:1883" ]; + username = "stats"; + password = builtins.readFile ; + qos = 0; + connection_timeout = "30s"; + topics = [ topic ]; + tags = tags; + persistent_session = false; + name_override = name; + data_format = "json"; + # json_query = tags.sensor; #TODO? + }; + hamStat = host: + sensor: + (genTopic sensor + "/ham/${host}/${sensor}/tele/SENSOR" + {"host" = host; + "scope" = "ham"; + "sensor" = sensor; + } ); + bme = host: [(hamStat host "BME280")]; +in { + services.telegraf.extraConfig.inputs.mqtt_consumer = (bme "schlafzimmer"); +} -- cgit v1.2.3 From d99bbadf37b04cd1f5efb1e04d5996ef7dfd969a Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 19 Sep 2018 02:52:58 +0200 Subject: ma home-manager: init --- makefu/2configs/home-manager/cli.nix | 12 +++++++++ makefu/2configs/home-manager/default.nix | 7 +++++ makefu/2configs/home-manager/desktop.nix | 31 +++++++++++++++++++++ makefu/2configs/home-manager/mail.nix | 46 ++++++++++++++++++++++++++++++++ 4 files changed, 96 insertions(+) create mode 100644 makefu/2configs/home-manager/cli.nix create mode 100644 makefu/2configs/home-manager/default.nix create mode 100644 makefu/2configs/home-manager/desktop.nix create mode 100644 makefu/2configs/home-manager/mail.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/home-manager/cli.nix b/makefu/2configs/home-manager/cli.nix new file mode 100644 index 00000000..1efc4d2b --- /dev/null +++ b/makefu/2configs/home-manager/cli.nix @@ -0,0 +1,12 @@ +{ + home-manager.users.makefu = { + services.gpg-agent = { + defaultCacheTtl = 900; + maxCacheTtl = 7200; + defaultCacheTtlSsh = 3600; + maxCacheTtlSsh = 86400; + enableSshSupport = true; + }; + programs.fzf.enable = true; # alt-c + }; +} diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix new file mode 100644 index 00000000..e75ee626 --- /dev/null +++ b/makefu/2configs/home-manager/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + + ]; + home-manager.users.makefu = { + }; +} diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix new file mode 100644 index 00000000..c2f854d4 --- /dev/null +++ b/makefu/2configs/home-manager/desktop.nix @@ -0,0 +1,31 @@ +{pkgs, ... }: { + home-manager.users.makefu = { + programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; + services.network-manager-applet.enable = true; + services.blueman-applet.enable = true; + services.pasystray.enable = true; + + systemd.user.services.network-manager-applet.Service.Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + systemd.user.services.clipit = { + Unit = { + Description = "clipboard manager"; + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + + Service = { + Environment = '' + XDG_DATA_DIRS=/etc/profiles/per-user/makefu/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache + ''; + ExecStart = "${pkgs.clipit}/bin/clipit"; + Restart = "on-abort"; + }; + }; + }; +} diff --git a/makefu/2configs/home-manager/mail.nix b/makefu/2configs/home-manager/mail.nix new file mode 100644 index 00000000..ce7ae4f4 --- /dev/null +++ b/makefu/2configs/home-manager/mail.nix @@ -0,0 +1,46 @@ +{ + home-manager.users.makefu = { + accounts.email.accounts.syntaxfehler = { + address = "felix.richter@syntax-fehler.de"; + userName = "Felix.Richter@syntax-fehler.de"; + imap = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + smtp = { + host = "syntax-fehler.de"; + tls = { + enable = true; + }; + }; + msmtp.enable = true; + notmuch.enable = true; + offlineimap = { + enable = true; + postSyncHookCommand = "notmuch new"; + extraConfig.remote = { + holdconnectionopen = true; + idlefolders = "['INBOX']"; + }; + }; + primary = true; + realName = "Felix Richter"; + passwordCommand = "gpg --use-agent --quiet --batch -d /home/makefu/.mail/syntax-fehler.gpg"; + }; + programs.offlineimap.enable = true; + programs.offlineimap.extraConfig = { + mbnames = { + filename = "~/.mutt/muttrc.mailboxes"; + header = "'mailboxes '"; + peritem = "'+%(accountname)s/%(foldername)s'"; + sep = "' '"; + footer = "'\\n'"; + }; + general = { + ui = "TTY.TTYUI"; + }; + }; + }; +} -- cgit v1.2.3