From b658de054d724064a3531de2d4a53a7a28cdc6ac Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Sep 2018 16:17:39 +0200
Subject: ma omo.r: split hardware config, use disko for tsp hardware

---
 makefu/2configs/dcpp/hub.nix | 102 +++++++++++++++++++++++++++++++++++++++++++
 makefu/2configs/hub.nix      | 102 -------------------------------------------
 2 files changed, 102 insertions(+), 102 deletions(-)
 create mode 100644 makefu/2configs/dcpp/hub.nix
 delete mode 100644 makefu/2configs/hub.nix

(limited to 'makefu/2configs')

diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
new file mode 100644
index 00000000..a121157d
--- /dev/null
+++ b/makefu/2configs/dcpp/hub.nix
@@ -0,0 +1,102 @@
+{ config, lib, pkgs, ... }:
+
+# search also generates ddclient entries for all other logs
+
+with import <stockholm/lib>;
+let
+  ddclientUser = "ddclient";
+  sec = toString <secrets>;
+  nsupdate = import "${sec}/nsupdate-hub.nix";
+  stateDir = "/var/spool/ddclient";
+  cfg = "${stateDir}/cfg";
+  ext-if = config.makefu.server.primary-itf;
+  ddclientPIDFile = "${stateDir}/ddclient.pid";
+
+  # TODO: correct cert generation requires a `real` internet ip address
+
+  gen-cfg = dict: ''
+    ssl=yes
+    cache=${stateDir}/ddclient.cache
+    pid=${ddclientPIDFile}
+    ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
+
+      protocol=dyndns2
+      use=web, web=http://ipv4.nsupdate.info/myip
+      ssl=yes
+      server=ipv4.nsupdate.info
+      login=${user}
+      password='${pass}'
+      ${user}
+
+    '') dict)}
+  '';
+
+in {
+  users.extraUsers = singleton {
+    name = ddclientUser;
+    uid = genid "ddclient";
+    description = "ddclient daemon user";
+    home = stateDir;
+    createHome = true;
+  };
+
+  systemd.services = {
+    redis.serviceConfig.LimitNOFILE=10032;
+    ddclient-nsupdate-uhub = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "ip-up.target" ];
+      serviceConfig = {
+        Type = "forking";
+        User = ddclientUser;
+        PIDFile = ddclientPIDFile;
+        ExecStartPre = pkgs.writeDash "init-nsupdate" ''
+          cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
+          chmod 700 ${cfg}
+        '';
+        ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
+      };
+    };
+  };
+
+  networking.firewall.extraCommands = ''
+    iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
+  '';
+  systemd.services.uhub.serviceConfig = {
+    PrivateTmp = true;
+    PermissionsStartOnly = true;
+    ExecStartPre = pkgs.writeDash "uhub-pre" ''
+      cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt
+      cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key
+      cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql
+      chown uhub /tmp/*
+    '';
+
+  };
+  services.uhub = {
+    enable = true;
+    port = 1511;
+    enableTLS = true;
+    hubConfig = ''
+      hub_name = "krebshub"
+      tls_certificate = /tmp/uhub.crt
+      tls_private_key = /tmp/uhub.key
+      registered_users_only  = true
+    '';
+    plugins = {
+      welcome = {
+        enable = true;
+        motd = "shareit";
+        rules = "1. Don't be an asshole";
+      };
+      history = {
+        enable = true;
+      };
+      authSqlite = {
+        enable = true;
+        file = "/tmp/uhub.sql";
+      };
+
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 411 1511 ];
+}
diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix
deleted file mode 100644
index a121157d..00000000
--- a/makefu/2configs/hub.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# search also generates ddclient entries for all other logs
-
-with import <stockholm/lib>;
-let
-  ddclientUser = "ddclient";
-  sec = toString <secrets>;
-  nsupdate = import "${sec}/nsupdate-hub.nix";
-  stateDir = "/var/spool/ddclient";
-  cfg = "${stateDir}/cfg";
-  ext-if = config.makefu.server.primary-itf;
-  ddclientPIDFile = "${stateDir}/ddclient.pid";
-
-  # TODO: correct cert generation requires a `real` internet ip address
-
-  gen-cfg = dict: ''
-    ssl=yes
-    cache=${stateDir}/ddclient.cache
-    pid=${ddclientPIDFile}
-    ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
-
-      protocol=dyndns2
-      use=web, web=http://ipv4.nsupdate.info/myip
-      ssl=yes
-      server=ipv4.nsupdate.info
-      login=${user}
-      password='${pass}'
-      ${user}
-
-    '') dict)}
-  '';
-
-in {
-  users.extraUsers = singleton {
-    name = ddclientUser;
-    uid = genid "ddclient";
-    description = "ddclient daemon user";
-    home = stateDir;
-    createHome = true;
-  };
-
-  systemd.services = {
-    redis.serviceConfig.LimitNOFILE=10032;
-    ddclient-nsupdate-uhub = {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "ip-up.target" ];
-      serviceConfig = {
-        Type = "forking";
-        User = ddclientUser;
-        PIDFile = ddclientPIDFile;
-        ExecStartPre = pkgs.writeDash "init-nsupdate" ''
-          cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
-          chmod 700 ${cfg}
-        '';
-        ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
-      };
-    };
-  };
-
-  networking.firewall.extraCommands = ''
-    iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
-  '';
-  systemd.services.uhub.serviceConfig = {
-    PrivateTmp = true;
-    PermissionsStartOnly = true;
-    ExecStartPre = pkgs.writeDash "uhub-pre" ''
-      cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt
-      cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key
-      cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql
-      chown uhub /tmp/*
-    '';
-
-  };
-  services.uhub = {
-    enable = true;
-    port = 1511;
-    enableTLS = true;
-    hubConfig = ''
-      hub_name = "krebshub"
-      tls_certificate = /tmp/uhub.crt
-      tls_private_key = /tmp/uhub.key
-      registered_users_only  = true
-    '';
-    plugins = {
-      welcome = {
-        enable = true;
-        motd = "shareit";
-        rules = "1. Don't be an asshole";
-      };
-      history = {
-        enable = true;
-      };
-      authSqlite = {
-        enable = true;
-        file = "/tmp/uhub.sql";
-      };
-
-    };
-  };
-  networking.firewall.allowedTCPPorts = [ 411 1511 ];
-}
-- 
cgit v1.2.3


From babf8b1377c5d4551365ecc707b07c036da7550d Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Sep 2018 22:29:29 +0200
Subject: ma deployment/homeautomation: init

---
 .../2configs/deployment/homeautomation/default.nix | 61 ++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 makefu/2configs/deployment/homeautomation/default.nix

(limited to 'makefu/2configs')

diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix
new file mode 100644
index 00000000..1f935e2f
--- /dev/null
+++ b/makefu/2configs/deployment/homeautomation/default.nix
@@ -0,0 +1,61 @@
+{ pkgs, config, ... }:
+let
+  firetv = "192.168.1.238";
+in {
+  systemd.services.firetv = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody";
+      ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+    };
+  };
+  nixpkgs.config.permittedInsecurePackages = [
+    "homeassistant-0.65.5"
+  ];
+  services.home-assistant = {
+    config = {
+      homeassistant = {
+        name = "Home"; time_zone = "Europe/Berlin";
+        latitude = "48.7687";
+        longitude = "9.2478";
+      };
+      media_player = [
+        { platform = "kodi";
+          host = firetv;
+        }
+        { platform = "firetv";
+          # assumes python-firetv running
+        }
+      ];
+      sensor = [
+        { platform = "luftdaten";
+          name = "Ditzingen";
+          sensorid = "663";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        # https://www.home-assistant.io/cookbook/automation_for_rainy_days/
+        { platform = "darksky";
+          api_key = "c73619e6ea79e553a585be06aacf3679";
+          language = "de";
+          monitored_conditions = [ "summary" "icon"
+          "nearest_storm_distance" "precip_probability"
+          "precip_intensity"
+          "temperature" # "temperature_high" "temperature_low"
+          "hourly_summary"
+          "uv_index" ];
+          units =  "si" ;
+          update_interval = {
+                days = 0;
+                hours = 0;
+                minutes = 10;
+                seconds = 0;
+          };
+        }
+      ];
+      frontend = { };
+      http = { };
+    };
+    enable = true;
+    #configDir = "/var/lib/hass";
+  };
+}
-- 
cgit v1.2.3


From 9cdcf9b7ebb36f78f20263ec02089bfd427d7e81 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Sep 2018 22:30:34 +0200
Subject: ma gum.r: clean up dangling code

---
 makefu/2configs/wireguard/server.nix | 52 ++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 makefu/2configs/wireguard/server.nix

(limited to 'makefu/2configs')

diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix
new file mode 100644
index 00000000..e38fa05c
--- /dev/null
+++ b/makefu/2configs/wireguard/server.nix
@@ -0,0 +1,52 @@
+{ config, ... }:
+let
+  ext-if = config.makefu.server.primary-itf;
+in { # wireguard server
+
+  # opkg install wireguard luci-proto-wireguard
+
+  # TODO: networking.nat
+
+  # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  # conf.all.proxy_arp =1
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+    extraCommands = ''
+      iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
+    '';
+  };
+
+  networking.wireguard.interfaces.wg0 = {
+    ips = [ "10.244.0.1/24" ];
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wireguard.key";
+    allowedIPsAsRoutes = true;
+    peers = [
+    {
+      # x
+      allowedIPs = [ "10.244.0.2/32" ];
+      publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+    }
+    {
+      # vbob
+      allowedIPs = [ "10.244.0.3/32" ];
+      publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+    }
+    {
+      # x-test
+      allowedIPs = [ "10.244.0.4/32" ];
+      publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
+    }
+    {
+      # work-router
+      allowedIPs = [ "10.244.0.5/32" ];
+      publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
+    }
+    {
+      # workr
+      allowedIPs = [ "10.244.0.6/32" ];
+      publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+    }
+    ];
+  };
+}
-- 
cgit v1.2.3


From bdf8d7a94d71e82a980392633f84842eb4084291 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 13 Sep 2018 22:54:55 +0200
Subject: ma dcpp: add client

---
 makefu/2configs/dcpp/client.nix |  9 +++++++++
 makefu/2configs/dcpp/hub.nix    | 26 ++++++++++++++++++--------
 2 files changed, 27 insertions(+), 8 deletions(-)
 create mode 100644 makefu/2configs/dcpp/client.nix

(limited to 'makefu/2configs')

diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix
new file mode 100644
index 00000000..3b27778e
--- /dev/null
+++ b/makefu/2configs/dcpp/client.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{ # ncdc
+  environment.systemPackages = [ pkgs.ncdc ];
+  networking.firewall = {
+    allowedUDPPorts = [ 51411 ];
+    allowedTCPPorts = [ 51411 ];
+  };
+}
+
diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
index a121157d..92977b4c 100644
--- a/makefu/2configs/dcpp/hub.nix
+++ b/makefu/2configs/dcpp/hub.nix
@@ -30,6 +30,7 @@ let
 
     '') dict)}
   '';
+  uhubDir = "/var/lib/uhub";
 
 in {
   users.extraUsers = singleton {
@@ -65,22 +66,31 @@ in {
     PrivateTmp = true;
     PermissionsStartOnly = true;
     ExecStartPre = pkgs.writeDash "uhub-pre" ''
-      cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt
-      cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key
-      cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql
-      chown uhub /tmp/*
+      cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
+      cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key
+      if test -d ${uhubDir};then
+        echo "Directory ${uhubDir} already exists, skipping db init"
+      else
+        echo "Copying sql user db"
+        cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql
+      fi
+      chown -R uhub ${uhubDir}
     '';
 
   };
+  users.users.uhub = {
+    home = uhubDir;
+    createHome = true;
+  };
   services.uhub = {
     enable = true;
     port = 1511;
     enableTLS = true;
     hubConfig = ''
       hub_name = "krebshub"
-      tls_certificate = /tmp/uhub.crt
-      tls_private_key = /tmp/uhub.key
-      registered_users_only  = true
+      tls_certificate = ${uhubDir}/uhub.crt
+      tls_private_key = ${uhubDir}/uhub.key
+      registered_users_only = true
     '';
     plugins = {
       welcome = {
@@ -93,7 +103,7 @@ in {
       };
       authSqlite = {
         enable = true;
-        file = "/tmp/uhub.sql";
+        file = "${uhubDir}/uhub.sql";
       };
 
     };
-- 
cgit v1.2.3