From b658de054d724064a3531de2d4a53a7a28cdc6ac Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 16:17:39 +0200 Subject: ma omo.r: split hardware config, use disko for tsp hardware --- makefu/2configs/dcpp/hub.nix | 102 +++++++++++++++++++++++++++++++++++++++++++ makefu/2configs/hub.nix | 102 ------------------------------------------- 2 files changed, 102 insertions(+), 102 deletions(-) create mode 100644 makefu/2configs/dcpp/hub.nix delete mode 100644 makefu/2configs/hub.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix new file mode 100644 index 000000000..a121157d4 --- /dev/null +++ b/makefu/2configs/dcpp/hub.nix @@ -0,0 +1,102 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import ; +let + ddclientUser = "ddclient"; + sec = toString ; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp ${toString } /tmp/uhub.crt + cp ${toString } /tmp/uhub.key + cp ${toString } /tmp/uhub.sql + chown uhub /tmp/* + ''; + + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = /tmp/uhub.crt + tls_private_key = /tmp/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "/tmp/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} diff --git a/makefu/2configs/hub.nix b/makefu/2configs/hub.nix deleted file mode 100644 index a121157d4..000000000 --- a/makefu/2configs/hub.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import ; -let - ddclientUser = "ddclient"; - sec = toString ; - nsupdate = import "${sec}/nsupdate-hub.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ext-if = config.makefu.server.primary-itf; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - protocol=dyndns2 - use=web, web=http://ipv4.nsupdate.info/myip - ssl=yes - server=ipv4.nsupdate.info - login=${user} - password='${pass}' - ${user} - - '') dict)} - ''; - -in { - users.extraUsers = singleton { - name = ddclientUser; - uid = genid "ddclient"; - description = "ddclient daemon user"; - home = stateDir; - createHome = true; - }; - - systemd.services = { - redis.serviceConfig.LimitNOFILE=10032; - ddclient-nsupdate-uhub = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; - - networking.firewall.extraCommands = '' - iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 - ''; - systemd.services.uhub.serviceConfig = { - PrivateTmp = true; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString } /tmp/uhub.crt - cp ${toString } /tmp/uhub.key - cp ${toString } /tmp/uhub.sql - chown uhub /tmp/* - ''; - - }; - services.uhub = { - enable = true; - port = 1511; - enableTLS = true; - hubConfig = '' - hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true - ''; - plugins = { - welcome = { - enable = true; - motd = "shareit"; - rules = "1. Don't be an asshole"; - }; - history = { - enable = true; - }; - authSqlite = { - enable = true; - file = "/tmp/uhub.sql"; - }; - - }; - }; - networking.firewall.allowedTCPPorts = [ 411 1511 ]; -} -- cgit v1.2.3 From babf8b1377c5d4551365ecc707b07c036da7550d Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:29:29 +0200 Subject: ma deployment/homeautomation: init --- .../2configs/deployment/homeautomation/default.nix | 61 ++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 makefu/2configs/deployment/homeautomation/default.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix new file mode 100644 index 000000000..1f935e2f8 --- /dev/null +++ b/makefu/2configs/deployment/homeautomation/default.nix @@ -0,0 +1,61 @@ +{ pkgs, config, ... }: +let + firetv = "192.168.1.238"; +in { + systemd.services.firetv = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555"; + }; + }; + nixpkgs.config.permittedInsecurePackages = [ + "homeassistant-0.65.5" + ]; + services.home-assistant = { + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + }; + media_player = [ + { platform = "kodi"; + host = firetv; + } + { platform = "firetv"; + # assumes python-firetv running + } + ]; + sensor = [ + { platform = "luftdaten"; + name = "Ditzingen"; + sensorid = "663"; + monitored_conditions = [ "P1" "P2" ]; + } + # https://www.home-assistant.io/cookbook/automation_for_rainy_days/ + { platform = "darksky"; + api_key = "c73619e6ea79e553a585be06aacf3679"; + language = "de"; + monitored_conditions = [ "summary" "icon" + "nearest_storm_distance" "precip_probability" + "precip_intensity" + "temperature" # "temperature_high" "temperature_low" + "hourly_summary" + "uv_index" ]; + units = "si" ; + update_interval = { + days = 0; + hours = 0; + minutes = 10; + seconds = 0; + }; + } + ]; + frontend = { }; + http = { }; + }; + enable = true; + #configDir = "/var/lib/hass"; + }; +} -- cgit v1.2.3 From 9cdcf9b7ebb36f78f20263ec02089bfd427d7e81 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:30:34 +0200 Subject: ma gum.r: clean up dangling code --- makefu/2configs/wireguard/server.nix | 52 ++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 makefu/2configs/wireguard/server.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix new file mode 100644 index 000000000..e38fa05cb --- /dev/null +++ b/makefu/2configs/wireguard/server.nix @@ -0,0 +1,52 @@ +{ config, ... }: +let + ext-if = config.makefu.server.primary-itf; +in { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString ) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; +} -- cgit v1.2.3 From bdf8d7a94d71e82a980392633f84842eb4084291 Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 13 Sep 2018 22:54:55 +0200 Subject: ma dcpp: add client --- makefu/2configs/dcpp/client.nix | 9 +++++++++ makefu/2configs/dcpp/hub.nix | 26 ++++++++++++++++++-------- 2 files changed, 27 insertions(+), 8 deletions(-) create mode 100644 makefu/2configs/dcpp/client.nix (limited to 'makefu/2configs') diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix new file mode 100644 index 000000000..3b27778e5 --- /dev/null +++ b/makefu/2configs/dcpp/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; +} + diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix index a121157d4..92977b4c8 100644 --- a/makefu/2configs/dcpp/hub.nix +++ b/makefu/2configs/dcpp/hub.nix @@ -30,6 +30,7 @@ let '') dict)} ''; + uhubDir = "/var/lib/uhub"; in { users.extraUsers = singleton { @@ -65,22 +66,31 @@ in { PrivateTmp = true; PermissionsStartOnly = true; ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp ${toString } /tmp/uhub.crt - cp ${toString } /tmp/uhub.key - cp ${toString } /tmp/uhub.sql - chown uhub /tmp/* + cp -f ${toString } ${uhubDir}/uhub.crt + cp -f ${toString } ${uhubDir}/uhub.key + if test -d ${uhubDir};then + echo "Directory ${uhubDir} already exists, skipping db init" + else + echo "Copying sql user db" + cp ${toString } ${uhubDir}/uhub.sql + fi + chown -R uhub ${uhubDir} ''; }; + users.users.uhub = { + home = uhubDir; + createHome = true; + }; services.uhub = { enable = true; port = 1511; enableTLS = true; hubConfig = '' hub_name = "krebshub" - tls_certificate = /tmp/uhub.crt - tls_private_key = /tmp/uhub.key - registered_users_only = true + tls_certificate = ${uhubDir}/uhub.crt + tls_private_key = ${uhubDir}/uhub.key + registered_users_only = true ''; plugins = { welcome = { @@ -93,7 +103,7 @@ in { }; authSqlite = { enable = true; - file = "/tmp/uhub.sql"; + file = "${uhubDir}/uhub.sql"; }; }; -- cgit v1.2.3