diff options
Diffstat (limited to 'makefu/2configs')
24 files changed, 245 insertions, 77 deletions
diff --git a/makefu/2configs/deployment/bureautomation/hass.nix b/makefu/2configs/deployment/bureautomation/hass.nix index d5793f886..4605e8933 100644 --- a/makefu/2configs/deployment/bureautomation/hass.nix +++ b/makefu/2configs/deployment/bureautomation/hass.nix @@ -1,48 +1,43 @@ { pkgs, lib, ... }: let - tasmota_plug = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "/bam/${topic}/stat/POWER"; - command_topic = "/bam/${topic}/cmnd/POWER"; - availability_topic = "/bam/${topic}/tele/LWT"; - qos = 1; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain= false; - }; + tasmota_plug = name: topic: + { platform = "mqtt"; + inherit name; + state_topic = "/bam/${topic}/stat/POWER1"; + command_topic = "/bam/${topic}/cmnd/POWER1"; + availability_topic = "/bam/${topic}/tele/LWT"; + payload_on= "ON"; + payload_off= "OFF"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; espeasy_dht22 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/dht22/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - { - platform = "mqtt"; - device_class = "humidity"; - state_topic = "/bam/${name}/dht22/Temperature"; - unit_of_measurement = "C"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - }]; - espeasy_ds18 = name: [ - { - platform = "mqtt"; - device_class = "temperature"; - state_topic = "/bam/${name}/ds18/Temperature"; - availability_topic = "/bam/${name}/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; - } - ]; + { platform = "mqtt"; + name = "${name} DHT22 Temperature"; + device_class = "temperature"; + state_topic = "/bam/${name}/dht22/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + } + { platform = "mqtt"; + device_class = "humidity"; + name = "${name} DHT22 Humidity"; + state_topic = "/bam/${name}/dht22/Humidity"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }]; + espeasy_ds18 = name: + { platform = "mqtt"; + name = "${name} DS18 Temperature"; + state_topic = "/bam/${name}/ds18/Temperature"; + availability_topic = "/bam/${name}/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; + }; in { - + networking.firewall.allowedTCPPorts = [ 8123 ]; nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.65.5" ]; @@ -81,18 +76,19 @@ in { (tasmota_plug "Pluggy" "plug4") ]; binary_sensor = [ - { # esp_easy - platform = "mqtt"; + { platform = "mqtt"; device_class = "motion"; + name = "Motion"; state_topic = "/bam/easy2/movement/Switch"; payload_on = "1"; payload_off = "0"; - availability_topic = "/bam/easy2/status/LWT"; - payload_available = "Connected"; - payload_not_available = "Connection Lost"; + availability_topic = "/bam/easy2/tele/LWT"; + payload_available = "Online"; + payload_not_available = "Offline"; } ]; sensor = + (espeasy_dht22 "easy1") ++ (espeasy_dht22 "easy2") ++ [ (espeasy_ds18 "easy3" ) { platform = "luftdaten"; diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix index f23789ee5..235cc1546 100644 --- a/makefu/2configs/deployment/google-muell.nix +++ b/makefu/2configs/deployment/google-muell.nix @@ -5,7 +5,10 @@ let home = "/var/lib/ampel"; sec = "${toString <secrets>}/google-muell.json"; ampelsec = "${home}/google-muell.json"; - esp = "192.168.1.23"; + cred = "${toString <secrets>}/google-muell-creds.json"; + # TODO: generate this credential file locally + ampelcred = "${home}/google-muell-creds.json"; + esp = "192.168.8.204"; sleepval = "1800"; in { users.users.ampel = { @@ -21,10 +24,10 @@ in { serviceConfig = { User = "ampel"; ExecStartPre = pkgs.writeDash "copy-ampel-secrets" '' - cp ${sec} ${ampelsec} - chown ampel ${ampelsec} + install -m600 -o ampel ${sec} ${ampelsec} + install -m600 -o ampel ${cred} ${ampelcred} ''; - ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}"; + ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}"; PermissionsStartOnly = true; Restart = "always"; RestartSec = 10; diff --git a/makefu/2configs/fs/single-partition-ext4.nix b/makefu/2configs/fs/single-partition-ext4.nix index 1970c949f..1655556a5 100644 --- a/makefu/2configs/fs/single-partition-ext4.nix +++ b/makefu/2configs/fs/single-partition-ext4.nix @@ -1,5 +1,7 @@ {config, ...}: { + # fdisk /dev/sda + # mkfs.ext4 -L nixos /dev/sda1 boot.loader.grub.enable = assert config.boot.loader.grub.device != ""; true; boot.loader.grub.version = 2; diff --git a/makefu/2configs/git/cgit-retiolum.nix b/makefu/2configs/git/cgit-retiolum.nix index 61182f6c3..1a7f3d987 100644 --- a/makefu/2configs/git/cgit-retiolum.nix +++ b/makefu/2configs/git/cgit-retiolum.nix @@ -31,6 +31,7 @@ let ampel = { }; europastats = { }; arafetch = { }; + disko = { }; init-stockholm = { cgit.desc = "Init stuff for stockholm"; }; diff --git a/makefu/2configs/hw/bluetooth.nix b/makefu/2configs/hw/bluetooth.nix index 85c3190ff..313ca0147 100644 --- a/makefu/2configs/hw/bluetooth.nix +++ b/makefu/2configs/hw/bluetooth.nix @@ -29,11 +29,14 @@ # presumably a2dp Sink # Enable profile: ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink - hardware.bluetooth.extraConfig = ''; - [general] - Enable=Source,Sink,Media,Socket - ''; # connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio - hardware.bluetooth.enable = true; + hardware.bluetooth = { + enable = true; + powerOnBoot = false; + extraConfig = '' + [general] + Enable=Source,Sink,Media,Socket + ''; + }; } diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix new file mode 100644 index 000000000..f079d7f41 --- /dev/null +++ b/makefu/2configs/mail/mail.euer.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: +{ + imports = [ + (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.1.4/nixos-mailserver-v2.1.4.tar.gz") + ]; + + mailserver = { + enable = true; + fqdn = "euer.eloop.org"; + domains = [ "euer.eloop.org" ]; + loginAccounts = { + "makefu@euer.eloop.org" = { + hashedPassword = "$6$5gFFAPnI/c/EHIx$3aHj64p5SX./C.MPb.eBmyLDRdWS1yaoV0s9r3Yexw4UO9URdUkBDgqT7F0Mjgt6.gyYaJ5E50h0Yg7iHtLWI/"; + aliases = [ "root@euer.eloop.org" ]; + catchAll = [ "euer.eloop.org" ]; + + }; + }; + certificateScheme = 3; + + # Enable IMAP and POP3 + enableImap = true; + enablePop3 = false; + enableImapSsl = true; + enablePop3Ssl = false; + + # Enable the ManageSieve protocol + enableManageSieve = true; + + virusScanning = false; + + }; + + services.dovecot2.extraConfig = '' + ssl_dh = </var/lib/dhparams/dovecot.pem + ''; + # workaround for DH creation + # security.dhparams = { + # enable = true; + # params = { + # dovecot = 2048; + # }; + # }; + # systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ]; + # systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ]; +} + diff --git a/makefu/2configs/mqtt.nix b/makefu/2configs/mqtt.nix index 39c9fdfdd..c56521812 100644 --- a/makefu/2configs/mqtt.nix +++ b/makefu/2configs/mqtt.nix @@ -4,6 +4,7 @@ enable = true; host = "0.0.0.0"; users = {}; + # TODO: secure that shit allowAnonymous = true; }; } diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix index c5a7e68af..765fef535 100644 --- a/makefu/2configs/nginx/euer.mon.nix +++ b/makefu/2configs/nginx/euer.mon.nix @@ -10,7 +10,12 @@ let in { services.nginx = { enable = mkDefault true; - virtualHosts."mon.euer.krebsco.de" = { + virtualHosts."mon.euer.krebsco.de" = let + # flesh_wrap + authFile = pkgs.writeText "influx.conf" '' + user:$apr1$ZG9oQCum$FhtIe/cl3jf8Sa4zq/BWd1 + ''; + in { forceSSL = true; enableACME = true; locations."/" = { @@ -21,6 +26,17 @@ in { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; + locations."/influxdb/" = { + proxyPass = "http://wbob.r:8086/"; + extraConfig = '' + auth_basic "Needs Autherization to visit"; + auth_basic_user_file ${authFile}; + proxy_http_version 1.1; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + ''; + }; }; }; } diff --git a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix index d0881a934..752612342 100644 --- a/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix +++ b/makefu/2configs/nginx/misa-felix-hochzeit.ml.nix @@ -3,7 +3,7 @@ services.nginx = { enable = lib.mkDefault true; virtualHosts."misa-felix-hochzeit.ml" = { - serverAliases = [ "www.misa-felix-hochzeit.ml" "misa-felix.ml" "www.misa-felix.ml" ]; + serverAliases = [ "misa-felix.ml" "www.misa-felix.ml" ]; forceSSL = true; enableACME = true; locations = { diff --git a/makefu/2configs/remote-build/slave.nix b/makefu/2configs/remote-build/slave.nix index b6e000a34..89121ffd6 100644 --- a/makefu/2configs/remote-build/slave.nix +++ b/makefu/2configs/remote-build/slave.nix @@ -1,11 +1,10 @@ -{ +{config,...}:{ nix.trustedUsers = [ "nixBuild" ]; users.users.nixBuild = { name = "nixBuild"; useDefaultShell = true; - # TODO: put this somewhere else openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPlhb0TIBW9RN9T8Is4YRIc1RjOg+cxbZCaDjbM4zxrX nixBuild" + config.krebs.users.buildbotSlave.pubkey ]; }; } diff --git a/makefu/2configs/retroshare.nix b/makefu/2configs/retroshare.nix new file mode 100644 index 000000000..4d2fc6af9 --- /dev/null +++ b/makefu/2configs/retroshare.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +let + port = 9024; +in { + users.users.makefu.packages = [ + pkgs.retroshare + ]; + networking.firewall.allowedTCPPorts = [ port ]; + networking.firewall.allowedUDPPorts = [ port ]; +} diff --git a/makefu/2configs/save-diskspace.nix b/makefu/2configs/save-diskspace.nix index 4fd569768..b6725e730 100644 --- a/makefu/2configs/save-diskspace.nix +++ b/makefu/2configs/save-diskspace.nix @@ -4,8 +4,8 @@ _: environment.noXlibs = true; nix.gc.automatic = true; nix.gc.dates = "03:10"; - programs.info.enable = false; - programs.man.enable = false; + documentation.info.enable = false; + documentation.man.enable = false; services.journald.extraConfig = "SystemMaxUse=50M"; services.nixosManual.enable = false; } diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix index be9ab026b..db2adfb1c 100644 --- a/makefu/2configs/share/gum-client.nix +++ b/makefu/2configs/share/gum-client.nix @@ -17,6 +17,7 @@ in { "file_mode=0775" "dir_mode=0775" "uid=9001" + "vers=3" ]; }; diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix new file mode 100644 index 000000000..18cf0328e --- /dev/null +++ b/makefu/2configs/share/omo-timemachine.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + services.samba = { + # support for timemachine in git + package = pkgs.sambaFull; + shares = { + time_machine = { + path = "/media/crypt3/backup/time_machine"; + "valid users" = "misa"; + public = "no"; + writeable = "yes"; + "force user" = "misa"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; + }; + }; +} diff --git a/makefu/2configs/stats/external/weather2stats.nix b/makefu/2configs/stats/external/weather2stats.nix new file mode 100644 index 000000000..870db99a8 --- /dev/null +++ b/makefu/2configs/stats/external/weather2stats.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; +let + pkg = pkgs.stdenv.mkDerivation { + name = "aralast-master"; + src = pkgs.fetchFromGitHub { + owner = "makefu"; + repo = "aralast"; + rev = "7121598"; + sha256 = "0vw027c698h9b69ksid5p3pji9960hd7n9xi4arrax0vfkwryb4m"; + }; + installPhase = '' + install -m755 -D aralast.sh $out/bin/aralast + ''; + }; +in { + systemd.services.aralast = { + description = "periodically fetch aramark"; + path = [ + pkgs.curl + pkgs.gnugrep + pkgs.gnused + ]; + wantedBy = [ "multi-user.target" ]; + environment = { + INFLUX_HOST = "localhost"; + INFLUX_PORT = "8086"; + }; + # every 10 seconds when the cantina is open + startAt = "Mon,Tue,Wed,Thu,Fri *-*-* 6,7,8,9,10,11,12,13,14,15:*:0,15,30,45"; + serviceConfig = { + User = "nobody"; + ExecStart = "${pkg}/bin/aralast"; + PrivateTmp = true; + }; + }; +} diff --git a/makefu/2configs/stats/server.nix b/makefu/2configs/stats/server.nix index 7548c733e..c8e768c99 100644 --- a/makefu/2configs/stats/server.nix +++ b/makefu/2configs/stats/server.nix @@ -2,11 +2,11 @@ with import <stockholm/lib>; let - irc-server = "rc.r"; + irc-server = "irc.r"; irc-nick = "m-alarm"; collectd-port = 25826; influx-port = 8086; - grafana-port = 3000; # TODO nginx forward + grafana-port = 3000; db = "collectd_db"; logging-interface = config.makefu.server.primary-itf; in { @@ -72,15 +72,16 @@ in { iptables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT iptables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p udp --dport ${toString collectd-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString influx-port} -j ACCEPT ip6tables -A INPUT -i retiolum -p tcp --dport ${toString grafana-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT - ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT + #ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT ''; + state = [ "/var/lib/grafana/data/grafana.db" ]; } diff --git a/makefu/2configs/syncthing.nix b/makefu/2configs/syncthing.nix index 6b758ea2d..bc7413a0a 100644 --- a/makefu/2configs/syncthing.nix +++ b/makefu/2configs/syncthing.nix @@ -1,11 +1,17 @@ -{...}: +{ config, ... }: with import <stockholm/lib>; { services.syncthing = { enable = true; openDefaultPorts = true; - useInotify = true; group = "download"; }; users.extraGroups.download.gid = genid "download"; + state = map (x: config.services.syncthing.dataDir + "/" + x) [ + "key.pem" + "cert.pem" + "config.xml" + "https-cert.pem" + "https-key.pem" + ]; } diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix index c55b94466..98abb2406 100644 --- a/makefu/2configs/tinc/retiolum.nix +++ b/makefu/2configs/tinc/retiolum.nix @@ -1,7 +1,8 @@ -_: +{ pkgs, ... }: { imports = [ ../binary-cache/lass.nix ]; krebs.tinc.retiolum.enable = true; + environment.systemPackages = [ pkgs.tinc ]; } diff --git a/makefu/2configs/tools/core.nix b/makefu/2configs/tools/core.nix index 604288904..33e896d4c 100644 --- a/makefu/2configs/tools/core.nix +++ b/makefu/2configs/tools/core.nix @@ -3,9 +3,11 @@ # tools i use when actually working with the host. # package version will now be maintained by nix-rebuild # -# essentially `nix-env -q` of the main user { environment.systemPackages = with pkgs; [ + ( pkgs.writeScriptBin "unknow" ''#!/bin/sh +${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts + '') at_spi2_core acpi bc diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix index 3d26cc574..1c28eeffd 100644 --- a/makefu/2configs/tools/extra-gui.nix +++ b/makefu/2configs/tools/extra-gui.nix @@ -6,6 +6,7 @@ gimp inkscape libreoffice + quodlibet # skype synergy tdesktop diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 35faaa29f..a61b6c88e 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -3,11 +3,14 @@ { users.users.makefu.packages = with pkgs; [ kodi - streamripper - youtube-dl calibre vlc mumble mplayer + quodlibet + + plowshare + streamripper + youtube-dl ]; } diff --git a/makefu/2configs/tools/mobility.nix b/makefu/2configs/tools/mobility.nix index 1993a5212..8a559dbbd 100644 --- a/makefu/2configs/tools/mobility.nix +++ b/makefu/2configs/tools/mobility.nix @@ -3,7 +3,11 @@ users.users.makefu.packages = with pkgs;[ go-mtpfs mosh + sshfs + rclone + exfat + (pkgs.callPackage ./secrets.nix {}) ]; - boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + # boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; } diff --git a/makefu/2configs/tools/secrets.nix b/makefu/2configs/tools/secrets.nix new file mode 100644 index 000000000..f88618cbc --- /dev/null +++ b/makefu/2configs/tools/secrets.nix @@ -0,0 +1,12 @@ +{ pass, write, writeDash, ... }: + +write "secrets" { + "/bin/secrets".link = writeDash "brain" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/pass $@ + ''; + "/bin/secretsmenu".link = writeDash "secretsmenu" '' + PASSWORD_STORE_DIR=$HOME/.secrets-pass/ \ + exec ${pass}/bin/passmenu $@ + ''; +} diff --git a/makefu/2configs/zsh-user.nix b/makefu/2configs/zsh-user.nix index 6be078f6a..23ae572da 100644 --- a/makefu/2configs/zsh-user.nix +++ b/makefu/2configs/zsh-user.nix @@ -68,6 +68,8 @@ in compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets + zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" # ctrl-x ctrl-e autoload -U edit-command-line |