4 files changed, 140 insertions, 8 deletions

diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix
new file mode 100644
index 000000000..3b27778e5
--- /dev/null
+++ b/makefu/2configs/dcpp/client.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{ # ncdc
+  environment.systemPackages = [ pkgs.ncdc ];
+  networking.firewall = {
+    allowedUDPPorts = [ 51411 ];
+    allowedTCPPorts = [ 51411 ];
+  };
+}
+
diff --git a/makefu/2configs/hub.nix b/makefu/2configs/dcpp/hub.nix
index a121157d4..92977b4c8 100644
--- a/makefu/2configs/hub.nix
+++ b/makefu/2configs/dcpp/hub.nix
@@ -30,6 +30,7 @@ let
 
     '') dict)}
   '';
+  uhubDir = "/var/lib/uhub";
 
 in {
   users.extraUsers = singleton {
@@ -65,22 +66,31 @@ in {
     PrivateTmp = true;
     PermissionsStartOnly = true;
     ExecStartPre = pkgs.writeDash "uhub-pre" ''
-      cp ${toString <secrets/wildcard.krebsco.de.crt>} /tmp/uhub.crt
-      cp ${toString <secrets/wildcard.krebsco.de.key>} /tmp/uhub.key
-      cp ${toString <secrets/uhub.sql>} /tmp/uhub.sql
-      chown uhub /tmp/*
+      cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
+      cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key
+      if test -d ${uhubDir};then
+        echo "Directory ${uhubDir} already exists, skipping db init"
+      else
+        echo "Copying sql user db"
+        cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql
+      fi
+      chown -R uhub ${uhubDir}
     '';
 
   };
+  users.users.uhub = {
+    home = uhubDir;
+    createHome = true;
+  };
   services.uhub = {
     enable = true;
     port = 1511;
     enableTLS = true;
     hubConfig = ''
       hub_name = "krebshub"
-      tls_certificate = /tmp/uhub.crt
-      tls_private_key = /tmp/uhub.key
-      registered_users_only  = true
+      tls_certificate = ${uhubDir}/uhub.crt
+      tls_private_key = ${uhubDir}/uhub.key
+      registered_users_only = true
     '';
     plugins = {
       welcome = {
@@ -93,7 +103,7 @@ in {
       };
       authSqlite = {
         enable = true;
-        file = "/tmp/uhub.sql";
+        file = "${uhubDir}/uhub.sql";
       };
 
     };
diff --git a/makefu/2configs/deployment/homeautomation/default.nix b/makefu/2configs/deployment/homeautomation/default.nix
new file mode 100644
index 000000000..1f935e2f8
--- /dev/null
+++ b/makefu/2configs/deployment/homeautomation/default.nix
@@ -0,0 +1,61 @@
+{ pkgs, config, ... }:
+let
+  firetv = "192.168.1.238";
+in {
+  systemd.services.firetv = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "nobody";
+      ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
+    };
+  };
+  nixpkgs.config.permittedInsecurePackages = [
+    "homeassistant-0.65.5"
+  ];
+  services.home-assistant = {
+    config = {
+      homeassistant = {
+        name = "Home"; time_zone = "Europe/Berlin";
+        latitude = "48.7687";
+        longitude = "9.2478";
+      };
+      media_player = [
+        { platform = "kodi";
+          host = firetv;
+        }
+        { platform = "firetv";
+          # assumes python-firetv running
+        }
+      ];
+      sensor = [
+        { platform = "luftdaten";
+          name = "Ditzingen";
+          sensorid = "663";
+          monitored_conditions = [ "P1" "P2" ];
+        }
+        # https://www.home-assistant.io/cookbook/automation_for_rainy_days/
+        { platform = "darksky";
+          api_key = "c73619e6ea79e553a585be06aacf3679";
+          language = "de";
+          monitored_conditions = [ "summary" "icon"
+          "nearest_storm_distance" "precip_probability"
+          "precip_intensity"
+          "temperature" # "temperature_high" "temperature_low"
+          "hourly_summary"
+          "uv_index" ];
+          units =  "si" ;
+          update_interval = {
+                days = 0;
+                hours = 0;
+                minutes = 10;
+                seconds = 0;
+          };
+        }
+      ];
+      frontend = { };
+      http = { };
+    };
+    enable = true;
+    #configDir = "/var/lib/hass";
+  };
+}
diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix
new file mode 100644
index 000000000..e38fa05cb
--- /dev/null
+++ b/makefu/2configs/wireguard/server.nix
@@ -0,0 +1,52 @@
+{ config, ... }:
+let
+  ext-if = config.makefu.server.primary-itf;
+in { # wireguard server
+
+  # opkg install wireguard luci-proto-wireguard
+
+  # TODO: networking.nat
+
+  # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  # conf.all.proxy_arp =1
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+    extraCommands = ''
+      iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
+    '';
+  };
+
+  networking.wireguard.interfaces.wg0 = {
+    ips = [ "10.244.0.1/24" ];
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wireguard.key";
+    allowedIPsAsRoutes = true;
+    peers = [
+    {
+      # x
+      allowedIPs = [ "10.244.0.2/32" ];
+      publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+    }
+    {
+      # vbob
+      allowedIPs = [ "10.244.0.3/32" ];
+      publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+    }
+    {
+      # x-test
+      allowedIPs = [ "10.244.0.4/32" ];
+      publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
+    }
+    {
+      # work-router
+      allowedIPs = [ "10.244.0.5/32" ];
+      publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
+    }
+    {
+      # workr
+      allowedIPs = [ "10.244.0.6/32" ];
+      publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+    }
+    ];
+  };
+}