From 6e44c39fe0946d29436766c49ee73de6c69191c8 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 11 Apr 2023 22:33:28 +0200 Subject: k shack/glados: now a docker deployment --- krebs/2configs/shack/glados/automation/ampel.nix | 23 --- .../shack/glados/automation/announcement.j2 | 28 ---- .../shack/glados/automation/hass-restart.nix | 24 ---- .../shack/glados/automation/party-time.nix | 32 ----- .../shack/glados/automation/shack-startup.nix | 100 ------------- krebs/2configs/shack/glados/default.nix | 156 ++++----------------- krebs/2configs/shack/glados/deps/gtts-token.nix | 27 ---- krebs/2configs/shack/glados/deps/pyhaversion.nix | 33 ----- krebs/2configs/shack/glados/lib/default.nix | 66 --------- krebs/2configs/shack/glados/multi/rollos.nix | 59 -------- .../2configs/shack/glados/multi/schlechte_luft.nix | 109 -------------- krebs/2configs/shack/glados/multi/shackopen.nix | 26 ---- krebs/2configs/shack/glados/multi/wasser.nix | 113 --------------- krebs/2configs/shack/glados/sensors/darksky.nix | 24 ---- krebs/2configs/shack/glados/sensors/mate.nix | 20 --- krebs/2configs/shack/glados/sensors/power.nix | 29 ---- krebs/2configs/shack/glados/sensors/sensemap.nix | 9 -- krebs/2configs/shack/glados/sensors/spaceapi.nix | 55 -------- krebs/2configs/shack/glados/sensors/unifi.nix | 6 - krebs/2configs/shack/glados/switch/power.nix | 44 ------ 20 files changed, 27 insertions(+), 956 deletions(-) delete mode 100644 krebs/2configs/shack/glados/automation/ampel.nix delete mode 100644 krebs/2configs/shack/glados/automation/announcement.j2 delete mode 100644 krebs/2configs/shack/glados/automation/hass-restart.nix delete mode 100644 krebs/2configs/shack/glados/automation/party-time.nix delete mode 100644 krebs/2configs/shack/glados/automation/shack-startup.nix delete mode 100644 krebs/2configs/shack/glados/deps/gtts-token.nix delete mode 100644 krebs/2configs/shack/glados/deps/pyhaversion.nix delete mode 100644 krebs/2configs/shack/glados/lib/default.nix delete mode 100644 krebs/2configs/shack/glados/multi/rollos.nix delete mode 100644 krebs/2configs/shack/glados/multi/schlechte_luft.nix delete mode 100644 krebs/2configs/shack/glados/multi/shackopen.nix delete mode 100644 krebs/2configs/shack/glados/multi/wasser.nix delete mode 100644 krebs/2configs/shack/glados/sensors/darksky.nix delete mode 100644 krebs/2configs/shack/glados/sensors/mate.nix delete mode 100644 krebs/2configs/shack/glados/sensors/power.nix delete mode 100644 krebs/2configs/shack/glados/sensors/sensemap.nix delete mode 100644 krebs/2configs/shack/glados/sensors/spaceapi.nix delete mode 100644 krebs/2configs/shack/glados/sensors/unifi.nix delete mode 100644 krebs/2configs/shack/glados/switch/power.nix (limited to 'krebs') diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix deleted file mode 100644 index 4be92a328..000000000 --- a/krebs/2configs/shack/glados/automation/ampel.nix +++ /dev/null @@ -1,23 +0,0 @@ -# needs: -# binary_sensor.lounge_ampel_status -# light.lounge_ampel_licht_rot - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Ampel Rotes Licht"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "binary_sensor.lounge_ampel_status"; - }; - action = { service = "light.turn_on"; - data.entity_id = "light.lounge_ampel_licht_rot"; - }; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/announcement.j2 b/krebs/2configs/shack/glados/automation/announcement.j2 deleted file mode 100644 index 2ae5f1a46..000000000 --- a/krebs/2configs/shack/glados/automation/announcement.j2 +++ /dev/null @@ -1,28 +0,0 @@ -Willkommen werter Keyholder {{ states("sensor.keyholder") }} in deinem Lieblingshackerspace. - -Es ist {{states("sensor.fablab_feinstaub_temperature") | round(1) | replace('.',' Komma ')}} Grad {% if states("sensor.fablab_feinstaub_temperature")|float > 25 %}heiss{%elif states("sensor.fablab_feinstaub_temperature")|float > 15%}warm{%else%}kalt{%endif%} bei {% if states(" sensor.rz_feinstaub_humidity") | int <45 %}trockenen{% elif states(" sensor.rz_feinstaub_humidity") | int <65 %}angenehmen{%else%}feuchten{%endif%} {{states(" sensor.rz_feinstaub_humidity") | int }} Prozent Luftfeuchtigkeit. - -{% if (states("sensor.fullstand_mate_1")|int == 0) and - states("sensor.fullstand_mate_2")|int == 0 %}ES IST MAHTECALYPSE, BEIDE MAHTESCHÄCHTE SIND LEER! {%if states("sensor.fullstand_mate_cola")| int == 0%} UND SOGAR DIE COLA IST ALLE. Ihr seid sowas von am Arsch!{%else%}Zum Glück gibt es noch Cola, Phew!{%endif%} -{% elif (states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int) < 5 %} -Der Mahtestand im Automaten ist mit {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} verbleibenden Flaschen kritisch! -{% else %} -Im Automaten sind noch {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} Flaschen Mahte und {{states("sensor.fullstand_mate_cola")}} Flaschen Cola. -{%endif%} - -Die Wettervorhersage: {{states("sensor.dark_sky_hourly_summary")}} Aktuell {{states("sensor.dark_sky_summary")}} bei {{states("sensor.dark_sky_temperature") | round(1) | replace('.',' Komma ')}} Grad. -Der Stromverbrauch liegt bei {{ (( states("sensor.l1_power")|int + states("sensor.l2_power")|int + states("sensor.l3_power")|int ) / 1000 )| round(1) | replace('.',' Komma ')}} Kilowatt. - -Im Fablab ist die Feinstaubbelastung {% if states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 50 %}hoch!{%elif states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 25 %}mäßig.{% else %}gering.{%endif%} - -{% if is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor und Entropia haben geöffnet. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor und Entropia haben geschlossen. -{% elif is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor hat geöffnet und Entropia hat geschlossen. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor hat geschlossen und Entropia hat geöffnet. -{%endif%} - -Die Glados Hackerspace Automation wünscht dir und allen Anwesenden einen produktiven und angenehmen Aufenthalt! diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix deleted file mode 100644 index 5f61e19f1..000000000 --- a/krebs/2configs/shack/glados/automation/hass-restart.nix +++ /dev/null @@ -1,24 +0,0 @@ -# needs: -# light.fablab_led -{ - services.home-assistant.config.automation = - [ - { alias = "State on HA start-up"; - trigger = { - platform = "homeassistant"; - event = "start"; - }; - # trigger good/bad air - action = [ - { service = "light.turn_on"; - data = { - entity_id = "light.fablab_led"; - effect = "Rainbow"; - color_name = "purple"; - }; - } - ]; - } - ]; -} - diff --git a/krebs/2configs/shack/glados/automation/party-time.nix b/krebs/2configs/shack/glados/automation/party-time.nix deleted file mode 100644 index 9e7fe24cd..000000000 --- a/krebs/2configs/shack/glados/automation/party-time.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Needs: -# sun.sunset -# switch.lounge_diskoschalter_relay -let - glados = import ../lib; - disko_schalter = "switch.lounge_diskoschalter_relay"; - player = "media_player.lounge"; -in -{ - services.home-assistant.config.automation = - [ - { alias = "Party um 21 Uhr"; - trigger = { - platform = "sun"; - event = "sunset"; - }; - action = - ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" ) - ++ - [ - { - service = "homeassistant.turn_on"; - entity_id = disko_schalter; - } - { - service = "media_player.turn_on"; - data.entity_id = player; - } # TODO: also start playlist if nothing is running? - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/shack-startup.nix b/krebs/2configs/shack/glados/automation/shack-startup.nix deleted file mode 100644 index 471d817a2..000000000 --- a/krebs/2configs/shack/glados/automation/shack-startup.nix +++ /dev/null @@ -1,100 +0,0 @@ -# needs: -# binary_sensor.portal_lock -# sensor.keyholder -# media_player.lounge - -# additional state required on: -# mpd.shack: -# playlist "ansage" -# playlist "lassulus" -# lounge.kiosk.shack: -# playlist "ansage" - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Bedanken bei Übernahme von Key"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "sensor.keyholder"; - }; - condition = { - condition = "template"; - value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}"; - }; - action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}"; - } - { - alias = "Keyholder Begrüßen wenn MPD hoch fährt"; - initial_state = true; - trigger = { - platform = "state"; - from = "unavailable"; - entity_id = "media_player.kiosk"; - }; - action = glados.say.kiosk (builtins.readFile ./announcement.j2); - } - { - alias = "Start Music on portal lock on"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.portal_lock"; - to = "on"; - for.seconds = 30; - }; - condition = { - condition = "and"; - conditions = - [ - { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything - condition = "template"; - value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}"; - } - { - condition = "state"; - entity_id = "media_player.lounge"; - state = "idle"; - } - ]; - }; - action = [ - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 1.0; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 8.5; } - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 0.6; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "lassulus"; - }; - } - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 7c941a66a..236b5000d 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,12 +1,33 @@ { config, pkgs, lib, ... }: let - unstable = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; - sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; - }) {}; + kodi-host = "192.168.8.11"; + confdir = "/var/lib/homeassistant-docker"; in { + imports = [ + ]; + + # networking.firewall.allowedTCPPorts = [ 8123 ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + environment = { + TZ = "Europe/Berlin"; + # TODO create unique users + PUID = toString config.users.users.news_container.uid; + PGID = toString config.users.groups.news_container.gid; + UMASK = "007"; + }; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + # TODO: + "d ${confdir} 0770 news_container news_container - -" + ]; + services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; locations."/" = { @@ -23,127 +44,4 @@ in { ''; }; }; - imports = [ - ./multi/shackopen.nix - ./multi/wasser.nix - ./multi/schlechte_luft.nix - ./multi/rollos.nix - - ./switch/power.nix - - ./sensors/power.nix - ./sensors/mate.nix - ./sensors/darksky.nix - ./sensors/spaceapi.nix - ./sensors/sensemap.nix - - ./automation/shack-startup.nix - ./automation/party-time.nix - ./automation/hass-restart.nix - ./automation/ampel.nix - - ]; - services.home-assistant = - { - enable = true; - package = unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - }); - config = { - homeassistant = { - name = "Glados"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "10.42.0.0/16" - "::1/128" - "fd00::/8" - ]; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "glados"; - host = "influx.shack"; - component_config_glob = { - "sensor.*particulate_matter_2_5um_concentration".override_measurement = "2_5um particles"; - "sensor.*particulate_matter_10_0um_concentration".override_measurement ="10um particles"; - }; - tags = { - instance = "wolf"; - source = "glados"; - }; - }; - esphome = {}; - api = {}; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - discovery = true; #enable esphome discovery - discovery_prefix = "homeassistant"; - birth_message = { - topic = "glados/hass/status/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "glados/hass/status/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - light = []; - media_player = [ - { platform = "mpd"; - name = "lounge"; - host = "lounge.mpd.shack"; - } - { platform = "mpd"; - name = "kiosk"; - #host = "lounge.kiosk.shack"; - host = "kiosk.shack"; - } - ]; - - camera = []; - frontend = { }; - config = { }; - sun = {}; - http = { - base_url = "http://hass.shack"; - use_x_forwarded_for = true; - trusted_proxies = [ "127.0.0.1" "::1" ]; - }; - #conversation = {}; - - history = {}; - logbook = {}; - #recorder = {}; - - logger.default = "info"; - - tts = [ - { platform = "google_translate"; - service_name = "say"; - language = "de"; - cache = true; - time_memory = 57600; - base_url = "http://hass.shack"; - } - ]; - device_tracker = []; - }; - }; } diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix deleted file mode 100644 index 69640f03d..000000000 --- a/krebs/2configs/shack/glados/deps/gtts-token.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, requests -}: - -buildPythonPackage rec { - pname = "gtts-token"; - version = "1.1.3"; - - src = fetchPypi { - pname = "gTTS-token"; - inherit version; - sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; - }; - - propagatedBuildInputs = [ - requests - ]; - - meta = with lib; { - description = "Calculates a token to run the Google Translate text to speech"; - homepage = https://github.com/boudewijn26/gTTS-token; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix deleted file mode 100644 index a75c6a976..000000000 --- a/krebs/2configs/shack/glados/deps/pyhaversion.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, buildPythonPackage -, fetchpatch -, fetchPypi -, aiohttp -, async-timeout -}: - -buildPythonPackage rec { - pname = "pyhaversion"; - version = "2.2.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; - }; - patches = [ - (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; - sha256 = - "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) - ]; - doCheck = false; - propagatedBuildInputs = [ - aiohttp - async-timeout - ]; - - meta = with lib; { - description = ""; - homepage = https://github.com/ludeeus/pyhaversion; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix deleted file mode 100644 index 2cfac3daf..000000000 --- a/krebs/2configs/shack/glados/lib/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -let - prefix = "glados"; -in -{ - - say = let - # returns a list of actions to be performed on an mpd to say something - tts = { message, entity }: - [ - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { service = "media_player.play_media"; - data = { - entity_id = "media_player.${entity}"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { delay.seconds = 4.5; } - { service = "tts.say"; - entity_id = "media_player.${entity}"; - data_template = { - inherit message; - language = "de"; - }; - } - ]; - in - { - lounge = message: tts { - inherit message; - entity = "lounge"; - }; - herrenklo = message: tts { - inherit message; - entity = "herrenklo"; - }; - kiosk = message: tts { - inherit message; - entity = "kiosk"; - }; - }; - tasmota = - { - plug = {host, name ? host, topic ? host}: - { - platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; - }; -} diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix deleted file mode 100644 index 29525ad82..000000000 --- a/krebs/2configs/shack/glados/multi/rollos.nix +++ /dev/null @@ -1,59 +0,0 @@ -# - -let - glados = import ../lib; - tempsensor = "sensor.dark_sky_temperature"; - all_covers = [ - "cover.crafting_rollo" - "cover.elab_rollo" - "cover.or2_rollo" - "cover.retroraum_rollo" - ]; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Rollos fahren Runter"; - trigger = [ - { - platform = "numeric_state"; - entity_id = tempsensor; - above = 25; - for = "00:30:00"; - } - ]; - condition = - [ - { - condition = "state"; - entity_id = "sun.sun"; - state = "above_horizon"; - } - ]; - action = - [ - { service = "cover.close_cover"; - entity_id = all_covers; - } - ]; - } - { alias = "Rollos fahren Hoch"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - } - ]; - condition = [ ]; - action = - [ - { service = "cover.open_cover"; - entity_id = all_covers; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix deleted file mode 100644 index c1890361b..000000000 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ /dev/null @@ -1,109 +0,0 @@ -let - glados = import ../lib; - feinstaub_sensor = "sensor.fablab_particulate_matter_2_5um_concentration"; - ledring = "light.fablab_led_ring"; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Gute Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - entity_id = feinstaub_sensor; - below = 3; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "green"; - }; - } - ]; - } - { alias = "mäßige Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 3; - below = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "yellow"; - }; - } - ]; - } - { alias = "schlechte Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Fireworks"; - color_name = "red"; - }; - } - ]; - } - { alias = "Luft Sensor nicht verfügbar"; - trigger = [ - { - platform = "state"; - to = "unavailable"; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "blue"; - }; - } - ]; - } - { alias = "Fablab Licht Reboot"; - trigger = [ - { - platform = "state"; - from = "unavailable"; - entity_id = ledring; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "orange"; - }; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix deleted file mode 100644 index d9be9adfa..000000000 --- a/krebs/2configs/shack/glados/multi/shackopen.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - services.home-assistant.config = - { - binary_sensor = [ - { platform = "mqtt"; - name = "Portal Lock"; - device_class = "door"; - state_topic = "portal/gateway/status"; - availability_topic = "portal/gateway/lwt"; - payload_on = "open"; - payload_off = "closed"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - sensor = [ - { platform = "mqtt"; - name = "Keyholder"; - state_topic = "portal/gateway/keyholder"; - availability_topic = "portal/gateway/lwt"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix deleted file mode 100644 index 9ca5e4500..000000000 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ /dev/null @@ -1,113 +0,0 @@ -# uses: -# switch.crafting_giesskanne_relay -let - glados = import ../lib; - seconds = 20; - wasser = "switch.crafting_giesskanne_relay"; - brotbox = { - minutes = 10; - pump = "switch.crafting_brotbox_pumpe"; - sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; - }; -in -{ - services.home-assistant.config = - { - sensor = map ( entity_id: { - platform = "statistics"; - name = "Statistics for ${entity_id}"; - inherit entity_id; - max_age.minutes = "60"; - sampling_size = 1000; - }) ["sensor.crafting_brotbox_soil_moisture"]; - - - automation = - [ - ### Brotbox ##### - #{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour"; - # trigger = - # { # Trigger once every hour at :42 - # platform = "time_pattern"; - # minutes = 42; - # }; - # condition = { - # condition = "numeric_state"; - # entity_id = brotbox.sensor; - # value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}"; - # below = 75; - # }; - # action = - # [ - # { - # service = "homeassistant.turn_on"; - # entity_id = brotbox.pump; - # } - # { delay.minutes = brotbox.minutes; } - # { - # service = "homeassistant.turn_off"; - # entity_id = brotbox.pump ; - # } - # ]; - #} - { alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes"; - trigger = - { - platform = "state"; - entity_id = brotbox.pump; - to = "on"; - for.minutes = brotbox.minutes*2; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = brotbox.pump; - }; - } - - ##### Kaffeemaschine - { alias = "Water the plant for ${toString seconds} seconds"; - trigger = [ - { # trigger at 20:00 no matter what - # TODO: retry or run only if switch.wasser is available - platform = "time"; - at = "20:00:00"; - } - ]; - action = - [ - { - service = "homeassistant.turn_on"; - entity_id = [ - wasser - ]; - } - { delay.seconds = seconds; } - { - service = "homeassistant.turn_off"; - entity_id = [ - wasser - ]; - } - ]; - } - { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; - trigger = [ - { - platform = "state"; - entity_id = wasser; - to = "on"; - for.seconds = seconds*2; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ wasser ]; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/sensors/darksky.nix b/krebs/2configs/shack/glados/sensors/darksky.nix deleted file mode 100644 index 12b33804c..000000000 --- a/krebs/2configs/shack/glados/sensors/darksky.nix +++ /dev/null @@ -1,24 +0,0 @@ -{lib,...}: -{ - services.home-assistant.config.sensor = - [ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile ); - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:15:00"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/mate.nix b/krebs/2configs/shack/glados/sensors/mate.nix deleted file mode 100644 index 751856668..000000000 --- a/krebs/2configs/shack/glados/sensors/mate.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - fuellstand = name: id: { - platform = "rest"; - resource = "https://ora5.tutschonwieder.net/ords/lick_prod/v1/get/fuellstand/1/${toString id}"; - method = "GET"; - name = "Füllstand ${name}"; - value_template = "{{ value_json.fuellstand }}"; - }; -in -{ - services.home-assistant.config.sensor = - [ - (fuellstand "Wasser" 1) - (fuellstand "Mate Cola" 2) - (fuellstand "Apfelschorle" 3) - (fuellstand "Zitronensprudel" 4) - (fuellstand "Mate 1" 26) - (fuellstand "Mate 2" 27) - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix deleted file mode 100644 index d9b5c7c65..000000000 --- a/krebs/2configs/shack/glados/sensors/power.nix +++ /dev/null @@ -1,29 +0,0 @@ -let - power_x = name: phase: - { platform = "mqtt"; - name = "${phase} ${name}"; - state_topic = "/power/total/${phase}/${name}"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_consumed = - { platform = "mqtt"; - name = "Power Consumed"; - device_class = "power"; - state_topic = "/power/total/consumed"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_volt = power_x "Voltage"; - power_watt = (power_x "Power") ; - power_curr = power_x "Current"; -in -{ - services.home-assistant.config.sensor = - (map power_volt [ "L1" "L2" "L3" ]) -++ (map (x: ((power_watt x) // { device_class = "power"; })) [ "L1" "L2" "L3" ]) -++ (map power_curr [ "L1" "L2" "L3" ]) -++ [ power_consumed ]; -} diff --git a/krebs/2configs/shack/glados/sensors/sensemap.nix b/krebs/2configs/shack/glados/sensors/sensemap.nix deleted file mode 100644 index c261a28e1..000000000 --- a/krebs/2configs/shack/glados/sensors/sensemap.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.home-assistant.config.air_quality = - [ - { - platform = "opensensemap"; - station_id = "56a0de932cb6e1e41040a68b"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/spaceapi.nix b/krebs/2configs/shack/glados/sensors/spaceapi.nix deleted file mode 100644 index ea20ad29d..000000000 --- a/krebs/2configs/shack/glados/sensors/spaceapi.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - services.home-assistant.config.binary_sensor = - [ - { - platform = "rest"; - resource = "https://spaceapi.afra-berlin.de/v1/status.json"; - method = "GET"; - name = "Door AFRA Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://club.entropia.de/spaceapi"; - method = "GET"; - name = "Door Entropia"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://www.c-base.org/status.json"; - method = "GET"; - name = "Door C-Base Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "https://status.raumzeitlabor.de/api/full.json"; - method = "GET"; - name = "Door RZL"; - device_class = "door"; - value_template = "{{ value_json.status }}"; - } - { - platform = "rest"; - resource = "https://datenobservatorium.de/"; - method = "GET"; - name = "Door Datenobservatorium"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - { - platform = "rest"; - resource = "https://infuanfu.de/"; - method = "GET"; - name = "Door Infuanfu"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/unifi.nix b/krebs/2configs/shack/glados/sensors/unifi.nix deleted file mode 100644 index f64e3feb6..000000000 --- a/krebs/2configs/shack/glados/sensors/unifi.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - controllers = { - host = "unifi.shack"; - site = "shackspace"; - }; -} diff --git a/krebs/2configs/shack/glados/switch/power.nix b/krebs/2configs/shack/glados/switch/power.nix deleted file mode 100644 index 9ec115faa..000000000 --- a/krebs/2configs/shack/glados/switch/power.nix +++ /dev/null @@ -1,44 +0,0 @@ -# 1 - haupt -# 2 - dusche -# 3 - warmwasser -# 4 - or -# 5 - kueche -let - nodelight = type: ident: name: { - platform = "mqtt"; - name = "${type} ${name}"; - command_topic = "${type}/${toString ident}/command"; - state_topic = "${type}/${toString ident}/state"; - payload_on = "on"; - payload_off = "off"; - }; - power = nodelight "power"; - light = ident: name: { icon = "mdi:lightbulb";} // nodelight "light" ident name; -in -{ - services.home-assistant.config.switch = - [ - # These commands we see with a shutdown: - # power/143/state on - # power/142/state on - # power/141/state on - # power/142/state off - # power/141/state off - # power/10/state off - # power/main/state off - - (power "10" "Hauptschalter") - (power 1 "Dusche") # ??? - (power 2 "Warmwasser") # ??? - (power 3 "Optionsräume") # ??? - (power 4 "Küche") # ??? - (light 1 "Decke Lounge 1") - (light 2 "Decke Lounge 2") - (light 3 "Decke Lounge 3") - (light 4 "Decke Lounge 4") - (light 5 "Decke Lounge 5") - (light 6 "Decke Lounge 6") - (light 7 "Decke Lounge 7") - (light 8 "Decke Lounge 8") - ]; -} -- cgit v1.2.3 From d8de7ad7063d6a2028e8dc40771f89af216fbfaf Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 16 Apr 2023 11:53:14 +0200 Subject: k shack/alerting: prepare irc-alerts for binaergewitter --- krebs/2configs/shack/prometheus/alert-rules.nix | 21 +-- krebs/2configs/shack/prometheus/irc-alerts.py | 207 ++++++++++++++++++++++++ krebs/2configs/shack/prometheus/irc-hooks.nix | 59 +++++++ krebs/2configs/shack/prometheus/server.nix | 5 +- 4 files changed, 271 insertions(+), 21 deletions(-) create mode 100644 krebs/2configs/shack/prometheus/irc-alerts.py create mode 100644 krebs/2configs/shack/prometheus/irc-hooks.nix (limited to 'krebs') diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 5ba49ede6..4cefdc3e5 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -1,28 +1,12 @@ { lib,... }: let - disk_free_threshold = "10"; # at least this much free disk percentage + disk_free_threshold = "5"; # at least this much free disk percentage in { services.prometheus.rules = [(builtins.toJSON { groups = [ { name = "shack-env"; rules = [ - { - alert = "Wolf RootPartitionFull"; - for = "30m"; - expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}''; - labels.severity = "warning"; - annotations.summary = "{{ $labels.alias }} root disk full"; - annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do: -1. `nix-collect-garbage -d` -2. clean up the shack share folder in `/home/share` -3. check `du -hs /var/ | sort -h`. -4. run `docker system prune` -5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data -5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete -6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` ''; - } { alert = "Puyak RootPartitionFull"; for = "30m"; @@ -32,9 +16,8 @@ in { annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak"; annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; } - # wolf.shack is not worth supervising anymore { - alert = "HostDown"; + alert = "Infra01 down"; expr = ''up{alias="infra01.shack"} == 0''; for = "5m"; labels.severity = "page"; diff --git a/krebs/2configs/shack/prometheus/irc-alerts.py b/krebs/2configs/shack/prometheus/irc-alerts.py new file mode 100644 index 000000000..005a2013b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-alerts.py @@ -0,0 +1,207 @@ +import base64 +import cgi +import json +import os +import re +import socket +import ssl +import sys +from http.server import BaseHTTPRequestHandler +from typing import List, Optional, Tuple +from urllib.parse import urlparse + +DEBUG = os.environ.get("DEBUG") is not None + + +def _irc_send( + server: str, + nick: str, + channel: str, + sasl_password: Optional[str] = None, + server_password: Optional[str] = None, + tls: bool = True, + port: int = 6697, + messages: List[str] = [], +) -> None: + if not messages: + return + + sock = socket.socket() + if tls: + sock = ssl.wrap_socket( + sock, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1_2 + ) + + def _send(command: str) -> int: + if DEBUG: + print(command) + return sock.send((f"{command}\r\n").encode()) + + def _pong(ping: str): + if ping.startswith("PING"): + sock.send(ping.replace("PING", "PONG").encode("ascii")) + + recv_file = sock.makefile(mode="r") + + print(f"connect {server}:{port}") + sock.connect((server, port)) + if server_password: + _send(f"PASS {server_password}") + _send(f"USER {nick} 0 * :{nick}") + _send(f"NICK {nick}") + for line in recv_file.readline(): + if re.match(r"^:[^ ]* (MODE|221|376|422) ", line): + break + else: + _pong(line) + + if sasl_password: + _send("CAP REQ :sasl") + _send("AUTHENTICATE PLAIN") + auth = base64.encodebytes(f"{nick}\0{nick}\0{sasl_password}".encode("utf-8")) + _send(f"AUTHENTICATE {auth.decode('ascii')}") + _send("CAP END") + _send(f"JOIN :{channel}") + + for m in messages: + _send(f"PRIVMSG {channel} :{m}") + + _send("INFO") + for line in recv_file: + if DEBUG: + print(line, end="") + # Assume INFO reply means we are done + if "End of /INFO" in line: + break + else: + _pong(line) + + sock.send(b"QUIT") + print("disconnect") + sock.close() + + +def irc_send( + url: str, notifications: List[str], password: Optional[str] = None +) -> None: + parsed = urlparse(f"{url}") + username = parsed.username or "prometheus" + server = parsed.hostname or "chat.freenode.net" + if parsed.fragment != "": + channel = f"#{parsed.fragment}" + else: + channel = "#krebs-announce" + port = parsed.port or 6697 + if not password: + password = parsed.password + if len(notifications) == 0: + return + _irc_send( + server=server, + nick=username, + sasl_password=password, + channel=channel, + port=port, + messages=notifications, + tls=parsed.scheme == "irc+tls", + ) + + +class PrometheusWebHook(BaseHTTPRequestHandler): + def __init__( + self, + irc_url: str, + conn: socket.socket, + addr: Tuple[str, int], + password: Optional[str] = None, + ) -> None: + self.irc_url = irc_url + self.password = password + self.rfile = conn.makefile("rb") + self.wfile = conn.makefile("wb") + self.client_address = addr + self.handle() + + # for testing + def do_GET(self) -> None: + if DEBUG: + print("GET: Request Received") + self.send_response(200) + self.send_header("Content-type", "text/plain") + self.end_headers() + self.wfile.write(b"ok") + + def do_POST(self) -> None: + if DEBUG: + print("POST: Request Received") + content_type, _ = cgi.parse_header(self.headers.get("content-type")) + + # refuse to receive non-json content + if content_type != "application/json": + if DEBUG: + print(f"POST: wrong content type {content_type}") + self.send_response(400) + self.end_headers() + return + + length = int(self.headers.get("content-length")) + payload = json.loads(self.rfile.read(length)) + messages = [] + for alert in payload["alerts"]: + description = alert["annotations"]["description"] + messages.append(f"{alert['status']}: {description}") + irc_send(self.irc_url, messages, password=self.password) + + self.do_GET() + + +def systemd_socket_response() -> None: + irc_url = os.environ.get("IRC_URL", None) + if irc_url is None: + print( + "IRC_URL environment variable not set: i.e. IRC_URL=irc+tls://mic92-prometheus@chat.freenode.net/#krebs-announce", + file=sys.stderr, + ) + sys.exit(1) + + password = None + irc_password_file = os.environ.get("IRC_PASSWORD_FILE", None) + if irc_password_file: + with open(irc_password_file) as f: + password = f.read() + + msgs = sys.argv[1:] + + if msgs != []: + irc_send(irc_url, msgs, password=password) + return + + nfds = os.environ.get("LISTEN_FDS", None) + if nfds is None: + print( + "LISTEN_FDS not set. Run me with systemd(TM) socket activation?", + file=sys.stderr, + ) + sys.exit(1) + fds = range(3, 3 + int(nfds)) + + for fd in fds: + sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(0) + + try: + while True: + PrometheusWebHook(irc_url, *sock.accept(), password=password) + except BlockingIOError: + # no more connections + pass + + +if __name__ == "__main__": + if DEBUG: + print("Starting in DEBUG mode") + if len(sys.argv) == 3: + print(f"{sys.argv[1]} {sys.argv[2]}") + irc_send(sys.argv[1], [sys.argv[2]]) + else: + systemd_socket_response() diff --git a/krebs/2configs/shack/prometheus/irc-hooks.nix b/krebs/2configs/shack/prometheus/irc-hooks.nix new file mode 100644 index 000000000..07bb2423b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-hooks.nix @@ -0,0 +1,59 @@ +{ config +, lib +, pkgs +, ... +}: +let + irc-alerts = pkgs.writers.writePython3 "irc-alerts" { + flakeIgnore = [ "E501" ]; + } (builtins.readFile ./irc-alerts.py); + endpoints = { + binaergewitter = { + url = "irc+tls://puyak-alerts@irc.libera.chat:6697/#binaergewitter-alerts"; + port = 9223; + }; + }; +in +{ + systemd.sockets = + lib.mapAttrs' + (name: opts: + lib.nameValuePair "irc-alerts-${name}" { + description = "Receive http hook and send irc message for ${name}"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "[::]:${builtins.toString opts.port}" ]; + }) endpoints; + + systemd.services = + lib.mapAttrs' + (name: opts: + let + serviceName = "irc-alerts-${name}"; + hasPassword = opts.passwordFile or null != null; + in + lib.nameValuePair serviceName { + description = "Receive http hook and send irc message for ${name}"; + requires = [ "irc-alerts-${name}.socket" ]; + serviceConfig = + { + Environment = + [ + "IRC_URL=${opts.url}" + "DEBUG=y" + ] + ++ lib.optional hasPassword "IRC_PASSWORD_FILE=/run/${serviceName}/password"; + DynamicUser = true; + User = serviceName; + ExecStart = irc-alerts; + } + // lib.optionalAttrs hasPassword { + PermissionsStartOnly = true; + ExecStartPre = + "${pkgs.coreutils}/bin/install -m400 " + + "-o ${serviceName} -g ${serviceName} " + + "${config.sops.secrets.prometheus-irc-password.path} " + + "/run/${serviceName}/password"; + RuntimeDirectory = serviceName; + }; + }) endpoints; +} diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 9e4b4d1a7..7a5532027 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -3,6 +3,7 @@ { imports = [ ./alert-rules.nix + ./irc-hooks.nix ]; networking = { firewall.allowedTCPPorts = [ @@ -129,11 +130,11 @@ "group_wait" = "30s"; "group_interval" = "2m"; "repeat_interval" = "4h"; - "receiver" = "team-admins"; + "receiver" = "shack-admins"; }; "receivers" = [ { - "name" = "team-admins"; + "name" = "shack-admins"; "email_configs" = [ ]; "webhook_configs" = [ { -- cgit v1.2.3 From ac9006fac2947a8e4e6ecd5df0b8775b34859bd9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Jun 2023 15:46:17 +0200 Subject: krebs filebitch.r: use dhcp for interface --- krebs/1systems/filebitch/config.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'krebs') diff --git a/krebs/1systems/filebitch/config.nix b/krebs/1systems/filebitch/config.nix index e27d036c8..a71e14f3e 100644 --- a/krebs/1systems/filebitch/config.nix +++ b/krebs/1systems/filebitch/config.nix @@ -35,12 +35,13 @@ in ''; networking = { firewall.enable = true; - interfaces.et0.ipv4.addresses = [ - { - address = shack-ip; - prefixLength = 20; - } - ]; + interfaces.et0.useDHCP = true; + #interfaces.et0.ipv4.addresses = [ + # { + # address = shack-ip; + # prefixLength = 20; + # } + #]; defaultGateway = "10.42.0.1"; nameservers = [ "10.42.0.100" "10.42.0.200" ]; -- cgit v1.2.3 From 7b78bf561010f60a7cfe8313f774f9a2c3ab4b3d Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Jun 2023 15:46:40 +0200 Subject: krebs puyak.r: fetch u300 power --- krebs/1systems/puyak/config.nix | 6 ++---- krebs/2configs/shack/grafana.nix | 13 ++++++++++++- krebs/2configs/shack/influx.nix | 10 ++++++++++ krebs/2configs/shack/power/u300-power.nix | 29 +++++++++++++++++++++++++++++ 4 files changed, 53 insertions(+), 5 deletions(-) create mode 100644 krebs/2configs/shack/power/u300-power.nix (limited to 'krebs') diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix index 033cb94d1..931ebe70b 100644 --- a/krebs/1systems/puyak/config.nix +++ b/krebs/1systems/puyak/config.nix @@ -46,10 +46,8 @@ # light.shack web-ui #light.shack - # powerraw usb serial to mqtt and raw socket - # powerraw.shack standby.shack - # send power stats to s3 - # powerraw.shack must be available + # fetch the u300 power stats + { # do not log to /var/spool/log diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix index adf0a4bc3..f42f1c4af 100644 --- a/krebs/2configs/shack/grafana.nix +++ b/krebs/2configs/shack/grafana.nix @@ -4,7 +4,18 @@ in { networking.firewall.allowedTCPPorts = [ port ]; # legacy services.nginx.virtualHosts."grafana.shack" = { - locations."/".proxyPass = "http://localhost:${toString port}"; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + extraConfig ='' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + + }; }; services.grafana = { enable = true; diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix index 6d090323d..efc88f51d 100644 --- a/krebs/2configs/shack/influx.nix +++ b/krebs/2configs/shack/influx.nix @@ -15,6 +15,16 @@ in ''; locations."/" = { proxyPass = "http://localhost:${toString port}/"; + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_buffering off; + ''; }; }; nixpkgs.overlays = [ diff --git a/krebs/2configs/shack/power/u300-power.nix b/krebs/2configs/shack/power/u300-power.nix new file mode 100644 index 000000000..66e54169a --- /dev/null +++ b/krebs/2configs/shack/power/u300-power.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +let + src = pkgs.fetchFromGitHub { + repo = "shackstrom"; + owner = "samularity"; + rev = "adfbdc7d12000fbc9fd9367c8ef0a53b7d0a9fad"; + hash = "sha256-77vSX2+1XXaBVgLka+tSEK/XYZASEk9iq+uEuO1aOUQ="; + }; + pkg = pkgs.writers.writePython3 "test_python3" { + libraries = [ pkgs.python3Packages.requests pkgs.python3Packages.paho-mqtt ]; + } (builtins.readFile "${src}/shackstrom.py"); +in +{ + systemd.services = { + u300-power = { + enable = true; + environment = { + DATA_URL = "http://10.42.20.255/csv.html"; + BROKER = "mqtt.shack"; + }; + serviceConfig = { + Restart = "always"; + ExecStart = pkg; + RestartSec = "15s"; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; +} -- cgit v1.2.3 From c21731576a699eb555561d700892f1290188f25c Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Jun 2023 15:47:16 +0200 Subject: krebs puyak.r: enable wifi --- krebs/1systems/puyak/net.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'krebs') diff --git a/krebs/1systems/puyak/net.nix b/krebs/1systems/puyak/net.nix index a46a24952..59b22b380 100644 --- a/krebs/1systems/puyak/net.nix +++ b/krebs/1systems/puyak/net.nix @@ -7,6 +7,7 @@ in { SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="3c:97:0e:07:b9:14", NAME="${ext-if}" ''; + networking.wireless.enable = true; networking = { firewall.enable = true; firewall.allowedTCPPorts = [ 80 443 8088 8086 8083 5901 ]; -- cgit v1.2.3 From 3503b9096f150dfcac1bc332a2566ec3b95ef0b1 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Jun 2023 15:49:00 +0200 Subject: krebs kruemel.r: init for reference --- krebs/1systems/kruemel/config.nix | 88 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 krebs/1systems/kruemel/config.nix (limited to 'krebs') diff --git a/krebs/1systems/kruemel/config.nix b/krebs/1systems/kruemel/config.nix new file mode 100644 index 000000000..713ad5901 --- /dev/null +++ b/krebs/1systems/kruemel/config.nix @@ -0,0 +1,88 @@ +{ config, pkgs, ... }: +let + shack-ip = config.krebs.build.host.nets.shack.ip4.addr; + ext-if = "et0"; + external-mac = "52:54:b0:0b:af:fe"; + +in +{ + imports = [ + + + + + + + + ]; + # use your own binary cache, fallback use cache.nixos.org (which is used by + # apt-cacher-ng in first place) + + # local discovery in shackspace + nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; + krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; + + + networking = { + firewall.enable = false; + firewall.allowedTCPPorts = [ 8088 8086 8083 ]; + interfaces."${ext-if}".ipv4.addresses = [ + { + address = shack-ip; + prefixLength = 20; + } + ]; + + defaultGateway = "10.42.0.1"; + nameservers = [ "10.42.0.100" "10.42.0.200" ]; + }; + + ##################### + # uninteresting stuff + ##################### + krebs.build.host = config.krebs.hosts.wolf; + + boot.kernel.sysctl = { + # Enable IPv6 Privacy Extensions + "net.ipv6.conf.all.use_tempaddr" = 2; + "net.ipv6.conf.default.use_tempaddr" = 2; + }; + + boot.initrd.availableKernelModules = [ + "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" + ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/vda"; + + # without it `/nix/store` is not added grub paths + boot.loader.grub.copyKernels = true; + + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; + + users.extraUsers.root.openssh.authorizedKeys.keys = [ + config.krebs.users."0x4A6F".pubkey + config.krebs.users.ulrich.pubkey + config.krebs.users.raute.pubkey + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci + ]; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + + time.timeZone = "Europe/Berlin"; + sound.enable = false; + + # avahi + services.avahi = { + enable = true; + wideArea = false; + }; + environment.systemPackages = [ pkgs.avahi ]; + +} -- cgit v1.2.3 From 563b55fa133a38aacff93747773f026b0681eece Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 3 Jun 2023 15:49:23 +0200 Subject: krebs kruemel.r: rip --- krebs/1systems/kruemel/config.nix | 88 --------------------------------------- 1 file changed, 88 deletions(-) delete mode 100644 krebs/1systems/kruemel/config.nix (limited to 'krebs') diff --git a/krebs/1systems/kruemel/config.nix b/krebs/1systems/kruemel/config.nix deleted file mode 100644 index 713ad5901..000000000 --- a/krebs/1systems/kruemel/config.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ config, pkgs, ... }: -let - shack-ip = config.krebs.build.host.nets.shack.ip4.addr; - ext-if = "et0"; - external-mac = "52:54:b0:0b:af:fe"; - -in -{ - imports = [ - - - - - - - - ]; - # use your own binary cache, fallback use cache.nixos.org (which is used by - # apt-cacher-ng in first place) - - # local discovery in shackspace - nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; }; - krebs.tinc.retiolum.extraConfig = "TCPOnly = yes"; - - - networking = { - firewall.enable = false; - firewall.allowedTCPPorts = [ 8088 8086 8083 ]; - interfaces."${ext-if}".ipv4.addresses = [ - { - address = shack-ip; - prefixLength = 20; - } - ]; - - defaultGateway = "10.42.0.1"; - nameservers = [ "10.42.0.100" "10.42.0.200" ]; - }; - - ##################### - # uninteresting stuff - ##################### - krebs.build.host = config.krebs.hosts.wolf; - - boot.kernel.sysctl = { - # Enable IPv6 Privacy Extensions - "net.ipv6.conf.all.use_tempaddr" = 2; - "net.ipv6.conf.default.use_tempaddr" = 2; - }; - - boot.initrd.availableKernelModules = [ - "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" - ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - # without it `/nix/store` is not added grub paths - boot.loader.grub.copyKernels = true; - - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - - users.extraUsers.root.openssh.authorizedKeys.keys = [ - config.krebs.users."0x4A6F".pubkey - config.krebs.users.ulrich.pubkey - config.krebs.users.raute.pubkey - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci - ]; - - services.udev.extraRules = '' - SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" - ''; - - time.timeZone = "Europe/Berlin"; - sound.enable = false; - - # avahi - services.avahi = { - enable = true; - wideArea = false; - }; - environment.systemPackages = [ pkgs.avahi ]; - -} -- cgit v1.2.3