From e6349797cfa86b664783e3f772fed2580209ee66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 31 Oct 2019 13:09:39 +0100 Subject: l mors.r: remove broken ts3 client --- lass/1systems/mors/config.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 1477d6d8b..03ff42132 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -129,7 +129,6 @@ with import ; cac-api sshpass get - teamspeak_client hashPassword urban mk_sql_pair -- cgit v1.2.3 From 50732436d799f81a13f9c05b5179b52882fac512 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 2 Nov 2019 14:03:14 +0100 Subject: l uriel: enableAllFirmware -> enableRedistributableFirmware --- lass/1systems/uriel/physical.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/1systems/uriel/physical.nix b/lass/1systems/uriel/physical.nix index 9ac3468a8..2d21f00d5 100644 --- a/lass/1systems/uriel/physical.nix +++ b/lass/1systems/uriel/physical.nix @@ -3,7 +3,7 @@ ./config.nix ]; - hardware.enableAllFirmware = true; + hardware.enableRedistributableFirmware = true; boot = { #kernelParams = [ # "acpi.brightness_switch_enabled=0" -- cgit v1.2.3 From 62a59ad233ad9bcfdaad6a23f6994d1d90354c6b Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 17 Nov 2019 15:45:06 +0100 Subject: l codimd: fix by using old version --- lass/2configs/codimd.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index 5f802148b..b2d44d135 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -1,7 +1,18 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: with import ; +let + + nixpkgs_pre_node_10_17 = import (pkgs.fetchFromGitHub { + owner = "nixos"; + repo = "nixpkgs"; + rev = "81f4c491afbc8f0fe994ef946b1ac61cf1261577"; + sha256 = "0xvawrd9nq3ybvq2pdp5gyi8gygf0yimgp0bx1xggq6l8mvgrj71"; + }) {}; +in { + nixpkgs.config.packageOverrides = pkgs: { + codimd = nixpkgs_pre_node_10_17.codimd; + }; -{ services.nginx.virtualHosts.codimd = { enableACME = true; addSSL = true; -- cgit v1.2.3 From 7f41109bc9e52cf3b8a7e74efc7bb1480dbbc574 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 20 Nov 2019 21:38:16 +0100 Subject: l autowifi: convert to submodule --- lass/5pkgs/autowifi | 1 + lass/5pkgs/autowifi/autowifi.py | 228 ---------------------------------------- lass/5pkgs/autowifi/default.nix | 1 - 3 files changed, 1 insertion(+), 229 deletions(-) create mode 160000 lass/5pkgs/autowifi delete mode 100644 lass/5pkgs/autowifi/autowifi.py delete mode 100644 lass/5pkgs/autowifi/default.nix (limited to 'lass') diff --git a/lass/5pkgs/autowifi b/lass/5pkgs/autowifi new file mode 160000 index 000000000..cf3ae8f6f --- /dev/null +++ b/lass/5pkgs/autowifi @@ -0,0 +1 @@ +Subproject commit cf3ae8f6fe285eab67db4f36f9a3da3762c35317 diff --git a/lass/5pkgs/autowifi/autowifi.py b/lass/5pkgs/autowifi/autowifi.py deleted file mode 100644 index fa3d007e7..000000000 --- a/lass/5pkgs/autowifi/autowifi.py +++ /dev/null @@ -1,228 +0,0 @@ -import subprocess -import time -import urllib.request -import logging -import argparse -import socket -import struct -import signal -import os - -wifiDB = '' -logger = logging.getLogger() -got_signal = False - - -def signal_handler(signum, frame): - global got_signal - got_signal = True - - -def get_default_gateway() -> str: - """Read the default gateway directly from /proc.""" - with open("/proc/net/route") as fh: - for line in fh: - fields = line.strip().split() - if fields[1] != '00000000' or not int(fields[3], 16) & 2: - continue - - return socket.inet_ntoa(struct.pack(" Date: Sun, 24 Nov 2019 23:46:08 +0100 Subject: l codimd: remove deprecated override --- lass/2configs/codimd.nix | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'lass') diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index b2d44d135..e55090de9 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -1,18 +1,6 @@ { config, pkgs, lib, ... }: with import ; -let - - nixpkgs_pre_node_10_17 = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = "81f4c491afbc8f0fe994ef946b1ac61cf1261577"; - sha256 = "0xvawrd9nq3ybvq2pdp5gyi8gygf0yimgp0bx1xggq6l8mvgrj71"; - }) {}; -in { - nixpkgs.config.packageOverrides = pkgs: { - codimd = nixpkgs_pre_node_10_17.codimd; - }; - +{ services.nginx.virtualHosts.codimd = { enableACME = true; addSSL = true; -- cgit v1.2.3 From b7ca39ac003e76f8f912ed6a18c8342cec3ad3e4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:52:32 +0100 Subject: l blue.r: dont populate nixpkgs-unstable --- lass/1systems/blue/source.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass') diff --git a/lass/1systems/blue/source.nix b/lass/1systems/blue/source.nix index 1a98fc058..2b4158211 100644 --- a/lass/1systems/blue/source.nix +++ b/lass/1systems/blue/source.nix @@ -11,4 +11,7 @@ useChecksum = true; }; }); + nixpkgs-unstable = lib.mkForce { + file.path = "/var/empty"; + }; } -- cgit v1.2.3 From 7b9e4ac1425aea47b2ca8510db7a406b9712871a Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:53:34 +0100 Subject: l hilum.r: mount nfs-dl --- lass/1systems/hilum/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/hilum/config.nix b/lass/1systems/hilum/config.nix index f57d275d8..d4a389a4a 100644 --- a/lass/1systems/hilum/config.nix +++ b/lass/1systems/hilum/config.nix @@ -10,6 +10,7 @@ + ]; krebs.build.host = config.krebs.hosts.hilum; -- cgit v1.2.3 From 77dc0b8034999c6a060c785b8b74134a2c5b7555 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:54:07 +0100 Subject: l icarus.r: add media center --- lass/1systems/icarus/config.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lass') diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 86727700f..46f0892a2 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with import ; { imports = [ @@ -21,6 +22,18 @@ ]; + #media center + users.users.media = { + isNormalUser = true; + uid = genid_uint31 "media"; + extraGroups = [ "video" "audio" ]; + }; + + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "media"; + }; + krebs.build.host = config.krebs.hosts.icarus; programs.adb.enable = true; } -- cgit v1.2.3 From 49af8cbd2f998ad945000ac863aca28748009c3e Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:55:24 +0100 Subject: l prism.r: don't rebuild hotdog onchange --- lass/1systems/prism/config.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index f4c011dcf..3dd194436 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -110,14 +110,13 @@ with import ; systemd.services."container@hotdog".reloadIfChanged = mkForce false; containers.hotdog = { config = { ... }: { - imports = [ ]; environment.systemPackages = [ pkgs.git ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.1"; -- cgit v1.2.3 From 48831924206127edf3771e9aa8f47b8dc96e8f66 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:56:06 +0100 Subject: l prism.r: merge palos keys --- lass/1systems/prism/config.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 3dd194436..a8d409d7f 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -264,13 +264,9 @@ with import ; { users.users.download.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDB0d0JA20Vqn7I4lCte6Ne2EOmLZyMJyS9yIKJYXNLjbLwkQ4AYoQKantPBkTxR75M09E7d3j5heuWnCjWH45TrfQfe1EOSSC3ppCI6C6aIVlaNs+KhAYZS0m2Y8WkKn+TT5JLEa8yybYVN/RlZPOilpj/1QgjU6CQK+eJ1k/kK+QFXcwN82GDVh5kbTVcKUNp2tiyxFA+z9LY0xFDg/JHif2ROpjJVLQBJ+YPuOXZN5LDnVcuyLWKThjxy5srQ8iDjoxBg7dwLHjby5Mv41K4W61Gq6xM53gDEgfXk4cQhJnmx7jA/pUnsn2ZQDeww3hcc7vRf8soogXXz2KC9maiq0M/svaATsa9Ul4hrKnqPZP9Q8ScSEAUX+VI+x54iWrnW0p/yqBiRAzwsczdPzaQroUFTBxrq8R/n5TFdSHRMX7fYNOeVMjhfNca/gtfw9dYBVquCvuqUuFiRc0I7yK44rrMjjVQRcAbw6F8O7+04qWCmaJ8MPlmApwu2c05VMv9hiJo5p6PnzterRSLCqF6rIdhSnuOwrUIt1s/V+EEZXHCwSaNLaQJnYL0H9YjaIuGz4c8kVzxw4c0B6nl+hqW5y5/B2cuHiumnlRIDKOIzlv8ufhh21iN7QpIsPizahPezGoT1XqvzeXfH4qryo8O4yTN/PWoA+f7o9POU7L6hQ== lhebendanz@nixos" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACADLPxtB2f2tocXHxD3ul9D1537hTht6/un87JYZNnoYABveasyIcdFIfp5lPJmj3PjwqXNTA4M/3V+ufrpZ91dxFeXWI5mOI4YB3xRu+Elja8g7nfvCz1HrH3sD1equos/7ltQ1GZYvHGw40qD1/ZtOODwRwrYJ7l/DUBrjk/tzXRjm0+ZgyQsb3G9a80cA8d3fiuQDxbAzdoJF46wt36ZfuSMpJ/Td8CbCoLlV/uL9QZemOglyxNxR607qGfRNXF1An+P+fFq24GmdHpMJ00DfjZ/dJRL9QSs7vd07uyB4Qty4VHwRhc46XH6KL7VTF1D3INF/BeBZx90GBxOvpgEji7Zrf7O5eSAjM2Do1+t+Ev2IIuiltB+QqTir4rZcrCBrJ2+zD3DDymKffVi8sz15AvdrFkIplzZxpOcgm9Ns2w/uh8sxeV6J58aoLEVmd2KRUfJFYiS1EuEjYo2OHlj8ltIh3VlfYdWksGpQc71IT0iEWvzvjYcfCda9uzFLKdLfBy4GB8+s4zR2CX9aGDyJaIY1kt/xqDeztnYwW1owG+fLMrDJlq3Mu+KmJljb30jzrOPhFYVZgWenmMFgH2RBzVEmnsR0f2LFVLj6N/a9fpEJ3WhxMOc5Ybdpgg/l9KUdgvWLk6KOtba+z9fuYT1YgwtZBoMgHAdZLmZ/DGtff palo@pepe" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGMjbYFmmvpF60YBShyFISbjN+O3e4GPkfsre6xFqz20joi8YqpD/5PtrMsGrPd1ZoZ9qSwXJtbb1WBomFg0xzRSNa1/FliKiE1ilcaB3aUZRtP0OWHIvWD3/YL/0h+/YXDGTfb8FNvpgJmnbN3Q0gw8cwWw+eve5BMyqDhzFvycxO4qDuP2JXkGpdhJqjaYZhP5rPH2mgv1oU1RnOA3A7APZVGf1m6JSmV7FZR514aGlFV+NpsvS29Mib8fcswgpoGhMN6jeh/nf49tp01LUAOmXSqdHIWNOTt3Mt7S4rU7RZwEhswdSRbKdKFRMj+uRkhJ4CPcNuuGtSY3id0Ja7IvrvxNaQUk1L8nBcza709jvSBYWSY5/aGL1ocA/PNWXDpOTp2PWwxkh39aPMqZXPTH3KC4IkRp5SiKibEhdmjnToV7nUAJe4IWn1b7QdoqS03ib0X87DnHWIbvi8UZlImM7pn0rs+rwnOo4lQwrTz7kbBHPaa6XOZAuDYND2728vtcrhwzVrKgiXWbyF6VzvwxPeeStmn1gENvozbj1hl9gbQ1cH/a4pZFBV/OFl/ryzDnB2ghM4acNJazXx/6/us9hX+np1YxIzJaxENj677MLc6HitM2g6XJGaixBQ0U2NNjcjIuQT0ZaeKXsSLnu1Y7+uslbVAwsQ4pJmSxxMMQ== palo@workhorse" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbsRjUwOMnxAt/K6A2M/33PbwQCEYVfqfmkXBwkw/L+ZLCnVxfdxJ79ds1k6kyUVcxfHcvxGvUCcM0wr4T7aaP79fsfSf3lcOgySeAtkQjfQL+IdMk0FQVz612cTPg2uWhMFvHGkGSBvSbKNw72RnUaw9qlF8fBx22FozrlmnbY4APTXeqwiF0VeBMq8qr4H9NdIoIFIcq398jn/Na8gYLUfmuDw18AWCt+u7Eg0B/qIU0hi/gK40Lk9+g8Nn19SCad1YOgNDG7aNpEwgT7I7BNXC5oLD31QKKuXmBa/mCLqRLAGW2sJ2ZhBR4tPLMgNrxtn2jxzVVjY+v3bWQnPocB9H9PsdtdNrULLfeJ4y9a3p3kfOzOgYMrnPAjasrkiIyOBBNEFAn/bbvpH01glbF8tVMcPOSD+W89oxTBEgqk6w34QAfySDMW34dIUHeq82v+X0wN9SK6xbBRBsjSpAC4ZcNyzl1JLIMcdZ5mbQXakD3kzDFs5kfjxlkrp3S5gqiSmCp5w/osykjxSH6wnPPCcgzpCBNGRULKw5vbzDSnLAQ3nSYB9tIj4Hp62XymsxVnY+6MsVVy206BYAXrKJomK7sIeLL2wIMYNnAUdSBjqQ5IEE2m+5+YaK0NMNsk2munNrN96ZE3r5xe/BDqfaLMpPfosOTXBtT7tLMlV6zkQ== palo@workout" + config.krebs.users.palo.pubkey ]; } - { - } { lass.nichtparasoup.enable = true; services.nginx = { -- cgit v1.2.3 From 79fce4068fb939077f2430baa27e6e55c9f65726 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:57:00 +0100 Subject: l prism.r: open udp for murmur --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index a8d409d7f..e7330c359 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -317,6 +317,7 @@ with import ; services.murmur.registerName = "lassul.us"; krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 64738"; target = "ACCEPT";} + { predicate = "-p udp --dport 64738"; target = "ACCEPT";} ]; } -- cgit v1.2.3 From f33c977511d3bac5dbf2c6c6e84a1e508ca4aeb1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:57:25 +0100 Subject: l prism.r: add flix endpoint --- lass/1systems/prism/config.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e7330c359..9028843dd 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -338,6 +338,19 @@ with import ; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."lassul.us".locations."^~ /flix/".extraConfig = '' + if ($scheme != "https") { + rewrite ^ https://$host$request_uri permanent; + } + auth_basic "Restricted Content"; + auth_basic_user_file ${pkgs.writeText "flix-user-pass" '' + krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 + ''}; + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + sub_filter "https://lassul.us/" "https://lassul.us/flix/"; + sub_filter_once off; + ''; services.nginx.virtualHosts."lassul.us".locations."^~ /transmission".extraConfig = '' if ($scheme != "https") { rewrite ^ https://$host$request_uri permanent; -- cgit v1.2.3 From b4098f19780ba38ab20531ecdeee11a31f15030d Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:57:50 +0100 Subject: l prism.r: add transmission session id header --- lass/1systems/prism/config.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 9028843dd..cde65ea6c 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -359,6 +359,7 @@ with import ; auth_basic_user_file ${pkgs.writeText "transmission-user-pass" '' krebs:$apr1$1Fwt/4T0$YwcUn3OBmtmsGiEPlYWyq0 ''}; + proxy_pass_header X-Transmission-Session-Id; proxy_pass http://10.233.2.14:9091; ''; -- cgit v1.2.3 From 03ce170299ec26808b56ea4c7490cd913c80203c Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 2 Dec 2019 15:58:40 +0100 Subject: l shodan.r: add gg23 config --- lass/1systems/shodan/config.nix | 79 +--------------------- lass/1systems/shodan/physical.nix | 1 + lass/2configs/gg23.nix | 134 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+), 76 deletions(-) create mode 100644 lass/2configs/gg23.nix (limited to 'lass') diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index ad510283f..b3de15837 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -18,14 +18,11 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; - services.logind.extraConfig = '' - HandleLidSwitch=ignore - ''; - #media center users.users.media = { isNormalUser = true; @@ -38,77 +35,7 @@ with import ; user = "media"; }; - #hass - krebs.iptables.tables.filter.INPUT.rules = [ - { predicate = "-p tcp --dport 8123"; target = "ACCEPT"; } - { predicate = "-p tcp --dport 1883"; target = "ACCEPT"; } - # zerotierone - { predicate = "-p udp --dport 9993"; target = "ACCEPT"; } - ]; + services.logind.lidSwitch = "ignore"; + services.logind.lidSwitchDocked = "ignore"; - services.home-assistant = let - tasmota_s20 = name: topic: { - platform = "mqtt"; - inherit name; - state_topic = "stat/${topic}/POWER"; - command_topic = "cmnd/${topic}/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - }; - in { - enable = true; - package = pkgs.home-assistant.override { - python3 = pkgs.python36; - #extraComponents = [ - # (pkgs.fetchgit { - # url = "https://github.com/marcschumacher/dwd_pollen"; - # rev = "0.1"; - # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; - # }) - #]; - }; - config = { - homeassistant = { - name = "Home"; time_zone = "Europe/Berlin"; - latitude = "48.7687"; - longitude = "9.2478"; - elevation = 247; - }; - sun.elevation = 66; - discovery = {}; - frontend = { }; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "gg23"; - password = "gg23-mqtt"; - keepalive = 60; - protocol = 3.1; - }; - sensor = [ - ]; - switch = [ - (tasmota_s20 "Drucker Strom" "drucker") - (tasmota_s20 "Bett Licht" "bett") - ]; - device_tracker = [ - { - platform = "luci"; - } - ]; - }; - }; - - services.mosquitto = { - enable = true; - host = "0.0.0.0"; - allowAnonymous = false; - checkPasswords = true; - users.gg23 = { - password = "gg23-mqtt"; - acl = [ "topic readwrite #" ]; - }; - }; - environment.systemPackages = [ pkgs.mosquitto ]; } diff --git a/lass/1systems/shodan/physical.nix b/lass/1systems/shodan/physical.nix index 7cfeba932..39a4d9661 100644 --- a/lass/1systems/shodan/physical.nix +++ b/lass/1systems/shodan/physical.nix @@ -46,5 +46,6 @@ services.udev.extraRules = '' SUBSYSTEM=="net", ATTR{address}=="a0:88:b4:29:26:bc", NAME="wl0" SUBSYSTEM=="net", ATTR{address}=="f0:de:f1:0c:a7:63", NAME="et0" + SUBSYSTEM=="net", ATTR{address}=="00:e0:4c:69:ea:71", NAME="int0" ''; } diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix new file mode 100644 index 000000000..2ec7b94d3 --- /dev/null +++ b/lass/2configs/gg23.nix @@ -0,0 +1,134 @@ +{ config, pkgs, ... }: +with import ; + +{ + networking.networkmanager.unmanaged = [ "int0" ]; + networking.interfaces.int0.ipv4.addresses = [{ + address = "10.42.0.1"; + prefixLength = 24; + }]; + + services.dhcpd4 = { + enable = true; + interfaces = [ "int0" ]; + extraConfig = '' + option subnet-mask 255.255.255.0; + option routers 10.42.0.1; + option domain-name-servers 10.42.0.1; + subnet 10.42.0.0 netmask 255.255.255.0 { + range 10.42.0.100 10.42.0.200; + } + ''; + machines = [ + { ethernetAddress = "c8:3d:d4:2c:40:ae"; hostName = "tv"; ipAddress = "10.42.0.3"; } + { ethernetAddress = "3c:2a:f4:22:28:37"; hostName = "drucker"; ipAddress = "10.42.0.4"; } + { ethernetAddress = "80:7d:3a:67:b7:01"; hostName = "s20-bett"; ipAddress = "10.42.0.10"; } + { ethernetAddress = "80:7d:3a:68:04:f0"; hostName = "s20-drucker"; ipAddress = "10.42.0.11"; } + { ethernetAddress = "80:7d:3a:68:11:a5"; hostName = "s20-kueche"; ipAddress = "10.42.0.12"; } + { ethernetAddress = "80:7d:3a:67:bb:69"; hostName = "s20-stereo"; ipAddress = "10.42.0.13"; } + { ethernetAddress = "80:8d:b7:c5:80:dc"; hostName = "arubaAP"; ipAddress = "10.42.0.99"; } + ]; + }; + + services.dnsmasq = { + enable = true; + resolveLocalQueries = false; + + extraConfig = '' + local=/gg23/ + domain=gg23 + expand-hosts + listen-address=10.42.0.1 + interface=int0 + ''; + }; + + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i int0 -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i retiolum -p tcp --dport 8123"; target = "ACCEPT"; } # hass + { predicate = "-i int0 -p tcp --dport 1883"; target = "ACCEPT"; } # mosquitto + { predicate = "-i int0 -p udp --dport 53"; target = "ACCEPT"; } # dns + ]; + krebs.iptables.tables.filter.FORWARD.rules = [ + { v6 = false; predicate = "-d 10.42.0.0/24 -o int0 -m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; } + { v6 = false; predicate = "-s 10.42.0.0/24 -i int0"; target = "ACCEPT"; } + { v6 = false; predicate = "-o int0"; target = "REJECT --reject-with icmp-port-unreachable"; } + { v6 = false; predicate = "-i int0"; target = "REJECT --reject-with icmp-port-unreachable"; } + ]; + krebs.iptables.tables.nat.PREROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; precedence = 1000; } + ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24 ! -d 10.42.0.0/24"; target = "MASQUERADE"; } + ]; + + services.home-assistant = let + tasmota_s20 = name: topic: { + platform = "mqtt"; + inherit name; + state_topic = "stat/${topic}/POWER"; + command_topic = "cmnd/${topic}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + }; + in { + enable = true; + package = pkgs.home-assistant.override { + python3 = pkgs.python36; + #extraComponents = [ + # (pkgs.fetchgit { + # url = "https://github.com/marcschumacher/dwd_pollen"; + # rev = "0.1"; + # sha256 = "12vldwsds27c9l15ffc6svk9mj17jhypcz736pvpmpqbsymllz2p"; + # }) + #]; + }; + config = { + homeassistant = { + name = "Home"; time_zone = "Europe/Berlin"; + latitude = "48.7687"; + longitude = "9.2478"; + elevation = 247; + }; + sun.elevation = 66; + discovery = {}; + frontend = { }; + mqtt = { + broker = "localhost"; + port = 1883; + client_id = "home-assistant"; + username = "gg23"; + password = "gg23-mqtt"; + keepalive = 60; + protocol = 3.1; + }; + sensor = [ + ]; + switch = [ + (tasmota_s20 "Drucker Strom" "drucker") + (tasmota_s20 "Bett Licht" "bett") + (tasmota_s20 "Kueche Licht" "kueche") + ]; + device_tracker = [ + { + platform = "luci"; + } + ]; + }; + }; + + services.mosquitto = { + enable = true; + host = "0.0.0.0"; + allowAnonymous = false; + checkPasswords = true; + users.gg23 = { + password = "gg23-mqtt"; + acl = [ "topic readwrite #" ]; + }; + }; + environment.systemPackages = [ pkgs.mosquitto ]; + +} + -- cgit v1.2.3 From 96fab2da57b6b4bf862c05ea99df31139bde9b9a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 7 Dec 2019 22:43:59 +0100 Subject: l br: set new ip --- lass/2configs/br.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass') diff --git a/lass/2configs/br.nix b/lass/2configs/br.nix index e4ccffe23..6e0a2385c 100644 --- a/lass/2configs/br.nix +++ b/lass/2configs/br.nix @@ -19,7 +19,7 @@ with import ; netDevices = { bra = { model = "MFCL2700DN"; - ip = "10.42.23.221"; + ip = "10.42.0.4"; }; }; }; -- cgit v1.2.3