Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2019-08-13 18:55:08 +02:00
commit 3047fea88d
55 changed files with 1604 additions and 456 deletions

View File

@ -1,20 +1,57 @@
before_script:
- nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true
# prepare github deployment for NUR
- mkdir -p ~/.ssh
- echo "$deploy_privkey" > deploy.key
- export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key"
- chmod 600 deploy.key
- echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key
- chmod 600 ~/.ssh/github_deploy.key
- ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
nix-shell test:
# prepare git fetching of secrets
- echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key
- chmod 600 ~/.ssh/gitlab_deploy.key
- ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts
# import secret key for secrets
- echo "$secrets_gpg_key" | gpg --import
wolf deployment test:
stage: test
script:
- GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
- test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
- git submodule update --init
- $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
nix-shell test:
stage: test
script:
- env
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
- git --version
- ssh -V
- gpg --version
- curl --version
wolf deployment:
stage: deploy
script:
- cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
- git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
- git submodule update --init
- ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
# TODO, hostname wolf cannot be resolved
- $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
only:
changes:
- .gitlab-ci.yml
- krebs/**/*
- lib/**/*
- .gitmodules
nur-packages makefu:
stage: deploy
script:
- git reset --hard origin/master
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
- git push --force deploy HEAD:master
- GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master
- curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
only:
changes:
- makefu/**/*
after_script:
- rm -f deploy.key
- rm -rf .ssh/

View File

@ -0,0 +1 @@
{}

View File

@ -7,13 +7,14 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
<stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/go.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
@ -59,9 +60,9 @@
};
};
services.logind.extraConfig = ''
HandleLidSwitch=ignore
'';
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchExternalPower = "ignore";
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"

View File

@ -23,6 +23,16 @@ in
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
# Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
# provide muellshack api
<stockholm/krebs/2configs/shack/muellshack.nix>
# provide light control api
<stockholm/krebs/2configs/shack/node-light.nix>
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/muell_mail.nix>
# send mail if muell was not handled
<stockholm/krebs/2configs/shack/s3-power.nix>
# powerraw usb serial to mqtt and raw socket
<stockholm/krebs/2configs/shack/powerraw.nix>
# create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
@ -38,13 +48,20 @@ in
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
## mqtt.shack
<stockholm/krebs/2configs/shack/mqtt.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/wolf-client.nix>
## write collectd statistics to wolf.shack
<stockholm/krebs/2configs/collectd-base.nix>
{ services.influxdb.enable = true; }
<stockholm/krebs/2configs/shack/netbox.nix>
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
<stockholm/krebs/2configs/collectd-base.nix> # home-assistant
{ services.influxdb.enable = true; }
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
@ -76,10 +93,12 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
interfaces."${ext-if}".ipv4.addresses = [{
interfaces."${ext-if}".ipv4.addresses = [
{
address = shack-ip;
prefixLength = 20;
}];
}
];
defaultGateway = "10.42.0.1";
nameservers = [ "10.42.0.100" "10.42.0.200" ];
@ -125,6 +144,7 @@ in
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"

View File

@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de"
interval 10
</Module>
</Plugin>
@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
Host "heidi.shack"
Host "wolf.r"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"

View File

@ -34,6 +34,13 @@ with import <stockholm/lib>;
rxvt_unicode.terminfo
];
i18n = {
consoleKeyMap = "us";
defaultLocale = lib.mkForce "C";
};
programs.ssh.startAgent = false;
services.openssh = {

View File

@ -6,16 +6,17 @@ let
};
in
{
systemd.services.gitlab-runner.path = [
"/run/wrappers" # /run/wrappers/bin/su
"/" # /bin/sh
];
imports = [
"${runner-src}/gitlab-runner.nix"
];
services.gitlab-runner2.enable = true;
services.gitlab-runner2 = {
enable = true;
## registrationConfigurationFile contains:
# CI_SERVER_URL=<CI server URL>
# REGISTRATION_TOKEN=<registration secret>
services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
registrationConfigFile = <secrets/shackspace-gitlab-ci>;
#gracefulTermination = true;
};
systemd.services.gitlab-runner2.restartIfChanged = false;
systemd.services.docker.restartIfChanged = false;
}

View File

@ -0,0 +1,14 @@
{
networking.firewall.allowedTCPPorts = [ 1883 ];
networking.firewall.allowedUDPPorts = [ 1883 ];
services.mosquitto = {
enable = true;
host = "0.0.0.0";
users = {};
# TODO: secure that shit
aclExtraConf = ''
pattern readwrite #
'';
allowAnonymous = true;
};
}

View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/muell_mail";
rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f";
sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2";
}) {};
home = "/var/lib/muell_mail";
cfg = toString <secrets/shack/muell_mail.js>;
in {
users.users.muell_mail = {
inherit home;
createHome = true;
};
systemd.services.muell_mail = {
description = "muell_mail";
wantedBy = [ "multi-user.target" ];
environment.CONFIG = "${home}/muell_mail.js";
serviceConfig = {
User = "muell_mail";
ExecStartPre = pkgs.writeDash "muell_mail-pre" ''
install -D -omuell_mail -m700 ${cfg} ${home}/muell_mail.js
'';
WorkingDirectory = home;
PermissionsStartOnly = true;
ExecStart = "${pkg}/bin/muell_mail";
Restart = "always";
PrivateTmp = true;
};
};
}

View File

@ -0,0 +1,43 @@
{ config, lib, pkgs, ... }:
let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/muellshack";
rev = "d8a5e2d4c0a22804838675ac42b468299dcd9a76";
sha256 = "0ff6q64dgdxmpszp94z100fdic175b1vvxn4crg8p0jcabzxsv0m";
}) {};
home = "/var/lib/muellshack";
port = "8081";
in {
users.users.muellshack = {
inherit home;
createHome = true;
};
services.nginx.virtualHosts."muell.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/muellshack/";
};
};
services.nginx.virtualHosts."openhab.shack" = {
locations."/muellshack/".proxyPass = "http://localhost:${port}/muellshack/";
};
systemd.services.muellshack = {
description = "muellshack";
wantedBy = [ "multi-user.target" ];
environment.PORT = port;
serviceConfig = {
User = "muellshack";
# do not override the current storage fil
ExecStartPre = pkgs.writeDash "call-muell-pre" ''
cp -vf ${pkg}/share/static_muelldata.json ${home}
cp -vn ${pkg}/share/storage.json ${home}
chmod 700 ${home}/storage.json
'';
WorkingDirectory = home;
ExecStart = "${pkg}/bin/muellshack";
Restart = "always";
PrivateTmp = true;
};
};
}

View File

@ -0,0 +1,53 @@
{ config, lib, pkgs, ... }:
let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/node-light.git";
rev = "a32c782650c4cc0adf51250fe249167d7246c59b";
sha256 = "0clvcp1m2ay0a9ibh7s21q7d9a6nam3497bysvc6mdygblks22qy";
}) {};
home = "/var/lib/node-light";
port = "8082";
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 2342 ];
users.users.node-light = {
inherit home;
createHome = true;
};
services.nginx.virtualHosts."lounge.light.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/lounge/";
};
};
services.nginx.virtualHosts."power.light.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/power/";
};
};
services.nginx.virtualHosts."openhab.shack" = {
serverAliases = [ "lightapi.shack" ];
locations."/power/".proxyPass = "http://localhost:${port}/power/";
locations."/lounge/".proxyPass = "http://localhost:${port}/lounge/";
};
systemd.services.node-light= {
description = "node-light";
wantedBy = [ "multi-user.target" ];
environment.PORT = port;
serviceConfig = {
User = "node-light";
# do not override the current storage file
ExecStartPre = pkgs.writeDash "call-light-pre" ''
cp -vn ${pkg}/share/storage.json ${home}
chmod 700 ${home}/storage.json
'';
WorkingDirectory = home;
ExecStart = "${pkg}/bin/node-light";
Restart = "always";
PrivateTmp = true;
};
};
}

View File

@ -0,0 +1,72 @@
{ config, lib, pkgs, ... }:
# Replacement for powerraw.shack pollin box
# Requires usb-serial device on host
# Requires mqtt available at mqtt.shack
# Requires hostname powerraw.shack
let
influx-url = "http://influx.shack:8086";
pkg = pkgs.python3.pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/powermeter.git";
rev = "96609f0d632e0732afa768ddd7b3f8841ca37c1b";
sha256 = "sha256:0wfpm3ik5r081qv2crmpjwylgg2v8ximq347qh0fzq1rwv0dqbnn";
}) {};
in {
# receive response from light.shack / standby.shack
networking.firewall.allowedUDPPorts = [ 11111 ];
users.users.powermeter.extraGroups = [ "dialout" ];
systemd.services.powermeter-serial2mqtt = {
description = "powerraw Serial -> mqtt";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "powermeter";
ExecStart = "${pkg}/bin/powermeter-serial2mqtt";
Restart = "always";
PrivateTmp = true;
};
};
systemd.services.powermeter-mqtt2socket = {
description = "powerraw mqtt -> raw socket 11111";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "powermeter";
ExecStart = "${pkg}/bin/powermeter-mqtt2socket";
Restart = "always";
PrivateTmp = true;
};
};
services.telegraf = {
enable = true;
extraConfig = {
agent.debug = false;
outputs = {
influxdb = [{
urls = [ influx-url ];
database = "telegraf";
}];
};
};
};
services.telegraf.extraConfig.inputs.mqtt_consumer = let
genTopic = name: topic: tags: {
servers = [ "tcp://mqtt.shack:1883" ];
qos = 0;
connection_timeout = "30s";
topics = [ topic ];
inherit tags;
persistent_session = false;
name_override = name;
data_format = "value";
data_type = "float";
};
sensor = "total";
types = [ "Voltage" "Current" "Power" ];
phases = [ 1 2 3 ];
in
[ (genTopic "Power consumed" "/power/${sensor}/consumed" { inherit sensor; }) ] ++
(lib.flatten (map (type: (map (phase: (genTopic "Power" "/power/${sensor}/L${toString phase}/${type}" { inherit sensor phase type; }) ) phases)) types));
}

View File

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 9100 ];
services.prometheus.exporters.node = {
enable = true;
enabledCollectors = [
"conntrack"
"diskstats"
"entropy"
"filefd"
"filesystem"
"loadavg"
"mdadm"
"meminfo"
"netdev"
"netstat"
"stat"
"time"
"vmstat"
"systemd"
"logind"
"interrupts"
"ksmd"
];
};
}

View File

@ -0,0 +1,195 @@
{ pkgs, lib, config, ... }:
# from https://gist.github.com/globin/02496fd10a96a36f092a8e7ea0e6c7dd
{
networking = {
firewall.allowedTCPPorts = [
3000 # grafana
9090 # prometheus
9093 # alertmanager
];
useDHCP = true;
};
services = {
prometheus = {
enable = true;
extraFlags = [
"-storage.local.retention 8760h"
"-storage.local.series-file-shrink-ratio 0.3"
"-storage.local.memory-chunks 2097152"
"-storage.local.max-chunks-to-persist 1048576"
"-storage.local.index-cache-size.fingerprint-to-metric 2097152"
"-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
];
alertmanagerURL = [ "http://localhost:9093" ];
rules = [
''
ALERT node_down
IF up == 0
FOR 5m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Node is down.",
description = "{{$labels.alias}} has been down for more than 5 minutes."
}
ALERT node_systemd_service_failed
IF node_systemd_unit_state{state="failed"} == 1
FOR 4m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
}
ALERT node_filesystem_full_90percent
IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
FOR 5m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
}
ALERT node_filesystem_full_in_4h
IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
FOR 5m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
}
ALERT node_filedescriptors_full_in_3h
IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
FOR 20m
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
}
ALERT node_load1_90percent
IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
FOR 1h
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: Running on high load.",
description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
}
ALERT node_cpu_util_90percent
IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
FOR 1h
LABELS {
severity="page"
}
ANNOTATIONS {
summary = "{{$labels.alias}}: High CPU utilization.",
description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
}
ALERT node_ram_using_90percent
IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
FOR 30m
LABELS {
severity="page"
}
ANNOTATIONS {
summary="{{$labels.alias}}: Using lots of RAM.",
description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
}
''
];
scrapeConfigs = [
{
job_name = "node";
scrape_interval = "10s";
static_configs = [
{
targets = [
"localhost:9100"
];
labels = {
alias = "wolf.shack";
};
}
{
targets = [
"localhost:9130"
];
labels = {
alias = "unifi.shack";
};
}
{
targets = [
"10.42.22.184:9100" # puyak.shack
];
labels = {
alias = "puyak.shack";
};
}
{
targets = [
"phenylbutazon.shack:9100"
];
labels = {
alias = "phenylbutazon.shack";
};
}
{
targets = [
"ibuprofen.shack:9100"
];
labels = {
alias = "ibuprofen.shack";
};
}
];
}
];
alertmanager = {
enable = true;
listenAddress = "0.0.0.0";
configuration = {
"global" = {
"smtp_smarthost" = "smtp.example.com:587";
"smtp_from" = "alertmanager@example.com";
};
"route" = {
"group_by" = [ "alertname" "alias" ];
"group_wait" = "30s";
"group_interval" = "2m";
"repeat_interval" = "4h";
"receiver" = "team-admins";
};
"receivers" = [
{
"name" = "team-admins";
"email_configs" = [
{
"to" = "devnull@example.com";
"send_resolved" = true;
}
];
"webhook_configs" = [
{
"url" = "https://example.com/prometheus-alerts";
"send_resolved" = true;
}
];
}
];
};
};
};
};
}

View File

@ -0,0 +1,10 @@
{lib, ... }:
{
services.prometheus.exporters.unifi = {
enable = true;
unifiAddress = "https://unifi.shack:8443/";
unifiInsecure = true;
unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
};
}

View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
pkg = pkgs.callPackage (
pkgs.fetchgit {
url = "https://git.shackspace.de/rz/s3-power";
rev = "b2b87b56bb40d714dbbecd1285566870b256aec4";
sha256 = "sha256:02wikwf3rgkkggwbwqisdvhlwd38w5pw011xhwvhnj114s3rynan";
}) {};
home = "/var/lib/s3-power";
cfg = toString <secrets/shack/s3-power.json>;
in {
users.users.s3_power = {
inherit home;
createHome = true;
};
systemd.services.s3-power = {
startAt = "daily";
description = "s3-power";
environment.CONFIG = "${home}/s3-power.json";
serviceConfig = {
Type = "oneshot";
User = "s3_power";
ExecStartPre = pkgs.writeDash "s3-power-pre" ''
install -D -os3_power -m700 ${cfg} ${home}/s3-power.json
'';
WorkingDirectory = home;
PermissionsStartOnly = true;
ExecStart = "${pkg}/bin/s3-power";
PrivateTmp = true;
};
};
}

View File

@ -236,6 +236,7 @@ in {
"tracker.makefu.r"
"wiki.gum.r"
"wiki.makefu.r"
"sick.makefu.r"
];
};
};
@ -289,11 +290,17 @@ in {
};
};
};
rockit = rec { # router@home
shackdev = rec { # router@shack
cores = 1;
nets.wiregrill.ip4.addr = "10.244.245.2";
};
rockit = rec { # router@home
cores = 1;
nets.wiregrill.ip4.addr = "10.244.245.3";
};
senderechner = rec {
cores = 2;
nets = {

View File

@ -1 +1 @@
YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
LPMs1h9+8ABqeZsS6xmHC7votPqpUT609XuktAhaik8=

View File

@ -0,0 +1 @@
YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=

View File

@ -1,4 +1,4 @@
{ name }: rec {
{ name, target ? name }: rec {
krops = ../submodules/krops;
@ -63,7 +63,7 @@
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
target = "root@${name}/var/src";
target = "root@${target}/var/src";
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)

View File

@ -0,0 +1 @@
{}

View File

@ -5,8 +5,8 @@ in {
imports = [
<stockholm/makefu>
./hardware-config.nix
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
# <stockholm/makefu/2configs/tools/core.nix>
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
<stockholm/makefu/2configs/binary-cache/nixos.nix>
#<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/homeautomation/default.nix>
@ -24,5 +24,4 @@ in {
documentation.man.enable = false;
services.nixosManual.enable = false;
sound.enable = false;
}

View File

@ -48,7 +48,6 @@ in {
hardware.cpu.amd.updateMicrocode = true;
zramSwap.enable = true;
zramSwap.numDevices = 2;
makefu.snapraid = let
toMedia = name: "/media/" + name;

View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let
primaryInterface = "eth0";
in {
imports = [
<stockholm/makefu>
./hardware-config.nix
# <stockholm/makefu/2configs/tools/core.nix>
{ environment.systemPackages = with pkgs;[ rsync screen curl git ];}
<stockholm/makefu/2configs/binary-cache/nixos.nix>
#<stockholm/makefu/2configs/support-nixos.nix>
# configure your hw:
# <stockholm/makefu/2configs/save-diskspace.nix>
];
krebs = {
enable = true;
tinc.retiolum.enable = true;
build.host = config.krebs.hosts.firecracker;
};
networking.firewall.trustedInterfaces = [ primaryInterface ];
documentation.info.enable = false;
documentation.man.enable = false;
services.nixosManual.enable = false;
sound.enable = false;
}

View File

@ -0,0 +1,30 @@
{ pkgs, lib, ... }:
{
boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.generic-extlinux-compatible.configurationLimit = 1;
boot.loader.generationsDir.enable = lib.mkDefault false;
boot.supportedFilesystems = lib.mkForce [ "vfat" ];
boot.tmpOnTmpfs = lib.mkForce false;
boot.cleanTmpDir = true;
hardware.enableRedistributableFirmware = true;
## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.wireless.enable = true;
# File systems configuration for using the installer's partition layout
swapDevices = [ { device = "/var/swap"; size = 4096; } ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
}

View File

@ -0,0 +1,4 @@
{
name="cake";
full = true;
}

View File

@ -97,6 +97,24 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/torrent.nix>
{ services.sickbeard = {
enable = true;
package = pkgs.sickgear;
user = "sickbeard";
group = "download";
port = 8280;
};
services.nginx.virtualHosts."sick.makefu.r" = {
locations."/".proxyPass = http://localhost:8280;
extraConfig = ''
if ( $server_addr = "${external-ip}" ) {
return 403;
}
'';
};
users.users.sickbeard.extraGroups = [ "nginx" ];
}
{ nixpkgs.config.allowUnfree = true; }
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
@ -111,6 +129,7 @@ in {
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
<stockholm/makefu/2configs/wireguard/wiregrill.nix>
# Removed until move: no extra mails
<stockholm/makefu/2configs/urlwatch>
@ -153,11 +172,17 @@ in {
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://cgit.gum.r";
};
krebs.build.host = config.krebs.hosts.gum;
# Network

View File

@ -41,7 +41,7 @@ in {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ];
boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
@ -67,7 +67,7 @@ in {
fileSystems."/var/www/binaergewitter" = {
device = "/dev/nixos/binaergewitter";
fsType = "ext4";
options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ];
options = [ "nofail" ];
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/nixos/backup";

View File

@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
kernel = pkgs.callPackage ./kernel.nix {
kernelPatches = with pkgs.kernelPatches; [
# kernelPatches.bridge_stp_helper
# kernelPatches.modinst_arg_list_too_long
];
};
in
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
# <stockholm/makefu/2configs/minimal.nix>
];
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix build config.system.build.sdImage -I nixos-config=makefu/1systems/sdcard/config.nix -f /home/makefu/nixpkgs/nixos
boot.kernelParams = ["console=ttyS2,1500000" "earlycon=uart8250,mmio32,0xff1a0000"];
# boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackagesFor kernel;
boot.supportedFilesystems = lib.mkForce [ "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
# krebs.hidden-ssh.enable = true;
environment.systemPackages = with pkgs; [
aria2
ddrescue
];
environment.extraInit = ''
EDITOR=vim
'';
# iso-specific
services.openssh = {
enable = true;
hostKeys = [
{ bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
};
# enable ssh in the iso boot process
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
}

View File

@ -0,0 +1,15 @@
{ fetchFromGitLab, buildLinux, ... } @ args:
buildLinux (args // rec {
version = "4.4.55";
modDirVersion = "4.4.55";
extraMeta.branch = "4.4";
defconfig = "firefly_linux_defconfig";
src = fetchFromGitLab {
owner = "TeeFirefly";
repo = "linux-kernel";
rev = "firefly_0821_release";
sha256 = "1fwj9cm5ysz286znrr3fyrhfn903m84i7py4rv3y3h9avxb3zl1r";
};
extraMeta.platforms = [ "aarch64-linux" ];
} // (args.argsOverride or {}))

View File

@ -0,0 +1,3 @@
{
name="iso";
}

View File

@ -16,15 +16,16 @@ in {
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/media.nix>
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
# <stockholm/makefu/2configs/vncserver.nix>
<stockholm/makefu/2configs/logging/server.nix>
# Services
# <stockholm/makefu/2configs/hydra/stockholm.nix>
@ -33,7 +34,7 @@ in {
<stockholm/makefu/2configs/bluetooth-mpd.nix>
# Sensors
<stockholm/makefu/2configs/stats/client.nix>
# <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/collectd-client.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
@ -44,16 +45,10 @@ in {
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; }
{
# Risikoübernahme
nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.77.2"
];
}
<stockholm/makefu/2configs/bureautomation>
<stockholm/makefu/2configs/bureautomation> # new hass entry point
<stockholm/makefu/2configs/bureautomation/led-fader.nix>
<stockholm/makefu/2configs/bureautomation/mpd.nix>
<stockholm/makefu/2configs/bureautomation/hass.nix>
# <stockholm/makefu/2configs/bureautomation/mpd.nix> #mpd is only used for TTS
<stockholm/makefu/2configs/mqtt.nix>
(let
collectd-port = 25826;
influx-port = 8086;
@ -85,6 +80,7 @@ in {
'';
})
<stockholm/makefu/2configs/backup/state.nix>
# temporary
# <stockholm/makefu/2configs/temp/rst-issue.nix>
];
@ -106,6 +102,7 @@ in {
LoadPlugin curl
<Plugin curl>
Interval 300
TotalTime true
NamelookupTime true
ConnectTime true

View File

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
krebs.Reaktor.reaktor-bgt = {
nickname = "Reaktor|bgt";
workdir = "/var/lib/Reaktor/bgt";
channels = [ "#binaergewitter" ];
plugins = with pkgs.ReaktorPlugins;
[ titlebot
# stockholm-issue
nixos-version
# shack-correct
# sed-plugin
random-emoji ];
};
}

View File

@ -1,154 +0,0 @@
[
{ alias = "start Felix 10h";
trigger = {
platform = "state";
entity_id = [ "device_tracker.felix_phone" "device_tracker.felix_laptop" ];
from = "not_home";
to = "home";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.felix_10h";
state = "idle";
}
{
condition = "time";
after = "06:00:00";
before = "12:00:00";
}
];
};
action = [
{ service = "timer.start";
entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ] ;
}
{ service = "homeassistant.turn_on";
entity_id = [
"script.buzz_red_led_fast"
"script.blitz_10s"
];
}
{ service = "light.turn_on";
data = {
effect = "2";
entity_id = [ "light.status_felix" ];
};
}
];
}
{ alias = "Disable Felix timer at button press";
trigger = {
platform = "state";
entity_id = "binary_sensor.redbutton";
to = "on";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.felix_10h";
state = "active";
}
{
condition = "time";
after = "12:00:00";
before = "22:00:00";
}
];
};
action =
[
{
service = "timer.cancel";
entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ];
}
{
service = "homeassistant.turn_on";
entity_id = [ "script.buzz_red_led_fast" ];
}
{
service = "homeassistant.turn_off";
entity_id = [ "light.status_felix" ];
}
];
}
{
alias = "Genug gearbeitet Felix";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_7h";
};
action =
[
{ service = "light.turn_on";
data = {
rgb_color= [0 255 0];
# effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
{
alias = "nun aber nach hause";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_8_30h";
};
action =
[
{ service = "light.turn_on";
data = {
rgb_color= [255 255 0];
# effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
{
alias = "Zu lange Felix!";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_10h";
};
action =
[
{
service = "notify.telegrambot";
data = {
title = "Zu lange Felix!";
message = "Du bist schon 10 Stunden auf Arbeit, geh jetzt gefälligst nach Hause!";
};
}
{
service = "homeassistant.turn_on";
entity_id = [
"script.buzz_red_led"
"script.blitz_10s"
];
}
{ service = "light.turn_on";
data = {
rgb_color= [255 0 0];
effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
]

View File

@ -23,19 +23,11 @@
item.partymode = "music";
};
}
{
service = "tts.google_say";
entity_id = "media_player.kodi";
data = {
message = "Willkommen in deinem Lieblingsbüro";
language = "de";
};
}
{
service = "notify.telegrambot";
data = {
title = "Bureau Startup";
message = "Willkommen {{ trigger.platform }}";
message = "Das Büro wurde eröffnet";
};
}
];

View File

@ -0,0 +1,74 @@
let
long_threshold = 30;
in [
{
alias = "Bad Air Alarm 60 seconds";
trigger =
{ platform = "numeric_state";
entity_id = "sensor.air_quality";
above = 1523;
for.seconds = 60;
};
condition = {
condition = "and";
conditions = [
{ condition = "state";
entity_id = "group.team";
state = "home";
}
{ condition = "time";
after = "06:00:00";
before = "20:00:00";
}
];
};
action = [
{ service = "homeassistant.turn_on";
entity_id = [
"script.schlechteluft"
];
}
];
}
{
alias = "Bad Air Alarm ${toString long_threshold} Minutes";
trigger =
{ platform = "numeric_state";
entity_id = "sensor.air_quality";
above = 1523;
for.minutes = long_threshold;
};
condition = {
condition = "and";
conditions = [
{ condition = "state";
entity_id = "group.team";
state = "home";
}
{ condition = "time";
after = "06:00:00";
before = "20:00:00";
}
];
};
action = [
{ service = "homeassistant.turn_on";
entity_id = [
"script.schlechteluft"
];
}
{ service = "tts.google_say";
entity_id = "media_player.mpd";
data_template = {
message = "BEEP BEEP - Die luft ist schon ${toString long_threshold} Minuten schlecht! Student Nummer {{ range(1,500) | random }}, öffne ein Fenster.";
language = "de";
};
}
{ service = "notify.matrix_notify";
data_template.message = "Schlechte Luft Alarm seit ${toString long_threshold} Minuten ({{states.sensor.air_quality.state_with_unit}})!";
}
];
}
]

View File

@ -0,0 +1,194 @@
{lib, ... }:
let
persons = [ "frank" "daniel" "thorsten" "carsten" "thierry" "ecki" "felix"
"anthony" # antony
"thierry" # tjeri
];
random_zu_lange = name: ''{{ [
"Du musst jetzt endlich nach Hause gehen ${name}!",
"${name} - 10 Stunden sind rum, bald schenkst du den Franzosen deine Lebenszeit",
"Nur eine Minute über 10 Stunden kann zu einer Stunde Arbeit für Thorsten werden, ${name}.",
"In 10 Minuten kommt dich der Security Mann holen, ${name}",
"Das Sandmännchen ist schon vorbei, gleich fallen dir die Augen zu ${name}.",
"Wenn ${name} sofort los geht, dann ist er noch rechtzeitig für den Tatort zu Hause.",
"${name} muss jetzt gehen, sonst verpasst er die Tagesschau!",
"Es ist spät ${name}. Ausstempeln hilft zwar kurzfristig, kann aber zu langfristigen Problemen führen.",
"${name}, wenn du nach zehn Stunden nach Hause gehst, muss dir dein Vorgesetzter ein Taxi bestellen",
"${name}, wenn du nach zehn Stunden nach Hause gehst, bist du auf dem Rückweg nicht mehr versichert!",
"Zu lange, ${name}!" ] | random }}'' ;
random_announce = name: ''{{ [
"${name} is in da House",
"Ahoi ${name}",
"Moinsen ${name}",
"Moin Moin ${name}",
"Palim, Palim ${name}",
"Vorwärts Genosse ${name}",
"Gemeinsame Grüße, Genosse ${name}",
"Sozialistische Grüße, Genosse ${name}",
"Konzentrierte Grüße, Genosse ${name}",
"Ach, der ${name} ist auch wieder da...",
"Nicht ${name} schon wieder",
"Tri tra tralala, der ${name} ist wieder da.",
"Na sieh mal einer an, ${name} hat es auch her geschafft",
"Wer ist im Büro eingetroffen? ${name} ist es!",
"Willkommen in deinem Lieblingsbüro, ${name}.",
"Klopf, Klopf, wer ist da? ${name} ist da!",
"Messer, Gabel, Schere, Licht sind für kleinen ${name} nicht.",
"Ich kenne ein Geheimnis, ${name} ist angekommen",
"Wir sind ${name}. Sie werden assimiliert werden",
"Achtung, es erfolgt eine Durchsage. ${name} ist eingetroffen",
"Die Scanner haben eine dem System bekannte Lebensform mit dem Namen ${name} detektiert",
"Das Büro sieht dich, ${name}",
"Das Büro riecht dich, ${name}",
"Im Kalender von ${name} sind heute acht Meetings eingeplant, von denen zwei bereits verpasst wurden",
"Das Postfach von ${name} beinhaltet einhundertachtundzwanzig ungelesene E-Mails.",
"Nachricht von Serge: ${name}, bitte melden Sie sich Umgehend bei mir im Büro!",
"Luftqualität hat sich durch das Eintreffen von ${name} um zweihunder Punkte verschlechtert, bitte alle Fenster öffnen.",
"Die Tür geht auf, wer mag das sein? Schon schreitet hier der ${name} ein. Das Volk, es jubelt, Dirnen schmachten. Fürs Festmahl beginnt man schon zu schlachten. Er wird nur nach dem besten streben! Der ${name}, er soll lange leben!",
"${name} arbeitet gern für seinen Konzern",
"${name} ist nur froh im Großraumbüro",
"Für ${name} ist die schönste Zeit ... die Arbeit",
"Ein Fleißbienchen für ${name} zum rechtzeitigen Erscheinen im Büro",
"${name} ist heute wohl doch nicht im Office Home",
"${name} ist bereit für einen Tag voller Meetings",
"Und es startet für ${name} wieder ein Tag im Paradies",
"Lieber ${name}, Markus Keck hat dich bereits drei mal Versucht anzurufen!",
"Trotz schwerer Männergrippe ist ${name} heute im Büro erschienen.",
"${name} kenne keine Parteien mehr, ${name} kenne nur noch Arbeitsplätze",
"${name}, Frage nicht, was dein Arbeitsplatz für dich tun kann. Frage, was du für deinen Arbeitsplatz tun kannst",
"${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für meine Firma",
"Der Cyberian ${name} ist gekommen um die Bahnwelt vor Cyber-Angriffen zu schützen",
"Alles paletto im Ghetto, ${name}?",
"Hach, ${name}, wenn du hier rein kommst fühlt es sich gleich wieder an wie Montag.",
"Oh nein, nicht schon wieder ${name}",
"Wer wohnt in der Ananas ganz tief im Meer? ${name} Schwammkopf!",
"Arbeit ist Freizeit! Wachstum ist Fortschritt! Sicherheit ist Freiheit! Eine kleine Erinnerung für ${name}"] | random }}'' ;
tmr_10h = name: {
"${name}_10h" = {
name = "${name} 10h Timer";
duration = "10:00:00";
};
};
zu_lange_user = name:
{ "zu_lange_${name}" = {
alias = "Random Zu Lange ${name}";
sequence = [
{ service = "media_player.play_media";
data = {
entity_id = "media_player.mpd";
media_content_type = "playlist";
media_content_id = "ansage";
};
}
{ delay.seconds = 5; }
{ service = "tts.google_say";
entity_id = "media_player.mpd";
data_template = {
message = random_zu_lange name;
language = "de";
};
}
];
};
};
announce_user = name:
{ "announce_${name}" = {
alias = "Random Announce ${name}";
sequence = [
{ delay.seconds = 7; }
{ service = "media_player.play_media";
data = {
entity_id = "media_player.mpd";
media_content_type = "playlist";
media_content_id = "ansage";
};
}
{ delay.seconds = 4; }
{ service = "tts.google_say";
entity_id = "media_player.mpd";
data_template = {
message = random_announce name;
language = "de";
};
}
];
};
};
automation_10h = name: [
{ alias = "start ${name} 10h";
trigger = {
platform = "state";
# TODO: ecki
entity_id = [ "device_tracker.${name}_phone"];
from = "not_home";
to = "home";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.${name}_10h";
state = "idle";
}
{
condition = "time";
after = "06:00:00";
before = "12:00:00";
}
];
};
action = [
{ service = "timer.start";
entity_id = [ "timer.${name}_10h" ] ;
}
{ service = "homeassistant.turn_on";
entity_id = [
# "script.buzz_${name}"
"script.blitz_10s"
"script.announce_${name}"
];
}
];
}
{ alias = "Zu lange ${name}!";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.${name}_10h";
};
condition =
{
condition = "state";
entity_id = "device_tracker.${name}_phone";
state = "home";
};
action =
[
{ service = "homeassistant.turn_on";
entity_id = [
"script.blitz_10s"
"script.zu_lange_${name}"
];
}
];
}
];
in
{
timer =lib.fold lib.recursiveUpdate {}
(map tmr_10h persons);
automation = (lib.flatten (map automation_10h persons));
script = lib.fold lib.recursiveUpdate {} (
(map (p: announce_user p) persons) ++
(map (p: zu_lange_user p) persons)
);
}

View File

@ -0,0 +1,3 @@
# Combination Folder
files return a dictionary of different types used in home-assistant instead of
a single thing.

View File

@ -0,0 +1,65 @@
{ lib, ... }:
#matrix:
# password: supersecurepassword
# rooms:
# - "#hasstest:matrix.org"
# commands:
# - word: my_command
# name: my_command
let
mom_room = "!kTQjvTQvfVsvfEtmth:thales.citadel.team";
in {
matrix =
{
# secrets:
# homeserver, username, password
homeserver = "https://ext01.citadel.team";
rooms = [
mom_room
];
commands = [
{
# alternative: expression for regexp
word = "version";
name = "version";
}
{
word = "luftqualität";
name = "luftqualitaet";
}
];
} // (builtins.fromJSON (builtins.readFile
<secrets/hass/citadel-bot.json>));
automation = [
{
alias = "React to !version";
trigger = {
platform = "event";
event_type = "matrix_command";
event_data.command = "version";
};
action = {
service = "notify.matrix_notify";
data_template.message = "Running home-assistant {{states.sensor.current_version.state}}";
};
}
{
alias = "React to !luftqualität";
trigger = {
platform = "event";
event_type = "matrix_command";
event_data.command = "luftqualitaet";
};
action = {
service = "notify.matrix_notify";
data_template.message = "Temp: {{states.sensor.easy2_dht22_temperature.state_with_unit}} Hum:{{states.sensor.easy2_dht22_humidity.state_with_unit}} airquality:{{states.sensor.air_quality.state_with_unit}}";
};
}
];
notify = [{
name = "matrix_notify";
platform = "matrix";
default_room = mom_room;
}];
}

View File

@ -0,0 +1,89 @@
{ lib, ... }:
let
# TODO: remove redundant code (from multi_blink) via lib
flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
{
inherit alias;
sequence = lib.flatten (builtins.genList (i: [
{ service = "homeassistant.turn_on";
data.entity_id = entity;
}
{ delay.milliseconds = delay; }
{ service = "homeassistant.turn_off";
data.entity_id = entity;
}
{ delay.milliseconds = delay; }
]
) count);
};
# TODO: use influxdb and check if pommes
random_mittagessen = '' {{ [
"Es ist 12 uhr 30. Der Aramark Gourmettempel hat, wie jeden Tag, wieder die feinsten Köstlichkeiten für euch Vorbereitet",
"Heute bei Aramark: Rezepte aus Ländern, von denen Ihr noch nie gehört habt, Deutsch zubereitet",
"Heute bei Aramark im Angebot: Scheiss mit Reis oder Reste von Freitag",
"MHHHH es ist wieder mal so weit, lecker Bayerisch Kraut mit asiatischen Nudeln",
"Es ist 12 Uhr 30 und Heute gibt es Pommes - vielleicht",
"Heute gibt es Pommes - leider nicht einzeln zu verkaufen, da die Schälchen alle sind",
"Heute gibt es Pommes - verarscht! Natürlich gibt es nur salzlosen Reis, oder salzlose Nudeln.",
"Heute auf dem Speiseplan: Sushi vom Vortag",
"Aramark Kantinenessen: Der Hunger treibt es rein, der Geiz hält es drin.",
"Das Essen in der Snackeria sieht heute wie die bessere Alternative aus",
"Heute ist wohl wieder ein Beilagen-Tag",
"Lunch time! Good luck, you will need it!",
"Heute vielleicht lieber doch nur einen Salat?",
"Im Büro ist es eh gerade viel zu warm, also ab zur Kantine",
"Im Büro ist es eh gerade viel zu kalt, also ab zur Kantine",
"Heute scheint die Auswahl wieder sehr schwierig zu sein. Vielleicht doch lieber ein Brötchen mit Fleischkäse vom Bäcker beim Baumarkt?",
"Wer hat hier schon wieder ein Meeting auf 12 Uhr gelegt? Skandal!",
"Jetzt nur noch kurz die Mail fertig schreiben und schon kann es los gehen.",
"Es ist 13 Uhr und die Mittagspause ist bald vorbei .... Kleiner Scherz, es ist erst 12:30, aber Ihr hättet auch nicht wirklich etwas verpasst.",
"Hallo, es ist nun 12 Uhr 30! Dies entspricht der Essenszeit aller Büroinsassen. Bitte begebt euch zur Aramark Essensausgabe um euren menschlichen Bedürfnissen nachzukommen."] | random }}'';
in {
automation = [
{ alias = "Mittagessen";
trigger = {
platform = "time";
at = "12:30:00";
};
action = [
{ service = "homeassistant.turn_on";
entity_id = [
"script.mittagessen_announce"
"script.blitz_10s"
"script.mittagessenlicht"
];
}
];
}
];
script = {
mittagessenlicht = (flash_entity {
entity = "switch.bauarbeiterlampe";
alias = "Bauarbeiterlampe Mittagessenlicht";
delay = 1000;
count = 5;
});
mittagessen_announce = {
alias = "Random Mittagessen announce";
sequence = [
{
service = "media_player.play_media";
data = {
entity_id = "media_player.mpd";
media_content_type = "playlist";
media_content_id = "ansage";
};
}
{ delay.seconds = 5; }
{
service = "tts.google_say";
entity_id = "media_player.mpd";
data_template = {
message = random_mittagessen;
language = "de";
};
}
];
};
};
}

View File

@ -1,45 +1,251 @@
{ pkgs, lib, ... }:
with lib;
{ config, pkgs, lib, ... }:
let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
# we ignore non-alerting events
test $state = alerting || exit 0
echo $name - $state
topic=plug
mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON
sleep 5
mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
'';
kodi-host = "192.168.8.11";
ten_hours = import ./combination/10h_timers.nix { inherit lib; }; # provides: timer automation script
mittagessen = import ./combination/mittagessen.nix { inherit lib; }; # provides: automation script
matrix = import ./combination/matrix.nix { inherit lib; }; # provides: matrix automation
in {
imports = [
./ota.nix
];
services.logstash = {
package = pkgs.logstash5;
networking.firewall.allowedTCPPorts = [ 8123 ];
state = [ "/var/lib/hass/known_devices.yaml" ];
services.home-assistant = let
dwd_pollen = pkgs.fetchFromGitHub {
owner = "marcschumacher";
repo = "dwd_pollen";
rev = "0.1";
sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
};
in {
enable = true;
inputConfig = ''
http {
port => ${toString port}
host => "127.0.0.1"
package = (pkgs.home-assistant.overrideAttrs (old: {
# TODO: find correct python package
installCheckPhase = ''
echo LOLLLLLLLLLLLLLL
'';
postInstall = ''
cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen
'';
})).override {
extraPackages = ps: with ps; [
pkgs.pico2wave
python-forecastio jsonrpc-async jsonrpc-websocket mpd2
(callPackage ./deps/gtts-token.nix { })
(callPackage ./deps/pyhaversion.nix { })
];
};
autoExtraComponents = true;
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
latitude = "48.8265";
longitude = "9.0676";
elevation = 303;
auth_providers = [
{ type = "homeassistant";}
{ type = "legacy_api_password";}
{ type = "trusted_networks";
# allow_bypass_login = true;
}
'';
filterConfig = ''
'';
outputConfig = ''
stdout { codec => json }
exec { command => "${runit} '%{ruleName}' '%{state}'" }
'';
extraSettings = ''
path.plugins: [ "${pkgs.logstash-output-exec}" ]
'';
];
};
# https://www.home-assistant.io/components/influxdb/
influxdb = {
database = "hass";
tags = {
instance = "wbob";
source = "hass";
};
};
matrix = matrix.matrix;
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
keepalive = 60;
protocol = 3.1;
birth_message = {
topic = "/bam/hass/tele/LWT";
payload = "Online";
qos = 1;
retain = true;
};
will_message = {
topic = "/bam/hass/tele/LWT";
payload = "Offline";
qos = 1;
retain = true;
};
};
switch = (import ./switch/tasmota_switch.nix) ++
(import ./switch/rfbridge.nix);
light = (import ./light/statuslight.nix) ++
(import ./light/buzzer.nix);
timer = ten_hours.timer;
notify = [
{
platform = "kodi";
name = "wbob-kodi";
host = kodi-host;
}
{
platform = "telegram";
name = "telegrambot";
chat_id = builtins.elemAt
(builtins.fromJSON (builtins.readFile
<secrets/hass/telegram-bot.json>)).allowed_chat_ids 0;
}
] ++ matrix.notify;
media_player = [
{ platform = "kodi";
host = kodi-host;
}
{ platform = "mpd";
host = "127.0.0.1";
}
];
script = lib.fold lib.recursiveUpdate {} [
((import ./script/multi_blink.nix) {inherit lib;})
ten_hours.script
mittagessen.script
];
binary_sensor =
(import ./binary_sensor/buttons.nix) ++
(import ./binary_sensor/motion.nix);
sensor =
[{ platform = "version"; }] ++
(import ./sensor/pollen.nix) ++
(import ./sensor/espeasy.nix) ++
(import ./sensor/airquality.nix) ++
((import ./sensor/outside.nix) {inherit lib;}) ++
(import ./sensor/influxdb.nix) ++
(import ./sensor/tasmota_firmware.nix);
camera =
(import ./camera/verkehrskamera.nix);
# not yet released
#person =
# (import ./person/team.nix );
frontend = { };
http = {
# TODO: https://github.com/home-assistant/home-assistant/issues/16149
base_url = "http://192.168.8.11:8123";
api_password = "sistemas";
trusted_networks = [
"127.0.0.1/32"
"192.168.8.0/24"
"::1/128"
"fd00::/8"
];
};
conversation = {};
history = {};
logbook = {};
tts = [
{ platform = "google";
language = "de";
}
{ platform = "voicerss";
api_key = builtins.readFile <secrets/hass/voicerss.apikey>;
language = "de-de";
}
{ platform = "picotts";
language = "de-DE";
}
];
recorder = {};
sun = {};
telegram_bot = [
(builtins.fromJSON
(builtins.readFile <secrets/hass/telegram-bot.json>))
];
group =
{ default_view =
{ view = "yes";
entities = [
"group.sensors"
"group.camera"
"group.outside"
"group.team"
"group.nachtlicht"
"group.switches"
];
};
automation = [];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.feuer"
"light.status_felix"
"light.status_daniel"
"light.buslicht"
];
team = [
"device_tracker.thorsten_phone"
"device_tracker.felix_phone"
"device_tracker.ecki_tablet"
"device_tracker.daniel_phone"
"device_tracker.carsten_phone"
"device_tracker.thierry_phone"
"device_tracker.frank_phone"
"device_tracker.anthony_phone"
# "person.thorsten"
# "person.felix"
# "person.ecki"
# "person.daniel"
];
camera = [
"camera.Baumarkt"
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
nachtlicht = [
"switch.nachtlicht_a"
"switch.nachtlicht_b"
"switch.nachtlicht_c"
"switch.nachtlicht_d"
];
sensors = [
"media_player.kodi"
"script.blitz_10s"
"script.buzz_red_led_fast"
"timer.felix_10h"
"timer.frank_10h"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
"sensor.air_quality"
# "binary_sensor.redbutton"
];
outside = [
# "sensor.ditzingen_pm10"
# "sensor.ditzingen_pm25"
"sensor.dark_sky_icon"
"sensor.dark_sky_temperature"
"sensor.dark_sky_humidity"
"sensor.dark_sky_uv_index"
# "sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
];
};
# only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
# we don't use imports because the expressions do not merge in
# home-assistant
automation = (import ./automation/bureau-shutdown.nix) ++
(import ./automation/nachtlicht.nix) ++
(import ./automation/schlechteluft.nix) ++
(import ./automation/hass-restart.nix) ++
ten_hours.automation ++
matrix.automation ++
mittagessen.automation;
device_tracker = (import ./device_tracker/openwrt.nix );
};
};
}

View File

@ -0,0 +1,32 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, python
, voluptuous
}:
buildPythonPackage rec {
format = "other";
pname = "dwd_pollen";
version = "0.1";
src = fetchFromGitHub {
owner = "marcschumacher";
repo = "dwd_pollen";
rev = version;
sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
};
propagatedBuildInputs = [
voluptuous
];
installPhase = ''
install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen *
'';
meta = with lib; {
description = "Home Assistant component to retrieve Pollen data from DWD (Germany)";
homepage = https://github.com/marcschumacher/dwd_pollen;
license = licenses.mit;
maintainers = [ maintainers.makefu ];
};
}

View File

@ -0,0 +1,27 @@
{ lib
, buildPythonPackage
, fetchPypi
, requests
}:
buildPythonPackage rec {
pname = "gtts-token";
version = "1.1.3";
src = fetchPypi {
pname = "gTTS-token";
inherit version;
sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5";
};
propagatedBuildInputs = [
requests
];
meta = with lib; {
description = "Calculates a token to run the Google Translate text to speech";
homepage = https://github.com/boudewijn26/gTTS-token;
license = licenses.mit;
# maintainers = [ maintainers. ];
};
}

View File

@ -0,0 +1,33 @@
{ lib
, buildPythonPackage
, fetchpatch
, fetchPypi
, aiohttp
, async-timeout
}:
buildPythonPackage rec {
pname = "pyhaversion";
version = "2.2.1";
src = fetchPypi {
inherit pname version;
sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f";
};
patches = [
(fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch";
sha256 =
"1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";})
];
doCheck = false;
propagatedBuildInputs = [
aiohttp
async-timeout
];
meta = with lib; {
description = "";
homepage = https://github.com/ludeeus/pyhaversion;
# maintainers = [ maintainers. ];
};
}

View File

@ -1,3 +1,6 @@
# requires `opkg install luci-mod-rpc` on router
# see https://www.home-assistant.io/components/luci/
[
{ platform = "luci";
name = "router";

View File

@ -1,198 +0,0 @@
{ pkgs, lib, ... }:
let
kodi-host = "192.168.8.11";
in {
networking.firewall.allowedTCPPorts = [ 8123 ];
state = [ "/var/lib/hass/known_devices.yaml" ];
services.home-assistant = {
enable = true;
package = pkgs.home-assistant.override { python3 = pkgs.python36; };
config = {
homeassistant = {
name = "Bureautomation";
time_zone = "Europe/Berlin";
latitude = "48.8265";
longitude = "9.0676";
elevation = 303;
auth_providers = [
{ type = "homeassistant";}
{ type = "legacy_api_password";}
{ type = "trusted_networks";
# allow_bypass_login = true;
}
];
};
mqtt = {
broker = "localhost";
port = 1883;
client_id = "home-assistant";
keepalive = 60;
protocol = 3.1;
birth_message = {
topic = "/bam/hass/tele/LWT";
payload = "Online";
qos = 1;
retain = true;
};
will_message = {
topic = "/bam/hass/tele/LWT";
payload = "Offline";
qos = 1;
retain = true;
};
};
switch = (import ./switch/tasmota_switch.nix) ++
(import ./switch/rfbridge.nix);
light = (import ./light/statuslight.nix) ++
(import ./light/buzzer.nix);
timer = {
felix_10h = {
name = "Felix 10h Timer";
duration = "10:00:00";
};
felix_8_30h = {
name = "Felix 8_30h Timer";
duration = "08:30:00";
};
felix_7h = {
name = "Felix 7h Timer";
duration = "07:00:00";
};
};
notify = [
{
platform = "kodi";
name = "wbob-kodi";
host = kodi-host;
}
{
platform = "telegram";
name = "telegrambot";
chat_id = builtins.elemAt
(builtins.fromJSON (builtins.readFile
<secrets/hass/telegram-bot.json>)).allowed_chat_ids 0;
}
];
media_player = [
{ platform = "kodi";
host = kodi-host;
}
];
script = (import ./script/multi_blink.nix) {inherit lib;};
binary_sensor =
(import ./binary_sensor/buttons.nix) ++
(import ./binary_sensor/motion.nix);
sensor =
(import ./sensor/espeasy.nix) ++
((import ./sensor/outside.nix) {inherit lib;}) ++
(import ./sensor/influxdb.nix) ++
(import ./sensor/tasmota_firmware.nix);
camera =
(import ./camera/verkehrskamera.nix);
# not yet released
#person =
# (import ./person/team.nix );
frontend = { };
http = {
# TODO: https://github.com/home-assistant/home-assistant/issues/16149
api_password = "sistemas";
trusted_networks = [
"127.0.0.1/32"
"192.168.8.0/24"
"::1/128"
"fd00::/8"
];
};
conversation = {};
history = {};
logbook = {};
tts = [ { platform = "google";} ];
recorder = {};
sun = {};
telegram_bot = [
(builtins.fromJSON
(builtins.readFile <secrets/hass/telegram-bot.json>))
];
group =
{ default_view =
{ view = "yes";
entities = [
"group.sensors"
"group.camera"
"group.outside"
"group.team"
"group.nachtlicht"
"group.switches"
];
};
automation = [
];
switches = [
"switch.bauarbeiterlampe"
"switch.blitzdings"
"switch.fernseher"
"switch.feuer"
"light.status_felix"
"light.status_daniel"
"light.buslicht"
];
team = [
"device_tracker.thorsten_phone"
"device_tracker.felix_phone"
"device_tracker.ecki_tablet"
"device_tracker.daniel_phone"
"device_tracker.carsten_phone"
"device_tracker.thierry_phone"
# "person.thorsten"
# "person.felix"
# "person.ecki"
# "person.daniel"
];
camera = [
"camera.Baumarkt"
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
nachtlicht = [
"switch.nachtlicht_a"
"switch.nachtlicht_b"
"switch.nachtlicht_c"
"switch.nachtlicht_d"
];
sensors = [
"media_player.kodi"
"script.blitz_10s"
"script.buzz_red_led_fast"
"timer.felix_10h"
"sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature"
# "binary_sensor.redbutton"
];
outside = [
# "sensor.ditzingen_pm10"
# "sensor.ditzingen_pm25"
"sensor.dark_sky_icon"
"sensor.dark_sky_temperature"
"sensor.dark_sky_humidity"
"sensor.dark_sky_uv_index"
# "sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary"
"device_tracker.router"
];
};
# only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
# we don't use imports because the expressions do not merge in
# home-assistant
automation = (import ./automation/bureau-shutdown.nix) ++
(import ./automation/nachtlicht.nix) ++
(import ./automation/hass-restart.nix) ++
(import ./automation/10h_timer.nix);
device_tracker = (import ./device_tracker/openwrt.nix );
};
};
}

View File

@ -1,5 +1,7 @@
{lib, ... }:
let
# TODO: flash with different delay
# let an entity blink for X times with a delay of Y milliseconds
flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
{
@ -34,4 +36,10 @@ in {
count = 1;
alias = "blitz for 10 seconds";
});
schlechteluft = (flash_entity {
entity = "switch.bauarbeiterlampe";
alias = "Schlechte Luft Lampe 5 secs";
delay = 5000;
count = 1;
});
}

View File

@ -0,0 +1,9 @@
[
# coming from 2configs/stats/telegraf/
{ platform = "mqtt";
name = "Air Quality";
state_topic = "/telegraf/wbob/airquality";
value_template = "{{ value_json.fields.value }}";
unit_of_measurement = "VOC";
}
]

View File

@ -0,0 +1,7 @@
[ {
platform = "dwd_pollen";
partsregion_ids = [
112
];
}
]

View File

@ -1,7 +1,11 @@
{ config, pkgs, ... }:
{
imports = [
(builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz")
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
}
)
];
mailserver = {

View File

@ -14,6 +14,6 @@
saleae-logic
gitAndTools.gitFull
signal-desktop
rambox
# rambox
];
}

View File

@ -0,0 +1,46 @@
with import <stockholm/lib>;
{ config, pkgs, ... }: let
self = config.krebs.build.host.nets.wiregrill;
isRouter = !isNull self.via; # via "internet" is not set
ext-if = config.makefu.server.primary-itf;
in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
#hack for modprobe inside containers
systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [
(pkgs.writeDashBin "modprobe" ":")
]);
boot.kernel.sysctl = mkIf isRouter {
"net.ipv6.conf.all.forwarding" = 1;
};
networking.firewall = {
allowedUDPPorts = [ self.wireguard.port ];
extraCommands = ''
iptables -A FORWARD -i wiregrill -o wiregrill -j ACCEPT
'';
};
networking.wireguard.interfaces.wiregrill = {
ips =
(optional (!isNull self.ip4) self.ip4.addr) ++
(optional (!isNull self.ip6) self.ip6.addr);
listenPort = self.wireguard.port;
privateKeyFile = (toString <secrets>) + "/wiregrill.key";
allowedIPsAsRoutes = true;
peers = mapAttrsToList
(_: host: {
allowedIPs = if isRouter then
(optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++
(optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr)
else
host.nets.wiregrill.wireguard.subnets
;
endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey);
})
(filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
};
}