From 9d32c9731b90afe0f2227979185364efbe6e0ef4 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 2 Dec 2020 22:26:24 +0100
Subject: [PATCH 1/3] ma pkgs.awesomecfg: fix eval error for nur

---
 makefu/5pkgs/awesomecfg/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/makefu/5pkgs/awesomecfg/default.nix b/makefu/5pkgs/awesomecfg/default.nix
index acbe61f3f..7a4d30137 100644
--- a/makefu/5pkgs/awesomecfg/default.nix
+++ b/makefu/5pkgs/awesomecfg/default.nix
@@ -6,7 +6,7 @@
 , blueman
 , clipit
 , flameshot
-, chapter-marker
+, chapter-marker ? false
 , modkey ? "Mod4"
 , locker? "${pkgs.xlock}/bin/xlock -mode blank"
 , ... }:

From deb3343d1eff747f37d08730d187574677540bf7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 8 Dec 2020 21:41:33 +0100
Subject: [PATCH 2/3] shack/powerraw: pin usb device and use new powerraw
 release to set the appropriate device instead of guessing /dev/ttyUSB0

---
 krebs/2configs/shack/powerraw.nix | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix
index 3cf6beb28..cc3692e85 100644
--- a/krebs/2configs/shack/powerraw.nix
+++ b/krebs/2configs/shack/powerraw.nix
@@ -8,20 +8,25 @@ let
   pkg = pkgs.python3.pkgs.callPackage (
     pkgs.fetchgit {
       url = "https://git.shackspace.de/rz/powermeter.git";
-      rev = "96609f0d632e0732afa768ddd7b3f8841ca37c1b";
-      sha256 = "sha256:0wfpm3ik5r081qv2crmpjwylgg2v8ximq347qh0fzq1rwv0dqbnn";
+      rev = "438b08f";
+      sha256 = "0c5czmrwlw985b7ia6077mfrvbf2fq51iajb481pgqbywgxqis5m";
     }) {};
 in {
   # receive response from light.shack / standby.shack
   networking.firewall.allowedUDPPorts = [ 11111 ];
   users.users.powermeter.extraGroups = [ "dialout" ];
 
+  # we make sure that usb-ttl has the correct permissions
+  # creates /dev/powerraw
+  services.udev.extraRules = ''
+    SUBSYSTEM=="tty", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6001", SYMLINK+="powerraw", MODE="0660", GROUP="dialout"
+  '';
   systemd.services.powermeter-serial2mqtt = {
     description = "powerraw Serial -> mqtt";
     wantedBy = [ "multi-user.target" ];
     serviceConfig = {
       User = "powermeter";
-      ExecStart = "${pkg}/bin/powermeter-serial2mqtt";
+      ExecStart = "${pkg}/bin/powermeter-serial2mqtt /dev/powerraw";
       PrivateTmp = true;
       Restart = "always";
       RestartSec = "15";

From db80207267dd750d6e5fce0a4c15961aa324627b Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 16 Dec 2020 16:10:08 +0100
Subject: [PATCH 3/3] ma anon-sftp: init

---
 .../2configs/shack/prometheus/alert-rules.nix |  7 +++---
 .../light/{groups.nix => schlafzimmer.nix}    |  0
 makefu/2configs/share/anon-sftp.nix           | 25 +++++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)
 rename makefu/2configs/ham/light/{groups.nix => schlafzimmer.nix} (100%)
 create mode 100644 makefu/2configs/share/anon-sftp.nix

diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix
index 1c2d0b1ad..12c691466 100644
--- a/krebs/2configs/shack/prometheus/alert-rules.nix
+++ b/krebs/2configs/shack/prometheus/alert-rules.nix
@@ -14,7 +14,7 @@ in {
               labels.severity = "warning";
               annotations.summary = "{{ $labels.alias }} root disk full";
               annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
-              annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).A vast number of shackspace services will stop working. CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
+              annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
             }
             {
               alert = "RootPartitionFull";
@@ -25,14 +25,15 @@ in {
               annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak";
               annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
             }
+            # wolf.shack is not worth supervising anymore
             {
               alert = "HostDown";
-              expr = ''up{alias="wolf.shack"} == 0'';
+              expr = ''up{alias="infra01.shack"} == 0'';
               for = "5m";
               labels.severity = "page";
               annotations.summary = "Instance {{ $labels.alias }} down for 5 minutes";
               annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
-              annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, try to restart the host via naproxen ( http://naproxen.shack:8006 ). Wolf being down means that CI,glados automation, light management and a couple of other services will not work anymore.'';
+              annotations.description = ''Host {{ $labels.alias }} went down and has not been reconnected after 5 minutes. This is probably bad news, as the machine runs one of the DNS servers and the power broadcast proxy which is used to be able to turn off the light via puyak as well as the shutdown listener.'';
             }
           ];
         }
diff --git a/makefu/2configs/ham/light/groups.nix b/makefu/2configs/ham/light/schlafzimmer.nix
similarity index 100%
rename from makefu/2configs/ham/light/groups.nix
rename to makefu/2configs/ham/light/schlafzimmer.nix
diff --git a/makefu/2configs/share/anon-sftp.nix b/makefu/2configs/share/anon-sftp.nix
new file mode 100644
index 000000000..7cde9317a
--- /dev/null
+++ b/makefu/2configs/share/anon-sftp.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+  services.openssh = {
+    allowSFTP = true;
+    sftpFlags = [ "-l VERBOSE" ];
+    extraConfig = ''
+      Match User anonymous
+        ForceCommand internal-sftp
+        AllowTcpForwarding no
+        X11Forwarding no
+        PasswordAuthentication no
+    '';
+  };
+
+  users.users.anonymous = {
+    uid = genid "anonymous";
+    useDefaultShell = false;
+    password = "anonymous";
+    home = "/media/anon";
+    createHome = true;
+  };
+
+}