Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2019-03-12 11:16:45 +01:00
commit c4ebcc43d2
47 changed files with 822 additions and 441 deletions

View File

@ -5,128 +5,103 @@
with import <stockholm/lib>; with import <stockholm/lib>;
{ config, ... }: let { config, ... }: let
hostDefaults = hostName: host: flip recursiveUpdate host ({ hostDefaults = hostName: host: foldl' recursiveUpdate {} [
{
owner = config.krebs.users.makefu; owner = config.krebs.users.makefu;
} // optionalAttrs (host.nets?retiolum) { }
nets.retiolum.ip6.addr = # Retiolum defaults
(let
pubkey-path = ./retiolum + "/${hostName}.pub";
in optionalAttrs (pathExists pubkey-path) {
nets.retiolum = {
tinc.pubkey = readFile pubkey-path;
aliases = [
"${hostName}.r"
];
ip6.addr =
(krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address; (krebs.genipv6 "retiolum" "makefu" { inherit hostName; }).address;
}); };
})
# Wiregrill defaults
(let
pubkey-path = ./wiregrill + "/${hostName}.pub";
in optionalAttrs (pathExists pubkey-path) {
nets.wiregrill = {
aliases = [
"${hostName}.w"
];
ip6.addr =
(krebs.genipv6 "wiregrill" "makefu" { inherit hostName; }).address;
wireguard.pubkey = readFile pubkey-path;
};
})
# SSHD defaults
(let
pubkey-path = ./sshd + "/${hostName}.pub";
in optionalAttrs (pathExists pubkey-path) {
ssh.pubkey = readFile pubkey-path;
# We assume that if the sshd pubkey exits then there must be a privkey in
# the screts store as well
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
})
host
];
pub-for = name: builtins.readFile (./ssh + "/${name}.pub"); pub-for = name: builtins.readFile (./ssh + "/${name}.pub");
sshd-for = name: builtins.readFile (./sshd + "/${name}.pub"); w6 = ip: (krebs.genipv6 "wiregrill" "makefu" ip).address;
tinc-for= name: builtins.readFile (./tinc + "/${name}.pub");
in { in {
hosts = mapAttrs hostDefaults { hosts = mapAttrs hostDefaults {
cake = rec { cake = rec {
cores = 4; cores = 4;
ci = false; ci = false;
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.136.236";
ip4.addr = "10.243.136.236";
aliases = [
"cake.r"
];
tinc.pubkey = tinc-for "cake";
}; };
}; };
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = sshd-for "cake";
};
crapi = rec { # raspi1 crapi = rec { # raspi1
cores = 1; cores = 1;
ci = false; ci = false;
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.136.237";
ip4.addr = "10.243.136.237";
aliases = [
"crapi.r"
];
tinc.pubkey = tinc-for "crapi";
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = sshd-for "crapi";
};
firecracker = { firecracker = {
cores = 4; cores = 4;
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.12.12";
ip4.addr = "10.243.12.12";
ip6.addr = "42:0:0:0:0:0:0:12";
aliases = [
"firecracker.r"
];
tinc.pubkey = tinc-for "firecracker";
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = sshd-for "firecracker";
};
studio = rec { studio = rec {
ci = false; ci = false;
cores = 4; cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = sshd-for "studio";
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.227.163";
ip4.addr = "10.243.227.163";
aliases = [
"studio.r"
];
tinc.pubkey = tinc-for "studio";
};
}; };
}; };
fileleech = rec { fileleech = rec {
ci = false; ci = false;
cores = 4; cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "";
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.113.98";
ip4.addr = "10.243.113.98";
aliases = [
"fileleech.r"
];
tinc.pubkey = tinc-for "fileleech";
};
}; };
}; };
tsp = { tsp = {
ci = true; ci = true;
cores = 1; cores = 1;
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.0.212";
ip4.addr = "10.243.0.212";
aliases = [
"tsp.r"
];
tinc.pubkey = tinc-for "tsp";
};
}; };
}; };
x = { x = {
ci = true; ci = true;
cores = 4; cores = 4;
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.0.91";
ip4.addr = "10.243.0.91"; wiregrill = {
aliases = [ # defaults
"x.r"
];
tinc.pubkey = tinc-for "x";
}; };
#wiregrill = {
# aliases = [
# "x.w"
# ];
# wireguard.pubkey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
#};
}; };
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = sshd-for "x";
}; };
filepimp = rec { filepimp = rec {
@ -139,13 +114,7 @@ in {
"filepimp.lan" "filepimp.lan"
]; ];
}; };
retiolum = { retiolum.ip4.addr = "10.243.153.102";
ip4.addr = "10.243.153.102";
aliases = [
"filepimp.r"
];
tinc.pubkey = tinc-for "filepimp";
};
}; };
}; };
@ -167,11 +136,8 @@ in {
"dcpp.omo.r" "dcpp.omo.r"
"torrent.omo.r" "torrent.omo.r"
]; ];
tinc.pubkey = tinc-for "omo";
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = sshd-for "omo";
}; };
wbob = rec { wbob = rec {
ci = true; ci = true;
@ -183,11 +149,8 @@ in {
"wbob.r" "wbob.r"
"hydra.wbob.r" "hydra.wbob.r"
]; ];
tinc.pubkey = tinc-for "wbob";
}; };
}; };
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = sshd-for "wbob";
}; };
gum = rec { gum = rec {
ci = true; ci = true;
@ -231,17 +194,21 @@ in {
"nextgum.i" "nextgum.i"
]; ];
}; };
#wiregrill = { wiregrill = {
# via = internet; via = internet;
# aliases = [ ip6.addr = w6 "1";
# "gum.w" wireguard = {
# ]; subnets = [
# wireguard.pubkey = "yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo="; (krebs.genipv6 "wiregrill" "external" 0).subnetCIDR
#}; (krebs.genipv6 "wiregrill" "makefu" 0).subnetCIDR
];
};
};
retiolum = { retiolum = {
via = internet; via = internet;
ip4.addr = "10.243.0.213"; ip4.addr = "10.243.0.213";
aliases = [ aliases = [
"gum.r"
"backup.makefu.r" "backup.makefu.r"
"blog.gum.r" "blog.gum.r"
"blog.makefu.r" "blog.makefu.r"
@ -250,7 +217,6 @@ in {
"dcpp.gum.r" "dcpp.gum.r"
"dcpp.nextgum.r" "dcpp.nextgum.r"
"graph.r" "graph.r"
"gum.r"
"logs.makefu.r" "logs.makefu.r"
"netdata.makefu.r" "netdata.makefu.r"
"nextgum.r" "nextgum.r"
@ -262,25 +228,15 @@ in {
"wiki.gum.r" "wiki.gum.r"
"wiki.makefu.r" "wiki.makefu.r"
]; ];
tinc.pubkey = tinc-for "gum";
}; };
}; };
ssh.pubkey = sshd-for "gum";
}; };
sdev = rec { sdev = rec {
ci = true; ci = true;
cores = 1; cores = 1;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = sshd-for "sdev";
nets = { nets = {
retiolum = { retiolum.ip4.addr = "10.243.83.237";
ip4.addr = "10.243.83.237";
aliases = [
"sdev.r"
];
tinc.pubkey = tinc-for "sdev";
};
}; };
}; };
@ -304,10 +260,6 @@ in {
}; };
retiolum = { retiolum = {
ip4.addr = "10.243.211.172"; ip4.addr = "10.243.211.172";
aliases = [
"flap.r"
];
tinc.pubkey = tinc-for "flap";
}; };
}; };
}; };
@ -317,10 +269,6 @@ in {
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.231.219"; ip4.addr = "10.243.231.219";
aliases = [
"nukular.r"
];
tinc.pubkey = tinc-for "nukular";
}; };
}; };
}; };
@ -330,10 +278,6 @@ in {
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.189.130"; ip4.addr = "10.243.189.130";
aliases = [
"filebitch.r"
];
tinc.pubkey = tinc-for "filebitch";
}; };
}; };
}; };
@ -343,10 +287,6 @@ in {
nets = { nets = {
retiolum = { retiolum = {
ip4.addr = "10.243.0.163"; ip4.addr = "10.243.0.163";
aliases = [
"senderechner.r"
];
tinc.pubkey = tinc-for "senderechner";
}; };
}; };
}; };

View File

@ -0,0 +1 @@
yAKvxTvcEVdn+MeKsmptZkR3XSEue+wSyLxwcjBYxxo=

View File

@ -0,0 +1 @@
fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=

View File

@ -1,46 +1,15 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
# :l <nixpkgs>
# builtins.readDir (pkgs.fetchFromGitHub { owner = "nixos"; repo = "nixpkgs-channels"; rev = "6c064e6b"; sha256 = "1rqzh475xn43phagrr30lb0fd292c1s8as53irihsnd5wcksnbyd"; })
imports = [ imports = [
<stockholm/makefu> <stockholm/makefu>
./hardware-config.nix
<stockholm/makefu/2configs> <stockholm/makefu/2configs>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/save-diskspace.nix> <stockholm/makefu/2configs/save-diskspace.nix>
]; ];
krebs.build.host = config.krebs.hosts.crapi; krebs.build.host = config.krebs.hosts.crapi;
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
system.activationScripts.create-swap = ''
if [ ! -e /swapfile ]; then
fallocate -l 2G /swapfile
mkswap /swapfile
fi
'';
swapDevices = [ { device = "/swapfile"; size = 2048; } ];
nix.package = lib.mkForce pkgs.nixStable;
services.openssh.enable = true; services.openssh.enable = true;
} }

View File

@ -0,0 +1,39 @@
{ pkgs, lib, ... }:
{
#raspi1
boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0" "console=ttyS1,115200n8" ];
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 1;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.uboot.configurationLimit = 1;
boot.loader.generationsDir.enable = lib.mkDefault false;
hardware.enableRedistributableFirmware = true;
boot.cleanTmpDir = true;
environment.systemPackages = [ pkgs.raspberrypi-tools ];
boot.kernelPackages = pkgs.linuxPackages_rpi;
nix.binaryCaches = [ "http://nixos-arm.dezgeg.me/channel" ];
nix.binaryCachePublicKeys = [ "nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%" ];
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
system.activationScripts.create-swap = ''
if [ ! -e /swapfile ]; then
fallocate -l 2G /swapfile
mkswap /swapfile
chmod 600 /swapfile
fi
'';
swapDevices = [ { device = "/swapfile"; size = 4096; } ];
}

View File

@ -9,6 +9,7 @@ in {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
<stockholm/makefu> <stockholm/makefu>
<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/zsh-user.nix> <stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix> <stockholm/makefu/2configs/tools/core.nix>
# <stockholm/makefu/2configs/disable_v6.nix> # <stockholm/makefu/2configs/disable_v6.nix>
@ -39,7 +40,6 @@ in {
<stockholm/makefu/2configs/stats/telegraf/europastats.nix> <stockholm/makefu/2configs/stats/telegraf/europastats.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix> <stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/arafetch.nix> <stockholm/makefu/2configs/stats/arafetch.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/hw/mceusb.nix> <stockholm/makefu/2configs/hw/mceusb.nix>
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix> # <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; } { environment.systemPackages = [ pkgs.vlc ]; }
@ -51,6 +51,7 @@ in {
]; ];
} }
<stockholm/makefu/2configs/bureautomation> <stockholm/makefu/2configs/bureautomation>
<stockholm/makefu/2configs/bureautomation/led-fader.nix>
<stockholm/makefu/2configs/bureautomation/mpd.nix> <stockholm/makefu/2configs/bureautomation/mpd.nix>
<stockholm/makefu/2configs/bureautomation/hass.nix> <stockholm/makefu/2configs/bureautomation/hass.nix>
(let (let

View File

@ -59,7 +59,7 @@
# Virtualization # Virtualization
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/virtualisation/docker.nix> <stockholm/makefu/2configs/virtualisation/docker.nix>
# <stockholm/makefu/2configs/virtualisation/virtualbox.nix> <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
#{ #{
# networking.firewall.allowedTCPPorts = [ 8080 ]; # networking.firewall.allowedTCPPorts = [ 8080 ];
# networking.nat = { # networking.nat = {

View File

@ -0,0 +1,147 @@
[
{ alias = "start Felix 10h";
trigger = {
platform = "state";
entity_id = "binary_sensor.redbutton";
to = "on";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.felix_10h";
state = "idle";
}
{
condition = "time";
after = "06:00:00";
before = "12:00:00";
}
];
};
action = [
{ service = "timer.start";
entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ] ;
}
{ service = "homeassistant.turn_on";
entity_id = [
"script.buzz_red_led_fast"
"script.blitz_10s"
];
}
{ service = "light.turn_on";
data = {
effect = "2";
entity_id = [ "light.status_felix" ];
};
}
];
}
{ alias = "Disable Felix timer at button press";
trigger = {
platform = "state";
entity_id = "binary_sensor.redbutton";
to = "on";
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "timer.felix_10h";
state = "active";
}
{
condition = "time";
after = "12:00:00";
before = "22:00:00";
}
];
};
action =
[
{
service = "timer.cancel";
entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ];
}
{
service = "homeassistant.turn_on";
entity_id = [ "script.buzz_red_led_fast" ];
}
{
service = "homeassistant.turn_off";
entity_id = [ "light.status_felix" ];
}
];
}
{
alias = "Genug gearbeitet Felix";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_7h";
};
action =
[
{ service = "light.turn_on";
data = {
rgb_color= [0 255 0];
# effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
{
alias = "nun aber nach hause";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_8_30h";
};
action =
[
{ service = "light.turn_on";
data = {
rgb_color= [255 255 0];
# effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
{
alias = "Zu lange Felix!";
trigger =
{
platform = "event";
event_type = "timer.finished";
event_data.entity_id = "timer.felix_10h";
};
action =
[
# TODO: Pushbullet
{
service = "homeassistant.turn_on";
entity_id = [
"script.buzz_red_led"
"script.blitz_10s"
];
}
{ service = "light.turn_on";
data = {
rgb_color= [255 0 0];
effect = "0";
entity_id = [ "light.status_felix" ];
};
}
];
}
]

View File

@ -0,0 +1,55 @@
[
{ alias = "Turn on Fernseher on movement";
trigger = {
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
action = {
service = "homeassistant.turn_on";
entity_id = [
"switch.fernseher"
"switch.feuer"
];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
}
{ # trigger at 20:00 no matter what
# to avoid 'everybody left before 18:00:00'
platform = "time";
at = "18:00:00";
}
];
action = {
service = "homeassistant.turn_off";
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
condition =
{ condition = "and";
conditions = [
{
condition = "time";
before = "06:30:00"; #only turn off between 6:30 and 18:00
after = "18:00:00";
# weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}
{
condition = "state";
entity_id = "binary_sensor.motion";
state = "off";
}
];
};
}
]

View File

@ -0,0 +1,43 @@
[
{
alias = "Turn off Nachtlicht on sunrise";
trigger =
{
platform = "sun";
event = "sunrise";
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ "switch.nachtlicht" ];
};
}
{
alias = "Turn on Nachtlicht on motion and dusk";
trigger =
{
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
condition = # 'when dark'
{
condition = "or";
conditions = [
{ condition = "sun";
after = "sunset";
after_offset = "-00:45:00"; # on dusk
}
{ condition = "sun";
before = "sunrise";
}
];
};
action =
{
service = "homeassistant.turn_on";
entity_id = [ "switch.nachtlicht" ];
};
}
]

View File

@ -0,0 +1,17 @@
let
tasmota_button = name: topic:
# detects a pushbutton press from tasmota
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on = "ON";
payload_off = "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# expire_after = "5"; #expire after 5 seconds
qos = 1;
};
in [
(tasmota_button "RedButton" "redbutton")
]

View File

@ -0,0 +1,12 @@
[
{ platform = "mqtt";
device_class = "motion";
name = "Motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
availability_topic = "/bam/easy2/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
]

View File

@ -0,0 +1,14 @@
[
{ name = "Baumarkt";
platform = "generic";
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
}
{ name = "Autobahn Heilbronn";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
}
{ name = "Autobahn Singen";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
}
]

View File

@ -1,76 +1,5 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/bam/${topic}/stat/Dimmer";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/bam/${topic}/stat/Scheme";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [ 0 1 2 3 4 5 6 7 8 9 10 11 12 ];
};
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
device_class = "temperature";
state_topic = "/bam/${name}/dht22/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
{ platform = "mqtt";
device_class = "humidity";
name = "${name} DHT22 Humidity";
state_topic = "/bam/${name}/dht22/Humidity";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}];
espeasy_ds18 = name:
{ platform = "mqtt";
name = "${name} DS18 Temperature";
state_topic = "/bam/${name}/ds18/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
};
in { in {
networking.firewall.allowedTCPPorts = [ 8123 ]; networking.firewall.allowedTCPPorts = [ 8123 ];
@ -104,90 +33,43 @@ in {
retain = true; retain = true;
}; };
}; };
switch = [ switch = (import ./switch/tasmota_switch.nix);
(tasmota_plug "Bauarbeiterlampe" "plug") light = (import ./light/statuslight.nix) ++
(tasmota_plug "Blitzdings" "plug2") (import ./light/buzzer.nix);
(tasmota_plug "Fernseher" "plug3") timer = {
(tasmota_plug "Feuer" "plug4") felix_10h = {
(tasmota_plug "Nachtlicht" "plug5") name = "Felix 10h Timer";
]; duration = "10:00:00";
light = [
(tasmota_rgb "Status Felix" "status1")
];
binary_sensor = [
{ platform = "mqtt";
device_class = "motion";
name = "Motion";
state_topic = "/bam/easy2/movement/Switch";
payload_on = "1";
payload_off = "0";
availability_topic = "/bam/easy2/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
];
sensor =
(espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++
[ (espeasy_ds18 "easy3" )
{ platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [ "summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"humidity"
"pressure"
"uv_index" ];
units = "si" ;
update_interval = {
days = 0;
hours = 0;
minutes = 30;
seconds = 0;
}; };
} felix_8_30h = {
#{ platform = "influxdb"; name = "Felix 8_30h Timer";
# queries = [ duration = "08:30:00";
# { name = "mean value of feinstaub P1"; };
# where = '' "node" = 'esp8266-1355142' ''; felix_7h = {
# measurement = "feinstaub"; name = "Felix 7h Timer";
# database = "telegraf"; duration = "07:00:00";
# field = "P1"; };
# } };
# { name = "mean value of feinstaub P2"; notify = [
# where = '' "node" = 'esp8266-1355142' ''; {
# measurement = "feinstaub"; platform = "kodi";
# database = "telegraf"; name = "wbob";
# field = "P2"; host = "192.168.8.11";
# }
# ];
#}
];
camera = [
{ name = "Baumarkt";
platform = "generic";
still_image_url = http://t4915209254324-p80-c0-h6jv2afnujcoftrcstsafb45kdrqv4buy.webdirect.mdex.de/oneshotimage ;# baumarkt
}
{ name = "Autobahn Heilbronn";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K10 ;
}
{ name = "Autobahn Singen";
platform = "generic";
still_image_url = https://api.svz-bw.de/v2/verkehrskameras/kameras/K11 ;
} }
]; ];
script = (import ./script/multi_blink.nix) {inherit lib;};
binary_sensor =
(import ./binary_sensor/buttons.nix) ++
(import ./binary_sensor/motion.nix);
sensor =
(import ./sensor/espeasy.nix) ++
((import ./sensor/outside.nix) {inherit lib;}) ++
(import ./sensor/influxdb.nix);
camera =
(import ./camera/verkehrskamera.nix);
frontend = { }; frontend = { };
http = { }; http = { };
conversation = {}; conversation = {};
@ -203,13 +85,14 @@ in {
"group.outside" "group.outside"
"group.switches" "group.switches"
"group.automation" "group.automation"
"group.camera" # "group.camera"
]; ];
}; };
automation = [ automation = [
"automation.turn_off_fernseher_10_minutes_after_last_movement" "timer.felix_10h"
"automation.turn_off_nachtlicht_on_sunrise" "script.blitz_10s"
"automation.turn_on_nachtlicht_on_motion_and_dusk" "script.buzz_red_led_fast"
"camera.Baumarkt"
]; ];
switches = [ switches = [
"switch.bauarbeiterlampe" "switch.bauarbeiterlampe"
@ -218,125 +101,37 @@ in {
"switch.feuer" "switch.feuer"
"switch.nachtlicht" "switch.nachtlicht"
"light.status_felix" "light.status_felix"
"light.status_daniel"
"light.buslicht"
"light.redbutton_buzzer"
]; ];
camera = [
"camera.Baumarkt" camera = [ ];
"camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
];
sensors = [ sensors = [
"binary_sensor.motion" "binary_sensor.motion"
"binary_sensor.redbutton"
"sensor.easy2_dht22_humidity" "sensor.easy2_dht22_humidity"
"sensor.easy2_dht22_temperature" "sensor.easy2_dht22_temperature"
]; ];
outside = [ outside = [
"sensor.ditzingen_pm10" # "sensor.ditzingen_pm10"
"sensor.ditzingen_pm25" # "sensor.ditzingen_pm25"
"sensor.dark_sky_temperature" "sensor.dark_sky_temperature"
"sensor.dark_sky_humidity" "sensor.dark_sky_humidity"
"sensor.dark_sky_pressure" # "sensor.dark_sky_pressure"
"sensor.dark_sky_hourly_summary" "sensor.dark_sky_hourly_summary"
"sensor.dark_sky_minutely_summary" "camera.Autobahn_Heilbronn"
"camera.Autobahn_Singen"
]; ];
}; };
# only for automation # only for automation
# feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
automation = [ # we don't use imports because the expressions do not merge in
{ alias = "Turn on Fernseher on movement"; # home-assistant
trigger = { automation = (import ./automation/bureau-shutdown.nix) ++
platform = "state"; (import ./automation/nachtlicht.nix) ++
entity_id = "binary_sensor.motion"; (import ./automation/10h_timer.nix);
to = "on";
};
action = {
service = "homeassistant.turn_on";
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
}
{
alias = "Turn off Nachtlicht on sunrise";
trigger =
{
platform = "sun";
event = "sunrise";
};
action =
{
service = "homeassistant.turn_off";
entity_id = [ "switch.nachtlicht" ];
};
}
{
alias = "Turn on Nachtlicht on motion and dusk";
trigger =
{
platform = "state";
entity_id = "binary_sensor.motion";
to = "on";
};
condition = # 'when dark'
{
condition = "or";
conditions = [
{ condition = "sun";
after = "sunset";
after_offset = "-00:45:00"; # on dusk
}
{ condition = "sun";
before = "sunrise";
}
];
};
action =
{
service = "homeassistant.turn_on";
entity_id = [ "switch.nachtlicht" ];
};
}
{ alias = "Turn off Fernseher 10 minutes after last movement";
trigger = [
{ # trigger when movement was detected at the time
platform = "state";
entity_id = "binary_sensor.motion";
to = "off";
for.minutes = 10;
}
{ # trigger at 20:00 no matter what
# to avoid 'everybody left before 18:00:00'
platform = "time";
at = "18:00:00";
}
];
action = {
service = "homeassistant.turn_off";
entity_id = [
"switch.fernseher"
"switch.feuer"
"light.status_felix"
];
};
condition =
{ condition = "and";
conditions = [
{
condition = "time";
before = "06:30:00"; #only turn off between 6:30 and 18:00
after = "18:00:00";
# weekday = [ "mon" "tue" "wed" "thu" "fri" ];
}
{
condition = "state";
entity_id = "binary_sensor.motion";
state = "off";
}
];
};
}
];
}; };
}; };
} }

View File

@ -14,7 +14,7 @@ in {
serviceConfig = { serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell # User = "nobody"; # need a user with permissions to run nix-shell
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
ExecStart = "${pkg}/bin/ampel 4"; ExecStart = "${pkg}/bin/ampel";
Restart = "always"; Restart = "always";
RestartSec = 10; RestartSec = 10;
PrivateTmp = true; PrivateTmp = true;

View File

@ -0,0 +1,28 @@
let
tasmota_pwm = name: topic: pwmid: max:
let
id = "PWM${toString pwmid}";
in { platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/RESULT";
state_value_template = ''{%- if value_json["PWM"]["${id}"]| int > 0 -%} ${toString max} {%- else -%} 0 {%- endif -%}'';
command_topic = "/bam/${topic}/cmnd/${id}";
on_command_type = "brightness";
brightness_command_topic = "/bam/${topic}/cmnd/${id}";
brightness_value_template = ''{{value_json["PWM"]["${id}"]}}'';
brightness_scale = max;
payload_on = "${toString max}";
payload_off = "0";
availability_topic = "/bam/${topic}/tele/LWT";
payload_available= "Online";
payload_not_available= "Offline";
retain = true;
optimistic = false;
qos = 0;
};
in
[
# (tasmota_pwm "RedButton LED" "redbutton" 1 1023) #LED PWM1
(tasmota_pwm "RedButton Buzzer" "redbutton" 2 512) #buzzer PWM2
]

View File

@ -0,0 +1,56 @@
let
tasmota_rgb = name: topic:
# LED WS2812b
# effect_state_topic: "stat/led/Scheme"
# effect_command_topic: "cmnd/led/Scheme"
# effect_value_template: "{{ value_json.Scheme }}"
{ platform = "mqtt";
inherit name;
retain = false;
qos = 1;
optimistic = false;
# state
# TODO: currently broken, will not use the custom state topic
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
# brightness
brightness_state_topic = "/bam/${topic}/stat/Dimmer";
brightness_command_topic = "/bam/${topic}/cmnd/Dimmer";
brightness_value_template = "{{ value_json.Dimmer }}";
brightness_scale = 100;
# color
rgb_state_topic = "/bam/${topic}/stat/Color";
rgb_command_topic = "/bam/${topic}/cmnd/Color2";
rgb_command_mode = "hex";
rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}";
# effects
effect_state_topic = "/bam/${topic}/stat/Scheme";
effect_command_topic = "/bam/${topic}/cmnd/Scheme";
effect_value_template = "{{ value_json.Scheme }}";
effect_list = [
0 # single color for LED light
1 # start wake up sequence (same as Wakeup)
2 # cycle up through colors using Speed option
3 # cycle down through colors using Speed option
4 # random cycle through colors using Speed and Fade
5 # clock mode (example)
6 # candlelight pattern
7 # RGB pattern
8 # Christmas pattern
9 # Hannukah pattern
10 # Kwanzaa pattern
11 # rainbow pattern
12 # fire pattern
];
};
in
[
(tasmota_rgb "Status Felix" "status1")
(tasmota_rgb "Status Daniel" "status2")
(tasmota_rgb "Buslicht" "buslicht")
]

View File

@ -0,0 +1,37 @@
{lib, ... }:
let
# let an entity blink for X times with a delay of Y milliseconds
flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
{
inherit alias;
sequence = lib.flatten (builtins.genList (i: [
{ service = "homeassistant.turn_on";
data.entity_id = entity;
}
{ delay.milliseconds = delay; }
{ service = "homeassistant.turn_off";
data.entity_id = entity;
}
{ delay.milliseconds = delay; }
]
) count);
};
in {
buzz_red_led = (flash_entity {
entity = "light.redbutton_buzzer";
alias = "Red Button Buzz";
count = 4;
});
buzz_red_led_fast = (flash_entity {
entity = "light.redbutton_buzzer";
delay = 250;
count = 2;
alias = "Red Button Buzz fast";
});
blitz_10s = (flash_entity {
entity = "switch.blitzdings";
delay = 10000;
count = 1;
alias = "blitz for 10 seconds";
});
}

View File

@ -0,0 +1,31 @@
let
espeasy_dht22 = name: [
{ platform = "mqtt";
name = "${name} DHT22 Temperature";
device_class = "temperature";
state_topic = "/bam/${name}/dht22/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}
{ platform = "mqtt";
device_class = "humidity";
name = "${name} DHT22 Humidity";
state_topic = "/bam/${name}/dht22/Humidity";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
}];
espeasy_ds18 = name:
{ platform = "mqtt";
name = "${name} DS18 Temperature";
state_topic = "/bam/${name}/ds18/Temperature";
availability_topic = "/bam/${name}/tele/LWT";
payload_available = "Online";
payload_not_available = "Offline";
};
in
(espeasy_dht22 "easy1") ++
(espeasy_dht22 "easy2") ++ [
(espeasy_ds18 "easy3" )
]

View File

@ -0,0 +1,18 @@
[
#{ platform = "influxdb";
# queries = [
# { name = "mean value of feinstaub P1";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P1";
# }
# { name = "mean value of feinstaub P2";
# where = '' "node" = 'esp8266-1355142' '';
# measurement = "feinstaub";
# database = "telegraf";
# field = "P2";
# }
# ];
#}
]

View File

@ -0,0 +1,25 @@
{lib,...}: [
{ platform = "darksky";
api_key = lib.removeSuffix "\n"
(builtins.readFile <secrets/hass/darksky.apikey>);
language = "de";
monitored_conditions = [
"summary" "icon"
"nearest_storm_distance" "precip_probability"
"precip_intensity"
"temperature" # "temperature_high" "temperature_low"
"apparent_temperature"
"hourly_summary" # next 24 hours text
"humidity"
"pressure"
"uv_index"
];
units = "si" ;
update_interval = { days = 0; hours = 0; minutes = 30; seconds = 0; };
}
{ platform = "luftdaten";
name = "Ditzingen";
sensorid = "5341";
monitored_conditions = [ "P1" "P2" ];
}
]

View File

@ -0,0 +1,19 @@
let
tasmota_plug = name: topic:
{ platform = "mqtt";
inherit name;
state_topic = "/bam/${topic}/stat/POWER";
command_topic = "/bam/${topic}/cmnd/POWER";
availability_topic = "/bam/${topic}/tele/LWT";
payload_on= "ON";
payload_off= "OFF";
payload_available= "Online";
payload_not_available= "Offline";
};
in [
(tasmota_plug "Bauarbeiterlampe" "plug")
(tasmota_plug "Blitzdings" "plug2")
(tasmota_plug "Fernseher" "plug3")
(tasmota_plug "Feuer" "plug4")
(tasmota_plug "Nachtlicht" "plug5")
]

View File

@ -55,7 +55,8 @@ let
payload_not_available = "Offline"; payload_not_available = "Offline";
}; };
firetv = "192.168.1.238"; firetv = "192.168.1.183";
hassdir = "/var/lib/hass";
tasmota_plug = name: topic: tasmota_plug = name: topic:
{ platform = "mqtt"; { platform = "mqtt";
inherit name; inherit name;
@ -105,13 +106,7 @@ in {
imports = [ imports = [
./mqtt.nix ./mqtt.nix
]; ];
#systemd.services.firetv = {
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# User = "nobody";
# ExecStart = "${pkgs.python-firetv}/bin/firetv-server -d ${firetv}:5555";
# };
#};
services.home-assistant = { services.home-assistant = {
config = { config = {
homeassistant = { homeassistant = {
@ -133,9 +128,11 @@ in {
{ platform = "kodi"; { platform = "kodi";
host = firetv; host = firetv;
} }
#{ platform = "firetv"; { platform = "firetv";
# # assumes python-firetv running name = "FireTV Stick";
#} host = firetv;
adbkey = <secrets/hass/adbkey>;
}
]; ];
mqtt = { mqtt = {
broker = "localhost"; broker = "localhost";
@ -211,9 +208,12 @@ in {
flur = [ flur = [
"light.flurlicht" "light.flurlicht"
"binary_sensor.flur_bewegung" "binary_sensor.flur_bewegung"
"automation.dunkel_bei_sonnenuntergang"
"automation.hell_bei_sonnenaufgang"
]; ];
wohnzimmer = [ wohnzimmer = [
"media_player.kodi" "media_player.kodi"
"media_player.firetv_stick"
]; ];
draussen = [ draussen = [
"sensor.dark_sky_temperature" "sensor.dark_sky_temperature"
@ -240,6 +240,47 @@ in {
]; ];
light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ]; light = [ (tasmota_rgb "Flurlicht" "flurlicht" ) ];
automation = [ automation = [
{ alias = "Dunkel bei Sonnenuntergang";
trigger = {
platform = "sun";
event = "sunset";
# offset: "-00:45:00"
};
action = [
{
service= "light.turn_on";
data = {
entity_id= "light.flurlicht";
# rgb_color = [ 0,0,0 ]; <-- TODO default color
brightness_pct = 15;
};
}
{
service= "light.turn_off";
entity_id= "light.flurlicht";
}
];
}
{ alias = "Hell bei Sonnenaufgang";
trigger = {
platform = "sun";
event = "sunrise";
# offset: "-00:00:00"
};
action = [
{
service= "light.turn_on";
data = {
entity_id= "light.flurlicht";
brightness_pct = 85;
};
}
{
service= "light.turn_off";
entity_id= "light.flurlicht";
}
];
}
{ alias = "Staubsauger Strom aus nach 6h"; { alias = "Staubsauger Strom aus nach 6h";
trigger = { trigger = {
platform = "state"; platform = "state";
@ -255,7 +296,7 @@ in {
]; ];
}; };
enable = true; enable = true;
#configDir = "/var/lib/hass"; configDir = hassdir;
}; };
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"homeassistant-0.77.2" "homeassistant-0.77.2"

View File

@ -9,7 +9,8 @@ let
# TODO: generate this credential file locally # TODO: generate this credential file locally
ampelcred = "${home}/google-muell-creds.json"; ampelcred = "${home}/google-muell-creds.json";
sleepval = "1800"; sleepval = "1800";
default-color = "244,220,66"; # default-color = "18,63,40";
default-color = "255,127,0";
config_json = toFile "config.json" (toJSON { config_json = toFile "config.json" (toJSON {
mq_hostname = "localhost"; mq_hostname = "localhost";
mq_port = 1883; mq_port = 1883;

View File

@ -4,8 +4,8 @@ _:
environment.noXlibs = true; environment.noXlibs = true;
nix.gc.automatic = true; nix.gc.automatic = true;
nix.gc.dates = "03:10"; nix.gc.dates = "03:10";
programs.info.enable = false; documentation.info.enable = false;
programs.man.enable = false; documentation.man.enable = false;
services.journald.extraConfig = "SystemMaxUse=50M"; services.journald.extraConfig = "SystemMaxUse=50M";
services.nixosManual.enable = false; services.nixosManual.enable = false;
} }

View File

@ -26,5 +26,6 @@
nix-review nix-review
# git-related # git-related
tig tig
init-host
]; ];
} }

View File

@ -0,0 +1,42 @@
{ lib, pkgs, python3Packages, ... }:
with python3Packages; buildPythonApplication rec {
name = "Fluffy-${version}";
format = "other";
version = "2.7";
src = pkgs.fetchFromGitHub {
owner = "fourminute";
repo = "Fluffy";
rev = "v${version}";
sha256 = "1l346bklidcl40q91cfdszrfskdwlmfjbmsc3mgs0i8wi1yhvq99";
};
prePatch = ''
sed -e "s|/tmp|$HOME/.config/fluffy|" -i linux/fluffy.desktop
'';
installPhase = ''
env
install -Dm 644 linux/80-fluffy-switch.rules "$out/etc/udev/rules.d/80-fluffy-switch.rules"
install -Dm 644 linux/fluffy.desktop "$out/usr/share/applications/fluffy.desktop"
install -Dm 644 icons/16x16/fluffy.png "$out/share/icons/hicolor/16x16/apps/fluffy.png"
install -Dm 644 icons/24x24/fluffy.png "$out/share/icons/hicolor/24x24/apps/fluffy.png"
install -Dm 644 icons/32x32/fluffy.png "$out/share/icons/hicolor/32x32/apps/fluffy.png"
install -Dm 644 icons/48x48/fluffy.png "$out/share/icons/hicolor/48x48/apps/fluffy.png"
install -Dm 644 icons/64x64/fluffy.png "$out/share/icons/hicolor/64x64/apps/fluffy.png"
install -Dm 644 icons/128x128/fluffy.png "$out/share/icons/hicolor/128x128/apps/fluffy.png"
install -Dm 755 fluffy.pyw "$out/bin/fluffy"
wrapProgram "$out/bin/fluffy" --set PYTHONPATH "$PYTHONPATH"
'';
propagatedBuildInputs = [
pyqt5 pyusb libusb1 configparser tkinter
];
meta = {
homepage = https://github.com/fourminute/Fluffy;
description = "A feature-rich tool for installing NSPs";
license = lib.licenses.gpl3;
};
}

View File

@ -2,7 +2,7 @@
with pkgs.python3Packages;buildPythonPackage rec { with pkgs.python3Packages;buildPythonPackage rec {
name = "ampel-${version}"; name = "ampel-${version}";
version = "0.2.4"; version = "0.2.5";
propagatedBuildInputs = [ propagatedBuildInputs = [
docopt docopt
@ -16,8 +16,8 @@ with pkgs.python3Packages;buildPythonPackage rec {
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel"; url = "http://cgit.euer.krebsco.de/ampel";
rev = "04e1c8c38ffe53175ae719121ad88534a8a662db"; rev = "ce239876820699f02054e71b4fd0950509833379";
sha256 = "00jgr3jg2yi91hd7388v8rncfbq8fx8dvr03sg749dzpsg58hfxn"; sha256 = "1ja32lr04lwq4shi49kppa1zzjw0zlqaqy71pr5sbajgp4zj7kh8";
}; };
meta = { meta = {
homepage = http://cgit.euer.krebsco.de/ampel; homepage = http://cgit.euer.krebsco.de/ampel;

View File

@ -0,0 +1,47 @@
{ pkgs }:
pkgs.writeDashBin "generate-secrets" ''
set -euf
HOSTNAME="''${1?must provide hostname}"
TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d)
PASSWORD=$(${pkgs.pwgen}/bin/pwgen 25 1)
HASHED_PASSWORD=$(echo $PASSWORD | ${pkgs.hashPassword}/bin/hashPassword -s) > /dev/null
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $TMPDIR/ssh.id_ed25519 -P "" -C "" >/dev/null
${pkgs.openssl}/bin/openssl genrsa -out $TMPDIR/retiolum.rsa_key.priv 4096 2>/dev/null > /dev/null
${pkgs.openssl}/bin/openssl rsa -in $TMPDIR/retiolum.rsa_key.priv -pubout -out $TMPDIR/retiolum.rsa_key.pub 2>/dev/null > /dev/null
cat <<EOF > $TMPDIR/hashedPasswords.nix
{
root = "$HASHED_PASSWORD";
}
EOF
cd $TMPDIR
for x in *; do
${pkgs.coreutils}/bin/cat $x | secrets insert -m $HOSTNAME/$x > /dev/null
done
echo $PASSWORD | secrets insert -m $HOSTNAME/root > /dev/null
cat <<EOF
$HOSTNAME = {
cores = 1;
owner = config.krebs.users.makefu;
nets = {
retiolum = {
ip4.addr = "10.243.0.changeme";
ip6.addr = "42:0:0:0:0:0:0:changeme";
aliases = [
"$HOSTNAME.r"
];
tinc.pubkey = ${"''"}
$(cat $TMPDIR/retiolum.rsa_key.pub)
${"''"};
};
};
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "$(cat $TMPDIR/ssh.id_ed25519.pub)";
};
EOF
rm -rf $TMPDIR
''

View File

@ -23,6 +23,7 @@
# nixos-18.09 @ 2018-09-18 # nixos-18.09 @ 2018-09-18
# + uhub/sqlite: 5dd7610401747 # + uhub/sqlite: 5dd7610401747
# + hovercraft: 7134801b17d72 # + hovercraft: 7134801b17d72
# + PR#53934: eac6797380af1
nixpkgs = if host-src.arm6 then { nixpkgs = if host-src.arm6 then {
# TODO: we want to track the unstable channel # TODO: we want to track the unstable channel
symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/"; symlink = "/nix/var/nix/profiles/per-user/root/channels/nixos/";

View File

@ -1,7 +1,7 @@
{ {
"url": "https://github.com/makefu/nixpkgs", "url": "https://github.com/makefu/nixpkgs",
"rev": "16fc6279dddabc42f8556d6368ed4215d916794f", "rev": "cba65c1ab2aec20f0eaa77d6747f16798688e1bb",
"date": "2019-02-16T22:29:33+01:00", "date": "2019-02-25T00:04:17+01:00",
"sha256": "0bgm0gybqysy1si2zd8b2h6200hgmi8qsyi6qhcnvd4n555f3iic", "sha256": "1h6d9kghs7n7nql7fw5v9fpmpgdq6xq62npc7cfvyam8g4ma9iwn",
"fetchSubmodules": false "fetchSubmodules": false
} }