Merge remote-tracking branch 'gum/master'

2019-09-06 15:37:58 +02:00 · 2019-09-06 15:37:58 +02:00 · ed97000b20
commit ed97000b20
parent c2773285eb fce2c4275c
19 changed files with 475 additions and 69 deletions
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@ -15,6 +15,10 @@
    <stockholm/krebs/2configs/news-spam.nix>
    <stockholm/krebs/2configs/shack/prometheus/node.nix>
    <stockholm/krebs/2configs/shack/gitlab-runner.nix>
    ## Collect local statistics via collectd and send to collectd
    <stockholm/krebs/2configs/stats/shack-client.nix>
    <stockholm/krebs/2configs/stats/shack-debugging.nix>
  ];
  krebs.build.host = config.krebs.hosts.puyak;
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@ -1,7 +1,6 @@
 { config, pkgs, ... }:
 let
  shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
  influx-host = "127.0.0.1";
  ext-if = "et0";
  external-mac = "52:54:b0:0b:af:fe";
@ -39,56 +38,44 @@ in
    # mobile.lounge.mpd.shack
    <stockholm/krebs/2configs/shack/mobile.mpd.nix>
    # hass.shack
    <stockholm/krebs/2configs/shack/glados>
    # connect to git.shackspace.de as group runner for rz
    <stockholm/krebs/2configs/shack/gitlab-runner.nix>
-    # Statistics collection and visualization
+    # Statistics collection and visualization 
-    <stockholm/krebs/2configs/graphite.nix>
+    <stockholm/krebs/2configs/shack/graphite.nix>
    ## Collect data from mqtt.shack and store in graphite database
    <stockholm/krebs/2configs/shack/mqtt_sub.nix>
    ## Collect radioactive data and put into graphite
    <stockholm/krebs/2configs/shack/radioactive.nix>
    ## mqtt.shack
    <stockholm/krebs/2configs/shack/mqtt.nix>
-    ## Collect local statistics via collectd and send to collectd
+    ## influx.shack
-    <stockholm/krebs/2configs/stats/wolf-client.nix>
+    <stockholm/krebs/2configs/shack/influx.nix>
-    { services.influxdb.enable = true; }
+    ## Collect local statistics via collectd and send to collectd
    <stockholm/krebs/2configs/stats/shack-client.nix>
    <stockholm/krebs/2configs/stats/shack-debugging.nix>
    <stockholm/krebs/2configs/shack/netbox.nix>
    # prometheus.shack
    <stockholm/krebs/2configs/shack/prometheus/server.nix>
    <stockholm/krebs/2configs/shack/prometheus/node.nix>
    <stockholm/krebs/2configs/shack/prometheus/unifi.nix>
-    <stockholm/krebs/2configs/collectd-base.nix> # home-assistant
+    # grafana.shack
-    { services.influxdb.enable = true; }
+    <stockholm/krebs/2configs/shack/grafana.nix>
  ];
  # use your own binary cache, fallback use cache.nixos.org (which is used by
  # apt-cacher-ng in first place)
  # local discovery in shackspace
  nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
  krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
  services.grafana = {
    enable = true;
    addr = "0.0.0.0";
    users.allowSignUp = true;
    users.allowOrgCreate = true;
    users.autoAssignOrg = true;
    auth.anonymous.enable = true;
    security = import <secrets/grafana_security.nix>;
  };
  nix = {
    # use the up to date prism cache
    binaryCaches = [
      "https://cache.nixos.org/"
    ];
    binaryCachePublicKeys = [
      "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
    ];
  };
  networking = {
    firewall.enable = false;
@ -133,23 +120,27 @@ in
  swapDevices = [
    { device = "/dev/disk/by-label/swap";  }
  ];
  # fallout of ipv6calypse
  networking.extraHosts = ''
    hass.shack    10.42.2.191
  '';
  users.extraUsers.root.openssh.authorizedKeys.keys = [
    config.krebs.users."0x4A6F".pubkey
    config.krebs.users.ulrich.pubkey
    config.krebs.users.raute.pubkey
    config.krebs.users.makefu-omo.pubkey
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
  ];
  services.udev.extraRules = ''
    SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
  '';
  time.timeZone = "Europe/Berlin";
  sound.enable = false;
  # avahi
  services.avahi = {
    enable = true;
    wideArea = false;
  };
  environment.systemPackages = [ pkgs.avahi ];
 }
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@ -14,18 +14,13 @@ with import <stockholm/lib>;
  ];
  krebs.announce-activation.enable = true;
  krebs.enable = true;
-  krebs.tinc.retiolum.enable = true;
+  krebs.tinc.retiolum.enable = mkDefault true;
  krebs.build.user = mkDefault config.krebs.users.krebs;
  networking.hostName = config.krebs.build.host.name;
  nix.maxJobs = 1;
  nix.trustedBinaryCaches = [
    "https://cache.nixos.org"
    "http://cache.nixos.org"
    "http://hydra.nixos.org"
  ];
  nix.useSandbox = true;
  environment.systemPackages = with pkgs; [
@ -39,8 +34,6 @@ with import <stockholm/lib>;
    defaultLocale = lib.mkForce "C";
  };
  programs.ssh.startAgent = false;
  services.openssh = {
@ -55,18 +48,13 @@ with import <stockholm/lib>;
  users.mutableUsers = false;
  users.extraUsers.root.openssh.authorizedKeys.keys = [
    # TODO
    config.krebs.users.jeschli-brauerei.pubkey
    config.krebs.users.lass.pubkey
    config.krebs.users.lass-mors.pubkey
    config.krebs.users.makefu.pubkey
    # TODO HARDER:
    config.krebs.users.makefu-omo.pubkey
    config.krebs.users.tv.pubkey
  ];
  # The NixOS release to be compatible with for stateful data such as databases.
  system.stateVersion = "17.03";
 }
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@ -0,0 +1,136 @@
 { config, pkgs, lib, ... }:
 let
  shackopen = import ./multi/shackopen.nix;
  wasser = import ./multi/wasser.nix;
 in {
  services.nginx.virtualHosts."hass.shack".locations."/" = {
    proxyPass = "http://localhost:8123";
    extraConfig = ''
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host             $host;
        proxy_set_header X-Real-IP        $remote_addr;
        proxy_buffering off;
      '';
  };
  services.home-assistant = let
      dwd_pollen = pkgs.fetchFromGitHub {
        owner = "marcschumacher";
        repo = "dwd_pollen";
        rev = "0.1";
        sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
      };
    in {
    enable = true;
    package = (pkgs.home-assistant.overrideAttrs (old: {
      # TODO: find correct python package
      installCheckPhase = ''
        echo LOLLLLLLLLLLLLLL
      '';
      postInstall = ''
        cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen
      '';
    })).override {
      extraPackages = ps: with ps; [
        python-forecastio jsonrpc-async jsonrpc-websocket mpd2
        (callPackage ./deps/gtts-token.nix { })
        (callPackage ./deps/pyhaversion.nix { })
      ];
    };
    autoExtraComponents = true;
    config = {
      homeassistant = {
        name = "Bureautomation";
        time_zone = "Europe/Berlin";
        latitude = "48.8265";
        longitude = "9.0676";
        elevation = 303;
        auth_providers = [
          { type = "homeassistant";}
          { type = "legacy_api_password";}
          { type = "trusted_networks";
            # allow_bypass_login = true;
          }
        ];
      };
      # https://www.home-assistant.io/components/influxdb/
      influxdb = {
        database = "hass";
        tags = {
          instance = "wolf";
          source = "hass";
        };
      };
      mqtt = {
        broker = "localhost";
        port = 1883;
        client_id = "home-assistant";
        keepalive = 60;
        protocol = 3.1;
        birth_message = {
          topic = "glados/hass/status/LWT";
          payload = "Online";
          qos = 1;
          retain = true;
        };
        will_message = {
          topic = "glados/hass/status/LWT";
          payload = "Offline";
          qos = 1;
          retain = true;
        };
      };
      switch = wasser.switch;
      light =  [];
      media_player = [
        { platform = "mpd";
          host = "lounge.mpd.shack";
        }
      ];
      sensor =
        [{ platform = "version"; }]
        ++ (import ./sensors/hass.nix)
        ++ (import ./sensors/power.nix)
        ++ shackopen.sensor;
      binary_sensor = shackopen.binary_sensor;
      camera = [];
      frontend = { };
      http = {
        # TODO: https://github.com/home-assistant/home-assistant/issues/16149
        base_url = "http://hass.shack";
        use_x_forwarded_for = true;
        trusted_proxies = "127.0.0.1";
        api_password = "shackit";
        trusted_networks = [
          "127.0.0.1/32"
          "10.42.0.0/16"
          "::1/128"
          "fd00::/8"
        ];
      };
      conversation = {};
      history = {};
      logbook = {};
      tts = [
        { platform = "google";
          language = "de";
        }
        { platform = "picotts";
          language = "de-DE";
        }
      ];
      recorder = {};
      sun = {};
      automation = wasser.automation;
      device_tracker = [];
    };
  };
 }
--- a/krebs/2configs/shack/glados/deps/dwd_pollen.nix
+++ b/krebs/2configs/shack/glados/deps/dwd_pollen.nix
@ -0,0 +1,32 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
 , python
 , voluptuous
 }:
 buildPythonPackage rec {
  format = "other";
  pname = "dwd_pollen";
  version = "0.1";
  src = fetchFromGitHub {
    owner = "marcschumacher";
    repo = "dwd_pollen";
    rev = version;
    sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
  };
  propagatedBuildInputs = [
    voluptuous
  ];
  installPhase = ''
     install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen *
  '';
  meta = with lib; {
    description = "Home Assistant component to retrieve Pollen data from DWD (Germany)";
    homepage = https://github.com/marcschumacher/dwd_pollen;
    license = licenses.mit;
    maintainers = [ maintainers.makefu ];
  };
 }
--- a/krebs/2configs/shack/glados/deps/gtts-token.nix
+++ b/krebs/2configs/shack/glados/deps/gtts-token.nix
@ -0,0 +1,27 @@
 { lib
 , buildPythonPackage
 , fetchPypi
 , requests
 }:
 buildPythonPackage rec {
  pname = "gtts-token";
  version = "1.1.3";
  src = fetchPypi {
    pname = "gTTS-token";
    inherit version;
    sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5";
  };
  propagatedBuildInputs = [
    requests
  ];
  meta = with lib; {
    description = "Calculates a token to run the Google Translate text to speech";
    homepage = https://github.com/boudewijn26/gTTS-token;
    license = licenses.mit;
    # maintainers = [ maintainers. ];
  };
 }
--- a/krebs/2configs/shack/glados/deps/pyhaversion.nix
+++ b/krebs/2configs/shack/glados/deps/pyhaversion.nix
@ -0,0 +1,33 @@
 { lib
 , buildPythonPackage
 , fetchpatch
 , fetchPypi
 , aiohttp
 , async-timeout
 }:
 buildPythonPackage rec {
  pname = "pyhaversion";
  version = "2.2.1";
  src = fetchPypi {
    inherit pname version;
    sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f";
  };
  patches = [
    (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch";
    sha256 =
      "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";})
  ];
  doCheck = false;
  propagatedBuildInputs = [
    aiohttp
    async-timeout
  ];
  meta = with lib; {
    description = "";
    homepage = https://github.com/ludeeus/pyhaversion;
    # maintainers = [ maintainers. ];
  };
 }
--- a/krebs/2configs/shack/glados/multi/shackopen.nix
+++ b/krebs/2configs/shack/glados/multi/shackopen.nix
@ -0,0 +1,23 @@
 {
  binary_sensor = [
    { platform = "mqtt";
      name = "Portal Lock";
      device_class = "door";
      state_topic = "portal/gateway/status";
      availability_topic = "portal/gateway/lwt";
      payload_on = "open";
      payload_off = "closed";
      payload_available = "online";
      payload_not_available = "offline";
    }
  ];
  sensor = [
    { platform = "mqtt";
      name = "Keyholder";
      state_topic = "portal/gateway/keyholder";
      availability_topic = "portal/gateway/lwt";
      payload_available = "online";
      payload_not_available = "offline";
    }
  ];
 }
--- a/krebs/2configs/shack/glados/multi/wasser.nix
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@ -0,0 +1,65 @@
 let
  tasmota_plug = name: topic:
  { platform = "mqtt";
    inherit name;
    state_topic = "sonoff/stat/${topic}/POWER1";
    command_topic = "sonoff/cmnd/${topic}/POWER1";
    availability_topic = "sonoff/tele/${topic}/LWT";
    payload_on= "ON";
    payload_off= "OFF";
    payload_available= "Online";
    payload_not_available= "Offline";
    retain = false;
    qos = 1;
  };
 in
 {
  switch = [
    (tasmota_plug "Wasser" "plug")
  ];
  automation =
  [
    { alias = "Water the plant for 10 seconds";
      trigger = [
        { # trigger at 20:00 no matter what
          # TODO: retry or run only if switch.wasser is available
          platform = "time";
          at = "20:00:00";
        }
      ];
      action =
      [
        {
          service = "homeassistant.turn_on";
          entity_id =  [
            "switch.wasser"
          ];
        }
        { delay.seconds = 10; }
        {
          service = "homeassistant.turn_off";
          entity_id =  [
            "switch.wasser"
          ];
        }
      ];
    }
    { alias = "Always turn off water after 15 seconds";
      trigger = [
        {
          platform = "state";
          entity_id = "switch.wasser";
          to = "on";
          for.seconds = 15;
        }
      ];
      action =
      [
        {
          service = "homeassistant.turn_off";
          entity_id =  [ "switch.wasser" ];
        }
      ];
    }
  ];
 }
--- a/krebs/2configs/shack/glados/sensors/hass.nix
+++ b/krebs/2configs/shack/glados/sensors/hass.nix
@ -0,0 +1,22 @@
 let
  esphome_temp = name: 
  { platform = "mqtt";
    name = "${name} Temperature";
    device_class = "temperature";
    state_topic = "glados/${name}/sensor/temperature/state";
    availability_topic = "glados/${name}/status";
    payload_available = "online";
    payload_not_available = "offline";
  };
  esphome_hum = name:
  { platform = "mqtt";
    device_class = "humidity";
    name = "${name} Humidity";
    state_topic = "glados/${name}/sensor/humidity/state";
    availability_topic = "glados/${name}/status";
    payload_available = "online";
    payload_not_available = "offline";
  };
 in
     (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
  ++ (map esphome_hum  [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
--- a/krebs/2configs/shack/glados/sensors/power.nix
+++ b/krebs/2configs/shack/glados/sensors/power.nix
@ -0,0 +1,27 @@
 let
  power_x = name: phase:
  { platform = "mqtt";
    name = "${phase} ${name}";
    # device_class = "power";
    state_topic = "/power/total/${phase}/${name}";
    availability_topic = "/power/lwt";
    payload_available = "Online";
    payload_not_available = "Offline";
  };
  power_consumed =
  { platform = "mqtt";
    name = "Power Consumed";
    #device_class = "power";
    state_topic = "/power/total/consumed";
    availability_topic = "/power/lwt";
    payload_available = "Online";
    payload_not_available = "Offline";
  };
  power_volt = power_x "Voltage";
  power_watt = power_x "Power";
  power_curr = power_x "Current";
 in
   (map power_volt [ "L1" "L2" "L3" ])
 ++ (map power_watt [ "L1" "L2" "L3" ])
 ++ (map power_curr [ "L1" "L2" "L3" ])
 ++ [ power_consumed ]
--- a/krebs/2configs/shack/grafana.nix
+++ b/krebs/2configs/shack/grafana.nix
@ -0,0 +1,19 @@
 let
  port = 3000;
 in {
  networking.firewall.allowedTCPPorts = [ port ]; # legacy
  services.nginx.virtualHosts."grafana.shack" = {
    locations."/".proxyPass = "http://localhost:${toString port}";
  };
  services.grafana = {
    enable = true;
    port = port;
    addr = "0.0.0.0";
    users.allowSignUp = true;
    users.allowOrgCreate = true;
    users.autoAssignOrg = true;
    auth.anonymous.enable = true;
    security = import <secrets/grafana_security.nix>;
  };
 }
--- a/krebs/2configs/shack/graphite.nix
+++ b/krebs/2configs/shack/graphite.nix
@ -1,16 +1,22 @@
 { config, lib, pkgs, ... }:
 # hostname: graphite.shack
 # graphite-web on port 8080
 # carbon cache on port 2003 (tcp/udp)
-
+let
-# TODO: krebs.graphite.minimal.enable
+  port = 8080;
-# TODO: configure firewall
+in {
-with import <stockholm/lib>;
+  networking.firewall.allowedTCPPorts = [ 2003 port ];
-{
+  networking.firewall.allowedUDPPorts = [ 2003 ];
-  imports = [ ];
+  services.nginx.virtualHosts."graphite.shack" = {
-
+    locations."/" = {
      proxyPass = "http://localhost:${toString port}/";
    };
  };
  services.graphite = {
    api = {
      inherit port;
      enable = true;
      listenAddress = "0.0.0.0";
    };
--- a/krebs/2configs/shack/influx.nix
+++ b/krebs/2configs/shack/influx.nix
@ -0,0 +1,33 @@
 {pkgs, ... }: # hostname: influx.shack
 let
  port = 8086;
  collectd-port = 25826;
  db = "collectd_db";
 in
 {
  networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications
  networking.firewall.allowedUDPPorts = [ collectd-port ];
  services.nginx.virtualHosts."influx.shack" = {
    locations."/" = {
      proxyPass = "http://localhost:${toString port}/";
    };
  };
  services.influxdb = {
    enable = true;
    extraConfig = {
      http.bind-address = "0.0.0.0:${toString port}";
      http.log-enabled = false;
      http.write-tracing = false;
      http.suppress-write-log = true;
      data.trace-logging-enabled = false;
      data.query-log-enabled = false;
      monitoring.enabled = false;
      collectd = [{
        enabled = true;
        typesdb = "${pkgs.collectd}/share/collectd/types.db";
        database = db;
        bind-address = ":${toString collectd-port}";
      }];
    };
  };
 }
--- a/krebs/2configs/shack/mqtt.nix
+++ b/krebs/2configs/shack/mqtt.nix
@ -1,3 +1,4 @@
 # hostname: mqtt.shack
 {
  networking.firewall.allowedTCPPorts = [ 1883 ];
  networking.firewall.allowedUDPPorts = [ 1883 ];
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@ -3,18 +3,23 @@
 {
  networking = {
    firewall.allowedTCPPorts = [
      3000  # grafana
      9090  # prometheus
      9093  # alertmanager
    ];
    useDHCP = true;
  };
  services = {
    nginx.virtualHosts = {
      "prometheus.shack" = {
        locations."/".proxyPass = "http://localhost:9090";
      };
      "alert.prometheus.shack" = {
        locations."/".proxyPass = "http://localhost:9093";
      };
    };
    prometheus = {
      enable = true;
      extraFlags = [
-        "-storage.local.retention 8760h"
+        "-storage.local.retention 720h"
        "-storage.local.series-file-shrink-ratio 0.3"
        "-storage.local.memory-chunks 2097152"
        "-storage.local.max-chunks-to-persist 1048576"
--- a/krebs/2configs/stats/shack-client.nix
+++ b/krebs/2configs/stats/shack-client.nix
@ -17,6 +17,8 @@
        Interface "lo"
        Interface "vboxnet*"
        Interface "virbr*"
        Interface "veth*"
        Interface "br-*"
        IgnoreSelected true
      </Plugin>
@ -53,15 +55,7 @@
      LoadPlugin network
      <Plugin "network">
-          Server "stats.makefu.r" "25826"
+          Server "influx.shack" "25826"
      </Plugin>
      LoadPlugin curl
      <Plugin curl>
        <Page "smarthome">
          URL "http://smarthome.shack/";
          MeasureResponseTime true
        </Page>
      </Plugin>
    '';
  };
--- a/krebs/2configs/stats/shack-debugging.nix
+++ b/krebs/2configs/stats/shack-debugging.nix
@ -9,7 +9,7 @@ let
      ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
      Import "collectd_connect_time"
      <Module collectd_connect_time>
-        target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de"
+        target "localhost:22" "google.com" "google.de" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de""10.0.1.3" "10.0.0.3:22" "10.0.0.4:22"
        interval 10
      </Module>
    </Plugin>
@ -18,7 +18,7 @@ let
    LoadPlugin write_graphite
    <Plugin "write_graphite">
      <Carbon>
-        Host "wolf.r"
+        Host "graphite.shack"
        Port "2003"
        Prefix "retiolum."
        EscapeCharacter "_"
--- a/makefu/5pkgs/prison-break/default.nix
+++ b/makefu/5pkgs/prison-break/default.nix
@ -3,12 +3,12 @@ with pkgs.python3.pkgs;
 buildPythonPackage rec {
  pname = "prison-break";
-  version = "1.2.0";
+  version = "1.3.0";
  src = fetchFromGitHub {
    owner = "makefu";
    repo = pname;
    rev = version;
-    sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9";
+    sha256 = "sha256:1kjfwsz6wg5l9pa7484vq64f054qil0ksf6dh9arwspxwnzshgdh";
  };
  propagatedBuildInputs = [
    docopt