diff options
28 files changed, 366 insertions, 999 deletions
diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix deleted file mode 100644 index 4be92a328..000000000 --- a/krebs/2configs/shack/glados/automation/ampel.nix +++ /dev/null @@ -1,23 +0,0 @@ -# needs: -# binary_sensor.lounge_ampel_status -# light.lounge_ampel_licht_rot - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Ampel Rotes Licht"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "binary_sensor.lounge_ampel_status"; - }; - action = { service = "light.turn_on"; - data.entity_id = "light.lounge_ampel_licht_rot"; - }; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/announcement.j2 b/krebs/2configs/shack/glados/automation/announcement.j2 deleted file mode 100644 index 2ae5f1a46..000000000 --- a/krebs/2configs/shack/glados/automation/announcement.j2 +++ /dev/null @@ -1,28 +0,0 @@ -Willkommen werter Keyholder {{ states("sensor.keyholder") }} in deinem Lieblingshackerspace. - -Es ist {{states("sensor.fablab_feinstaub_temperature") | round(1) | replace('.',' Komma ')}} Grad {% if states("sensor.fablab_feinstaub_temperature")|float > 25 %}heiss{%elif states("sensor.fablab_feinstaub_temperature")|float > 15%}warm{%else%}kalt{%endif%} bei {% if states(" sensor.rz_feinstaub_humidity") | int <45 %}trockenen{% elif states(" sensor.rz_feinstaub_humidity") | int <65 %}angenehmen{%else%}feuchten{%endif%} {{states(" sensor.rz_feinstaub_humidity") | int }} Prozent Luftfeuchtigkeit. - -{% if (states("sensor.fullstand_mate_1")|int == 0) and - states("sensor.fullstand_mate_2")|int == 0 %}ES IST MAHTECALYPSE, BEIDE MAHTESCHÄCHTE SIND LEER! {%if states("sensor.fullstand_mate_cola")| int == 0%} UND SOGAR DIE COLA IST ALLE. Ihr seid sowas von am Arsch!{%else%}Zum Glück gibt es noch Cola, Phew!{%endif%} -{% elif (states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int) < 5 %} -Der Mahtestand im Automaten ist mit {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} verbleibenden Flaschen kritisch! -{% else %} -Im Automaten sind noch {{states("sensor.fullstand_mate_1")|int + states("sensor.fullstand_mate_2")|int }} Flaschen Mahte und {{states("sensor.fullstand_mate_cola")}} Flaschen Cola. -{%endif%} - -Die Wettervorhersage: {{states("sensor.dark_sky_hourly_summary")}} Aktuell {{states("sensor.dark_sky_summary")}} bei {{states("sensor.dark_sky_temperature") | round(1) | replace('.',' Komma ')}} Grad. -Der Stromverbrauch liegt bei {{ (( states("sensor.l1_power")|int + states("sensor.l2_power")|int + states("sensor.l3_power")|int ) / 1000 )| round(1) | replace('.',' Komma ')}} Kilowatt. - -Im Fablab ist die Feinstaubbelastung {% if states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 50 %}hoch!{%elif states("sensor.fablab_particulate_matter_2_5um_concentration") | float > 25 %}mäßig.{% else %}gering.{%endif%} - -{% if is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor und Entropia haben geöffnet. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor und Entropia haben geschlossen. -{% elif is_state("binary_sensor.door_rzl",'on') and is_state("binary_sensor.door_entropia",'off') %} -Das Raumzeitlabor hat geöffnet und Entropia hat geschlossen. -{% elif is_state("binary_sensor.door_rzl",'off') and is_state("binary_sensor.door_entropia",'on') %} -Das Raumzeitlabor hat geschlossen und Entropia hat geöffnet. -{%endif%} - -Die Glados Hackerspace Automation wünscht dir und allen Anwesenden einen produktiven und angenehmen Aufenthalt! diff --git a/krebs/2configs/shack/glados/automation/hass-restart.nix b/krebs/2configs/shack/glados/automation/hass-restart.nix deleted file mode 100644 index 5f61e19f1..000000000 --- a/krebs/2configs/shack/glados/automation/hass-restart.nix +++ /dev/null @@ -1,24 +0,0 @@ -# needs: -# light.fablab_led -{ - services.home-assistant.config.automation = - [ - { alias = "State on HA start-up"; - trigger = { - platform = "homeassistant"; - event = "start"; - }; - # trigger good/bad air - action = [ - { service = "light.turn_on"; - data = { - entity_id = "light.fablab_led"; - effect = "Rainbow"; - color_name = "purple"; - }; - } - ]; - } - ]; -} - diff --git a/krebs/2configs/shack/glados/automation/party-time.nix b/krebs/2configs/shack/glados/automation/party-time.nix deleted file mode 100644 index 9e7fe24cd..000000000 --- a/krebs/2configs/shack/glados/automation/party-time.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Needs: -# sun.sunset -# switch.lounge_diskoschalter_relay -let - glados = import ../lib; - disko_schalter = "switch.lounge_diskoschalter_relay"; - player = "media_player.lounge"; -in -{ - services.home-assistant.config.automation = - [ - { alias = "Party um 21 Uhr"; - trigger = { - platform = "sun"; - event = "sunset"; - }; - action = - ( glados.say.kiosk "Die Sonne geht unter. Und jetzt geht die Party im shack erst richtig los. Partybeleuchtung, aktiviert!" ) - ++ - [ - { - service = "homeassistant.turn_on"; - entity_id = disko_schalter; - } - { - service = "media_player.turn_on"; - data.entity_id = player; - } # TODO: also start playlist if nothing is running? - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/automation/shack-startup.nix b/krebs/2configs/shack/glados/automation/shack-startup.nix deleted file mode 100644 index 471d817a2..000000000 --- a/krebs/2configs/shack/glados/automation/shack-startup.nix +++ /dev/null @@ -1,100 +0,0 @@ -# needs: -# binary_sensor.portal_lock -# sensor.keyholder -# media_player.lounge - -# additional state required on: -# mpd.shack: -# playlist "ansage" -# playlist "lassulus" -# lounge.kiosk.shack: -# playlist "ansage" - -let - glados = import ../lib; -in -{ - services.home-assistant.config.automation = - [ - { - alias = "Bedanken bei Übernahme von Key"; - initial_state = true; - trigger = { - platform = "state"; - entity_id = "sensor.keyholder"; - }; - condition = { - condition = "template"; - value_template = "{{ (trigger.from_state.state != 'No Keyholder') and (trigger.from_state.state != 'No Keyholder') }}"; - }; - action = glados.say.kiosk "Danke {{ trigger.to_state.state }} für das Übernehmen des Keys von {{ trigger.from_state.state }}"; - } - { - alias = "Keyholder Begrüßen wenn MPD hoch fährt"; - initial_state = true; - trigger = { - platform = "state"; - from = "unavailable"; - entity_id = "media_player.kiosk"; - }; - action = glados.say.kiosk (builtins.readFile ./announcement.j2); - } - { - alias = "Start Music on portal lock on"; - trigger = { - platform = "state"; - entity_id = "binary_sensor.portal_lock"; - to = "on"; - for.seconds = 30; - }; - condition = { - condition = "and"; - conditions = - [ - { # only start if a keyholder opened the door and if the lounge mpd is currently not playing anything - condition = "template"; - value_template = "{{ state('sensor.keyholder') != 'No Keyholder' }}"; - } - { - condition = "state"; - entity_id = "media_player.lounge"; - state = "idle"; - } - ]; - }; - action = [ - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 1.0; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { delay.seconds = 8.5; } - { - service = "media_player.volume_set"; - data = { - entity_id = "media_player.lounge"; - volume_level = 0.6; - }; - } - { - service = "media_player.play_media"; - data = { - entity_id = "media_player.lounge"; - media_content_type = "playlist"; - media_content_id = "lassulus"; - }; - } - ]; - } - ]; -} diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix index 7c941a66a..236b5000d 100644 --- a/krebs/2configs/shack/glados/default.nix +++ b/krebs/2configs/shack/glados/default.nix @@ -1,12 +1,33 @@ { config, pkgs, lib, ... }: let - unstable = import (pkgs.fetchFromGitHub { - owner = "nixos"; - repo = "nixpkgs"; - rev = (lib.importJSON ../../../nixpkgs-unstable.json).rev; - sha256 = (lib.importJSON ../../../nixpkgs-unstable.json).sha256; - }) {}; + kodi-host = "192.168.8.11"; + confdir = "/var/lib/homeassistant-docker"; in { + imports = [ + ]; + + # networking.firewall.allowedTCPPorts = [ 8123 ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + environment = { + TZ = "Europe/Berlin"; + # TODO create unique users + PUID = toString config.users.users.news_container.uid; + PGID = toString config.users.groups.news_container.gid; + UMASK = "007"; + }; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + # TODO: + "d ${confdir} 0770 news_container news_container - -" + ]; + services.nginx.virtualHosts."hass.shack" = { serverAliases = [ "glados.shack" ]; locations."/" = { @@ -23,127 +44,4 @@ in { ''; }; }; - imports = [ - ./multi/shackopen.nix - ./multi/wasser.nix - ./multi/schlechte_luft.nix - ./multi/rollos.nix - - ./switch/power.nix - - ./sensors/power.nix - ./sensors/mate.nix - ./sensors/darksky.nix - ./sensors/spaceapi.nix - ./sensors/sensemap.nix - - ./automation/shack-startup.nix - ./automation/party-time.nix - ./automation/hass-restart.nix - ./automation/ampel.nix - - ]; - services.home-assistant = - { - enable = true; - package = unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - }); - config = { - homeassistant = { - name = "Glados"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "10.42.0.0/16" - "::1/128" - "fd00::/8" - ]; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "glados"; - host = "influx.shack"; - component_config_glob = { - "sensor.*particulate_matter_2_5um_concentration".override_measurement = "2_5um particles"; - "sensor.*particulate_matter_10_0um_concentration".override_measurement ="10um particles"; - }; - tags = { - instance = "wolf"; - source = "glados"; - }; - }; - esphome = {}; - api = {}; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - discovery = true; #enable esphome discovery - discovery_prefix = "homeassistant"; - birth_message = { - topic = "glados/hass/status/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "glados/hass/status/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - light = []; - media_player = [ - { platform = "mpd"; - name = "lounge"; - host = "lounge.mpd.shack"; - } - { platform = "mpd"; - name = "kiosk"; - #host = "lounge.kiosk.shack"; - host = "kiosk.shack"; - } - ]; - - camera = []; - frontend = { }; - config = { }; - sun = {}; - http = { - base_url = "http://hass.shack"; - use_x_forwarded_for = true; - trusted_proxies = [ "127.0.0.1" "::1" ]; - }; - #conversation = {}; - - history = {}; - logbook = {}; - #recorder = {}; - - logger.default = "info"; - - tts = [ - { platform = "google_translate"; - service_name = "say"; - language = "de"; - cache = true; - time_memory = 57600; - base_url = "http://hass.shack"; - } - ]; - device_tracker = []; - }; - }; } diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix deleted file mode 100644 index 69640f03d..000000000 --- a/krebs/2configs/shack/glados/deps/gtts-token.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib -, buildPythonPackage -, fetchPypi -, requests -}: - -buildPythonPackage rec { - pname = "gtts-token"; - version = "1.1.3"; - - src = fetchPypi { - pname = "gTTS-token"; - inherit version; - sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5"; - }; - - propagatedBuildInputs = [ - requests - ]; - - meta = with lib; { - description = "Calculates a token to run the Google Translate text to speech"; - homepage = https://github.com/boudewijn26/gTTS-token; - license = licenses.mit; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix deleted file mode 100644 index a75c6a976..000000000 --- a/krebs/2configs/shack/glados/deps/pyhaversion.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib -, buildPythonPackage -, fetchpatch -, fetchPypi -, aiohttp -, async-timeout -}: - -buildPythonPackage rec { - pname = "pyhaversion"; - version = "2.2.1"; - - src = fetchPypi { - inherit pname version; - sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f"; - }; - patches = [ - (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch"; - sha256 = - "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";}) - ]; - doCheck = false; - propagatedBuildInputs = [ - aiohttp - async-timeout - ]; - - meta = with lib; { - description = ""; - homepage = https://github.com/ludeeus/pyhaversion; - # maintainers = [ maintainers. ]; - }; -} diff --git a/krebs/2configs/shack/glados/lib/default.nix b/krebs/2configs/shack/glados/lib/default.nix deleted file mode 100644 index 2cfac3daf..000000000 --- a/krebs/2configs/shack/glados/lib/default.nix +++ /dev/null @@ -1,66 +0,0 @@ -let - prefix = "glados"; -in -{ - - say = let - # returns a list of actions to be performed on an mpd to say something - tts = { message, entity }: - [ - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { service = "media_player.play_media"; - data = { - entity_id = "media_player.${entity}"; - media_content_type = "playlist"; - media_content_id = "ansage"; - }; - } - { - service = "media_player.turn_on"; - data.entity_id = "media_player.${entity}"; - } - { delay.seconds = 4.5; } - { service = "tts.say"; - entity_id = "media_player.${entity}"; - data_template = { - inherit message; - language = "de"; - }; - } - ]; - in - { - lounge = message: tts { - inherit message; - entity = "lounge"; - }; - herrenklo = message: tts { - inherit message; - entity = "herrenklo"; - }; - kiosk = message: tts { - inherit message; - entity = "kiosk"; - }; - }; - tasmota = - { - plug = {host, name ? host, topic ? host}: - { - platform = "mqtt"; - inherit name; - state_topic = "sonoff/stat/${topic}/POWER1"; - command_topic = "sonoff/cmnd/${topic}/POWER1"; - availability_topic = "sonoff/tele/${topic}/LWT"; - payload_on= "ON"; - payload_off= "OFF"; - payload_available= "Online"; - payload_not_available= "Offline"; - retain = false; - qos = 1; - }; - }; -} diff --git a/krebs/2configs/shack/glados/multi/rollos.nix b/krebs/2configs/shack/glados/multi/rollos.nix deleted file mode 100644 index 29525ad82..000000000 --- a/krebs/2configs/shack/glados/multi/rollos.nix +++ /dev/null @@ -1,59 +0,0 @@ -# - -let - glados = import ../lib; - tempsensor = "sensor.dark_sky_temperature"; - all_covers = [ - "cover.crafting_rollo" - "cover.elab_rollo" - "cover.or2_rollo" - "cover.retroraum_rollo" - ]; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Rollos fahren Runter"; - trigger = [ - { - platform = "numeric_state"; - entity_id = tempsensor; - above = 25; - for = "00:30:00"; - } - ]; - condition = - [ - { - condition = "state"; - entity_id = "sun.sun"; - state = "above_horizon"; - } - ]; - action = - [ - { service = "cover.close_cover"; - entity_id = all_covers; - } - ]; - } - { alias = "Rollos fahren Hoch"; - trigger = [ - { - platform = "sun"; - event = "sunset"; - } - ]; - condition = [ ]; - action = - [ - { service = "cover.open_cover"; - entity_id = all_covers; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/schlechte_luft.nix b/krebs/2configs/shack/glados/multi/schlechte_luft.nix deleted file mode 100644 index c1890361b..000000000 --- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix +++ /dev/null @@ -1,109 +0,0 @@ -let - glados = import ../lib; - feinstaub_sensor = "sensor.fablab_particulate_matter_2_5um_concentration"; - ledring = "light.fablab_led_ring"; -in -{ - services.home-assistant.config = - { - automation = - [ - { alias = "Gute Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - entity_id = feinstaub_sensor; - below = 3; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "green"; - }; - } - ]; - } - { alias = "mäßige Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 3; - below = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Twinkle"; - color_name = "yellow"; - }; - } - ]; - } - { alias = "schlechte Luft Fablab"; - trigger = [ - { - platform = "numeric_state"; - above = 10; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Fireworks"; - color_name = "red"; - }; - } - ]; - } - { alias = "Luft Sensor nicht verfügbar"; - trigger = [ - { - platform = "state"; - to = "unavailable"; - entity_id = feinstaub_sensor; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "blue"; - }; - } - ]; - } - { alias = "Fablab Licht Reboot"; - trigger = [ - { - platform = "state"; - from = "unavailable"; - entity_id = ledring; - } - ]; - action = - [ - { service = "light.turn_on"; - data = { - entity_id = ledring; - effect = "Rainbow"; - color_name = "orange"; - }; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix deleted file mode 100644 index d9be9adfa..000000000 --- a/krebs/2configs/shack/glados/multi/shackopen.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - services.home-assistant.config = - { - binary_sensor = [ - { platform = "mqtt"; - name = "Portal Lock"; - device_class = "door"; - state_topic = "portal/gateway/status"; - availability_topic = "portal/gateway/lwt"; - payload_on = "open"; - payload_off = "closed"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - sensor = [ - { platform = "mqtt"; - name = "Keyholder"; - state_topic = "portal/gateway/keyholder"; - availability_topic = "portal/gateway/lwt"; - payload_available = "online"; - payload_not_available = "offline"; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix deleted file mode 100644 index 9ca5e4500..000000000 --- a/krebs/2configs/shack/glados/multi/wasser.nix +++ /dev/null @@ -1,113 +0,0 @@ -# uses: -# switch.crafting_giesskanne_relay -let - glados = import ../lib; - seconds = 20; - wasser = "switch.crafting_giesskanne_relay"; - brotbox = { - minutes = 10; - pump = "switch.crafting_brotbox_pumpe"; - sensor = "sensor.statistics_for_sensor_crafting_brotbox_soil_moisture"; - }; -in -{ - services.home-assistant.config = - { - sensor = map ( entity_id: { - platform = "statistics"; - name = "Statistics for ${entity_id}"; - inherit entity_id; - max_age.minutes = "60"; - sampling_size = 1000; - }) ["sensor.crafting_brotbox_soil_moisture"]; - - - automation = - [ - ### Brotbox ##### - #{ alias = "Brotbox: water for ${toString brotbox.minutes} minutes every hour"; - # trigger = - # { # Trigger once every hour at :42 - # platform = "time_pattern"; - # minutes = 42; - # }; - # condition = { - # condition = "numeric_state"; - # entity_id = brotbox.sensor; - # value_template = "{{ state_attr('${brotbox.sensor}', 'median') }}"; - # below = 75; - # }; - # action = - # [ - # { - # service = "homeassistant.turn_on"; - # entity_id = brotbox.pump; - # } - # { delay.minutes = brotbox.minutes; } - # { - # service = "homeassistant.turn_off"; - # entity_id = brotbox.pump ; - # } - # ]; - #} - { alias = "Brotbox: Always turn off water after ${toString (brotbox.minutes * 2)} minutes"; - trigger = - { - platform = "state"; - entity_id = brotbox.pump; - to = "on"; - for.minutes = brotbox.minutes*2; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = brotbox.pump; - }; - } - - ##### Kaffeemaschine - { alias = "Water the plant for ${toString seconds} seconds"; - trigger = [ - { # trigger at 20:00 no matter what - # TODO: retry or run only if switch.wasser is available - platform = "time"; - at = "20:00:00"; - } - ]; - action = - [ - { - service = "homeassistant.turn_on"; - entity_id = [ - wasser - ]; - } - { delay.seconds = seconds; } - { - service = "homeassistant.turn_off"; - entity_id = [ - wasser - ]; - } - ]; - } - { alias = "Always turn off water after ${toString (seconds * 2)}seconds"; - trigger = [ - { - platform = "state"; - entity_id = wasser; - to = "on"; - for.seconds = seconds*2; - } - ]; - action = - [ - { - service = "homeassistant.turn_off"; - entity_id = [ wasser ]; - } - ]; - } - ]; - }; -} diff --git a/krebs/2configs/shack/glados/sensors/darksky.nix b/krebs/2configs/shack/glados/sensors/darksky.nix deleted file mode 100644 index 12b33804c..000000000 --- a/krebs/2configs/shack/glados/sensors/darksky.nix +++ /dev/null @@ -1,24 +0,0 @@ -{lib,...}: -{ - services.home-assistant.config.sensor = - [ - { platform = "darksky"; - api_key = lib.removeSuffix "\n" - (builtins.readFile <secrets/hass/darksky.apikey>); - language = "de"; - monitored_conditions = [ - "summary" "icon" - "nearest_storm_distance" "precip_probability" - "precip_intensity" - "temperature" # "temperature_high" "temperature_low" - "apparent_temperature" - "hourly_summary" # next 24 hours text - "humidity" - "pressure" - "uv_index" - ]; - units = "si" ; - scan_interval = "00:15:00"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/mate.nix b/krebs/2configs/shack/glados/sensors/mate.nix deleted file mode 100644 index 751856668..000000000 --- a/krebs/2configs/shack/glados/sensors/mate.nix +++ /dev/null @@ -1,20 +0,0 @@ -let - fuellstand = name: id: { - platform = "rest"; - resource = "https://ora5.tutschonwieder.net/ords/lick_prod/v1/get/fuellstand/1/${toString id}"; - method = "GET"; - name = "Füllstand ${name}"; - value_template = "{{ value_json.fuellstand }}"; - }; -in -{ - services.home-assistant.config.sensor = - [ - (fuellstand "Wasser" 1) - (fuellstand "Mate Cola" 2) - (fuellstand "Apfelschorle" 3) - (fuellstand "Zitronensprudel" 4) - (fuellstand "Mate 1" 26) - (fuellstand "Mate 2" 27) - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix deleted file mode 100644 index d9b5c7c65..000000000 --- a/krebs/2configs/shack/glados/sensors/power.nix +++ /dev/null @@ -1,29 +0,0 @@ -let - power_x = name: phase: - { platform = "mqtt"; - name = "${phase} ${name}"; - state_topic = "/power/total/${phase}/${name}"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_consumed = - { platform = "mqtt"; - name = "Power Consumed"; - device_class = "power"; - state_topic = "/power/total/consumed"; - availability_topic = "/power/lwt"; - payload_available = "Online"; - payload_not_available = "Offline"; - }; - power_volt = power_x "Voltage"; - power_watt = (power_x "Power") ; - power_curr = power_x "Current"; -in -{ - services.home-assistant.config.sensor = - (map power_volt [ "L1" "L2" "L3" ]) -++ (map (x: ((power_watt x) // { device_class = "power"; })) [ "L1" "L2" "L3" ]) -++ (map power_curr [ "L1" "L2" "L3" ]) -++ [ power_consumed ]; -} diff --git a/krebs/2configs/shack/glados/sensors/sensemap.nix b/krebs/2configs/shack/glados/sensors/sensemap.nix deleted file mode 100644 index c261a28e1..000000000 --- a/krebs/2configs/shack/glados/sensors/sensemap.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.home-assistant.config.air_quality = - [ - { - platform = "opensensemap"; - station_id = "56a0de932cb6e1e41040a68b"; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/spaceapi.nix b/krebs/2configs/shack/glados/sensors/spaceapi.nix deleted file mode 100644 index ea20ad29d..000000000 --- a/krebs/2configs/shack/glados/sensors/spaceapi.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - services.home-assistant.config.binary_sensor = - [ - { - platform = "rest"; - resource = "https://spaceapi.afra-berlin.de/v1/status.json"; - method = "GET"; - name = "Door AFRA Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://club.entropia.de/spaceapi"; - method = "GET"; - name = "Door Entropia"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "http://www.c-base.org/status.json"; - method = "GET"; - name = "Door C-Base Berlin"; - device_class = "door"; - value_template = "{{ value_json.open }}"; - } - { - platform = "rest"; - resource = "https://status.raumzeitlabor.de/api/full.json"; - method = "GET"; - name = "Door RZL"; - device_class = "door"; - value_template = "{{ value_json.status }}"; - } - { - platform = "rest"; - resource = "https://datenobservatorium.de/"; - method = "GET"; - name = "Door Datenobservatorium"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - { - platform = "rest"; - resource = "https://infuanfu.de/"; - method = "GET"; - name = "Door Infuanfu"; - device_class = "door"; - value_template = "false"; - scan_interval = 2592000; - } - ]; -} diff --git a/krebs/2configs/shack/glados/sensors/unifi.nix b/krebs/2configs/shack/glados/sensors/unifi.nix deleted file mode 100644 index f64e3feb6..000000000 --- a/krebs/2configs/shack/glados/sensors/unifi.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - controllers = { - host = "unifi.shack"; - site = "shackspace"; - }; -} diff --git a/krebs/2configs/shack/glados/switch/power.nix b/krebs/2configs/shack/glados/switch/power.nix deleted file mode 100644 index 9ec115faa..000000000 --- a/krebs/2configs/shack/glados/switch/power.nix +++ /dev/null @@ -1,44 +0,0 @@ -# 1 - haupt -# 2 - dusche -# 3 - warmwasser -# 4 - or -# 5 - kueche -let - nodelight = type: ident: name: { - platform = "mqtt"; - name = "${type} ${name}"; - command_topic = "${type}/${toString ident}/command"; - state_topic = "${type}/${toString ident}/state"; - payload_on = "on"; - payload_off = "off"; - }; - power = nodelight "power"; - light = ident: name: { icon = "mdi:lightbulb";} // nodelight "light" ident name; -in -{ - services.home-assistant.config.switch = - [ - # These commands we see with a shutdown: - # power/143/state on - # power/142/state on - # power/141/state on - # power/142/state off - # power/141/state off - # power/10/state off - # power/main/state off - - (power "10" "Hauptschalter") - (power 1 "Dusche") # ??? - (power 2 "Warmwasser") # ??? - (power 3 "Optionsräume") # ??? - (power 4 "Küche") # ??? - (light 1 "Decke Lounge 1") - (light 2 "Decke Lounge 2") - (light 3 "Decke Lounge 3") - (light 4 "Decke Lounge 4") - (light 5 "Decke Lounge 5") - (light 6 "Decke Lounge 6") - (light 7 "Decke Lounge 7") - (light 8 "Decke Lounge 8") - ]; -} diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 5ba49ede6..4cefdc3e5 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -1,6 +1,6 @@ { lib,... }: let - disk_free_threshold = "10"; # at least this much free disk percentage + disk_free_threshold = "5"; # at least this much free disk percentage in { services.prometheus.rules = [(builtins.toJSON { @@ -8,22 +8,6 @@ in { { name = "shack-env"; rules = [ { - alert = "Wolf RootPartitionFull"; - for = "30m"; - expr = ''(node_filesystem_avail_bytes{alias="wolf.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="wolf.shack",mountpoint="/"} < ${disk_free_threshold}''; - labels.severity = "warning"; - annotations.summary = "{{ $labels.alias }} root disk full"; - annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do: -1. `nix-collect-garbage -d` -2. clean up the shack share folder in `/home/share` -3. check `du -hs /var/ | sort -h`. -4. run `docker system prune` -5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data -5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete -6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` ''; - } - { alert = "Puyak RootPartitionFull"; for = "30m"; expr = ''(node_filesystem_avail_bytes{alias="puyak.shack",mountpoint="/"} * 100) / node_filesystem_size_bytes{alias="puyak.shack",mountpoint="/"} < ${disk_free_threshold}''; @@ -32,9 +16,8 @@ in { annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=puyak"; annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%).Prometheus will not be able to create new alerts and CI for deploying new configuration will also seize working. Log in to the system and run `nix-collect-garbage -d` and if this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; } - # wolf.shack is not worth supervising anymore { - alert = "HostDown"; + alert = "Infra01 down"; expr = ''up{alias="infra01.shack"} == 0''; for = "5m"; labels.severity = "page"; diff --git a/krebs/2configs/shack/prometheus/irc-alerts.py b/krebs/2configs/shack/prometheus/irc-alerts.py new file mode 100644 index 000000000..005a2013b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-alerts.py @@ -0,0 +1,207 @@ +import base64 +import cgi +import json +import os +import re +import socket +import ssl +import sys +from http.server import BaseHTTPRequestHandler +from typing import List, Optional, Tuple +from urllib.parse import urlparse + +DEBUG = os.environ.get("DEBUG") is not None + + +def _irc_send( + server: str, + nick: str, + channel: str, + sasl_password: Optional[str] = None, + server_password: Optional[str] = None, + tls: bool = True, + port: int = 6697, + messages: List[str] = [], +) -> None: + if not messages: + return + + sock = socket.socket() + if tls: + sock = ssl.wrap_socket( + sock, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1_2 + ) + + def _send(command: str) -> int: + if DEBUG: + print(command) + return sock.send((f"{command}\r\n").encode()) + + def _pong(ping: str): + if ping.startswith("PING"): + sock.send(ping.replace("PING", "PONG").encode("ascii")) + + recv_file = sock.makefile(mode="r") + + print(f"connect {server}:{port}") + sock.connect((server, port)) + if server_password: + _send(f"PASS {server_password}") + _send(f"USER {nick} 0 * :{nick}") + _send(f"NICK {nick}") + for line in recv_file.readline(): + if re.match(r"^:[^ ]* (MODE|221|376|422) ", line): + break + else: + _pong(line) + + if sasl_password: + _send("CAP REQ :sasl") + _send("AUTHENTICATE PLAIN") + auth = base64.encodebytes(f"{nick}\0{nick}\0{sasl_password}".encode("utf-8")) + _send(f"AUTHENTICATE {auth.decode('ascii')}") + _send("CAP END") + _send(f"JOIN :{channel}") + + for m in messages: + _send(f"PRIVMSG {channel} :{m}") + + _send("INFO") + for line in recv_file: + if DEBUG: + print(line, end="") + # Assume INFO reply means we are done + if "End of /INFO" in line: + break + else: + _pong(line) + + sock.send(b"QUIT") + print("disconnect") + sock.close() + + +def irc_send( + url: str, notifications: List[str], password: Optional[str] = None +) -> None: + parsed = urlparse(f"{url}") + username = parsed.username or "prometheus" + server = parsed.hostname or "chat.freenode.net" + if parsed.fragment != "": + channel = f"#{parsed.fragment}" + else: + channel = "#krebs-announce" + port = parsed.port or 6697 + if not password: + password = parsed.password + if len(notifications) == 0: + return + _irc_send( + server=server, + nick=username, + sasl_password=password, + channel=channel, + port=port, + messages=notifications, + tls=parsed.scheme == "irc+tls", + ) + + +class PrometheusWebHook(BaseHTTPRequestHandler): + def __init__( + self, + irc_url: str, + conn: socket.socket, + addr: Tuple[str, int], + password: Optional[str] = None, + ) -> None: + self.irc_url = irc_url + self.password = password + self.rfile = conn.makefile("rb") + self.wfile = conn.makefile("wb") + self.client_address = addr + self.handle() + + # for testing + def do_GET(self) -> None: + if DEBUG: + print("GET: Request Received") + self.send_response(200) + self.send_header("Content-type", "text/plain") + self.end_headers() + self.wfile.write(b"ok") + + def do_POST(self) -> None: + if DEBUG: + print("POST: Request Received") + content_type, _ = cgi.parse_header(self.headers.get("content-type")) + + # refuse to receive non-json content + if content_type != "application/json": + if DEBUG: + print(f"POST: wrong content type {content_type}") + self.send_response(400) + self.end_headers() + return + + length = int(self.headers.get("content-length")) + payload = json.loads(self.rfile.read(length)) + messages = [] + for alert in payload["alerts"]: + description = alert["annotations"]["description"] + messages.append(f"{alert['status']}: {description}") + irc_send(self.irc_url, messages, password=self.password) + + self.do_GET() + + +def systemd_socket_response() -> None: + irc_url = os.environ.get("IRC_URL", None) + if irc_url is None: + print( + "IRC_URL environment variable not set: i.e. IRC_URL=irc+tls://mic92-prometheus@chat.freenode.net/#krebs-announce", + file=sys.stderr, + ) + sys.exit(1) + + password = None + irc_password_file = os.environ.get("IRC_PASSWORD_FILE", None) + if irc_password_file: + with open(irc_password_file) as f: + password = f.read() + + msgs = sys.argv[1:] + + if msgs != []: + irc_send(irc_url, msgs, password=password) + return + + nfds = os.environ.get("LISTEN_FDS", None) + if nfds is None: + print( + "LISTEN_FDS not set. Run me with systemd(TM) socket activation?", + file=sys.stderr, + ) + sys.exit(1) + fds = range(3, 3 + int(nfds)) + + for fd in fds: + sock = socket.fromfd(fd, socket.AF_INET, socket.SOCK_STREAM) + sock.settimeout(0) + + try: + while True: + PrometheusWebHook(irc_url, *sock.accept(), password=password) + except BlockingIOError: + # no more connections + pass + + +if __name__ == "__main__": + if DEBUG: + print("Starting in DEBUG mode") + if len(sys.argv) == 3: + print(f"{sys.argv[1]} {sys.argv[2]}") + irc_send(sys.argv[1], [sys.argv[2]]) + else: + systemd_socket_response() diff --git a/krebs/2configs/shack/prometheus/irc-hooks.nix b/krebs/2configs/shack/prometheus/irc-hooks.nix new file mode 100644 index 000000000..07bb2423b --- /dev/null +++ b/krebs/2configs/shack/prometheus/irc-hooks.nix @@ -0,0 +1,59 @@ +{ config +, lib +, pkgs +, ... +}: +let + irc-alerts = pkgs.writers.writePython3 "irc-alerts" { + flakeIgnore = [ "E501" ]; + } (builtins.readFile ./irc-alerts.py); + endpoints = { + binaergewitter = { + url = "irc+tls://puyak-alerts@irc.libera.chat:6697/#binaergewitter-alerts"; + port = 9223; + }; + }; +in +{ + systemd.sockets = + lib.mapAttrs' + (name: opts: + lib.nameValuePair "irc-alerts-${name}" { + description = "Receive http hook and send irc message for ${name}"; + wantedBy = [ "sockets.target" ]; + listenStreams = [ "[::]:${builtins.toString opts.port}" ]; + }) endpoints; + + systemd.services = + lib.mapAttrs' + (name: opts: + let + serviceName = "irc-alerts-${name}"; + hasPassword = opts.passwordFile or null != null; + in + lib.nameValuePair serviceName { + description = "Receive http hook and send irc message for ${name}"; + requires = [ "irc-alerts-${name}.socket" ]; + serviceConfig = + { + Environment = + [ + "IRC_URL=${opts.url}" + "DEBUG=y" + ] + ++ lib.optional hasPassword "IRC_PASSWORD_FILE=/run/${serviceName}/password"; + DynamicUser = true; + User = serviceName; + ExecStart = irc-alerts; + } + // lib.optionalAttrs hasPassword { + PermissionsStartOnly = true; + ExecStartPre = + "${pkgs.coreutils}/bin/install -m400 " + + "-o ${serviceName} -g ${serviceName} " + + "${config.sops.secrets.prometheus-irc-password.path} " + + "/run/${serviceName}/password"; + RuntimeDirectory = serviceName; + }; + }) endpoints; +} diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix index 9e4b4d1a7..7a5532027 100644 --- a/krebs/2configs/shack/prometheus/server.nix +++ b/krebs/2configs/shack/prometheus/server.nix @@ -3,6 +3,7 @@ { imports = [ ./alert-rules.nix + ./irc-hooks.nix ]; networking = { firewall.allowedTCPPorts = [ @@ -129,11 +130,11 @@ "group_wait" = "30s"; "group_interval" = "2m"; "repeat_interval" = "4h"; - "receiver" = "team-admins"; + "receiver" = "shack-admins"; }; "receivers" = [ { - "name" = "team-admins"; + "name" = "shack-admins"; "email_configs" = [ ]; "webhook_configs" = [ { diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index 26bfd0731..e61af7a7b 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -103,6 +103,7 @@ in { # <stockholm/makefu/2configs/sabnzbd.nix> # <stockholm/makefu/2configs/mail/mail.euer.nix> { krebs.exim.enable = mkDefault true; } + <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> # sharing <stockholm/makefu/2configs/share/gum.nix> # samba sahre @@ -125,7 +126,7 @@ in { <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/backup/state.nix> <stockholm/makefu/2configs/wireguard/server.nix> - # <stockholm/makefu/2configs/wireguard/wiregrill.nix> + <stockholm/makefu/2configs/wireguard/wiregrill.nix> { # recent changes mediawiki bot networking.firewall.allowedUDPPorts = [ 5005 5006 ]; @@ -173,7 +174,7 @@ in { # <stockholm/makefu/2configs/nginx/iso.euer.nix> # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> - <stockholm/makefu/2configs/deployment/graphs.nix> + # <stockholm/makefu/2configs/deployment/graphs.nix> #<stockholm/makefu/2configs/deployment/owncloud.nix> # <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix> #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de> diff --git a/makefu/1systems/gum/hetznercloud/network.nix b/makefu/1systems/gum/hetznercloud/network.nix index 24fe3842f..5159cf570 100644 --- a/makefu/1systems/gum/hetznercloud/network.nix +++ b/makefu/1systems/gum/hetznercloud/network.nix @@ -3,7 +3,7 @@ let external-mac = "96:00:01:24:33:f4"; external-gw = "172.31.1.1"; external-ip = "142.132.189.140"; - external-ip6 = "2a01:4f8:1c17:5cdf::2/64"; + external-ip6 = "2a01:4f8:1c17:5cdf::2"; external-gw6 = "fe80::1"; external-netmask = 32; external-netmask6 = 64; @@ -16,19 +16,20 @@ in SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" ''; networking = { + enableIPv6 = true; + nat.enableIPv6 = true; interfaces."${ext-if}" = { useDHCP = true; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; }; #ipv4.addresses = [{ # address = external-ip; # prefixLength = external-netmask; #}]; - #ipv6.addresses = [{ - # address = external-ip6; - # prefixLength = external-netmask6; - # }]; - #}; - #defaultGateway6 = { address = external-gw6; interface = ext-if; }; + defaultGateway6 = { address = external-gw6; interface = ext-if; }; #defaultGateway = external-gw; nameservers = [ "1.1.1.1" ]; }; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 13755de27..c875d52c8 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -61,6 +61,8 @@ direnv allow size = 900001; save = 900001; ignoreDups = true; + ignoreSpace = true; + extended = true; share = true; }; @@ -77,31 +79,32 @@ direnv allow xo = "mimeopen"; nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml"; }; - # navi package does not come with the navi.plugin.zsh anymore so we use .src + #zplug = { + # enable = true; + # plugins = [ + # { name = "denisidoro/navi" ; } + # { name = "zsh-users/zsh-autosuggestions" ; } + # ]; + #}; initExtra = '' bindkey -e + zle -N edit-command-line + # ctrl-x ctrl-e + bindkey '^xe' edit-command-line + bindkey '^x^e' edit-command-line # shift-tab bindkey '^[[Z' reverse-menu-complete bindkey "\e[3~" delete-char zstyle ':completion:*' menu select setopt HIST_IGNORE_ALL_DUPS - setopt HIST_IGNORE_SPACE setopt HIST_FIND_NO_DUPS compdef _pass brain zstyle ':completion::complete:brain::' prefix "$HOME/brain" + compdef _pass secrets zstyle ':completion::complete:secrets::' prefix "$HOME/.secrets-pass/" - - # navi - . ${pkgs.navi.src}/shell/navi.plugin.zsh - # ctrl-x ctrl-e - autoload -U compinit && compinit - autoload -U edit-command-line - zle -N edit-command-line - bindkey '^xe' edit-command-line - bindkey '^x^e' edit-command-line ''; }; }; diff --git a/makefu/2configs/wireguard/wiregrill.nix b/makefu/2configs/wireguard/wiregrill.nix index 082090755..070f01e10 100644 --- a/makefu/2configs/wireguard/wiregrill.nix +++ b/makefu/2configs/wireguard/wiregrill.nix @@ -13,16 +13,57 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) { boot.kernel.sysctl = mkIf isRouter { "net.ipv6.conf.all.forwarding" = 1; + "net.ipv4.conf.all.forwarding" = 1; + }; + networking.nat = mkIf isRouter { + enable = true; + enableIPv6 = true; + externalInterface = ext-if; + internalInterfaces = [ "wiregrill" ]; }; networking.firewall = { allowedUDPPorts = [ self.wireguard.port ]; - extraCommands = '' - iptables -A FORWARD -i wiregrill -o wiregrill -j ACCEPT + interfaces.wiregrill = mkIf isRouter { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + }; + + services.dnsmasq = mkIf isRouter { + enable = true; + resolveLocalQueries = false; + extraConfig = /* dnsmasq */ '' + bind-interfaces + interface=retiolum,wiregrill ''; + servers = [ "1.1.1.1" ]; }; networking.wireguard.interfaces.wiregrill = { + postSetup = optionalString isRouter '' + ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -s 10.244.245.0/24 -j ACCEPT + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.244.245.0/24 ! -d 10.244.245.0/24 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -A FORWARD -i wiregrill -o retiolum -j ACCEPT + ${pkgs.iptables}/bin/iptables -A FORWARD -i retiolum -o wiregrill -j ACCEPT + + ${pkgs.iptables}/bin/ip6tables -t nat -A PREROUTING -s 42:1::/32 -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wiregrill -o retiolum -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -A FORWARD -i retiolum -o wiregrill -j ACCEPT + ''; + + # This undoes the above command + postShutdown = optionalString isRouter '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.244.245.0/24 -o ${ext-if} -j MASQUERADE + ${pkgs.iptables}/bin/iptables -D FORWARD -i wiregrill -o retiolum -j ACCEPT + ${pkgs.iptables}/bin/iptables -D FORWARD -i retiolum -o wiregrill -j ACCEPT + + ${pkgs.iptables}/bin/ip6tables -t nat -D PREROUTING -s 42:1::/32 -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s 42:1::/32 ! -d 42:1::/48 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wiregrill -o retiolum -j ACCEPT + ${pkgs.iptables}/bin/ip6tables -D FORWARD -i retiolum -o wiregrill -j ACCEPT + '' ; ips = (optional (!isNull self.ip4) self.ip4.addr) ++ (optional (!isNull self.ip6) self.ip6.addr); |