summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/shack
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs/shack')
-rw-r--r--krebs/2configs/shack/glados/automation/ampel.nix23
-rw-r--r--krebs/2configs/shack/glados/default.nix1
-rw-r--r--krebs/2configs/shack/mqtt.nix22
-rw-r--r--krebs/2configs/shack/muell_mail.nix2
-rw-r--r--krebs/2configs/shack/muellshack.nix2
-rw-r--r--krebs/2configs/shack/node-light.nix2
-rw-r--r--krebs/2configs/shack/powerraw.nix2
-rw-r--r--krebs/2configs/shack/s3-power.nix2
-rw-r--r--krebs/2configs/shack/shackDNS.nix2
-rw-r--r--krebs/2configs/shack/share.nix1
10 files changed, 51 insertions, 8 deletions
diff --git a/krebs/2configs/shack/glados/automation/ampel.nix b/krebs/2configs/shack/glados/automation/ampel.nix
new file mode 100644
index 000000000..4be92a328
--- /dev/null
+++ b/krebs/2configs/shack/glados/automation/ampel.nix
@@ -0,0 +1,23 @@
+# needs:
+# binary_sensor.lounge_ampel_status
+# light.lounge_ampel_licht_rot
+
+let
+ glados = import ../lib;
+in
+{
+ services.home-assistant.config.automation =
+ [
+ {
+ alias = "Ampel Rotes Licht";
+ initial_state = true;
+ trigger = {
+ platform = "state";
+ entity_id = "binary_sensor.lounge_ampel_status";
+ };
+ action = { service = "light.turn_on";
+ data.entity_id = "light.lounge_ampel_licht_rot";
+ };
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index 51c2ad94f..e7860338c 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -40,6 +40,7 @@ in {
./automation/shack-startup.nix
./automation/party-time.nix
./automation/hass-restart.nix
+ ./automation/ampel.nix
];
services.home-assistant =
diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix
index e78f0f974..8ace42383 100644
--- a/krebs/2configs/shack/mqtt.nix
+++ b/krebs/2configs/shack/mqtt.nix
@@ -1,15 +1,21 @@
-# hostname: mqtt.shack
+{ ... }:
{
networking.firewall.allowedTCPPorts = [ 1883 ];
networking.firewall.allowedUDPPorts = [ 1883 ];
services.mosquitto = {
enable = true;
- host = "0.0.0.0";
- users = {};
- # TODO: secure that shit
- aclExtraConf = ''
- pattern readwrite #
- '';
- allowAnonymous = true;
+ persistence = false;
+ settings.max_keepalive = 60;
+ listeners = [
+ {
+ port = 1883;
+ omitPasswordAuth = true;
+ users = {};
+ settings = {
+ allow_anonymous = true;
+ };
+ acl = [ "topic readwrite #" "pattern readwrite #" ];
+ }
+ ];
};
}
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 9308c7b13..2a8c92e46 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -15,7 +15,9 @@ in {
inherit home;
isSystemUser = true;
createHome = true;
+ group = "muell_mail";
};
+ users.groups.muell_mail = {};
systemd.services.muell_mail = {
description = "muell_mail";
wantedBy = [ "multi-user.target" ];
diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix
index cabe72b40..abec3b4d6 100644
--- a/krebs/2configs/shack/muellshack.nix
+++ b/krebs/2configs/shack/muellshack.nix
@@ -16,7 +16,9 @@ in {
inherit home;
isSystemUser = true;
createHome = true;
+ group = "muellshack";
};
+ users.groups.muellshack = {};
services.nginx.virtualHosts."muell.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/muellshack/";
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
index 7a648d4ee..1124d969f 100644
--- a/krebs/2configs/shack/node-light.nix
+++ b/krebs/2configs/shack/node-light.nix
@@ -17,7 +17,9 @@ in {
inherit home;
isSystemUser = true;
createHome = true;
+ group = "node-light";
};
+ users.groups.node-light = {};
services.nginx.virtualHosts."lounge.light.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/lounge/";
diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix
index 64e1911cf..79ba567b6 100644
--- a/krebs/2configs/shack/powerraw.nix
+++ b/krebs/2configs/shack/powerraw.nix
@@ -19,7 +19,9 @@ in {
users.users.powermeter = {
extraGroups = [ "dialout" ];
isSystemUser = true;
+ group = "powermeter";
};
+ users.groups.powermeter = {};
# we make sure that usb-ttl has the correct permissions
# creates /dev/powerraw
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
index bed98d860..d8033f1e2 100644
--- a/krebs/2configs/shack/s3-power.nix
+++ b/krebs/2configs/shack/s3-power.nix
@@ -16,7 +16,9 @@ in {
inherit home;
createHome = true;
isSystemUser = true;
+ group = "s3_power";
};
+ users.groups.shackDNS = {};
systemd.services.s3-power = {
startAt = "daily";
description = "s3-power";
diff --git a/krebs/2configs/shack/shackDNS.nix b/krebs/2configs/shack/shackDNS.nix
index 00f79abc4..4e73023aa 100644
--- a/krebs/2configs/shack/shackDNS.nix
+++ b/krebs/2configs/shack/shackDNS.nix
@@ -30,9 +30,11 @@ in {
users.users.shackDNS = {
inherit home;
+ group = "nogroup";
createHome = true;
isSystemUser = true;
};
+ users.groups.shackDNS = {};
services.nginx.virtualHosts."leases.shack" = {
locations."/" = {
proxyPass = "http://localhost:${port}/";
diff --git a/krebs/2configs/shack/share.nix b/krebs/2configs/shack/share.nix
index 3eb30964e..bc483e8d0 100644
--- a/krebs/2configs/shack/share.nix
+++ b/krebs/2configs/shack/share.nix
@@ -7,6 +7,7 @@
home = "/home/share";
createHome = true;
};
+ users.groups.share = {};
networking.firewall.allowedTCPPorts = [
139 445 # samba