makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

treewide: replace stockholm/lib with stockholm.lib

Browse source
This commit is contained in:
makefu 2023-07-02 16:05:52 +02:00
parent ecfa596670
commit 777a2fe734
47 changed files with 71 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
2configs/bepasty-dual.nix
View file

@ -10,7 +10,7 @@
# wildcard.krebsco.de.key # wildcard.krebsco.de.key
# bepasty-secret.nix <- contains single string # bepasty-secret.nix <- contains single string
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
sec = toString <secrets>; sec = toString <secrets>;
# secKey is nothing worth protecting on a local machine # secKey is nothing worth protecting on a local machine

2
2configs/bgt/download.binaergewitter.de.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
ident = (builtins.readFile ./auphonic.pub); ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log";

2
2configs/collectd/collectd-base.nix
View file

@ -2,7 +2,7 @@
# graphite-web on port 8080 # graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp) # carbon cache on port 2003 (tcp/udp)
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" '' connect-time-cfg = with pkgs; writeText "collectd-connect-time.cfg" ''
LoadPlugin python LoadPlugin python

2
2configs/dcpp/hub.nix
View file

@ -2,7 +2,7 @@
# search also generates ddclient entries for all other logs # search also generates ddclient entries for all other logs
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
ddclientUser = "ddclient"; ddclientUser = "ddclient";
sec = toString <secrets>; sec = toString <secrets>;

2
2configs/deployment/boot-euer.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module # more than just nginx config but not enough to become a module
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
bootscript = pkgs.writeTextDir "runit" '' bootscript = pkgs.writeTextDir "runit" ''

2
2configs/deployment/graphs.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
external-ip = config.krebs.build.host.nets.internet.ip4.addr; external-ip = config.krebs.build.host.nets.internet.ip4.addr;
internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;

2
2configs/deployment/photostore.krebsco.de.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# more than just nginx config but not enough to become a module # more than just nginx config but not enough to become a module
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
wsgi-sock = "${workdir}/uwsgi-photostore.sock"; wsgi-sock = "${workdir}/uwsgi-photostore.sock";
workdir = config.services.uwsgi.runDir; workdir = config.services.uwsgi.runDir;

2
2configs/elchos/irc-token.nix
View file

@ -1,5 +1,5 @@
{pkgs, ...}: {pkgs, ...}:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
secret = (import <secrets/elchos-token.nix>); secret = (import <secrets/elchos-token.nix>);
in { in {

2
2configs/elchos/search.nix
View file

@ -2,7 +2,7 @@
# search also generates ddclient entries for all other logs # search also generates ddclient entries for all other logs
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
#primary-itf = "eth0"; #primary-itf = "eth0";
#primary-itf = "wlp2s0"; #primary-itf = "wlp2s0";

2
2configs/elchos/stats.nix
View file

@ -4,7 +4,7 @@
# graphite-web on port 8080 # graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp) # carbon cache on port 2003 (tcp/udp)
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
networking.firewall = { networking.firewall = {

2
2configs/exim-retiolum.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
networking.firewall.allowedTCPPorts = [ 25 ]; networking.firewall.allowedTCPPorts = [ 25 ];

2
2configs/filepimp-share.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
in { in {

2
2configs/fs/vm-single-partition.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# vda1 ext4 (label nixos) -> only root partition # vda1 ext4 (label nixos) -> only root partition
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
imports = [ imports = [
./single-partition-ext4.nix ./single-partition-ext4.nix

2
2configs/git/cgit-retiolum.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
# TODO: remove tv lib :) # TODO: remove tv lib :)
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
repos = pub-repos // priv-repos // krebs-repos // connector-repos // krebsroot-repos; repos = pub-repos // priv-repos // krebs-repos // connector-repos // krebsroot-repos;

2
2configs/graphite-standalone.nix
View file

@ -2,7 +2,7 @@
# graphite-web on port 8080 # graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp) # carbon cache on port 2003 (tcp/udp)
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
imports = [ ]; imports = [ ];

2
2configs/home/metube.nix
View file

@ -1,6 +1,6 @@
{ pkgs, lib, ...}: { pkgs, lib, ...}:
# docker run -d -p 8081:8081 -v /path/to/downloads:/downloads --user 1001:1001 alexta69/metube # docker run -d -p 8081:8081 -v /path/to/downloads:/downloads --user 1001:1001 alexta69/metube
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
port = "2348"; port = "2348";
dl-dir = "/media/cryptX/youtube/music"; dl-dir = "/media/cryptX/youtube/music";

14
2configs/home/photoprism.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ...}: { pkgs, config, lib, ...}:
# Start | docker-compose up -d # Start | docker-compose up -d
# Stop | docker-compose stop # Stop | docker-compose stop
# Update | docker-compose pull # Update | docker-compose pull
@ -19,9 +19,9 @@ let
statedir = "/media/cryptX/lib/photoprism/appsrv"; statedir = "/media/cryptX/lib/photoprism/appsrv";
db-dir = "/media/cryptX/lib/photoprism/mysql"; db-dir = "/media/cryptX/lib/photoprism/mysql";
internal-ip = "192.168.111.11"; internal-ip = "192.168.111.11";
sec = import <secrets/photoprism.nix>;
in in
{ {
sops.secrets."photoprism/envfile" = {};
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
services.nginx.virtualHosts."photos" = { services.nginx.virtualHosts."photos" = {
@ -80,8 +80,6 @@ in
PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive
PHOTOPRISM_AUTH_MODE = "password"; PHOTOPRISM_AUTH_MODE = "password";
PHOTOPRISM_ADMIN_USER = "admin";
PHOTOPRISM_ADMIN_PASSWORD = "admin";
#PHOTOPRISM_DATABASE_DRIVER = "postgres"; #PHOTOPRISM_DATABASE_DRIVER = "postgres";
#PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432"; #PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432";
@ -92,8 +90,6 @@ in
PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER= "mysql-photoprism:3306" ; # MariaDB database server (hostname:port) PHOTOPRISM_DATABASE_SERVER= "mysql-photoprism:3306" ; # MariaDB database server (hostname:port)
PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name
PHOTOPRISM_DATABASE_USER= sec.db.username; # MariaDB database user name
PHOTOPRISM_DATABASE_PASSWORD= sec.db.password; # MariaDB database user password
PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL
PHOTOPRISM_SITE_TITLE = "PhotoPrism"; PHOTOPRISM_SITE_TITLE = "PhotoPrism";
@ -122,11 +118,11 @@ in
# "--innodb-lock-wait-timeout=50" # "--innodb-lock-wait-timeout=50"
#]; #];
volumes= [ "${db-dir}:/var/lib/mysql" ]; volumes= [ "${db-dir}:/var/lib/mysql" ];
environmentFiles = [
config.sops.secrets."photoprism/envfile".path
];
environment = { environment = {
MYSQL_ROOT_PASSWORD = "dickidibutt";
MYSQL_DATABASE= "photoprism"; MYSQL_DATABASE= "photoprism";
MYSQL_USER = sec.db.username;
MYSQL_PASSWORD = sec.db.password;
}; };
}; };
#virtualisation.oci-containers.containers.postgres-prism = { #virtualisation.oci-containers.containers.postgres-prism = {

51
2configs/home/zigbee2mqtt/default.nix
View file

@ -2,11 +2,14 @@
let let
dataDir = "/var/lib/zigbee2mqtt"; dataDir = "/var/lib/zigbee2mqtt";
sec = import <secrets/zigbee2mqtt.nix>;
internal-ip = "192.168.111.11"; internal-ip = "192.168.111.11";
webport = 8521; webport = 8521;
in in
{ {
sops.secrets."zigbee2mqtt" = {
owner = "zigbee2mqtt";
path = "/var/lib/zigbee2mqtt/configuration.yaml";
};
# symlink the zigbee controller # symlink the zigbee controller
#services.udev.extraRules = '' #services.udev.extraRules = ''
# SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout" # SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="cc2531", MODE="0660", GROUP="dialout"
@ -20,50 +23,6 @@ in
services.zigbee2mqtt = { services.zigbee2mqtt = {
enable = true; enable = true;
inherit dataDir; inherit dataDir;
settings = {
permit_join = true;
serial.port = "/dev/cc2531";
homeassistant = true;
mqtt = {
server = "mqtt://omo.lan:1883";
base_topic = "/ham/zigbee";
user = sec.mqtt.username;
password = sec.mqtt.password;
include_device_information = true;
client_id = "zigbee2mqtt";
};
availability = {
active.timeout = 10;
passive.timeout = 1500;
};
frontend = {
port = webport;
};
advanced = {
log_level = "debug";
log_output = [ "console" ];
last_seen = "ISO_8601";
elapsed = true;
pan_id = 6755;
inherit (sec.zigbee) network_key;
};
map_options.graphviz.colors = {
fill = {
enddevice = "#fff8ce" ;
coordinator = "#e04e5d";
router = "#4ea3e0";
};
font = {
coordinator= "#ffffff";
router = "#ffffff";
enddevice = "#000000";
};
line = {
active = "#009900";
inactive = "#994444";
};
};
};
}; };
services.nginx.recommendedProxySettings = true; services.nginx.recommendedProxySettings = true;

2
2configs/hw/tp-x200.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
imports = [ ./tp-x2x0.nix ]; imports = [ ./tp-x2x0.nix ];

2
2configs/lanparty/lancache-dns.nix
View file

@ -1,5 +1,5 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
upstream-server = "8.8.8.8"; upstream-server = "8.8.8.8";
# make sure the router pins the ip address to the deployed host # make sure the router pins the ip address to the deployed host

2
2configs/lanparty/lancache.nix
View file

@ -1,5 +1,5 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
# see https://github.com/zeropingheroes/lancache for full docs # see https://github.com/zeropingheroes/lancache for full docs
lancache= pkgs.stdenv.mkDerivation rec { lancache= pkgs.stdenv.mkDerivation rec {

2
2configs/mail-client.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
abook abook

2
2configs/mattermost-docker.nix
View file

@ -1,6 +1,6 @@
{config, lib, ...}: {config, lib, ...}:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
sec = toString <secrets>; sec = toString <secrets>;
ssl_cert = "${sec}/wildcard.krebsco.de.crt"; ssl_cert = "${sec}/wildcard.krebsco.de.crt";

2
2configs/minimal.nix
View file

@ -7,7 +7,7 @@
# the only true timezone (even after the the removal of DST) # the only true timezone (even after the the removal of DST)
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
# networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name; networking.hostName = lib.mkIf (lib.hasAttr "host" config.krebs.build) config.krebs.build.host.name;
# we use gpg if necessary (or nothing at all) # we use gpg if necessary (or nothing at all)
programs.ssh.startAgent = false; programs.ssh.startAgent = false;

2
2configs/nginx/euer.blog.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
sec = toString <secrets>; sec = toString <secrets>;
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;

2
2configs/nginx/euer.mon.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
user = config.services.nginx.user; user = config.services.nginx.user;

2
2configs/nginx/euer.test.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
user = config.services.nginx.user; user = config.services.nginx.user;

2
2configs/nginx/euer.wiki.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
sec = toString <secrets>; sec = toString <secrets>;
ext-dom = "wiki.euer.krebsco.de"; ext-dom = "wiki.euer.krebsco.de";

2
2configs/nginx/gold.krebsco.de.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
gold = pkgs.fetchFromGitHub { gold = pkgs.fetchFromGitHub {
owner = "krebs"; owner = "krebs";

2
2configs/nginx/gum.krebsco.de.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
in { in {
services.nginx = { services.nginx = {

2
2configs/nginx/icecult.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
icecult = pkgs.fetchFromGitHub { icecult = pkgs.fetchFromGitHub {

2
2configs/nginx/public_html.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
services.nginx = { services.nginx = {

2
2configs/nginx/rompr.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
user = config.services.nginx.user; user = config.services.nginx.user;
group = config.services.nginx.group; group = config.services.nginx.group;

2
2configs/nginx/update.connector.one.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
services.nginx = { services.nginx = {
enable = mkDefault true; enable = mkDefault true;

2
2configs/nsupdate-data.nix
View file

@ -2,7 +2,7 @@
# search also generates ddclient entries for all other logs # search also generates ddclient entries for all other logs
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
#primary-itf = "eth0"; #primary-itf = "eth0";
#primary-itf = "wlp2s0"; #primary-itf = "wlp2s0";

2
2configs/sabnzbd.nix
View file

@ -1,6 +1,6 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
web-port = 8080; web-port = 8080;
in { in {

2
2configs/shack/events-publisher/default.nix
View file

@ -1,5 +1,5 @@
{ pkgs, ... }: { pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
shack-announce = pkgs.callPackage (builtins.fetchTarball { shack-announce = pkgs.callPackage (builtins.fetchTarball {
url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz"; url = "https://github.com/makefu/events-publisher/archive/419afdfe16ebf7f2360d2ba64b67ca88948832bd.tar.gz";

2
2configs/share/anon-sftp.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
{ {
services.openssh = { services.openssh = {
allowSFTP = true; allowSFTP = true;

2
2configs/share/omo.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
hostname = config.krebs.build.host.name; hostname = config.krebs.build.host.name;
# TODO local-ip from the nets config # TODO local-ip from the nets config

2
2configs/solr.nix
View file

@ -2,7 +2,7 @@
# graphite-web on port 8080 # graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp) # carbon cache on port 2003 (tcp/udp)
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
solrHome = "/var/db/solr"; solrHome = "/var/db/solr";
in { in {

6
2configs/sshd-totp.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, config, ... }:
# Enables second factor for ssh password login # Enables second factor for ssh password login
## Usage: ## Usage:
@ -6,12 +6,12 @@
## scan the qrcode with google authenticator (or FreeOTP) ## scan the qrcode with google authenticator (or FreeOTP)
## copy last line into secrets/<host>/users.oath (chmod 700) ## copy last line into secrets/<host>/users.oath (chmod 700)
{ {
sops.secrets."users.oath" = {};
security.pam.oath = { security.pam.oath = {
# enabling it will make it a requisite of `all` services # enabling it will make it a requisite of `all` services
# enable = true; # enable = true;
digits = 6; digits = 6;
# TODO assert existing usersFile = config.sops.secrets."users.oath".path;
usersFile = (toString <secrets>) + "/users.oath";
}; };
# I want TFA only active for sshd with password-auth # I want TFA only active for sshd with password-auth
security.pam.services.sshd.oathAuth = true; security.pam.services.sshd.oathAuth = true;

2
2configs/stats/external/weather2stats.nix vendored
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
pkg = pkgs.stdenv.mkDerivation { pkg = pkgs.stdenv.mkDerivation {
name = "aralast-master"; name = "aralast-master";

2
2configs/stats/server.nix
View file

@ -1,6 +1,6 @@
{pkgs, config, ...}: {pkgs, config, ...}:
with import <stockholm/lib>; with pkgs.stockholm.lib;
let let
irc-server = "irc.r"; irc-server = "irc.r";
irc-nick = "m-alarm"; irc-nick = "m-alarm";

7
2configs/stats/telegraf/hamstats.nix
View file

@ -1,10 +1,10 @@
{ pkgs, lib, ...}: { pkgs, config, lib, ...}:
let let
genTopic_zigbee = name: tags: { genTopic_zigbee = name: tags: {
servers = [ "tcp://localhost:1883" ]; servers = [ "tcp://localhost:1883" ];
username = "stats"; username = "stats";
password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/stats>); passwordFile = config.sops.secrets."mqtt/stats".path;
qos = 0; qos = 0;
connection_timeout = "30s"; connection_timeout = "30s";
topics = [ "/ham/zigbee/${name}" ]; topics = [ "/ham/zigbee/${name}" ];
@ -19,7 +19,7 @@ let
genTopic_plain = name: topic: tags: { genTopic_plain = name: topic: tags: {
servers = [ "tcp://localhost:1883" ]; servers = [ "tcp://localhost:1883" ];
username = "stats"; username = "stats";
password = lib.removeSuffix "\n" (builtins.readFile <secrets/mqtt/stats>); passwordFile = config.sops.secrets."mqtt/stats".path;
qos = 0; qos = 0;
connection_timeout = "30s"; connection_timeout = "30s";
topics = [ topic ]; topics = [ topic ];
@ -56,6 +56,7 @@ let
(esensor room name ''${room}_${name}_pressure'') (esensor room name ''${room}_${name}_pressure'')
]; ];
in { in {
sops.secrets."mqtt/stats" = {};
services.telegraf.extraConfig.inputs.mqtt_consumer = services.telegraf.extraConfig.inputs.mqtt_consumer =
(zigbee_temphum "Wohnzimmer" "temp1") (zigbee_temphum "Wohnzimmer" "temp1")
++ (zigbee_temphum "Badezimmer" "temp2") ++ (zigbee_temphum "Badezimmer" "temp2")

8
2configs/sync/default.nix
View file

@ -1,16 +1,18 @@
{ config, pkgs, ... }: with import <stockholm/lib>; let { config, pkgs, ... }: with pkgs.stockholm.lib; let
mk_peers = mapAttrs (n: v: { id = v.syncthing.id; }); mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts; all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders)); used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders));
used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers; used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
in { in {
sops.secrets."syncthing.key" = {};
sops.secrets."syncthing.cert" = {};
services.syncthing = { services.syncthing = {
enable = true; enable = true;
configDir = "/var/lib/syncthing"; configDir = "/var/lib/syncthing";
devices = mk_peers used_peers; devices = mk_peers used_peers;
key = toString <secrets/syncthing.key>; key = config.sops.secrets."syncthing.key".path;
cert = toString <secrets/syncthing.cert>; cert = config.sops.secrets."syncthing.cert".path;
}; };
services.syncthing.folders.the_playlist = { services.syncthing.folders.the_playlist = {
path = "/home/lass/tmp/the_playlist"; path = "/home/lass/tmp/the_playlist";

2
2configs/syncthing.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
with import <stockholm/lib>; { with pkgs.stockholm.lib; {
services.syncthing = { services.syncthing = {
enable = true; enable = true;
openDefaultPorts = true; openDefaultPorts = true;

10
2configs/tinc/retiolum.nix
View file

@ -3,13 +3,19 @@
imports = [ imports = [
../binary-cache/lass.nix ../binary-cache/lass.nix
]; ];
krebs.tinc.retiolum.enable = true; sops.secrets."retiolum.rsa_key.priv" = {};
krebs.tinc.retiolum.extraConfig = '' sops.secrets."retiolum.ed25519_key.priv" = {};
krebs.tinc.retiolum = {
enable = true;
extraConfig = ''
StrictSubnets = yes StrictSubnets = yes
${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) '' ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
LocalDiscovery = no LocalDiscovery = no
''} ''}
''; '';
privkey = config.sops.secrets."retiolum.rsa_key.priv".path;
privkey_ed25519 = config.sops.secrets."retiolum.ed25519_key.priv".path;
};
environment.systemPackages = [ pkgs.tinc ]; environment.systemPackages = [ pkgs.tinc ];
networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ]; networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];