makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

ma wbob.r: enable bureautomation

Browse source
This commit is contained in:
makefu 2017-12-08 14:04:35 +01:00
parent db9a2f2637
commit 9bb5921e5e
7 changed files with 105 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
1systems/wbob/config.nix
View file

@ -18,7 +18,6 @@ in {
<stockholm/makefu/2configs/virtualisation/libvirt.nix> <stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix> <stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix> <stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/deployment/led-fader.nix>
# <stockholm/makefu/2configs/gui/wbob-kiosk.nix> # <stockholm/makefu/2configs/gui/wbob-kiosk.nix>
<stockholm/makefu/2configs/stats/client.nix> <stockholm/makefu/2configs/stats/client.nix>
@ -34,7 +33,10 @@ in {
<stockholm/makefu/2configs/share/wbob.nix> <stockholm/makefu/2configs/share/wbob.nix>
<stockholm/makefu/2configs/stats/telegraf> <stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix> <stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
<stockholm/makefu/2configs/deployment/bureautomation>
(let (let
collectd-port = 25826; collectd-port = 25826;
influx-port = 8086; influx-port = 8086;
@ -60,13 +62,7 @@ in {
}; };
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
iptables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p udp --dport ${toString collectd-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString influx-port} -j ACCEPT
ip6tables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
''; '';
}) })
@ -138,9 +134,6 @@ in {
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2 # rt2870 with nonfree creates wlp2s0 from wlp0s20u2
# not explicitly setting the interface results in wpa_supplicant to crash # not explicitly setting the interface results in wpa_supplicant to crash
networking.wireless.interfaces = [ "wlp2s0" ]; networking.wireless.interfaces = [ "wlp2s0" ];
networking.interfaces.enp0s25.ip4 = [
{ address = primaryIP; prefixLength = 24;}
];
networking.interfaces.virbr1.ip4 = [{ networking.interfaces.virbr1.ip4 = [{
address = "10.8.8.11"; address = "10.8.8.11";
prefixLength = 24; prefixLength = 24;

2
1systems/wbob/source.nix
View file

@ -1,4 +1,4 @@
import <stockholm/makefu/source.nix> { import <stockholm/makefu/source.nix> {
name="wbob"; name="wbob";
musnix = true; # musnix = true;
} }

41
2configs/deployment/bureautomation/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, lib, ... }:
with lib;
let
port = 3001;
runit = pkgs.writeDash "runit" ''
set -xeuf
PATH=${pkgs.curl}/bin:${pkgs.coreutils}/bin
name=''${1?must provide name as first arg}
state=''${2?must provide state as second arg}
# val=''${3?must provide val as third arg}
# we ignore non-alerting events
test $state = alerting || exit 0
echo $name - $state
curl 'http://bauarbeiterlampe/ay?o=1'
sleep 5
curl 'http://bauarbeiterlampe/ay?o=1'
'';
in {
services.logstash = {
package = pkgs.logstash5;
enable = true;
inputConfig = ''
http {
port => ${toString port}
host => "127.0.0.1"
}
'';
filterConfig = ''
'';
outputConfig = ''
stdout { codec => json }
exec { command => "${runit} '%{ruleName}' '%{state}'" }
'';
extraSettings = ''
path.plugins: [ "${pkgs.logstash-output-exec}" ]
'';
};
}

28
2configs/deployment/led-fader.nix
View file

@ -1,27 +1,25 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, buildPythonPackage, ... }:
with import <stockholm/lib>;
let let
mq = "192.168.8.11"; mq = "192.168.8.11";
pkg = pkgs.stdenv.mkDerivation { pkg = pkgs.python3Packages.buildPythonPackage {
name = "ampel-master"; name = "ampel-master";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ampel"; url = "http://cgit.euer.krebsco.de/ampel";
rev = "07a6791de368e16cc0864d2676fd255eba522cee"; rev = "531741b";
sha256 = "1jxjapvkfglvgapy7gjbr1nra3ay418nvz70bvypcmv7wc8d4h8q"; sha256 = "110yij53jz074zbswylbzcd8jy7z49r9fg6i3j1gk2y3vl91g81c";
}; };
buildInputs = [ propagatedBuildInputs = with pkgs.python3Packages; [
(pkgs.python35.withPackages (pythonPackages: with pythonPackages; [
docopt docopt
paho-mqtt paho-mqtt
])) requests
pytz
influxdb
httplib2
google_api_python_client
]; ];
installPhase = ''
install -m755 -D fade.py $out/bin/fade.py
install -m755 -D ampel.py $out/bin/ampel
install -m755 -D times.json $out/share/times.json
'';
}; };
in { in {
systemd.services.led-fader = { systemd.services.led-fader = {
@ -34,7 +32,9 @@ in {
serviceConfig = { serviceConfig = {
# User = "nobody"; # need a user with permissions to run nix-shell # User = "nobody"; # need a user with permissions to run nix-shell
ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2"; ExecStartPre = pkgs.writeDash "sleep.sh" "sleep 2";
ExecStart = "${pkg}/bin/ampel 4 ${pkg}/share/times.json"; ExecStart = "${pkg}/bin/ampel 4";
Restart = "always";
RestartSec = 10;
PrivateTmp = true; PrivateTmp = true;
}; };
}; };

38
2configs/share/wbob.nix Normal file
View file

@ -0,0 +1,38 @@
{config, ... }:{
networking.firewall.allowedUDPPorts = [ 137 138 ];
networking.firewall.allowedTCPPorts = [ 139 445 ];
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/home/share";
createHome = true;
};
services.samba = {
enable = true;
enableNmbd = true;
shares = {
incoming = {
path = "/data/incoming";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
data = {
path = "/data/";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
}

4
2configs/stats/telegraf/airsensor.nix
View file

@ -1,6 +1,10 @@
{ pkgs, ...}: { pkgs, ...}:
{ {
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{product}=="iAQ Stick", GROUP="input"
'';
users.users.telegraf.extraGroups = [ "input" ];
services.telegraf.extraConfig.inputs.exec = [ services.telegraf.extraConfig.inputs.exec = [
{ {
commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"]; commands = [ "${pkgs.airsensor-py}/bin/airsensor-py"];

8
5pkgs/airsensor-py/default.nix
View file

@ -2,16 +2,16 @@
with pkgs.python3Packages; with pkgs.python3Packages;
buildPythonApplication rec { buildPythonApplication rec {
name = "airsensor-py-${version}"; name = "airsensor-py-${version}";
version = "2017-04-24"; version = "2017-12-05";
propagatedBuildInputs = [ propagatedBuildInputs = [
pyusb pyusb
click click
]; ];
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "dfederschmidt"; owner = "makefu";
repo = "airsensor-py"; repo = "airsensor-py";
rev = "c476918"; rev = "7ac5f185dc848fca1b556e4c0396dd73f6a93995";
sha256 = "0dc88vqxsgx20asbwfdjmz6yl6bvv65k0krvmmss3gcwxdgh9p2q"; sha256 = "0387b025y8kb0zml7916p70hmzc3y18kqh46b9xv5qayljxymq2w";
}; };
} }