diff --git a/2configs/bam/cam.nix b/2configs/bam/cam.nix new file mode 100644 index 0000000..6ab376e --- /dev/null +++ b/2configs/bam/cam.nix @@ -0,0 +1,11 @@ +{ + # the pseyecam in the diorama + services.udev.extraRules = '' + KERNEL=="video*",ATTRS{vendor}=="0x1415", ATTRS{device}=="0x2000", GROUP="video", SYMLINK+="diorama_cam" + ''; + services.mjpg-streamer = { + enable = true; + inputPlugin = "input_uvc.so -d /dev/diorama_cam -r 640x480 -y -f 30 -q 50 -n"; + outputPlugin = "output_http.so -w @www@ -n -p 18088"; + }; +} \ No newline at end of file diff --git a/2configs/bam/ha-ara-menu.nix b/2configs/bam/ha-ara-menu.nix index 889575b..e26ebf5 100644 --- a/2configs/bam/ha-ara-menu.nix +++ b/2configs/bam/ha-ara-menu.nix @@ -7,6 +7,8 @@ in mode = "0440"; group = config.users.groups.ara-secrets.name; }; + users.groups.ara-secrets = {}; + systemd.services.ha-ara-menu = { description = "ha-ara-menu"; wantedBy = [ "multi-user.target" ]; diff --git a/2configs/bam/influx.nix b/2configs/bam/influx.nix new file mode 100644 index 0000000..8e97727 --- /dev/null +++ b/2configs/bam/influx.nix @@ -0,0 +1,32 @@ +let + collectd-port = 25826; + influx-port = 8086; + admin-port = 8083; + grafana-port = 3000; # TODO nginx forward + db = "collectd_db"; + logging-interface = "enp0s25"; +in { + networking.firewall.allowedTCPPorts = [ 3000 influx-port admin-port ]; + + services.grafana.enable = true; + services.grafana.settings.server.http_addr = "0.0.0.0"; + services.influxdb.enable = true; + systemd.services.influxdb.serviceConfig.LimitNOFILE = 8192; + + services.influxdb.extraConfig = { + meta.hostname = config.krebs.build.host.name; + # meta.logging-enabled = true; + http.bind-address = ":${toString influx-port}"; + admin.bind-address = ":${toString admin-port}"; + collectd = [{ + enabled = true; + typesdb = "${pkgs.collectd}/share/collectd/types.db"; + database = db; + bind-address = ":${toString collectd-port}"; + }]; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT + ''; +} \ No newline at end of file diff --git a/2configs/bam/inventory4ce.nix b/2configs/bam/inventory4ce.nix index ab09df5..aa60c82 100644 --- a/2configs/bam/inventory4ce.nix +++ b/2configs/bam/inventory4ce.nix @@ -5,11 +5,11 @@ in { users.groups.inventory-secrets = {}; - sops.secrets.inventory_cert = { + sops.secrets.wbob-inventory4ce_cert = { mode = "0440"; group = config.users.groups.inventory-secrets.name; }; - sops.secrets.inventory_key = { + sops.secrets.wbob-inventory4ce_key = { mode = "0440"; group = config.users.groups.inventory-secrets.name; }; @@ -17,8 +17,8 @@ in description = "inventory4ce"; wantedBy = [ "multi-user.target" ]; environment = { - INVENTORY_CERT = config.sops.secrets."inventory_cert".path; - INVENTORY_KEY = config.sops.secrets."inventory_key".path; + INVENTORY_CERT = config.sops.secrets."wbob-inventory4ce_cert".path; + INVENTORY_KEY = config.sops.secrets."wbob-inventory4ce_key".path; INVENTORY_PORT = "3001"; INVENTORY_HOST = "0"; }; diff --git a/sops/secrets/cake-retiolum.ed25519_key.priv/machines/cake b/sops/secrets/cake-retiolum.ed25519_key/machines/cake similarity index 100% rename from sops/secrets/cake-retiolum.ed25519_key.priv/machines/cake rename to sops/secrets/cake-retiolum.ed25519_key/machines/cake diff --git a/sops/secrets/cake-retiolum.ed25519_key.priv/secret b/sops/secrets/cake-retiolum.ed25519_key/secret similarity index 100% rename from sops/secrets/cake-retiolum.ed25519_key.priv/secret rename to sops/secrets/cake-retiolum.ed25519_key/secret diff --git a/sops/secrets/cake-retiolum.ed25519_key.priv/users/makefu b/sops/secrets/cake-retiolum.ed25519_key/users/makefu similarity index 100% rename from sops/secrets/cake-retiolum.ed25519_key.priv/users/makefu rename to sops/secrets/cake-retiolum.ed25519_key/users/makefu diff --git a/sops/secrets/cake-ssh_host_rsa.pub/secret b/sops/secrets/cake-ssh_host_rsa.pub/secret new file mode 100644 index 0000000..1df7699 --- /dev/null +++ b/sops/secrets/cake-ssh_host_rsa.pub/secret @@ -0,0 +1,20 @@ +{ + "data": "ENC[AES256_GCM,data:ydAuQ74xSHXLk12Vm8jbUvMWejFpRqLmiC9VwRUWe0o+EeHOrVerwWCNIpOW1oK7pDVaemiSIXv9IONAAtmaXXs4mXYm+rEqIre/pXFyCld5IXy95edMbqx8P3e1UOoymG/SL4two+BJaQRS6nh2f92dyTZYW721vJ/Jxt9UcHsSRGI/bqaB/lKmwhnsMkcKDr7zre0P/En/3u7iUXNNWdo7nVtMxb2KpV66e8RJHLpt4UeG6D7JncUGqE9IYPXH99piZSpncjDzaVoWD32EREuP4g5Ti09T+ahkUMLhsnEwDRjVX377Wv4MGS2vrevtt9r8+fgHBdTII40qE5koq91ph9v8Gayzs/bSv/u083lTdkhz5j47DchOncOTz/N65H2py2jDlLtnOT9O9lSsl5DtiV2WxKEvemRcc1gxlu/0p/QIxelrZuI9MKBny7LnWeXrLeqvcohIDJM1iAOMD0xhUv/ehPEbZ65XW31GqTgf05Tb753f/Ufe18kavsiTzrE1OaTs8IWCtglCuaOC0xq9ZhM9s35dxApcDxOLTlc7WYAe79TVGgGH/rd8BJEWfDqaLWtp3F+4SicVHm8f7B/ENqHM6Tdq4ndSnDu142zi3H62746XvSwNHsUPTyShai5zdj4EcL3mM9rr09juUUz2+rG8fTfOj1FO4HnBAMhJJBN31etguKsGzCqMOK1ERoFs8b4dyZAtsbaAsgXVA9srN8RnlB4ySOBxrJ3kgDrnFcmitNcPqWZ9o1Ou0lnD8JOydaNHXMHECp1GbJRgG+CEmo0vSKtM6U6QT+X65lvkM6yAlSM/ZBgp9WBM+UhWr4gI+4wWpRQ3sSvorXasOGM8+JPOpKlbyUR0FykH63WZhZ/ZlQ1Vsf/8PqCJK2VMIbeZIVO2MC6tzYkFpG3YdH1unuayIVLaAwHf+LfwKnGvDj1KFvJrMvJv9oxXr0Lyy4EZAMJSxYGNIFt+NglVng==,iv:rXos4YS2gqlPDOOEX6E7TVd10id1BjoNHNNPB8/cQN0=,tag:Cne6rdjCnaU8xxrQAY6oJw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1vh6qdlxzfsy8gquvzwsfz40ezkx9m5m9q8sj4225nh3mr9lrjvrqt079mp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTWd1SVhpR2hCQ2x3ZE1W\nMGZib3Uvc2NFa2pmYXo2ekMxL2RZWnRXMlRzCkFub0g0Ym52Y1JaYkFpdWhkVVlN\neXVpUFE1aUxiSG5ZaFczcXZ6MG4vaEUKLS0tIDc4V3hEK1I5V3RFRGJQZFVMcnR0\nc1ZyeHRnRENlUHpaeHRlSkxIUU1uVU0K5o0oRIu/h7Huof9OZVW0zlw83C5igWRq\nag8neU63XMdJIoWjhT2v4Wo+RuDwjQ8B22DGRht5iUzgQrbdJFdUKg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-11-09T22:45:41Z", + "mac": "ENC[AES256_GCM,data:61iQseLqXQ9ASbqt/dxjME3r1wUMeG0T6a4AqcV9sD3ZQyU0tgi5Y/EtNcou8eYLb1EbjqJDrbUaBgXkbcPvWQzRMVdg33nREGXi0uocQBjGqob1CbXx4npjlzBHJZIU/ZtCPBmMj0o20owsPZtTU2Zs7i3fXyIOP44hTVAIpFU=,iv:9mCFckxOlsnH6/HRKkSvxN5bCm8KNfTljDBrnhVDy4Y=,tag:5oLY5GxxmG09Txr+gS9x5g==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.0" + } +} \ No newline at end of file diff --git a/sops/secrets/cake-ssh_host_rsa.pub/users/makefu b/sops/secrets/cake-ssh_host_rsa.pub/users/makefu new file mode 120000 index 0000000..f0f9f2c --- /dev/null +++ b/sops/secrets/cake-ssh_host_rsa.pub/users/makefu @@ -0,0 +1 @@ +../../../users/makefu \ No newline at end of file diff --git a/sops/secrets/cake-ssh_host_rsa_key/machines/cake b/sops/secrets/cake-ssh_host_rsa_key/machines/cake new file mode 120000 index 0000000..273597d --- /dev/null +++ b/sops/secrets/cake-ssh_host_rsa_key/machines/cake @@ -0,0 +1 @@ +../../../machines/cake \ No newline at end of file diff --git a/sops/secrets/cake-ssh_host_rsa_key/secret b/sops/secrets/cake-ssh_host_rsa_key/secret new file mode 100644 index 0000000..9159115 --- /dev/null +++ b/sops/secrets/cake-ssh_host_rsa_key/secret @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:cBlkb9Lfuu2ar4I6QFPDkTRMpphgKo+GRPGRdt1V2aG818eGM49MMA2uAyYbOkltExPZp0GDra9h+ZCZBk+jvLj0AqFVpXJjpIRSL04jK1Gvp+Ns+tT/XPR1vx50Rxd6epkUtvIqp3OARMSY68PsMDM6tcEBsLzC8a52eD6w06CPVpZZtSCU11gNzMt266xIqRF5/YSefPfjsl8Zzff2n30MtHsInfLjKdmDI4qPKnTIZMtq3GdyIBw/NSE9H0O0Pr1KcpStgkN6hWlEaksL/244FK65aoj6uoGI5ZsBdpTbrEtQQlTi5GHY6pLscg8358Z6cZbj9H5SxNy9IWIc72e4LWO9IvScUHxZ13u99VSdVBzepNwu42PcEKqq8AeSkaw5QYPKQN2rPoxvoRb2RCmu2rB3geFY7WsWAQ486hIbJ/9BSIWI+hoCKDD3zGezasWGJ38swkaGep7K+bA5sfrM5I/26gJ2bH3RFlvk9YDHbg0W46HqX9ISJoa7ZCIgVbDjrws4seOVmdidablXVhUkcg8RWc33LmhM2XNpmLQDmxYVj9qw/75EccEf05vE+WydlOVh5e5W+Mfuntb613nxNj1C+XRdJK9d6uoeLoeXSjQRtOOFvJzHl/2divGNlI5VfgDnWKdfqg7PQtKAT+fDzGqMDUPThA2y33jRi+dKZMMTVJ4DlEmmgjSsj6oEyHvxn7gR3i9VqNdAYJngZn8QEB//lLfrVkPwKVrfdPddXo2imEv45G4P9btaN0WbtsGO9XxRNRryc9v8hTKujxhOVn1qRsvKbZhV6DQuqDTNCI8iAw1xyq7x4pMkU5STOYVyPlHubJbg4gVRWwoU+RpXtcy50ZRlnDGQgRKN2QJ03iHwYHrCgSmp9PVpS//ioRxjGsE2OjoDB3enZ7wzuyxvukzLfE5uhqf/Q8snmXto58bwzQnsfyROQL7PEtxfNKHphi50JFrsUs7NXGEzEvOPYpPvtM93ozuOSIUUNNfB3Pw5TQgh7gFVnGu8SDSM5PAkW1It1ZXia8Q/BayEatu4GVd7eW2eklg3F3eIPh5nByTgtcu81L7kVgSf3suYjjdHBIAIalYJO/82MI2Jlio5yotYPSyFuJYNG9UO/P7NZwMtPrGoPVniHJa3nw5hJoZREAwR6Iu3ozuVm1aqlacJvhCSXIZY8I4IK/SoF4ve7J27/ifUGlJ/jCEsJ4nYSk+JVHu0OT6GoNhNRLhTfZqyMw0a13kMKc6/gbnguEmNW4jeAj74GD0u+cAkxRDO+HYdeLsIXloXIgbUx7Eteb4t60N5i0cPuVu70sO6/n8TGofUwYESd6ZpJ5NfYpO8ns8lMUuncCD8zya8CPKxxE530oPqHA3WUdfxnMLubP0PL7iza4MJyvO+638KDnn1EMyUWgMrwdS56Yx0spVm7wGAerIgwa/Rs/xRKlTETDAa5+Cscj1BedMTLbvknt6nydiuidVNwFOJ8VlaUE2zQY7KCwmQpV83q5zqgA9C1iEBsw2nsJ2G6TdB+uJkKc1NGOaA+BQBJuqMUZtulKBv9nnA9H07UllCCkQG7Cgog98d4a4Z5mY/ubhtWsV9DwSM64xaumY5Ng8/mNPP2TfKZr9IOxPvSvjditp+nxzZ0ijo9zfPkafeHDcqw85gDEQYiEikgSxBp+LjlMHXFtTTxHN/F6Az8s8fql3h5G/wKqdwfqo2hha0jV/PcJ3NAmvV6W7vHZFttqaKukZR7WFjqg1swHv0UxzvDAhUA4rTHv/X/pAzep/xr37Zo+8AB2ZTGRlfcOxvhC2pisBj3+6Wn9IqRSULMsIiDxyAB8qo0TNC8txePG+S4BkKPJRL5NmdS8VVkh4R6zfsItu5cTkseJyRzGzrsDpkroS7WeZPHmOAEBNXPco0RfV92i3fHULYE/6d01nxHsmoEWzDVmdoQJJgCbV2RUSUbuDZiKnZk6qd8rH7j9FH41VRcWE4GlrVumLAVuD28TwrsqFEWz9nuO7V8JbwVkpZPKstHEVPo2399jXLnR+TW1r/UPuxhdD32HA9ehaKd5SOK+APiLUcH9fqjBhPzHJeWxOjmaySiWqocEWS3Zi+ICQVn06A6VonmUAVyoB8x+bRv8d28th7sB7+gN/gQW0QlJ45uTM4YVVcwy+T2cLll5ZV84nFTpGdaeuWPJ8/bKE9Gf4+CgDgO+gtIU0beViuwRxOwx/eZ7f41z+8vpvI2bVkoT11NKAIZJDbdcNTV4Udlo5aZHfgjXqEMCYe2ZQEufZBg8DNC9kLL/evjbxven4GK4K5U3SMii/6Wshtma/r7SgxRBqf7onBUFgx9h0PDhN3N7WlA+riN4GfiPbUKRcli3UdN7+eGZQHjAamw5XfJP5dYMki6J5DWw26d5LvEkKodXflxOLz4gOrTUaAuqhlIBnQDUwCsBIv+gmPb4JXRSaSVy6ia0L4t/PjF+l8EfJjDkHzMtHHHJdtRLIACYFIJnYMY/hGrGa+hUbVGckKx9owFwQWtnocvrsIsNhDtpe+Yjd/v9Pv9uDSSXp0HsSFflRX1fHSgydYK5pO0CQjG8M8jvz/RpvFm09JdBvlCpYLPw2TGmp7ioXXBR4UM8VAm/fFpb3rCx6vPDqeIYEalazy2wY8j2qKJ4ZU5xiwsD/Joe9bNArx4+X1Q9/N+KdDxWgawDwaNch0wPe1U9RbdP8ClLzf8KcyhPy6ox1gYJ8NJ759i45YoSkcAdcl0mOMq5TSwYTZ8XzWAJlzlxau6C5PhaqvG3Ppdl0yYrMDPkqI6ke0cDWueclhz6ZcQLZQP41t8IMfeMRk0jO2p3bJnPBI4zC2MTtkQDtZI0jTzi3+2I8MlIiH+0BAHoHxlpfJBKfcdMFEw44sh74SJP7AYiBOdBGAcVTrd7mpGhfC9zKnu5KViVRZOVCp1wi9j5e0+eT8Z5LBqtzobtLgHOE9ZpCtVXQdQxNl3POXp+59D7QEnzScF0ESwK0A0VdoEMwNIXjHtuBOHWuXu5ScE9Gx18GnQvF7ZfyEqn3GZiTDBboC6R2smaZbyhI8vCddZL0sicg3FYD+PsGxIlJqDByB8dzoZWlcpE+tUpLh7s0HTMekkK+o3tr8GH1PKDyrFkQsc6DjqH7ms0GpldnvnGl7aHE6p4aHIu9tt1UgjD5yUhPH6y9ETzRLOXrJIi9xxWdkyb2+bJOOtJk8/e0oarZM7vSh5Uq1zQGrVir8MZlAccLH8MaXYVSsm2CGG/Cmhqy3kRARjAnjG/83Jct9+q6LBZ+boRbdvDW658TY1rFAdRnDOo4a+asKQZDei/1z0KKMmF41qaqSHyJ1Gs6JXujmdtrOjo/Lx+ECC08Hxj18UFqat8V9/qUMwohRVYd4MUvsT1zJaA+Uj1ddbAbPjSfDxQRw/hB27o6mNRwuhQFr7B38BAzxjBTdxDQeh7ZphBpNF9DkYKnAWzIXCK+JoOBuOjgB51k0P3lE44RWQ6os1fjnmcN6cc8oMNvBGRObFLcxP3F05T9gMmZ3isLRaa04+ub7YfmiCEdVHAZTftpIkAvhxYvS35ttgNwO/BJqMEXM8JRXN3sN73UmKDBP/xwAuXQsAPIR7xki5vSAb6AV7ohD4AR8iJxVq5e3N3GU9ghOCNyMvWGJx7DcqTuFsLSN66FhjSumezvioOXkJL2XuYmZI918yKfVK0UHu1Zg+PnKw2WxjjS6Xl0QK1q/P5unyoDlCoCk5fxyjR/pqwTU/ENzNUd2KwFKkPBU3qQe4yPJudH+3jHONVCNw4YGy9vjlj4o35A3jXpS6Ogui6Y1M3ecRwuJYNCqt0zkFGcgD90Yzyw3Q27nFAAi7UAlyW2LbsSZMZfvwG04j/rHzJfGHdG4UstlcjoSgfMQ5JYe1JR8Zwj85XAOD6S7EuQSmRiRuclCPeWqjLdGpF6hQXxcKFqLKLx/ENCsSf3dWVPfhcohSSDS+mh7ApUJ1jMg2HgWIH28TRxOam4U8Ht7TjSJdevSXpGwKMh2KM5uHsPeH+mLiMK63XQN1oKtxgC5lXbQ7vyhGAK1dhtJBAxtucT1A17vI1WaSxiWBUsL65W432y23lr8bOt5R6qKjukX3RJy6ilBXQh4HTfNx5ITApq801GRtMWbVnsvjRP0Ujpnjpz7uouyFYR5bRGDMFFG6DBKFZv6uPx21GY59p2NvlQqMboUcdEfQiC6oI3oFra1ugFjquiukgyKJ9GNMYNWOETTMObJzmyFVWVHF0lRopnJX7LF1zCfWiqw7SzUPOo8IQ/tkw09gaUF/VBHD9xM2B0y/UZcjHCwTwvCF91F786l0KyUsbxCKJ5Vr/JQSsFXul3g/mJFyq3NKVAe5DQzMqCFJdEgc6epld4EnXje5Dmd5D16rewL0OM9K6aQ4QpanZzhNWZJRFKd95+8yWwQLeJvIuEk2UV1MydEwzcE3buA2TXXOfr87gOqdCXf2zZqt+GL6rtzyySviSQC4jRQq22x,iv:Y53MRnFxhX38fbxiIVRoWYx+Pbgj0n8qiY8p/OTKp04=,tag:fsRKrt6l7F5iQRQ2AOrq0w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNGx3UGhaZ3lUalVGWm4w\nQUlVNFl2ZmpjSDcrWUNMRFhhTjZGdWx3R0VZCkxJdG5GV2RZYm9GWitmbGcwczd3\nWUdscmFyRW5XN09JNjltOGM5bzJjNkEKLS0tIHIxT0lSZ204b2cwK05JeVQxaVRU\ndHdvejZtQmVETTc0RVg1M0RQQWEwT2MKI+YSP0pgfiEoLzUeH2J9302eKvh95Xcp\nQrz58XX2f0KaqB2b4HK3X2M3nr6aqEE6L++NdHPpT0LvyupaCVPc6Q==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1vh6qdlxzfsy8gquvzwsfz40ezkx9m5m9q8sj4225nh3mr9lrjvrqt079mp", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUHVXazdiOXBjL3FYem93\nSHAvQUIzS3RVZkMrTThBZUtYeDdZaXJnM3pNCkVwT2ZKUVROa0VrVmRsR2w4LzJX\nTCtZYkVmdkUwTHZxcWtzTjkzRTltN2MKLS0tIHE4Y3ljaW1HeDJJd095NTNHb2o5\nR05pc2F1MXBIbWI2b3dXUzR6YTRxVWcKYhuAx5dxgqEILVp+3Y3yKN2ZyOWTKu0U\nrUd+LaP9ax7DWZ1Z3SHHBXzlyT85cnCKjiWWIbHoaVoXju7szgRVcw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-11-09T22:45:46Z", + "mac": "ENC[AES256_GCM,data:vv5r+46ZByrSAkVgW4cSA7oetoggtJcNIy77Sczxsxph1ZO/0pAdMt+yLf7PZd8AqhuUIqxHa0hfM3EOZlWHP3wZnsc1YbhcLoEIMnlSoBIXne19rI8tsZyyULYKNKH1ypEBsoUBXR5L9xXfi857udov07h8MeHzmekd0ckMrFg=,iv:JVUH1PW1CbTDRxHsItWUjMxcp+9tPnW1CraDF/NY+IM=,tag:uw6ogC1xe0vdA1vgngbbXg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.0" + } +} \ No newline at end of file diff --git a/sops/secrets/cake-ssh_host_rsa_key/users/makefu b/sops/secrets/cake-ssh_host_rsa_key/users/makefu new file mode 120000 index 0000000..f0f9f2c --- /dev/null +++ b/sops/secrets/cake-ssh_host_rsa_key/users/makefu @@ -0,0 +1 @@ +../../../users/makefu \ No newline at end of file