diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6d2f15063..fb273c932 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,20 +1,57 @@
before_script:
- - mkdir -p ~/.ssh
- - echo "$deploy_privkey" > deploy.key
- - export GIT_SSH_COMMAND="ssh -i $PWD/deploy.key"
- - chmod 600 deploy.key
- - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
-nix-shell test:
+ - nix-env -iA nixpkgs.openssh nixpkgs.gnupg nixpkgs.curl nixpkgs.git nixpkgs.pass || true
+ # prepare github deployment for NUR
+ - mkdir -p ~/.ssh
+ - echo "$github_deploy_privkey" > ~/.ssh/github_deploy.key
+ - chmod 600 ~/.ssh/github_deploy.key
+ - ssh-keyscan -H 'github.com' >> ~/.ssh/known_hosts
+ # prepare git fetching of secrets
+ - echo "$gitlab_deploy_privkey" > ~/.ssh/gitlab_deploy.key
+ - chmod 600 ~/.ssh/gitlab_deploy.key
+ - ssh-keyscan -H 'ssh.git.shackspace.de' >> ~/.ssh/known_hosts
+ # import secret key for secrets
+ - echo "$secrets_gpg_key" | gpg --import
+wolf deployment test:
+ stage: test
+ script:
+ - GIT_SSH_COMMAND="ssh -i ~/.ssh/gitlab_deploy.key" git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - test $(PASSWORD_STORE_DIR=~/brain pass smoke) == 1337
+ - git submodule update --init
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target /tmp -A test)
+nix-shell test:
+ stage: test
script:
- - env
- nix-shell --pure --command 'true' -p stdenv && echo success
- nix-shell --pure --command 'false' -p stdenv || echo success
+ - git --version
+ - ssh -V
+ - gpg --version
+ - curl --version
+wolf deployment:
+ stage: deploy
+ script:
+ - cp ~/.ssh/gitlab_deploy.key ~/.ssh/id_rsa
+ - git clone git@ssh.git.shackspace.de:rz/secrets.git ~/brain
+ - git submodule update --init
+ - ssh-keyscan -H 'wolf.shack' >> ~/.ssh/known_hosts
+ # TODO, hostname wolf cannot be resolved
+ - $(nix-build krebs/krops.nix --no-out-link --argstr name wolf --argstr target wolf.shack -A deploy)
+ only:
+ changes:
+ - .gitlab-ci.yml
+ - krebs/**/*
+ - lib/**/*
+ - .gitmodules
nur-packages makefu:
+ stage: deploy
script:
- git reset --hard origin/master
- git filter-branch -f --prune-empty --subdirectory-filter makefu/5pkgs HEAD
- git remote add deploy git@github.com:makefu/nur-packages.git || git remote set-url deploy git@github.com:makefu/nur-packages.git
- - git push --force deploy HEAD:master
+ - GIT_SSH_COMMAND="ssh -i ~/.ssh/github_deploy.key" git push --force deploy HEAD:master
- curl -XPOST http://nur-update.herokuapp.com/update?repo=makefu
+ only:
+ changes:
+ - makefu/**/*
after_script:
- - rm -f deploy.key
+ - rm -rf .ssh/
diff --git a/krebs/0tests/data/secrets/shack/muell_mail.js b/krebs/0tests/data/secrets/shack/muell_mail.js
new file mode 100644
index 000000000..e69de29bb
diff --git a/krebs/0tests/data/secrets/shack/s3-power.json b/krebs/0tests/data/secrets/shack/s3-power.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/krebs/0tests/data/secrets/shack/s3-power.json
@@ -0,0 +1 @@
+{}
diff --git a/krebs/0tests/data/secrets/shack/unifi-prometheus-pw b/krebs/0tests/data/secrets/shack/unifi-prometheus-pw
new file mode 100644
index 000000000..e69de29bb
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index af11c6944..ea73e4bd2 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -7,13 +7,14 @@
<stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix>
- <stockholm/krebs/2configs/stats/puyak-client.nix>
<stockholm/krebs/2configs/binary-cache/nixos.nix>
<stockholm/krebs/2configs/binary-cache/prism.nix>
<stockholm/krebs/2configs/go.nix>
<stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/news.nix>
<stockholm/krebs/2configs/news-spam.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
+ <stockholm/krebs/2configs/shack/gitlab-runner.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
@@ -59,9 +60,9 @@
};
};
- services.logind.extraConfig = ''
- HandleLidSwitch=ignore
- '';
+ services.logind.lidSwitch = "ignore";
+ services.logind.lidSwitchExternalPower = "ignore";
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="8c:70:5a:b2:84:58", NAME="wl0"
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 7ca0f0ec1..3cb358ca3 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -23,6 +23,16 @@ in
# <stockholm/krebs/2configs/shack/nix-cacher.nix>
# Say if muell will be collected
<stockholm/krebs/2configs/shack/muell_caller.nix>
+ # provide muellshack api
+ <stockholm/krebs/2configs/shack/muellshack.nix>
+ # provide light control api
+ <stockholm/krebs/2configs/shack/node-light.nix>
+ # send mail if muell was not handled
+ <stockholm/krebs/2configs/shack/muell_mail.nix>
+ # send mail if muell was not handled
+ <stockholm/krebs/2configs/shack/s3-power.nix>
+ # powerraw usb serial to mqtt and raw socket
+ <stockholm/krebs/2configs/shack/powerraw.nix>
# create samba share for anonymous usage with the laser and 3d printer pc
<stockholm/krebs/2configs/shack/share.nix>
@@ -38,13 +48,20 @@ in
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
+ ## mqtt.shack
+ <stockholm/krebs/2configs/shack/mqtt.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/wolf-client.nix>
- ## write collectd statistics to wolf.shack
- <stockholm/krebs/2configs/collectd-base.nix>
+
{ services.influxdb.enable = true; }
<stockholm/krebs/2configs/shack/netbox.nix>
+ <stockholm/krebs/2configs/shack/prometheus/server.nix>
+ <stockholm/krebs/2configs/shack/prometheus/node.nix>
+ <stockholm/krebs/2configs/shack/prometheus/unifi.nix>
+ <stockholm/krebs/2configs/collectd-base.nix> # home-assistant
+ { services.influxdb.enable = true; }
+
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
@@ -76,10 +93,12 @@ in
networking = {
firewall.enable = false;
firewall.allowedTCPPorts = [ 8088 8086 8083 ];
- interfaces."${ext-if}".ipv4.addresses = [{
- address = shack-ip;
- prefixLength = 20;
- }];
+ interfaces."${ext-if}".ipv4.addresses = [
+ {
+ address = shack-ip;
+ prefixLength = 20;
+ }
+ ];
defaultGateway = "10.42.0.1";
nameservers = [ "10.42.0.100" "10.42.0.200" ];
@@ -125,6 +144,7 @@ in
config.krebs.users.raute.pubkey
config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
];
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
diff --git a/krebs/2configs/collectd-base.nix b/krebs/2configs/collectd-base.nix
index 440f83fce..71a00be3a 100644
--- a/krebs/2configs/collectd-base.nix
+++ b/krebs/2configs/collectd-base.nix
@@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "heidi.shack:22" "10.42.0.1:22" "heise.de" "t-online.de"
+ target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de"
interval 10
</Module>
</Plugin>
@@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "heidi.shack"
+ Host "wolf.r"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index fafcd72c3..8771c0e1d 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -34,6 +34,13 @@ with import <stockholm/lib>;
rxvt_unicode.terminfo
];
+ i18n = {
+ consoleKeyMap = "us";
+ defaultLocale = lib.mkForce "C";
+ };
+
+
+
programs.ssh.startAgent = false;
services.openssh = {
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
index 0fd06426a..5f2ca02d9 100644
--- a/krebs/2configs/shack/gitlab-runner.nix
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -6,16 +6,17 @@ let
};
in
{
- systemd.services.gitlab-runner.path = [
- "/run/wrappers" # /run/wrappers/bin/su
- "/" # /bin/sh
- ];
imports = [
"${runner-src}/gitlab-runner.nix"
];
- services.gitlab-runner2.enable = true;
- ## registrationConfigurationFile contains:
- # CI_SERVER_URL=<CI server URL>
- # REGISTRATION_TOKEN=<registration secret>
- services.gitlab-runner2.registrationConfigFile = <secrets/shackspace-gitlab-ci>;
+ services.gitlab-runner2 = {
+ enable = true;
+ ## registrationConfigurationFile contains:
+ # CI_SERVER_URL=<CI server URL>
+ # REGISTRATION_TOKEN=<registration secret>
+ registrationConfigFile = <secrets/shackspace-gitlab-ci>;
+ #gracefulTermination = true;
+ };
+ systemd.services.gitlab-runner2.restartIfChanged = false;
+ systemd.services.docker.restartIfChanged = false;
}
diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix
new file mode 100644
index 000000000..8e5438db2
--- /dev/null
+++ b/krebs/2configs/shack/mqtt.nix
@@ -0,0 +1,14 @@
+{
+ networking.firewall.allowedTCPPorts = [ 1883 ];
+ networking.firewall.allowedUDPPorts = [ 1883 ];
+ services.mosquitto = {
+ enable = true;
+ host = "0.0.0.0";
+ users = {};
+ # TODO: secure that shit
+ aclExtraConf = ''
+ pattern readwrite #
+ '';
+ allowAnonymous = true;
+ };
+}
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
new file mode 100644
index 000000000..39d49918d
--- /dev/null
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+ pkg = pkgs.callPackage (
+ pkgs.fetchgit {
+ url = "https://git.shackspace.de/rz/muell_mail";
+ rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f";
+ sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2";
+ }) {};
+ home = "/var/lib/muell_mail";
+ cfg = toString <secrets/shack/muell_mail.js>;
+in {
+ users.users.muell_mail = {
+ inherit home;
+ createHome = true;
+ };
+ systemd.services.muell_mail = {
+ description = "muell_mail";
+ wantedBy = [ "multi-user.target" ];
+ environment.CONFIG = "${home}/muell_mail.js";
+ serviceConfig = {
+ User = "muell_mail";
+ ExecStartPre = pkgs.writeDash "muell_mail-pre" ''
+ install -D -omuell_mail -m700 ${cfg} ${home}/muell_mail.js
+ '';
+ WorkingDirectory = home;
+ PermissionsStartOnly = true;
+ ExecStart = "${pkg}/bin/muell_mail";
+ Restart = "always";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/krebs/2configs/shack/muellshack.nix b/krebs/2configs/shack/muellshack.nix
new file mode 100644
index 000000000..1e6843bdf
--- /dev/null
+++ b/krebs/2configs/shack/muellshack.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+let
+ pkg = pkgs.callPackage (
+ pkgs.fetchgit {
+ url = "https://git.shackspace.de/rz/muellshack";
+ rev = "d8a5e2d4c0a22804838675ac42b468299dcd9a76";
+ sha256 = "0ff6q64dgdxmpszp94z100fdic175b1vvxn4crg8p0jcabzxsv0m";
+ }) {};
+ home = "/var/lib/muellshack";
+ port = "8081";
+in {
+ users.users.muellshack = {
+ inherit home;
+ createHome = true;
+ };
+ services.nginx.virtualHosts."muell.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${port}/muellshack/";
+ };
+ };
+ services.nginx.virtualHosts."openhab.shack" = {
+ locations."/muellshack/".proxyPass = "http://localhost:${port}/muellshack/";
+ };
+ systemd.services.muellshack = {
+ description = "muellshack";
+ wantedBy = [ "multi-user.target" ];
+ environment.PORT = port;
+ serviceConfig = {
+ User = "muellshack";
+ # do not override the current storage fil
+ ExecStartPre = pkgs.writeDash "call-muell-pre" ''
+ cp -vf ${pkg}/share/static_muelldata.json ${home}
+ cp -vn ${pkg}/share/storage.json ${home}
+ chmod 700 ${home}/storage.json
+ '';
+ WorkingDirectory = home;
+ ExecStart = "${pkg}/bin/muellshack";
+ Restart = "always";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/krebs/2configs/shack/node-light.nix b/krebs/2configs/shack/node-light.nix
new file mode 100644
index 000000000..63772f182
--- /dev/null
+++ b/krebs/2configs/shack/node-light.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+let
+ pkg = pkgs.callPackage (
+ pkgs.fetchgit {
+ url = "https://git.shackspace.de/rz/node-light.git";
+ rev = "a32c782650c4cc0adf51250fe249167d7246c59b";
+ sha256 = "0clvcp1m2ay0a9ibh7s21q7d9a6nam3497bysvc6mdygblks22qy";
+ }) {};
+ home = "/var/lib/node-light";
+ port = "8082";
+in {
+ # receive response from light.shack / standby.shack
+ networking.firewall.allowedUDPPorts = [ 2342 ];
+ users.users.node-light = {
+ inherit home;
+ createHome = true;
+ };
+ services.nginx.virtualHosts."lounge.light.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${port}/lounge/";
+ };
+ };
+ services.nginx.virtualHosts."power.light.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${port}/power/";
+ };
+ };
+
+ services.nginx.virtualHosts."openhab.shack" = {
+ serverAliases = [ "lightapi.shack" ];
+ locations."/power/".proxyPass = "http://localhost:${port}/power/";
+ locations."/lounge/".proxyPass = "http://localhost:${port}/lounge/";
+ };
+ systemd.services.node-light= {
+ description = "node-light";
+ wantedBy = [ "multi-user.target" ];
+ environment.PORT = port;
+ serviceConfig = {
+ User = "node-light";
+ # do not override the current storage file
+ ExecStartPre = pkgs.writeDash "call-light-pre" ''
+ cp -vn ${pkg}/share/storage.json ${home}
+ chmod 700 ${home}/storage.json
+
+ '';
+ WorkingDirectory = home;
+ ExecStart = "${pkg}/bin/node-light";
+ Restart = "always";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/krebs/2configs/shack/powerraw.nix b/krebs/2configs/shack/powerraw.nix
new file mode 100644
index 000000000..af3f129c1
--- /dev/null
+++ b/krebs/2configs/shack/powerraw.nix
@@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+# Replacement for powerraw.shack pollin box
+# Requires usb-serial device on host
+# Requires mqtt available at mqtt.shack
+# Requires hostname powerraw.shack
+let
+ influx-url = "http://influx.shack:8086";
+ pkg = pkgs.python3.pkgs.callPackage (
+ pkgs.fetchgit {
+ url = "https://git.shackspace.de/rz/powermeter.git";
+ rev = "96609f0d632e0732afa768ddd7b3f8841ca37c1b";
+ sha256 = "sha256:0wfpm3ik5r081qv2crmpjwylgg2v8ximq347qh0fzq1rwv0dqbnn";
+ }) {};
+in {
+ # receive response from light.shack / standby.shack
+ networking.firewall.allowedUDPPorts = [ 11111 ];
+ users.users.powermeter.extraGroups = [ "dialout" ];
+
+ systemd.services.powermeter-serial2mqtt = {
+ description = "powerraw Serial -> mqtt";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "powermeter";
+ ExecStart = "${pkg}/bin/powermeter-serial2mqtt";
+ Restart = "always";
+ PrivateTmp = true;
+ };
+ };
+
+ systemd.services.powermeter-mqtt2socket = {
+ description = "powerraw mqtt -> raw socket 11111";
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = "powermeter";
+ ExecStart = "${pkg}/bin/powermeter-mqtt2socket";
+ Restart = "always";
+ PrivateTmp = true;
+ };
+ };
+
+ services.telegraf = {
+ enable = true;
+ extraConfig = {
+ agent.debug = false;
+ outputs = {
+ influxdb = [{
+ urls = [ influx-url ];
+ database = "telegraf";
+ }];
+ };
+ };
+ };
+
+ services.telegraf.extraConfig.inputs.mqtt_consumer = let
+ genTopic = name: topic: tags: {
+ servers = [ "tcp://mqtt.shack:1883" ];
+ qos = 0;
+ connection_timeout = "30s";
+ topics = [ topic ];
+ inherit tags;
+ persistent_session = false;
+ name_override = name;
+ data_format = "value";
+ data_type = "float";
+ };
+ sensor = "total";
+ types = [ "Voltage" "Current" "Power" ];
+ phases = [ 1 2 3 ];
+ in
+ [ (genTopic "Power consumed" "/power/${sensor}/consumed" { inherit sensor; }) ] ++
+ (lib.flatten (map (type: (map (phase: (genTopic "Power" "/power/${sensor}/L${toString phase}/${type}" { inherit sensor phase type; }) ) phases)) types));
+}
diff --git a/krebs/2configs/shack/prometheus/node.nix b/krebs/2configs/shack/prometheus/node.nix
new file mode 100644
index 000000000..5462464d5
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/node.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+{
+ networking.firewall.allowedTCPPorts = [ 9100 ];
+
+ services.prometheus.exporters.node = {
+ enable = true;
+ enabledCollectors = [
+ "conntrack"
+ "diskstats"
+ "entropy"
+ "filefd"
+ "filesystem"
+ "loadavg"
+ "mdadm"
+ "meminfo"
+ "netdev"
+ "netstat"
+ "stat"
+ "time"
+ "vmstat"
+ "systemd"
+ "logind"
+ "interrupts"
+ "ksmd"
+ ];
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
new file mode 100644
index 000000000..c936f2531
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -0,0 +1,195 @@
+{ pkgs, lib, config, ... }:
+# from https://gist.github.com/globin/02496fd10a96a36f092a8e7ea0e6c7dd
+{
+ networking = {
+ firewall.allowedTCPPorts = [
+ 3000 # grafana
+ 9090 # prometheus
+ 9093 # alertmanager
+ ];
+ useDHCP = true;
+ };
+
+ services = {
+ prometheus = {
+ enable = true;
+ extraFlags = [
+ "-storage.local.retention 8760h"
+ "-storage.local.series-file-shrink-ratio 0.3"
+ "-storage.local.memory-chunks 2097152"
+ "-storage.local.max-chunks-to-persist 1048576"
+ "-storage.local.index-cache-size.fingerprint-to-metric 2097152"
+ "-storage.local.index-cache-size.fingerprint-to-timerange 1048576"
+ "-storage.local.index-cache-size.label-name-to-label-values 2097152"
+ "-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
+ ];
+ alertmanagerURL = [ "http://localhost:9093" ];
+ rules = [
+ ''
+ ALERT node_down
+ IF up == 0
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Node is down.",
+ description = "{{$labels.alias}} has been down for more than 5 minutes."
+ }
+ ALERT node_systemd_service_failed
+ IF node_systemd_unit_state{state="failed"} == 1
+ FOR 4m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start.",
+ description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."
+ }
+ ALERT node_filesystem_full_90percent
+ IF sort(node_filesystem_free{device!="ramfs"} < node_filesystem_size{device!="ramfs"} * 0.1) / 1024^3
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Filesystem is running out of space soon.",
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."
+ }
+ ALERT node_filesystem_full_in_4h
+ IF predict_linear(node_filesystem_free{device!="ramfs"}[1h], 4*3600) <= 0
+ FOR 5m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours.",
+ description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"
+ }
+ ALERT node_filedescriptors_full_in_3h
+ IF predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum
+ FOR 20m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours.",
+ description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"
+ }
+ ALERT node_load1_90percent
+ IF node_load1 / on(alias) count(node_cpu{mode="system"}) by (alias) >= 0.9
+ FOR 1h
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: Running on high load.",
+ description = "{{$labels.alias}} is running with > 90% total load for at least 1h."
+ }
+ ALERT node_cpu_util_90percent
+ IF 100 - (avg by (alias) (irate(node_cpu{mode="idle"}[5m])) * 100) >= 90
+ FOR 1h
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary = "{{$labels.alias}}: High CPU utilization.",
+ description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."
+ }
+ ALERT node_ram_using_90percent
+ IF node_memory_MemFree + node_memory_Buffers + node_memory_Cached < node_memory_MemTotal * 0.1
+ FOR 30m
+ LABELS {
+ severity="page"
+ }
+ ANNOTATIONS {
+ summary="{{$labels.alias}}: Using lots of RAM.",
+ description="{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now.",
+ }
+ ''
+ ];
+ scrapeConfigs = [
+ {
+ job_name = "node";
+ scrape_interval = "10s";
+ static_configs = [
+ {
+ targets = [
+ "localhost:9100"
+ ];
+ labels = {
+ alias = "wolf.shack";
+ };
+ }
+ {
+ targets = [
+ "localhost:9130"
+ ];
+ labels = {
+ alias = "unifi.shack";
+ };
+ }
+ {
+ targets = [
+ "10.42.22.184:9100" # puyak.shack
+ ];
+ labels = {
+ alias = "puyak.shack";
+ };
+ }
+ {
+ targets = [
+ "phenylbutazon.shack:9100"
+ ];
+ labels = {
+ alias = "phenylbutazon.shack";
+ };
+ }
+ {
+ targets = [
+ "ibuprofen.shack:9100"
+ ];
+ labels = {
+ alias = "ibuprofen.shack";
+ };
+ }
+ ];
+ }
+ ];
+ alertmanager = {
+ enable = true;
+ listenAddress = "0.0.0.0";
+ configuration = {
+ "global" = {
+ "smtp_smarthost" = "smtp.example.com:587";
+ "smtp_from" = "alertmanager@example.com";
+ };
+ "route" = {
+ "group_by" = [ "alertname" "alias" ];
+ "group_wait" = "30s";
+ "group_interval" = "2m";
+ "repeat_interval" = "4h";
+ "receiver" = "team-admins";
+ };
+ "receivers" = [
+ {
+ "name" = "team-admins";
+ "email_configs" = [
+ {
+ "to" = "devnull@example.com";
+ "send_resolved" = true;
+ }
+ ];
+ "webhook_configs" = [
+ {
+ "url" = "https://example.com/prometheus-alerts";
+ "send_resolved" = true;
+ }
+ ];
+ }
+ ];
+ };
+ };
+ };
+ };
+}
diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix
new file mode 100644
index 000000000..401ecb024
--- /dev/null
+++ b/krebs/2configs/shack/prometheus/unifi.nix
@@ -0,0 +1,10 @@
+{lib, ... }:
+{
+ services.prometheus.exporters.unifi = {
+ enable = true;
+ unifiAddress = "https://unifi.shack:8443/";
+ unifiInsecure = true;
+ unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
+ unifiPassword = lib.replaceChars ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
+ };
+}
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
new file mode 100644
index 000000000..40c42260f
--- /dev/null
+++ b/krebs/2configs/shack/s3-power.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+let
+ pkg = pkgs.callPackage (
+ pkgs.fetchgit {
+ url = "https://git.shackspace.de/rz/s3-power";
+ rev = "b2b87b56bb40d714dbbecd1285566870b256aec4";
+ sha256 = "sha256:02wikwf3rgkkggwbwqisdvhlwd38w5pw011xhwvhnj114s3rynan";
+ }) {};
+ home = "/var/lib/s3-power";
+ cfg = toString <secrets/shack/s3-power.json>;
+in {
+ users.users.s3_power = {
+ inherit home;
+ createHome = true;
+ };
+ systemd.services.s3-power = {
+ startAt = "daily";
+ description = "s3-power";
+ environment.CONFIG = "${home}/s3-power.json";
+ serviceConfig = {
+ Type = "oneshot";
+ User = "s3_power";
+ ExecStartPre = pkgs.writeDash "s3-power-pre" ''
+ install -D -os3_power -m700 ${cfg} ${home}/s3-power.json
+ '';
+ WorkingDirectory = home;
+ PermissionsStartOnly = true;
+ ExecStart = "${pkg}/bin/s3-power";
+ PrivateTmp = true;
+ };
+ };
+}
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 601762b93..9581712fb 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -236,6 +236,7 @@ in {
"tracker.makefu.r"
"wiki.gum.r"
"wiki.makefu.r"
+ "sick.makefu.r"
];
};
};
@@ -288,12 +289,18 @@ in {
ip4.addr = "10.243.189.130";
};
};
- };
- rockit = rec { # router@home
+ };
+
+ shackdev = rec { # router@shack
cores = 1;
nets.wiregrill.ip4.addr = "10.244.245.2";
};
+ rockit = rec { # router@home
+ cores = 1;
+ nets.wiregrill.ip4.addr = "10.244.245.3";
+ };
+
senderechner = rec {
cores = 2;
nets = {
diff --git a/krebs/3modules/makefu/wiregrill/rockit.pub b/krebs/3modules/makefu/wiregrill/rockit.pub
index 6cb0d960d..ace109450 100644
--- a/krebs/3modules/makefu/wiregrill/rockit.pub
+++ b/krebs/3modules/makefu/wiregrill/rockit.pub
@@ -1 +1 @@
-YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
+LPMs1h9+8ABqeZsS6xmHC7votPqpUT609XuktAhaik8=
diff --git a/krebs/3modules/makefu/wiregrill/shackdev.pub b/krebs/3modules/makefu/wiregrill/shackdev.pub
new file mode 100644
index 000000000..6cb0d960d
--- /dev/null
+++ b/krebs/3modules/makefu/wiregrill/shackdev.pub
@@ -0,0 +1 @@
+YmvTL4c13WS6f88ZAz2m/2deL2pnPXI0Ay3edCPE1Qc=
diff --git a/krebs/krops.nix b/krebs/krops.nix
index 8d38ed5b0..1f439f622 100644
--- a/krebs/krops.nix
+++ b/krebs/krops.nix
@@ -1,4 +1,4 @@
-{ name }: rec {
+{ name, target ? name }: rec {
krops = ../submodules/krops;
@@ -63,7 +63,7 @@
# usage: $(nix-build --no-out-link --argstr name HOSTNAME -A deploy)
deploy = pkgs.krops.writeDeploy "${name}-deploy" {
source = source { test = false; };
- target = "root@${name}/var/src";
+ target = "root@${target}/var/src";
};
# usage: $(nix-build --no-out-link --argstr name HOSTNAME --argstr target PATH -A test)
diff --git a/makefu/0tests/data/secrets/hass/citadel-bot.json b/makefu/0tests/data/secrets/hass/citadel-bot.json
new file mode 100644
index 000000000..0967ef424
--- /dev/null
+++ b/makefu/0tests/data/secrets/hass/citadel-bot.json
@@ -0,0 +1 @@
+{}
diff --git a/makefu/0tests/data/secrets/hass/voicerss.apikey b/makefu/0tests/data/secrets/hass/voicerss.apikey
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/1systems/cake/config.nix b/makefu/1systems/cake/config.nix
index 8617578f0..eaaac8f41 100644
--- a/makefu/1systems/cake/config.nix
+++ b/makefu/1systems/cake/config.nix
@@ -5,14 +5,14 @@ in {
imports = [
<stockholm/makefu>
./hardware-config.nix
+ { environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
# <stockholm/makefu/2configs/tools/core.nix>
- { environment.systemPackages = with pkgs;[ rsync screen curl git ];}
<stockholm/makefu/2configs/binary-cache/nixos.nix>
#<stockholm/makefu/2configs/support-nixos.nix>
<stockholm/makefu/2configs/homeautomation/default.nix>
<stockholm/makefu/2configs/homeautomation/google-muell.nix>
-# configure your hw:
-# <stockholm/makefu/2configs/save-diskspace.nix>
+ # configure your hw:
+ # <stockholm/makefu/2configs/save-diskspace.nix>
];
krebs = {
enable = true;
@@ -24,5 +24,4 @@ in {
documentation.man.enable = false;
services.nixosManual.enable = false;
sound.enable = false;
-
}
diff --git a/makefu/1systems/filepimp/config.nix b/makefu/1systems/filepimp/config.nix
index 30ba61a9b..e023c2885 100644
--- a/makefu/1systems/filepimp/config.nix
+++ b/makefu/1systems/filepimp/config.nix
@@ -48,7 +48,6 @@ in {
hardware.cpu.amd.updateMicrocode = true;
zramSwap.enable = true;
- zramSwap.numDevices = 2;
makefu.snapraid = let
toMedia = name: "/media/" + name;
diff --git a/makefu/1systems/firecracker/config.nix b/makefu/1systems/firecracker/config.nix
new file mode 100644
index 000000000..87f500287
--- /dev/null
+++ b/makefu/1systems/firecracker/config.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+let
+ primaryInterface = "eth0";
+in {
+ imports = [
+ <stockholm/makefu>
+ ./hardware-config.nix
+ # <stockholm/makefu/2configs/tools/core.nix>
+ { environment.systemPackages = with pkgs;[ rsync screen curl git ];}
+ <stockholm/makefu/2configs/binary-cache/nixos.nix>
+ #<stockholm/makefu/2configs/support-nixos.nix>
+# configure your hw:
+# <stockholm/makefu/2configs/save-diskspace.nix>
+ ];
+ krebs = {
+ enable = true;
+ tinc.retiolum.enable = true;
+ build.host = config.krebs.hosts.firecracker;
+ };
+ networking.firewall.trustedInterfaces = [ primaryInterface ];
+ documentation.info.enable = false;
+ documentation.man.enable = false;
+ services.nixosManual.enable = false;
+ sound.enable = false;
+}
diff --git a/makefu/1systems/firecracker/hardware-config.nix b/makefu/1systems/firecracker/hardware-config.nix
new file mode 100644
index 000000000..b821a3375
--- /dev/null
+++ b/makefu/1systems/firecracker/hardware-config.nix
@@ -0,0 +1,30 @@
+{ pkgs, lib, ... }:
+{
+ boot.kernelParams = lib.mkForce ["console=ttyS2,1500000n8" "earlycon=uart8250,mmio32,0xff1a0000" "earlyprintk"];
+ boot.loader.grub.enable = false;
+ boot.loader.generic-extlinux-compatible.enable = true;
+ boot.loader.generic-extlinux-compatible.configurationLimit = 1;
+ boot.loader.generationsDir.enable = lib.mkDefault false;
+ boot.supportedFilesystems = lib.mkForce [ "vfat" ];
+
+ boot.tmpOnTmpfs = lib.mkForce false;
+ boot.cleanTmpDir = true;
+ hardware.enableRedistributableFirmware = true;
+
+ ## wifi not working, will be fixed with https://github.com/NixOS/nixpkgs/pull/53747
+ boot.kernelPackages = pkgs.linuxPackages_latest;
+ networking.wireless.enable = true;
+ # File systems configuration for using the installer's partition layout
+ swapDevices = [ { device = "/var/swap"; size = 4096; } ];
+ fileSystems = {
+ "/boot" = {
+ device = "/dev/disk/by-label/NIXOS_BOOT";
+ fsType = "vfat";
+ };
+ "/" = {
+ device = "/dev/disk/by-label/NIXOS_SD";
+ fsType = "ext4";
+ };
+ };
+
+}
diff --git a/makefu/1systems/firecracker/source.nix b/makefu/1systems/firecracker/source.nix
new file mode 100644
index 000000000..22c40039e
--- /dev/null
+++ b/makefu/1systems/firecracker/source.nix
@@ -0,0 +1,4 @@
+{
+ name="cake";
+ full = true;
+}
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index 7bc06f833..9585d8599 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -97,6 +97,24 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix>
<stockholm/makefu/2configs/torrent.nix>
+ { services.sickbeard = {
+ enable = true;
+ package = pkgs.sickgear;
+ user = "sickbeard";
+ group = "download";
+ port = 8280;
+ };
+ services.nginx.virtualHosts."sick.makefu.r" = {
+ locations."/".proxyPass = http://localhost:8280;
+ extraConfig = ''
+ if ( $server_addr = "${external-ip}" ) {
+ return 403;
+ }
+ '';
+ };
+ users.users.sickbeard.extraGroups = [ "nginx" ];
+ }
+ { nixpkgs.config.allowUnfree = true; }
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
@@ -111,6 +129,7 @@ in {
<stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
+ <stockholm/makefu/2configs/wireguard/wiregrill.nix>
# Removed until move: no extra mails
<stockholm/makefu/2configs/urlwatch>
@@ -153,11 +172,17 @@ in {
makefu.dl-dir = "/var/download";
- services.openssh.hostKeys = [
+ services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
{ path = (toString <secrets/ssh_host_ed25519_key>); type = "ed25519"; } ];
###### stable
- services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
+
+ services.nginx.virtualHosts."cgit.euer.krebsco.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".proxyPass = "http://cgit.gum.r";
+ };
+
krebs.build.host = config.krebs.hosts.gum;
# Network
diff --git a/makefu/1systems/gum/hardware-config.nix b/makefu/1systems/gum/hardware-config.nix
index 857fad7aa..e49b621e7 100644
--- a/makefu/1systems/gum/hardware-config.nix
+++ b/makefu/1systems/gum/hardware-config.nix
@@ -41,7 +41,7 @@ in {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ main-disk ];
- boot.initrd.kernelModules = [ "dm-raid" "dm_cache" ];
+ boot.initrd.kernelModules = [ "dm-raid" "dm_cache" "dm-thin-pool" ];
boot.initrd.availableKernelModules = [
"ata_piix" "vmw_pvscsi" "virtio_pci" "sd_mod" "ahci"
"xhci_pci" "ehci_pci" "ahci" "sd_mod"
@@ -67,7 +67,7 @@ in {
fileSystems."/var/www/binaergewitter" = {
device = "/dev/nixos/binaergewitter";
fsType = "ext4";
- options = [ "nofail" "x-systemd.automount" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ];
+ options = [ "nofail" ];
};
fileSystems."/var/lib/borgbackup" = {
device = "/dev/nixos/backup";
diff --git a/makefu/1systems/sdcard/config.nix b/makefu/1systems/sdcard/config.nix
new file mode 100644
index 000000000..4e3c22a30
--- /dev/null
+++ b/makefu/1systems/sdcard/config.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+let
+ kernel = pkgs.callPackage ./kernel.nix {
+ kernelPatches = with pkgs.kernelPatches; [
+ # kernelPatches.bridge_stp_helper
+ # kernelPatches.modinst_arg_list_too_long
+ ];
+ };
+in
+{
+ imports = [
+ <nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix>
+ # <stockholm/makefu/2configs/minimal.nix>
+ ];
+ # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
+ # cd ~/stockholm ; nix build config.system.build.sdImage -I nixos-config=makefu/1systems/sdcard/config.nix -f /home/makefu/nixpkgs/nixos
+
+ boot.kernelParams = ["console=ttyS2,1500000" "earlycon=uart8250,mmio32,0xff1a0000"];
+ # boot.kernelPackages = pkgs.linuxPackages_latest;
+ boot.kernelPackages = pkgs.linuxPackagesFor kernel;
+ boot.supportedFilesystems = lib.mkForce [ "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+
+ # krebs.hidden-ssh.enable = true;
+ environment.systemPackages = with pkgs; [
+ aria2
+ ddrescue
+ ];
+ environment.extraInit = ''
+ EDITOR=vim
+ '';
+ # iso-specific
+ services.openssh = {
+ enable = true;
+ hostKeys = [
+ { bits = 8192; type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
+ ];
+ };
+ # enable ssh in the iso boot process
+ systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
+}
diff --git a/makefu/1systems/sdcard/kernel.nix b/makefu/1systems/sdcard/kernel.nix
new file mode 100644
index 000000000..df5e7ada9
--- /dev/null
+++ b/makefu/1systems/sdcard/kernel.nix
@@ -0,0 +1,15 @@
+{ fetchFromGitLab, buildLinux, ... } @ args:
+buildLinux (args // rec {
+ version = "4.4.55";
+ modDirVersion = "4.4.55";
+ extraMeta.branch = "4.4";
+ defconfig = "firefly_linux_defconfig";
+
+ src = fetchFromGitLab {
+ owner = "TeeFirefly";
+ repo = "linux-kernel";
+ rev = "firefly_0821_release";
+ sha256 = "1fwj9cm5ysz286znrr3fyrhfn903m84i7py4rv3y3h9avxb3zl1r";
+ };
+ extraMeta.platforms = [ "aarch64-linux" ];
+} // (args.argsOverride or {}))
diff --git a/makefu/1systems/sdcard/source.nix b/makefu/1systems/sdcard/source.nix
new file mode 100644
index 000000000..6bef8ada9
--- /dev/null
+++ b/makefu/1systems/sdcard/source.nix
@@ -0,0 +1,3 @@
+{
+ name="iso";
+}
diff --git a/makefu/1systems/wbob/config.nix b/makefu/1systems/wbob/config.nix
index ab77f16dd..ad7fc825c 100644
--- a/makefu/1systems/wbob/config.nix
+++ b/makefu/1systems/wbob/config.nix
@@ -16,15 +16,16 @@ in {
<stockholm/makefu/2configs/tools/core-gui.nix>
<stockholm/makefu/2configs/tools/extra-gui.nix>
<stockholm/makefu/2configs/tools/media.nix>
- <stockholm/makefu/2configs/virtualisation/libvirt.nix>
+ # <stockholm/makefu/2configs/virtualisation/libvirt.nix>
+ # <stockholm/makefu/2configs/virtualisation/virtualbox.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/mqtt.nix>
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
# <stockholm/makefu/2configs/vncserver.nix>
+ <stockholm/makefu/2configs/logging/server.nix>
# Services
# <stockholm/makefu/2configs/hydra/stockholm.nix>
@@ -33,7 +34,7 @@ in {
<stockholm/makefu/2configs/bluetooth-mpd.nix>
# Sensors
- <stockholm/makefu/2configs/stats/client.nix>
+ # <stockholm/makefu/2configs/stats/client.nix>
<stockholm/makefu/2configs/stats/collectd-client.nix>
<stockholm/makefu/2configs/stats/telegraf>
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
@@ -44,16 +45,10 @@ in {
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
{ environment.systemPackages = [ pkgs.vlc ]; }
- {
- # Risikoübernahme
- nixpkgs.config.permittedInsecurePackages = [
- "homeassistant-0.77.2"
- ];
- }
- <stockholm/makefu/2configs/bureautomation>
+ <stockholm/makefu/2configs/bureautomation> # new hass entry point
<stockholm/makefu/2configs/bureautomation/led-fader.nix>
- <stockholm/makefu/2configs/bureautomation/mpd.nix>
- <stockholm/makefu/2configs/bureautomation/hass.nix>
+ # <stockholm/makefu/2configs/bureautomation/mpd.nix> #mpd is only used for TTS
+ <stockholm/makefu/2configs/mqtt.nix>
(let
collectd-port = 25826;
influx-port = 8086;
@@ -85,6 +80,7 @@ in {
'';
})
+ <stockholm/makefu/2configs/backup/state.nix>
# temporary
# <stockholm/makefu/2configs/temp/rst-issue.nix>
];
@@ -106,6 +102,7 @@ in {
LoadPlugin curl
<Plugin curl>
+ Interval 300
TotalTime true
NamelookupTime true
ConnectTime true
diff --git a/makefu/2configs/Reaktor/bgt.nix b/makefu/2configs/Reaktor/bgt.nix
new file mode 100644
index 000000000..42325bcd6
--- /dev/null
+++ b/makefu/2configs/Reaktor/bgt.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+ krebs.Reaktor.reaktor-bgt = {
+ nickname = "Reaktor|bgt";
+ workdir = "/var/lib/Reaktor/bgt";
+ channels = [ "#binaergewitter" ];
+ plugins = with pkgs.ReaktorPlugins;
+ [ titlebot
+ # stockholm-issue
+ nixos-version
+ # shack-correct
+ # sed-plugin
+ random-emoji ];
+ };
+}
diff --git a/makefu/2configs/bureautomation/automation/10h_timer.nix b/makefu/2configs/bureautomation/automation/10h_timer.nix
deleted file mode 100644
index dd747114e..000000000
--- a/makefu/2configs/bureautomation/automation/10h_timer.nix
+++ /dev/null
@@ -1,154 +0,0 @@
-[
- { alias = "start Felix 10h";
- trigger = {
- platform = "state";
- entity_id = [ "device_tracker.felix_phone" "device_tracker.felix_laptop" ];
- from = "not_home";
- to = "home";
- };
- condition = {
- condition = "and";
- conditions = [
- {
- condition = "state";
- entity_id = "timer.felix_10h";
- state = "idle";
- }
- {
- condition = "time";
- after = "06:00:00";
- before = "12:00:00";
- }
- ];
- };
- action = [
- { service = "timer.start";
- entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ] ;
- }
- { service = "homeassistant.turn_on";
- entity_id = [
- "script.buzz_red_led_fast"
- "script.blitz_10s"
- ];
- }
- { service = "light.turn_on";
- data = {
- effect = "2";
- entity_id = [ "light.status_felix" ];
- };
- }
- ];
- }
-
- { alias = "Disable Felix timer at button press";
- trigger = {
- platform = "state";
- entity_id = "binary_sensor.redbutton";
- to = "on";
- };
- condition = {
- condition = "and";
- conditions = [
- {
- condition = "state";
- entity_id = "timer.felix_10h";
- state = "active";
- }
- {
- condition = "time";
- after = "12:00:00";
- before = "22:00:00";
- }
- ];
- };
- action =
- [
- {
- service = "timer.cancel";
- entity_id = [ "timer.felix_10h" "timer.felix_8_30h" "timer.felix_7h" ];
- }
- {
- service = "homeassistant.turn_on";
- entity_id = [ "script.buzz_red_led_fast" ];
- }
- {
- service = "homeassistant.turn_off";
- entity_id = [ "light.status_felix" ];
- }
- ];
- }
-
- {
- alias = "Genug gearbeitet Felix";
- trigger =
- {
- platform = "event";
- event_type = "timer.finished";
- event_data.entity_id = "timer.felix_7h";
- };
- action =
- [
- { service = "light.turn_on";
- data = {
- rgb_color= [0 255 0];
- # effect = "0";
- entity_id = [ "light.status_felix" ];
- };
- }
- ];
- }
-
- {
- alias = "nun aber nach hause";
- trigger =
- {
- platform = "event";
- event_type = "timer.finished";
- event_data.entity_id = "timer.felix_8_30h";
- };
- action =
- [
- { service = "light.turn_on";
- data = {
- rgb_color= [255 255 0];
- # effect = "0";
- entity_id = [ "light.status_felix" ];
- };
- }
- ];
- }
-
- {
- alias = "Zu lange Felix!";
- trigger =
- {
- platform = "event";
- event_type = "timer.finished";
- event_data.entity_id = "timer.felix_10h";
- };
- action =
- [
- {
- service = "notify.telegrambot";
- data = {
- title = "Zu lange Felix!";
- message = "Du bist schon 10 Stunden auf Arbeit, geh jetzt gefälligst nach Hause!";
- };
- }
- {
- service = "homeassistant.turn_on";
- entity_id = [
- "script.buzz_red_led"
- "script.blitz_10s"
- ];
- }
- { service = "light.turn_on";
- data = {
- rgb_color= [255 0 0];
- effect = "0";
- entity_id = [ "light.status_felix" ];
- };
- }
- ];
- }
-]
diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
index d54d9762a..007f6064a 100644
--- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
+++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix
@@ -23,19 +23,11 @@
item.partymode = "music";
};
}
- {
- service = "tts.google_say";
- entity_id = "media_player.kodi";
- data = {
- message = "Willkommen in deinem Lieblingsbüro";
- language = "de";
- };
- }
{
service = "notify.telegrambot";
data = {
title = "Bureau Startup";
- message = "Willkommen {{ trigger.platform }}";
+ message = "Das Büro wurde eröffnet";
};
}
];
diff --git a/makefu/2configs/bureautomation/automation/schlechteluft.nix b/makefu/2configs/bureautomation/automation/schlechteluft.nix
new file mode 100644
index 000000000..8787ee280
--- /dev/null
+++ b/makefu/2configs/bureautomation/automation/schlechteluft.nix
@@ -0,0 +1,74 @@
+let
+ long_threshold = 30;
+in [
+ {
+ alias = "Bad Air Alarm 60 seconds";
+ trigger =
+ { platform = "numeric_state";
+ entity_id = "sensor.air_quality";
+ above = 1523;
+ for.seconds = 60;
+ };
+ condition = {
+ condition = "and";
+ conditions = [
+ { condition = "state";
+ entity_id = "group.team";
+ state = "home";
+ }
+ { condition = "time";
+ after = "06:00:00";
+ before = "20:00:00";
+ }
+ ];
+ };
+
+ action = [
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ "script.schlechteluft"
+ ];
+ }
+ ];
+ }
+ {
+ alias = "Bad Air Alarm ${toString long_threshold} Minutes";
+ trigger =
+ { platform = "numeric_state";
+ entity_id = "sensor.air_quality";
+ above = 1523;
+ for.minutes = long_threshold;
+ };
+ condition = {
+ condition = "and";
+ conditions = [
+ { condition = "state";
+ entity_id = "group.team";
+ state = "home";
+ }
+ { condition = "time";
+ after = "06:00:00";
+ before = "20:00:00";
+ }
+ ];
+ };
+
+ action = [
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ "script.schlechteluft"
+ ];
+ }
+ { service = "tts.google_say";
+ entity_id = "media_player.mpd";
+ data_template = {
+ message = "BEEP BEEP - Die luft ist schon ${toString long_threshold} Minuten schlecht! Student Nummer {{ range(1,500) | random }}, öffne ein Fenster.";
+ language = "de";
+ };
+ }
+ { service = "notify.matrix_notify";
+ data_template.message = "Schlechte Luft Alarm seit ${toString long_threshold} Minuten ({{states.sensor.air_quality.state_with_unit}})!";
+ }
+ ];
+ }
+]
diff --git a/makefu/2configs/bureautomation/combination/10h_timers.nix b/makefu/2configs/bureautomation/combination/10h_timers.nix
new file mode 100644
index 000000000..dec5347a6
--- /dev/null
+++ b/makefu/2configs/bureautomation/combination/10h_timers.nix
@@ -0,0 +1,194 @@
+{lib, ... }:
+let
+ persons = [ "frank" "daniel" "thorsten" "carsten" "thierry" "ecki" "felix"
+ "anthony" # antony
+ "thierry" # tjeri
+ ];
+ random_zu_lange = name: ''{{ [
+ "Du musst jetzt endlich nach Hause gehen ${name}!",
+ "${name} - 10 Stunden sind rum, bald schenkst du den Franzosen deine Lebenszeit",
+ "Nur eine Minute über 10 Stunden kann zu einer Stunde Arbeit für Thorsten werden, ${name}.",
+ "In 10 Minuten kommt dich der Security Mann holen, ${name}",
+ "Das Sandmännchen ist schon vorbei, gleich fallen dir die Augen zu ${name}.",
+ "Wenn ${name} sofort los geht, dann ist er noch rechtzeitig für den Tatort zu Hause.",
+ "${name} muss jetzt gehen, sonst verpasst er die Tagesschau!",
+ "Es ist spät ${name}. Ausstempeln hilft zwar kurzfristig, kann aber zu langfristigen Problemen führen.",
+ "${name}, wenn du nach zehn Stunden nach Hause gehst, muss dir dein Vorgesetzter ein Taxi bestellen",
+ "${name}, wenn du nach zehn Stunden nach Hause gehst, bist du auf dem Rückweg nicht mehr versichert!",
+ "Zu lange, ${name}!" ] | random }}'' ;
+
+
+ random_announce = name: ''{{ [
+ "${name} is in da House",
+ "Ahoi ${name}",
+ "Moinsen ${name}",
+ "Moin Moin ${name}",
+ "Palim, Palim ${name}",
+ "Vorwärts Genosse ${name}",
+ "Gemeinsame Grüße, Genosse ${name}",
+ "Sozialistische Grüße, Genosse ${name}",
+ "Konzentrierte Grüße, Genosse ${name}",
+ "Ach, der ${name} ist auch wieder da...",
+ "Nicht ${name} schon wieder",
+ "Tri tra tralala, der ${name} ist wieder da.",
+ "Na sieh mal einer an, ${name} hat es auch her geschafft",
+ "Wer ist im Büro eingetroffen? ${name} ist es!",
+ "Willkommen in deinem Lieblingsbüro, ${name}.",
+ "Klopf, Klopf, wer ist da? ${name} ist da!",
+ "Messer, Gabel, Schere, Licht sind für kleinen ${name} nicht.",
+ "Ich kenne ein Geheimnis, ${name} ist angekommen",
+ "Wir sind ${name}. Sie werden assimiliert werden",
+ "Achtung, es erfolgt eine Durchsage. ${name} ist eingetroffen",
+ "Die Scanner haben eine dem System bekannte Lebensform mit dem Namen ${name} detektiert",
+ "Das Büro sieht dich, ${name}",
+ "Das Büro riecht dich, ${name}",
+ "Im Kalender von ${name} sind heute acht Meetings eingeplant, von denen zwei bereits verpasst wurden",
+ "Das Postfach von ${name} beinhaltet einhundertachtundzwanzig ungelesene E-Mails.",
+ "Nachricht von Serge: ${name}, bitte melden Sie sich Umgehend bei mir im Büro!",
+ "Luftqualität hat sich durch das Eintreffen von ${name} um zweihunder Punkte verschlechtert, bitte alle Fenster öffnen.",
+ "Die Tür geht auf, wer mag das sein? Schon schreitet hier der ${name} ein. Das Volk, es jubelt, Dirnen schmachten. Fürs Festmahl beginnt man schon zu schlachten. Er wird nur nach dem besten streben! Der ${name}, er soll lange leben!",
+ "${name} arbeitet gern für seinen Konzern",
+ "${name} ist nur froh im Großraumbüro",
+ "Für ${name} ist die schönste Zeit ... die Arbeit",
+ "Ein Fleißbienchen für ${name} zum rechtzeitigen Erscheinen im Büro",
+ "${name} ist heute wohl doch nicht im Office Home",
+ "${name} ist bereit für einen Tag voller Meetings",
+ "Und es startet für ${name} wieder ein Tag im Paradies",
+ "Lieber ${name}, Markus Keck hat dich bereits drei mal Versucht anzurufen!",
+ "Trotz schwerer Männergrippe ist ${name} heute im Büro erschienen.",
+ "${name} kenne keine Parteien mehr, ${name} kenne nur noch Arbeitsplätze",
+ "${name}, Frage nicht, was dein Arbeitsplatz für dich tun kann. Frage, was du für deinen Arbeitsplatz tun kannst",
+ "${name} läuft bis in den Jemen - für sein Unternehmen. ${name} schwimmt bis nach Birma - für meine Firma",
+ "Der Cyberian ${name} ist gekommen um die Bahnwelt vor Cyber-Angriffen zu schützen",
+ "Alles paletto im Ghetto, ${name}?",
+ "Hach, ${name}, wenn du hier rein kommst fühlt es sich gleich wieder an wie Montag.",
+ "Oh nein, nicht schon wieder ${name}",
+ "Wer wohnt in der Ananas ganz tief im Meer? ${name} Schwammkopf!",
+ "Arbeit ist Freizeit! Wachstum ist Fortschritt! Sicherheit ist Freiheit! Eine kleine Erinnerung für ${name}"] | random }}'' ;
+ tmr_10h = name: {
+ "${name}_10h" = {
+ name = "${name} 10h Timer";
+ duration = "10:00:00";
+ };
+ };
+
+ zu_lange_user = name:
+ { "zu_lange_${name}" = {
+ alias = "Random Zu Lange ${name}";
+
+ sequence = [
+ { service = "media_player.play_media";
+ data = {
+ entity_id = "media_player.mpd";
+ media_content_type = "playlist";
+ media_content_id = "ansage";
+ };
+ }
+ { delay.seconds = 5; }
+ { service = "tts.google_say";
+ entity_id = "media_player.mpd";
+ data_template = {
+ message = random_zu_lange name;
+ language = "de";
+ };
+ }
+ ];
+ };
+ };
+ announce_user = name:
+ { "announce_${name}" = {
+ alias = "Random Announce ${name}";
+ sequence = [
+ { delay.seconds = 7; }
+ { service = "media_player.play_media";
+ data = {
+ entity_id = "media_player.mpd";
+ media_content_type = "playlist";
+ media_content_id = "ansage";
+ };
+ }
+ { delay.seconds = 4; }
+ { service = "tts.google_say";
+ entity_id = "media_player.mpd";
+ data_template = {
+ message = random_announce name;
+ language = "de";
+ };
+ }
+ ];
+ };
+ };
+ automation_10h = name: [
+ { alias = "start ${name} 10h";
+ trigger = {
+ platform = "state";
+ # TODO: ecki
+ entity_id = [ "device_tracker.${name}_phone"];
+ from = "not_home";
+ to = "home";
+ };
+ condition = {
+ condition = "and";
+ conditions = [
+ {
+ condition = "state";
+ entity_id = "timer.${name}_10h";
+ state = "idle";
+ }
+ {
+ condition = "time";
+ after = "06:00:00";
+ before = "12:00:00";
+ }
+ ];
+ };
+ action = [
+ { service = "timer.start";
+ entity_id = [ "timer.${name}_10h" ] ;
+ }
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ # "script.buzz_${name}"
+ "script.blitz_10s"
+ "script.announce_${name}"
+ ];
+ }
+ ];
+ }
+
+ { alias = "Zu lange ${name}!";
+ trigger =
+ {
+ platform = "event";
+ event_type = "timer.finished";
+ event_data.entity_id = "timer.${name}_10h";
+ };
+
+ condition =
+ {
+ condition = "state";
+ entity_id = "device_tracker.${name}_phone";
+ state = "home";
+ };
+
+ action =
+ [
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ "script.blitz_10s"
+ "script.zu_lange_${name}"
+ ];
+ }
+ ];
+ }
+ ];
+in
+{
+ timer =lib.fold lib.recursiveUpdate {}
+ (map tmr_10h persons);
+ automation = (lib.flatten (map automation_10h persons));
+ script = lib.fold lib.recursiveUpdate {} (
+ (map (p: announce_user p) persons) ++
+ (map (p: zu_lange_user p) persons)
+ );
+}
diff --git a/makefu/2configs/bureautomation/combination/README.md b/makefu/2configs/bureautomation/combination/README.md
new file mode 100644
index 000000000..baad87fda
--- /dev/null
+++ b/makefu/2configs/bureautomation/combination/README.md
@@ -0,0 +1,3 @@
+# Combination Folder
+files return a dictionary of different types used in home-assistant instead of
+a single thing.
diff --git a/makefu/2configs/bureautomation/combination/matrix.nix b/makefu/2configs/bureautomation/combination/matrix.nix
new file mode 100644
index 000000000..85ba31986
--- /dev/null
+++ b/makefu/2configs/bureautomation/combination/matrix.nix
@@ -0,0 +1,65 @@
+{ lib, ... }:
+#matrix:
+# password: supersecurepassword
+# rooms:
+# - "#hasstest:matrix.org"
+# commands:
+# - word: my_command
+# name: my_command
+let
+ mom_room = "!kTQjvTQvfVsvfEtmth:thales.citadel.team";
+in {
+ matrix =
+ {
+ # secrets:
+ # homeserver, username, password
+ homeserver = "https://ext01.citadel.team";
+ rooms = [
+ mom_room
+ ];
+ commands = [
+ {
+ # alternative: expression for regexp
+ word = "version";
+ name = "version";
+ }
+ {
+ word = "luftqualität";
+ name = "luftqualitaet";
+ }
+ ];
+ } // (builtins.fromJSON (builtins.readFile
+ <secrets/hass/citadel-bot.json>));
+ automation = [
+ {
+ alias = "React to !version";
+ trigger = {
+ platform = "event";
+ event_type = "matrix_command";
+ event_data.command = "version";
+ };
+ action = {
+ service = "notify.matrix_notify";
+ data_template.message = "Running home-assistant {{states.sensor.current_version.state}}";
+ };
+ }
+ {
+ alias = "React to !luftqualität";
+ trigger = {
+ platform = "event";
+ event_type = "matrix_command";
+ event_data.command = "luftqualitaet";
+ };
+ action = {
+ service = "notify.matrix_notify";
+ data_template.message = "Temp: {{states.sensor.easy2_dht22_temperature.state_with_unit}} Hum:{{states.sensor.easy2_dht22_humidity.state_with_unit}} airquality:{{states.sensor.air_quality.state_with_unit}}";
+ };
+ }
+
+ ];
+ notify = [{
+ name = "matrix_notify";
+ platform = "matrix";
+ default_room = mom_room;
+ }];
+}
diff --git a/makefu/2configs/bureautomation/combination/mittagessen.nix b/makefu/2configs/bureautomation/combination/mittagessen.nix
new file mode 100644
index 000000000..3ec70998d
--- /dev/null
+++ b/makefu/2configs/bureautomation/combination/mittagessen.nix
@@ -0,0 +1,89 @@
+{ lib, ... }:
+let
+ # TODO: remove redundant code (from multi_blink) via lib
+ flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
+ {
+ inherit alias;
+ sequence = lib.flatten (builtins.genList (i: [
+ { service = "homeassistant.turn_on";
+ data.entity_id = entity;
+ }
+ { delay.milliseconds = delay; }
+ { service = "homeassistant.turn_off";
+ data.entity_id = entity;
+ }
+ { delay.milliseconds = delay; }
+ ]
+ ) count);
+ };
+ # TODO: use influxdb and check if pommes
+ random_mittagessen = '' {{ [
+ "Es ist 12 uhr 30. Der Aramark Gourmettempel hat, wie jeden Tag, wieder die feinsten Köstlichkeiten für euch Vorbereitet",
+ "Heute bei Aramark: Rezepte aus Ländern, von denen Ihr noch nie gehört habt, Deutsch zubereitet",
+ "Heute bei Aramark im Angebot: Scheiss mit Reis oder Reste von Freitag",
+ "MHHHH es ist wieder mal so weit, lecker Bayerisch Kraut mit asiatischen Nudeln",
+ "Es ist 12 Uhr 30 und Heute gibt es Pommes - vielleicht",
+ "Heute gibt es Pommes - leider nicht einzeln zu verkaufen, da die Schälchen alle sind",
+ "Heute gibt es Pommes - verarscht! Natürlich gibt es nur salzlosen Reis, oder salzlose Nudeln.",
+ "Heute auf dem Speiseplan: Sushi vom Vortag",
+ "Aramark Kantinenessen: Der Hunger treibt es rein, der Geiz hält es drin.",
+ "Das Essen in der Snackeria sieht heute wie die bessere Alternative aus",
+ "Heute ist wohl wieder ein Beilagen-Tag",
+ "Lunch time! Good luck, you will need it!",
+ "Heute vielleicht lieber doch nur einen Salat?",
+ "Im Büro ist es eh gerade viel zu warm, also ab zur Kantine",
+ "Im Büro ist es eh gerade viel zu kalt, also ab zur Kantine",
+ "Heute scheint die Auswahl wieder sehr schwierig zu sein. Vielleicht doch lieber ein Brötchen mit Fleischkäse vom Bäcker beim Baumarkt?",
+ "Wer hat hier schon wieder ein Meeting auf 12 Uhr gelegt? Skandal!",
+ "Jetzt nur noch kurz die Mail fertig schreiben und schon kann es los gehen.",
+ "Es ist 13 Uhr und die Mittagspause ist bald vorbei .... Kleiner Scherz, es ist erst 12:30, aber Ihr hättet auch nicht wirklich etwas verpasst.",
+ "Hallo, es ist nun 12 Uhr 30! Dies entspricht der Essenszeit aller Büroinsassen. Bitte begebt euch zur Aramark Essensausgabe um euren menschlichen Bedürfnissen nachzukommen."] | random }}'';
+in {
+ automation = [
+ { alias = "Mittagessen";
+ trigger = {
+ platform = "time";
+ at = "12:30:00";
+ };
+ action = [
+ { service = "homeassistant.turn_on";
+ entity_id = [
+ "script.mittagessen_announce"
+ "script.blitz_10s"
+ "script.mittagessenlicht"
+ ];
+ }
+ ];
+ }
+ ];
+ script = {
+ mittagessenlicht = (flash_entity {
+ entity = "switch.bauarbeiterlampe";
+ alias = "Bauarbeiterlampe Mittagessenlicht";
+ delay = 1000;
+ count = 5;
+ });
+ mittagessen_announce = {
+ alias = "Random Mittagessen announce";
+ sequence = [
+ {
+ service = "media_player.play_media";
+ data = {
+ entity_id = "media_player.mpd";
+ media_content_type = "playlist";
+ media_content_id = "ansage";
+ };
+ }
+ { delay.seconds = 5; }
+ {
+ service = "tts.google_say";
+ entity_id = "media_player.mpd";
+ data_template = {
+ message = random_mittagessen;
+ language = "de";
+ };
+ }
+ ];
+ };
+ };
+}
diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix
index 1782becd8..8ec9dacc2 100644
--- a/makefu/2configs/bureautomation/default.nix
+++ b/makefu/2configs/bureautomation/default.nix
@@ -1,45 +1,251 @@
-{ pkgs, lib, ... }:
-
-with lib;
+{ config, pkgs, lib, ... }:
let
- port = 3001;
- runit = pkgs.writeDash "runit" ''
- set -xeuf
- PATH=${pkgs.mosquitto}/bin:${pkgs.coreutils}/bin
- name=''${1?must provide name as first arg}
- state=''${2?must provide state as second arg}
- # val=''${3?must provide val as third arg}
-
- # we ignore non-alerting events
- test $state = alerting || exit 0
-
- echo $name - $state
- topic=plug
- mosquitto_pub -t /bam/$topic/cmnd/POWER -m ON
- sleep 5
- mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF
- '';
+ kodi-host = "192.168.8.11";
+ ten_hours = import ./combination/10h_timers.nix { inherit lib; }; # provides: timer automation script
+ mittagessen = import ./combination/mittagessen.nix { inherit lib; }; # provides: automation script
+ matrix = import ./combination/matrix.nix { inherit lib; }; # provides: matrix automation
in {
imports = [
./ota.nix
];
- services.logstash = {
- package = pkgs.logstash5;
+ networking.firewall.allowedTCPPorts = [ 8123 ];
+ state = [ "/var/lib/hass/known_devices.yaml" ];
+ services.home-assistant = let
+ dwd_pollen = pkgs.fetchFromGitHub {
+ owner = "marcschumacher";
+ repo = "dwd_pollen";
+ rev = "0.1";
+ sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
+ };
+ in {
enable = true;
- inputConfig = ''
- http {
- port => ${toString port}
- host => "127.0.0.1"
- }
- '';
- filterConfig = ''
- '';
- outputConfig = ''
- stdout { codec => json }
- exec { command => "${runit} '%{ruleName}' '%{state}'" }
- '';
- extraSettings = ''
- path.plugins: [ "${pkgs.logstash-output-exec}" ]
- '';
+ package = (pkgs.home-assistant.overrideAttrs (old: {
+ # TODO: find correct python package
+ installCheckPhase = ''
+ echo LOLLLLLLLLLLLLLL
+ '';
+ postInstall = ''
+ cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen
+ '';
+ })).override {
+ extraPackages = ps: with ps; [
+ pkgs.pico2wave
+ python-forecastio jsonrpc-async jsonrpc-websocket mpd2
+ (callPackage ./deps/gtts-token.nix { })
+ (callPackage ./deps/pyhaversion.nix { })
+ ];
+ };
+ autoExtraComponents = true;
+ config = {
+ homeassistant = {
+ name = "Bureautomation";
+ time_zone = "Europe/Berlin";
+ latitude = "48.8265";
+ longitude = "9.0676";
+ elevation = 303;
+ auth_providers = [
+ { type = "homeassistant";}
+ { type = "legacy_api_password";}
+ { type = "trusted_networks";
+ # allow_bypass_login = true;
+ }
+ ];
+ };
+ # https://www.home-assistant.io/components/influxdb/
+ influxdb = {
+ database = "hass";
+ tags = {
+ instance = "wbob";
+ source = "hass";
+ };
+ };
+ matrix = matrix.matrix;
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ keepalive = 60;
+ protocol = 3.1;
+ birth_message = {
+ topic = "/bam/hass/tele/LWT";
+ payload = "Online";
+ qos = 1;
+ retain = true;
+ };
+ will_message = {
+ topic = "/bam/hass/tele/LWT";
+ payload = "Offline";
+ qos = 1;
+ retain = true;
+ };
+ };
+ switch = (import ./switch/tasmota_switch.nix) ++
+ (import ./switch/rfbridge.nix);
+ light = (import ./light/statuslight.nix) ++
+ (import ./light/buzzer.nix);
+ timer = ten_hours.timer;
+ notify = [
+ {
+ platform = "kodi";
+ name = "wbob-kodi";
+ host = kodi-host;
+ }
+ {
+ platform = "telegram";
+ name = "telegrambot";
+ chat_id = builtins.elemAt
+ (builtins.fromJSON (builtins.readFile
+ <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0;
+ }
+ ] ++ matrix.notify;
+ media_player = [
+ { platform = "kodi";
+ host = kodi-host;
+ }
+ { platform = "mpd";
+ host = "127.0.0.1";
+ }
+ ];
+ script = lib.fold lib.recursiveUpdate {} [
+ ((import ./script/multi_blink.nix) {inherit lib;})
+ ten_hours.script
+ mittagessen.script
+ ];
+ binary_sensor =
+ (import ./binary_sensor/buttons.nix) ++
+ (import ./binary_sensor/motion.nix);
+
+ sensor =
+ [{ platform = "version"; }] ++
+ (import ./sensor/pollen.nix) ++
+ (import ./sensor/espeasy.nix) ++
+ (import ./sensor/airquality.nix) ++
+ ((import ./sensor/outside.nix) {inherit lib;}) ++
+ (import ./sensor/influxdb.nix) ++
+ (import ./sensor/tasmota_firmware.nix);
+
+ camera =
+ (import ./camera/verkehrskamera.nix);
+
+ # not yet released
+ #person =
+ # (import ./person/team.nix );
+
+ frontend = { };
+ http = {
+ # TODO: https://github.com/home-assistant/home-assistant/issues/16149
+ base_url = "http://192.168.8.11:8123";
+ api_password = "sistemas";
+ trusted_networks = [
+ "127.0.0.1/32"
+ "192.168.8.0/24"
+ "::1/128"
+ "fd00::/8"
+ ];
+ };
+ conversation = {};
+ history = {};
+ logbook = {};
+ tts = [
+ { platform = "google";
+ language = "de";
+ }
+ { platform = "voicerss";
+ api_key = builtins.readFile <secrets/hass/voicerss.apikey>;
+ language = "de-de";
+ }
+ { platform = "picotts";
+ language = "de-DE";
+ }
+ ];
+ recorder = {};
+ sun = {};
+ telegram_bot = [
+ (builtins.fromJSON
+ (builtins.readFile <secrets/hass/telegram-bot.json>))
+ ];
+ group =
+ { default_view =
+ { view = "yes";
+ entities = [
+ "group.sensors"
+ "group.camera"
+ "group.outside"
+ "group.team"
+ "group.nachtlicht"
+ "group.switches"
+ ];
+ };
+ automation = [];
+
+ switches = [
+ "switch.bauarbeiterlampe"
+ "switch.blitzdings"
+ "switch.fernseher"
+ "switch.feuer"
+ "light.status_felix"
+ "light.status_daniel"
+ "light.buslicht"
+ ];
+ team = [
+ "device_tracker.thorsten_phone"
+ "device_tracker.felix_phone"
+ "device_tracker.ecki_tablet"
+ "device_tracker.daniel_phone"
+ "device_tracker.carsten_phone"
+ "device_tracker.thierry_phone"
+ "device_tracker.frank_phone"
+ "device_tracker.anthony_phone"
+ # "person.thorsten"
+ # "person.felix"
+ # "person.ecki"
+ # "person.daniel"
+ ];
+ camera = [
+ "camera.Baumarkt"
+ "camera.Autobahn_Heilbronn"
+ "camera.Autobahn_Singen"
+ ];
+ nachtlicht = [
+ "switch.nachtlicht_a"
+ "switch.nachtlicht_b"
+ "switch.nachtlicht_c"
+ "switch.nachtlicht_d"
+ ];
+ sensors = [
+ "media_player.kodi"
+ "script.blitz_10s"
+ "script.buzz_red_led_fast"
+ "timer.felix_10h"
+ "timer.frank_10h"
+ "sensor.easy2_dht22_humidity"
+ "sensor.easy2_dht22_temperature"
+ "sensor.air_quality"
+ # "binary_sensor.redbutton"
+ ];
+ outside = [
+ # "sensor.ditzingen_pm10"
+ # "sensor.ditzingen_pm25"
+ "sensor.dark_sky_icon"
+ "sensor.dark_sky_temperature"
+ "sensor.dark_sky_humidity"
+ "sensor.dark_sky_uv_index"
+ # "sensor.dark_sky_pressure"
+ "sensor.dark_sky_hourly_summary"
+ ];
+ };
+ # only for automation
+ # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
+ # we don't use imports because the expressions do not merge in
+ # home-assistant
+ automation = (import ./automation/bureau-shutdown.nix) ++
+ (import ./automation/nachtlicht.nix) ++
+ (import ./automation/schlechteluft.nix) ++
+ (import ./automation/hass-restart.nix) ++
+ ten_hours.automation ++
+ matrix.automation ++
+ mittagessen.automation;
+ device_tracker = (import ./device_tracker/openwrt.nix );
+ };
};
}
diff --git a/makefu/2configs/bureautomation/deps/dwd_pollen.nix b/makefu/2configs/bureautomation/deps/dwd_pollen.nix
new file mode 100644
index 000000000..39d9c3069
--- /dev/null
+++ b/makefu/2configs/bureautomation/deps/dwd_pollen.nix
@@ -0,0 +1,32 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, python
+, voluptuous
+}:
+
+buildPythonPackage rec {
+ format = "other";
+ pname = "dwd_pollen";
+ version = "0.1";
+
+ src = fetchFromGitHub {
+ owner = "marcschumacher";
+ repo = "dwd_pollen";
+ rev = version;
+ sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
+ };
+ propagatedBuildInputs = [
+ voluptuous
+ ];
+ installPhase = ''
+ install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen *
+ '';
+
+ meta = with lib; {
+ description = "Home Assistant component to retrieve Pollen data from DWD (Germany)";
+ homepage = https://github.com/marcschumacher/dwd_pollen;
+ license = licenses.mit;
+ maintainers = [ maintainers.makefu ];
+ };
+}
diff --git a/makefu/2configs/bureautomation/deps/gtts-token.nix b/makefu/2configs/bureautomation/deps/gtts-token.nix
new file mode 100644
index 000000000..69640f03d
--- /dev/null
+++ b/makefu/2configs/bureautomation/deps/gtts-token.nix
@@ -0,0 +1,27 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, requests
+}:
+
+buildPythonPackage rec {
+ pname = "gtts-token";
+ version = "1.1.3";
+
+ src = fetchPypi {
+ pname = "gTTS-token";
+ inherit version;
+ sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5";
+ };
+
+ propagatedBuildInputs = [
+ requests
+ ];
+
+ meta = with lib; {
+ description = "Calculates a token to run the Google Translate text to speech";
+ homepage = https://github.com/boudewijn26/gTTS-token;
+ license = licenses.mit;
+ # maintainers = [ maintainers. ];
+ };
+}
diff --git a/makefu/2configs/bureautomation/deps/pyhaversion.nix b/makefu/2configs/bureautomation/deps/pyhaversion.nix
new file mode 100644
index 000000000..a75c6a976
--- /dev/null
+++ b/makefu/2configs/bureautomation/deps/pyhaversion.nix
@@ -0,0 +1,33 @@
+{ lib
+, buildPythonPackage
+, fetchpatch
+, fetchPypi
+, aiohttp
+, async-timeout
+}:
+
+buildPythonPackage rec {
+ pname = "pyhaversion";
+ version = "2.2.1";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f";
+ };
+ patches = [
+ (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch";
+ sha256 =
+ "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";})
+ ];
+ doCheck = false;
+ propagatedBuildInputs = [
+ aiohttp
+ async-timeout
+ ];
+
+ meta = with lib; {
+ description = "";
+ homepage = https://github.com/ludeeus/pyhaversion;
+ # maintainers = [ maintainers. ];
+ };
+}
diff --git a/makefu/2configs/bureautomation/device_tracker/openwrt.nix b/makefu/2configs/bureautomation/device_tracker/openwrt.nix
index 0db9821a1..d32eab60f 100644
--- a/makefu/2configs/bureautomation/device_tracker/openwrt.nix
+++ b/makefu/2configs/bureautomation/device_tracker/openwrt.nix
@@ -1,3 +1,6 @@
+# requires `opkg install luci-mod-rpc` on router
+# see https://www.home-assistant.io/components/luci/
+
[
{ platform = "luci";
name = "router";
diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix
deleted file mode 100644
index ace1d10ce..000000000
--- a/makefu/2configs/bureautomation/hass.nix
+++ /dev/null
@@ -1,198 +0,0 @@
-{ pkgs, lib, ... }:
-let
- kodi-host = "192.168.8.11";
-in {
- networking.firewall.allowedTCPPorts = [ 8123 ];
- state = [ "/var/lib/hass/known_devices.yaml" ];
- services.home-assistant = {
- enable = true;
- package = pkgs.home-assistant.override { python3 = pkgs.python36; };
- config = {
- homeassistant = {
- name = "Bureautomation";
- time_zone = "Europe/Berlin";
- latitude = "48.8265";
- longitude = "9.0676";
- elevation = 303;
- auth_providers = [
- { type = "homeassistant";}
- { type = "legacy_api_password";}
- { type = "trusted_networks";
- # allow_bypass_login = true;
- }
- ];
- };
- mqtt = {
- broker = "localhost";
- port = 1883;
- client_id = "home-assistant";
- keepalive = 60;
- protocol = 3.1;
- birth_message = {
- topic = "/bam/hass/tele/LWT";
- payload = "Online";
- qos = 1;
- retain = true;
- };
- will_message = {
- topic = "/bam/hass/tele/LWT";
- payload = "Offline";
- qos = 1;
- retain = true;
- };
- };
- switch = (import ./switch/tasmota_switch.nix) ++
- (import ./switch/rfbridge.nix);
- light = (import ./light/statuslight.nix) ++
- (import ./light/buzzer.nix);
- timer = {
- felix_10h = {
- name = "Felix 10h Timer";
- duration = "10:00:00";
- };
- felix_8_30h = {
- name = "Felix 8_30h Timer";
- duration = "08:30:00";
- };
- felix_7h = {
- name = "Felix 7h Timer";
- duration = "07:00:00";
- };
- };
- notify = [
- {
- platform = "kodi";
- name = "wbob-kodi";
- host = kodi-host;
- }
- {
- platform = "telegram";
- name = "telegrambot";
- chat_id = builtins.elemAt
- (builtins.fromJSON (builtins.readFile
- <secrets/hass/telegram-bot.json>)).allowed_chat_ids 0;
- }
- ];
- media_player = [
- { platform = "kodi";
- host = kodi-host;
- }
- ];
- script = (import ./script/multi_blink.nix) {inherit lib;};
- binary_sensor =
- (import ./binary_sensor/buttons.nix) ++
- (import ./binary_sensor/motion.nix);
-
- sensor =
- (import ./sensor/espeasy.nix) ++
- ((import ./sensor/outside.nix) {inherit lib;}) ++
- (import ./sensor/influxdb.nix) ++
- (import ./sensor/tasmota_firmware.nix);
-
- camera =
- (import ./camera/verkehrskamera.nix);
-
- # not yet released
- #person =
- # (import ./person/team.nix );
-
- frontend = { };
- http = {
- # TODO: https://github.com/home-assistant/home-assistant/issues/16149
- api_password = "sistemas";
- trusted_networks = [
- "127.0.0.1/32"
- "192.168.8.0/24"
- "::1/128"
- "fd00::/8"
- ];
- };
- conversation = {};
- history = {};
- logbook = {};
- tts = [ { platform = "google";} ];
- recorder = {};
- sun = {};
- telegram_bot = [
- (builtins.fromJSON
- (builtins.readFile <secrets/hass/telegram-bot.json>))
- ];
- group =
- { default_view =
- { view = "yes";
- entities = [
- "group.sensors"
- "group.camera"
- "group.outside"
- "group.team"
- "group.nachtlicht"
- "group.switches"
- ];
- };
- automation = [
- ];
- switches = [
- "switch.bauarbeiterlampe"
- "switch.blitzdings"
- "switch.fernseher"
- "switch.feuer"
- "light.status_felix"
- "light.status_daniel"
- "light.buslicht"
- ];
- team = [
- "device_tracker.thorsten_phone"
- "device_tracker.felix_phone"
- "device_tracker.ecki_tablet"
- "device_tracker.daniel_phone"
- "device_tracker.carsten_phone"
- "device_tracker.thierry_phone"
- # "person.thorsten"
- # "person.felix"
- # "person.ecki"
- # "person.daniel"
- ];
- camera = [
- "camera.Baumarkt"
- "camera.Autobahn_Heilbronn"
- "camera.Autobahn_Singen"
- ];
- nachtlicht = [
- "switch.nachtlicht_a"
- "switch.nachtlicht_b"
- "switch.nachtlicht_c"
- "switch.nachtlicht_d"
- ];
- sensors = [
- "media_player.kodi"
- "script.blitz_10s"
- "script.buzz_red_led_fast"
- "timer.felix_10h"
- "sensor.easy2_dht22_humidity"
- "sensor.easy2_dht22_temperature"
- # "binary_sensor.redbutton"
- ];
- outside = [
- # "sensor.ditzingen_pm10"
- # "sensor.ditzingen_pm25"
- "sensor.dark_sky_icon"
- "sensor.dark_sky_temperature"
- "sensor.dark_sky_humidity"
- "sensor.dark_sky_uv_index"
- # "sensor.dark_sky_pressure"
- "sensor.dark_sky_hourly_summary"
- "device_tracker.router"
- ];
- };
- # only for automation
- # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ];
- # we don't use imports because the expressions do not merge in
- # home-assistant
- automation = (import ./automation/bureau-shutdown.nix) ++
- (import ./automation/nachtlicht.nix) ++
- (import ./automation/hass-restart.nix) ++
- (import ./automation/10h_timer.nix);
- device_tracker = (import ./device_tracker/openwrt.nix );
- };
- };
-}
diff --git a/makefu/2configs/bureautomation/script/multi_blink.nix b/makefu/2configs/bureautomation/script/multi_blink.nix
index bb28dd46f..5076111ac 100644
--- a/makefu/2configs/bureautomation/script/multi_blink.nix
+++ b/makefu/2configs/bureautomation/script/multi_blink.nix
@@ -1,5 +1,7 @@
{lib, ... }:
let
+ # TODO: flash with different delay
+
# let an entity blink for X times with a delay of Y milliseconds
flash_entity = { entity, delay ? 500, count ? 4, alias ? "${entity}_blink_${toString count}_${toString delay}" }:
{
@@ -34,4 +36,10 @@ in {
count = 1;
alias = "blitz for 10 seconds";
});
+ schlechteluft = (flash_entity {
+ entity = "switch.bauarbeiterlampe";
+ alias = "Schlechte Luft Lampe 5 secs";
+ delay = 5000;
+ count = 1;
+ });
}
diff --git a/makefu/2configs/bureautomation/sensor/airquality.nix b/makefu/2configs/bureautomation/sensor/airquality.nix
new file mode 100644
index 000000000..217fa9595
--- /dev/null
+++ b/makefu/2configs/bureautomation/sensor/airquality.nix
@@ -0,0 +1,9 @@
+[
+ # coming from 2configs/stats/telegraf/
+ { platform = "mqtt";
+ name = "Air Quality";
+ state_topic = "/telegraf/wbob/airquality";
+ value_template = "{{ value_json.fields.value }}";
+ unit_of_measurement = "VOC";
+ }
+]
diff --git a/makefu/2configs/bureautomation/sensor/pollen.nix b/makefu/2configs/bureautomation/sensor/pollen.nix
new file mode 100644
index 000000000..506dbf123
--- /dev/null
+++ b/makefu/2configs/bureautomation/sensor/pollen.nix
@@ -0,0 +1,7 @@
+[ {
+ platform = "dwd_pollen";
+ partsregion_ids = [
+ 112
+ ];
+}
+]
diff --git a/makefu/2configs/mail/mail.euer.nix b/makefu/2configs/mail/mail.euer.nix
index d27b888a7..f51e54b80 100644
--- a/makefu/2configs/mail/mail.euer.nix
+++ b/makefu/2configs/mail/mail.euer.nix
@@ -1,7 +1,11 @@
{ config, pkgs, ... }:
{
imports = [
- (builtins.fetchTarball "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz")
+ (builtins.fetchTarball {
+ url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
+ sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
+ }
+ )
];
mailserver = {
diff --git a/makefu/2configs/tools/extra-gui.nix b/makefu/2configs/tools/extra-gui.nix
index dfb4183df..5f8614719 100644
--- a/makefu/2configs/tools/extra-gui.nix
+++ b/makefu/2configs/tools/extra-gui.nix
@@ -14,6 +14,6 @@
saleae-logic
gitAndTools.gitFull
signal-desktop
- rambox
+ # rambox
];
}
diff --git a/makefu/2configs/wireguard/wiregrill.nix b/makefu/2configs/wireguard/wiregrill.nix
new file mode 100644
index 000000000..082090755
--- /dev/null
+++ b/makefu/2configs/wireguard/wiregrill.nix
@@ -0,0 +1,46 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }: let
+
+ self = config.krebs.build.host.nets.wiregrill;
+ isRouter = !isNull self.via; # via "internet" is not set
+ ext-if = config.makefu.server.primary-itf;
+
+in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
+ #hack for modprobe inside containers
+ systemd.services."wireguard-wiregrill".path = mkIf config.boot.isContainer (mkBefore [
+ (pkgs.writeDashBin "modprobe" ":")
+ ]);
+
+ boot.kernel.sysctl = mkIf isRouter {
+ "net.ipv6.conf.all.forwarding" = 1;
+ };
+
+ networking.firewall = {
+ allowedUDPPorts = [ self.wireguard.port ];
+ extraCommands = ''
+ iptables -A FORWARD -i wiregrill -o wiregrill -j ACCEPT
+ '';
+ };
+
+ networking.wireguard.interfaces.wiregrill = {
+ ips =
+ (optional (!isNull self.ip4) self.ip4.addr) ++
+ (optional (!isNull self.ip6) self.ip6.addr);
+ listenPort = self.wireguard.port;
+ privateKeyFile = (toString <secrets>) + "/wiregrill.key";
+ allowedIPsAsRoutes = true;
+ peers = mapAttrsToList
+ (_: host: {
+ allowedIPs = if isRouter then
+ (optional (!isNull host.nets.wiregrill.ip4) host.nets.wiregrill.ip4.addr) ++
+ (optional (!isNull host.nets.wiregrill.ip6) host.nets.wiregrill.ip6.addr)
+ else
+ host.nets.wiregrill.wireguard.subnets
+ ;
+ endpoint = mkIf (!isNull host.nets.wiregrill.via) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
+ persistentKeepalive = mkIf (!isNull host.nets.wiregrill.via) 61;
+ publicKey = (replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey);
+ })
+ (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
+ };
+}