Merge remote-tracking branch 'gum/master'

2020-01-10 19:37:56 +01:00 · 2020-01-10 19:37:56 +01:00 · 4104b5d6d8
parent f491fac202 5d3fbb2af9
commit 4104b5d6d8
21 changed files with 549 additions and 107 deletions
--- a/krebs/1systems/filebitch/config.nix
+++ b/krebs/1systems/filebitch/config.nix
@ -0,0 +1,48 @@
+{ config, pkgs, ... }:
+let
+  shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+    <stockholm/krebs>
+    <stockholm/krebs/2configs>
+    # <stockholm/krebs/2configs/secret-passwords.nix>
+
+    # <stockholm/krebs/2configs/binary-cache/nixos.nix>
+    # <stockholm/krebs/2configs/binary-cache/prism.nix>
+    <stockholm/krebs/2configs/shack/ssh-keys.nix>
+    <stockholm/krebs/2configs/shack/prometheus/node.nix>
+    # provides access to /home/share for smbuser via smb
+    <stockholm/krebs/2configs/shack/share.nix>
+    {
+      fileSystems."/home/share" =
+        { device = "/serve";
+          options = [ "bind" "nofail" ];
+        };
+    }
+
+    ## Collect local statistics via collectd and send to collectd
+    <stockholm/krebs/2configs/stats/shack-client.nix>
+    <stockholm/krebs/2configs/stats/shack-debugging.nix>
+  ];
+
+  krebs.build.host = config.krebs.hosts.filebitch;
+  sound.enable = false;
+
+  services.udev.extraRules = ''
+    SUBSYSTEM=="net", ATTR{address}=="60:a4:4c:3d:52:cf", NAME="et0"
+  '';
+  networking = {
+    firewall.enable = true;
+    interfaces.et0.ipv4.addresses = [
+      {
+        address = shack-ip;
+        prefixLength = 20;
+      }
+    ];
+
+    defaultGateway = "10.42.0.1";
+    nameservers = [ "10.42.0.100" "10.42.0.200" ];
+  };
+}
--- a/krebs/1systems/filebitch/hardware-configuration.nix
+++ b/krebs/1systems/filebitch/hardware-configuration.nix
@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+let
+  byid = dev: "/dev/disk/by-id/" + dev;
+  keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; 
+in
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+  ];
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.forceImportAll = false;
+  boot.kernelParams = [
+    "boot.shell_on_fail"
+    "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+  ];
+  boot.tmpOnTmpfs = true;
+
+
+  boot.initrd.availableKernelModules = [ 
+    "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod"
+    "raid456"
+    "usbhid"
+    "usb_storage"
+  ];
+  boot.initrd.kernelModules = [
+    "sata_sil"
+    "megaraid_sas"
+  ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "tank/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "tank/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "tank/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5266-931D";
+      fsType = "vfat";
+    };
+  fileSystems."/serve" =
+    { device = "/dev/cryptvg/serve";
+      fsType = "ext4";
+      options = [ "nofail" ];
+    };
+  fileSystems."/serve/incoming" =
+    { device = "/dev/cryptvg/incoming";
+      fsType = "ext4";
+      options = [ "nofail" ];
+
+    };
+  fileSystems."/serve/movies" =
+    { device = "/dev/cryptvg/servemovies";
+      fsType = "ext4";
+      options = [ "nofail" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/3353c76f-50e4-471d-84bc-ff922d22b271"; }
+    ];
+
+    nix.maxJobs = lib.mkDefault 4;
+  boot.loader.grub.device = byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN";
+
+  networking.hostId = "54d97450"; # required for zfs use
+  boot.initrd.luks.devices = let
+        usbkey = name: device: {
+          inherit name device keyFile;
+          keyFileSize = 2048;
+          preLVM = true;
+        };
+  in [
+    ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2"))
+    // { allowDiscards = true; } )
+    ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3"))
+    // { allowDiscards = true; } )
+    (usbkey "125" "/dev/md125")
+    (usbkey "126" "/dev/md126")
+    (usbkey "127" "/dev/md127")
+  ];
+
+
+}
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@ -69,6 +69,10 @@ in
    # grafana.shack
    <stockholm/krebs/2configs/shack/grafana.nix>

+    # shackdns.shack
+    # replacement for leases.shack and shackles.shack
+    <stockholm/krebs/2configs/shack/shackDNS.nix>
+
  ];
  # use your own binary cache, fallback use cache.nixos.org (which is used by
  # apt-cacher-ng in first place)
--- a/krebs/2configs/shack/glados/automation/hass-restart.nix
+++ b/krebs/2configs/shack/glados/automation/hass-restart.nix
@ -0,0 +1,20 @@
+# needs:
+#  light.fablab_led
+[
+  { alias = "State on HA start-up";
+  trigger = {
+      platform = "homeassistant";
+      event = "start";
+    };
+    action = [
+      { service = "light.turn_on";
+        data = {
+          entity_id = "light.fablab_led";
+          effect = "Rainbow";
+          color_name = "yellow";
+        };
+      }
+    ];
+  }
+]
+
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@ -2,6 +2,7 @@
 let
  shackopen = import ./multi/shackopen.nix;
  wasser = import ./multi/wasser.nix;
+  badair = import ./multi/schlechte_luft.nix;
 in {
  services.nginx.virtualHosts."hass.shack" = {
    serverAliases = [ "glados.shack" ];
@ -44,7 +45,7 @@ in {
    autoExtraComponents = true;
    config = {
      homeassistant = {
-        name = "Bureautomation";
+        name = "Glados";
        time_zone = "Europe/Berlin";
        latitude = "48.8265";
        longitude = "9.0676";
@ -89,7 +90,7 @@ in {
        };
      };
      switch = wasser.switch;
-      light =  [];
+      light =  badair.light;
      media_player = [
        { platform = "mpd";
          host = "lounge.mpd.shack";
@ -99,7 +100,8 @@ in {
      sensor =
           (import ./sensors/hass.nix)
        ++ (import ./sensors/power.nix)
-        ++ shackopen.sensor;
+        ++ shackopen.sensor
+        ++ badair.sensor;

      binary_sensor = shackopen.binary_sensor;

@ -113,8 +115,9 @@ in {
        trusted_proxies = "127.0.0.1";
      };
      #conversation = {};
-      #history = {};
-      #logbook = {};
+      history = {};
+      logbook = {};
+      recorder = {};
      tts = [
        { platform = "google_translate";
          language = "de";
@ -123,10 +126,12 @@ in {
        #  language = "de-DE";
        #}
      ];
-      #recorder = {};
      sun = {};

-      automation = wasser.automation;
+      automation = wasser.automation 
+        ++ badair.automation 
+        ++ (import ./automation/hass-restart.nix);
+
      device_tracker = [];
    };
  };
--- a/krebs/2configs/shack/glados/lib/default.nix
+++ b/krebs/2configs/shack/glados/lib/default.nix
@ -0,0 +1,107 @@
+let
+  prefix = "glados";
+in
+{
+  esphome =
+  {
+    temp = {host, topic ? "temperature" }:
+    {
+      platform = "mqtt";
+      name = "${host} Temperature";
+      device_class = "temperature";
+      unit_of_measurement =  "°C";
+      icon = "mdi:thermometer";
+      state_topic = "${prefix}/${host}/sensor/${topic}/state";
+      availability_topic = "${prefix}/${host}/status";
+      payload_available = "online";
+      payload_not_available = "offline";
+    };
+    hum = {host, topic ? "humidity" }:
+    {
+      platform = "mqtt";
+      unit_of_measurement = "%";
+      icon = "mdi:water-percent";
+      device_class = "humidity";
+      name = "${host} Humidity";
+      state_topic = "${prefix}/${host}/sensor/${topic}/state";
+      availability_topic = "${prefix}/${host}/status";
+      payload_available = "online";
+      payload_not_available = "offline";
+    };
+    # copied from "homeassistant/light/fablab_led/led_ring/config"
+    led = {host,  topic ? "led", name ? host}:
+    { # name: fablab_led
+      # topic: led_ring
+      platform = "mqtt";
+      inherit name;
+      schema = "json";
+      brightness =  true;
+      rgb =  true;
+      effect =  true;
+      effect_list = [ # TODO: may be different
+        "Random"
+        "Strobe"
+        "Rainbow"
+        "Color Wipe"
+        "Scan"
+        "Twinkle"
+        "Fireworks"
+        "Addressable Flicker"
+        "None"
+      ];
+      state_topic = "${prefix}/${host}/light/${topic}/state";
+      command_topic = "${prefix}/${host}/light/${topic}/command";
+      availability_topic = "${prefix}/${host}/status";
+      payload_available = "online";
+      payload_not_available = "offline";
+      qos = 1;
+    };
+    # Feinstaub
+    dust_25m = { host, name ? "${host} < 2.5µm", topic ? "particulate_matter_25m_concentration" }:
+    {
+      platform = "mqtt";
+      unit_of_measurement = "µg/m³";
+      icon = "mdi:chemical-weapon";
+      inherit name;
+      state_topic = "${prefix}/${host}/sensor/${topic}/state";
+      availability_topic = "${prefix}/${host}/status";
+    };
+    dust_100m = {host, name ? "${host} < 10µm", topic ? "particulate_matter_100m_concentration" }:
+    {
+      platform = "mqtt";
+      unit_of_measurement = "µg/m³";
+      icon = "mdi:chemical-weapon";
+      inherit name;
+      state_topic = "${prefix}/${host}/sensor/${topic}/state";
+      availability_topic = "${prefix}/${host}/status";
+    };
+    switch = {host, name ? "${host} Button", topic ? "btn" }:
+    # host: ampel
+    # name: Button 1
+    # topic: btn1
+    {
+      inherit name;
+      platform = "mqtt";
+      state_topic = "${prefix}/${host}/sensor/${topic}/state";
+      command_topic = "${prefix}/${host}/switch/${topic}/state";
+      availability_topic = "${prefix}/${host}/status";
+    };
+  };
+  tasmota =
+  {
+    plug = {host, name ? host, topic ? host}:
+    {
+      platform = "mqtt";
+      inherit name;
+      state_topic = "sonoff/stat/${topic}/POWER1";
+      command_topic = "sonoff/cmnd/${topic}/POWER1";
+      availability_topic = "sonoff/tele/${topic}/LWT";
+      payload_on= "ON";
+      payload_off= "OFF";
+      payload_available= "Online";
+      payload_not_available= "Offline";
+      retain = false;
+      qos = 1;
+    };
+  };
+}
--- a/krebs/2configs/shack/glados/multi/schlechte_luft.nix
+++ b/krebs/2configs/shack/glados/multi/schlechte_luft.nix
@ -0,0 +1,123 @@
+let
+  glados = import ../lib;
+in
+{
+  # LED
+  light = [
+    (glados.esphome.led { name = "Fablab LED"; host = "fablab_led"; topic = "led_ring"; })
+
+    (glados.esphome.led { name = "Fablab LED Part A"; host = "fablab_led"; topic = "A";})
+    (glados.esphome.led { name = "Fablab LED Part B"; host = "fablab_led"; topic =  "B";})
+    (glados.esphome.led { name = "Fablab LED Part C"; host = "fablab_led"; topic = "C";})
+    (glados.esphome.led { name = "Fablab LED Part D"; host = "fablab_led"; topic = "D";})
+  ];
+  sensor = [
+    (glados.esphome.temp { host = "fablab_feinstaub";})
+    (glados.esphome.dust_25m  { host = "fablab_feinstaub";})
+    (glados.esphome.dust_100m { host = "fablab_feinstaub";})
+  ];
+  automation =
+    [
+    { alias = "Gute Luft Fablab";
+      trigger = [
+        {
+          platform = "numeric_state";
+          below = 25;
+          entity_id = "sensor.fablab_feinstaub_2_5um";
+        }
+      ];
+      action =
+        [
+          { service = "light.turn_on";
+            data = {
+              entity_id = "light.fablab_led";
+              effect = "Twinkle";
+              color_name = "green";
+            };
+          }
+        ];
+    }
+    { alias = "mäßige Luft Fablab";
+      trigger = [
+        #{
+        #  platform = "numeric_state";
+        #  above = 25;
+        #  entity_id = "sensor.fablab_feinstaub_25m";
+        #}
+        {
+          platform = "numeric_state";
+          above = 25;
+          below = 50;
+          entity_id = "sensor.fablab_feinstaub_2_5um";
+        }
+      ];
+      action =
+        [
+          { service = "light.turn_on";
+            data = {
+              entity_id = "light.fablab_led";
+              effect = "Twinkle";
+              color_name = "yellow";
+            };
+          }
+        ];
+    }
+    { alias = "schlechte Luft Fablab";
+      trigger = [
+        {
+          platform = "numeric_state";
+          above = 50;
+          entity_id = "sensor.fablab_feinstaub_2_5um";
+        }
+      ];
+      action =
+        [
+          { service = "light.turn_on";
+            data = {
+              entity_id = "light.fablab_led";
+              effect = "Twinkle";
+              color_name = "red";
+            };
+          }
+        ];
+    }
+    { alias = "Luft Sensor nicht verfügbar";
+      trigger = [
+        {
+          platform = "state";
+          to = "unavailable";
+          entity_id = "sensor.fablab_feinstaub_2_5um";
+        }
+      ];
+      action =
+        [
+          { service = "light.turn_on";
+            data = {
+              entity_id = "light.fablab_led";
+              effect = "Rainbow";
+              color_name = "blue";
+            };
+          }
+        ];
+    }
+    { alias = "Fablab Licht Reboot";
+      trigger = [
+        {
+          platform = "state";
+          from = "unavailable";
+          entity_id = "light.fablab_led";
+        }
+      ];
+      action =
+        [
+          { service = "light.turn_on";
+            data = {
+              entity_id = "light.fablab_led";
+              effect = "Rainbow";
+              color_name = "orange";
+            };
+          }
+        ];
+    }
+  ];
+}
--- a/krebs/2configs/shack/glados/multi/wasser.nix
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@ -1,23 +1,12 @@
 let
-  tasmota_plug = name: topic:
-  { platform = "mqtt";
-    inherit name;
-    state_topic = "sonoff/stat/${topic}/POWER1";
-    command_topic = "sonoff/cmnd/${topic}/POWER1";
-    availability_topic = "sonoff/tele/${topic}/LWT";
-    payload_on= "ON";
-    payload_off= "OFF";
-    payload_available= "Online";
-    payload_not_available= "Offline";
-    retain = false;
-    qos = 1;
-  };
+  glados = import ../lib;
  seconds = 20;
 in
 {
  switch = [
-    (tasmota_plug "Wasser" "plug")
+    (glados.tasmota.plug { host = "Wasser"; topic = "plug";} )
  ];
+
  automation =
  [
    { alias = "Water the plant for ${toString seconds} seconds";
--- a/krebs/2configs/shack/glados/sensors/hass.nix
+++ b/krebs/2configs/shack/glados/sensors/hass.nix
@ -1,22 +1,5 @@
 let
-  esphome_temp = name: 
-  { platform = "mqtt";
-    name = "${name} Temperature";
-    device_class = "temperature";
-    state_topic = "glados/${name}/sensor/temperature/state";
-    availability_topic = "glados/${name}/status";
-    payload_available = "online";
-    payload_not_available = "offline";
-  };
-  esphome_hum = name:
-  { platform = "mqtt";
-    device_class = "humidity";
-    name = "${name} Humidity";
-    state_topic = "glados/${name}/sensor/humidity/state";
-    availability_topic = "glados/${name}/status";
-    payload_available = "online";
-    payload_not_available = "offline";
-  };
+  glados = import ../lib;
 in
-     (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
-  ++ (map esphome_hum  [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
+     (map (host: glados.esphome.temp {inherit host;})  [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
+  ++ (map (host: glados.esphome.hum  {inherit host;})  [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
--- a/krebs/2configs/shack/muellshack.nix
+++ b/krebs/2configs/shack/muellshack.nix
@ -4,8 +4,8 @@ let
  pkg = pkgs.callPackage (
    pkgs.fetchgit {
      url = "https://git.shackspace.de/rz/muellshack";
-      rev = "4601f59787de090c83be6dbae6ca72d7fc84ab9f";
-      sha256 = "1cshbd6ipvynbm3gmnsm58ccc1m5xc87cpd3b6jx0s6pr2j19g9j";
+      rev = "c3d1f70325e5b90f280c5be60110e14f4de653ae";
+      sha256 = "1dd4kqwdr4v413rmkvmyjzzvw8id9747nifp96pg0c2cy6bhzj24";
    }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
    home = "/var/lib/muellshack";
    port = "8081";
--- a/krebs/2configs/shack/shackDNS.nix
+++ b/krebs/2configs/shack/shackDNS.nix
@ -0,0 +1,63 @@
+{ config, lib, pkgs, ... }:
+
+let
+  pkg = 
+    pkgs.fetchgit {
+      url = "https://git.shackspace.de/rz/shackdns";
+      rev = "e55cc906c734b398683f9607b93f1ad6435d8575";
+      sha256 = "1hkwhf3hqb4fz06b1ckh7sl0zcyi4da5fgdlksian8lxyd19n8sq";
+	  };
+  home = "/var/lib/shackDNS";
+  port = "8083";
+  config_file = pkgs.writeText "config" ''
+  # Points to a bind configuration file
+  dns-db = ${home}/db.shack
+
+  # Points to a shackles configuration file
+  # See `shackles.json` in repo
+  shackles-db = ${home}/shackles.json
+
+  # Points to a REST service with the DHCP leases
+  leases-api = http://dhcp.shack/dhcpd.leases
+
+  # Wrap this binding with https proxy or similar
+  binding = http://localhost:${port}/
+  '';
+in {
+  # receive response from light.shack / standby.shack
+  networking.firewall.allowedTCPPorts = [ ];
+
+  users.users.shackDNS = {
+    inherit home;
+    createHome = true;
+  };
+  services.nginx.virtualHosts."leases.shack" = {
+    locations."/" = {
+      proxyPass = "http://localhost:${port}/";
+    };
+  };
+  services.nginx.virtualHosts."shackdns.shack" = {
+    locations."/" = {
+      proxyPass = "http://localhost:${port}/";
+    };
+  };
+  services.nginx.virtualHosts."shackles.shack" = {
+    locations."/" = {
+      proxyPass = "http://localhost:${port}/";
+    };
+  };
+
+  systemd.services.shackDNS = {
+    description = "shackDNS provides an overview over DHCP and DNS as well as a replacement for shackles";
+    wantedBy = [ "multi-user.target" ];
+    environment.PORT = port;
+    serviceConfig = {
+      User = "shackDNS";
+      WorkingDirectory = home;
+      ExecStart = "${pkgs.mono6}/bin/mono ${pkg}/shackDNS.exe ${config_file}";
+      PrivateTmp = true;
+      Restart = "always";
+      RestartSec = "15";
+    };
+  };
+}
--- a/krebs/2configs/shack/ssh-keys.nix
+++ b/krebs/2configs/shack/ssh-keys.nix
@ -4,6 +4,7 @@
    config.krebs.users."0x4A6F".pubkey
    config.krebs.users.ulrich.pubkey
    config.krebs.users.raute.pubkey
+    config.krebs.users.xq.pubkey
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
  ];
--- a/krebs/3modules/external/default.nix
+++ b/krebs/3modules/external/default.nix
@ -464,6 +464,10 @@ in {
      mail = "0x4a6f@shackspace.de";
      pubkey = ssh-for "0x4A6F";
    };
+    xq = {
+      mail = "xq@shackspace.de";
+      pubkey = ssh-for "xq";
+    };
    miaoski = {
    };
    filly = {
--- a/krebs/3modules/external/ssh/xq.pub
+++ b/krebs/3modules/external/ssh/xq.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZR8LsswO/5f9/jc+tKNHHWtty5HTs13Vytbyz8DzJZrGJgOKeVA6OFPgWtaAKvxL/DUTVVVvqpOng2vACTC+CoPaCxE8yJchitkVQNg3zwsf8a8RdWsJAvZklfPz9qmmz+tM37yLpowiMNmCR5vrteRDso6GK4pUjikS5YvjT+vsvRWcVQpmjnAVYsBPgS9NIBjMDR3etoJgpSaF/oU4rDE2JElm/qOQ04W45JiJKVB2BkFomQ1EFl8oORYiMQzvaYA2BCsciBb6X+Jf0RZkVChErfawPzABhAcYpyNRhamaqiSWirw5o4l+ZaDkgezUf3ue6QuHjzuS02+3qIwXP felix@denkplatte
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@ -34,6 +34,35 @@ with import <stockholm/lib>;
  });
 in {
  hosts = mapAttrs hostDefaults ({
+    filebitch = {
+      ci = true;
+      cores = 4;
+      nets = {
+        shack = {
+          ip4.addr =  "10.42.0.50" ;
+          aliases = [
+            "filebitch.shack"
+          ];
+        };
+        retiolum = {
+          ip4.addr = "10.243.189.130";
+          aliases = [ "filebitch.r" ];
+          tinc.pubkey = ''
+            -----BEGIN RSA PUBLIC KEY-----
+            MIIBCgKCAQEA8ZSLsOlPy9Vd8XdEcIoP8H3rztsbB0McTYPGhUaZ6/aqcD/MBSQa
+            FT9NZS0+N0Pev7y90As6Rj5Wrom92xlThcFPaX0Dzmzz+7363M4qtlrtmmWkx2FX
+            VDrPOYbe4hGGOCsPNOTNJkcW4zs2Ym5YKbZeXHfnuqCW+yuhKBCgO9slc740jkHZ
+            5xuv5zbU3ZMRk1H8xi4+cQcHqh+1PY75lJxVSNvrbe5pvGxm9yVdp235b49ohDRU
+            UfUjXmymPlnfJgTOMxmHwl+UmwYR4Yw2CZKXTjbJe5HjbykleTwUb1qyijM8suJf
+            eXRyma8VGILcY6K/HmE4nz7ESAlI1c+QlwIDAQAB
+            -----END RSA PUBLIC KEY-----
+            Ed25519PublicKey = NPjEmo1dkxNS2Xm7qUyWhLKdFYF4MnhIM79NPQELWHC
+          '';
+        };
+      };
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRpjW68lSlTL8jBQcXKOTdGa+olQw5ghaU5df2yAE64";
+    };
    hotdog = {
      ci = true;
      nets = {
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@ -283,14 +283,6 @@ in {
      };
    };

-    filebitch = rec {
-      cores = 4;
-      nets = {
-        retiolum = {
-          ip4.addr = "10.243.189.130";
-        };
-      };
-          };

    shackdev = rec { # router@shack
      cores = 1;
--- a/krebs/3modules/makefu/retiolum/filebitch.pub
+++ b/krebs/3modules/makefu/retiolum/filebitch.pub
@ -1,8 +0,0 @@
-----BEGIN RSA PUBLIC KEY-----
-MIIBCgKCAQEA2VjW30A3uQoo5QwbFTnl5fuGg81DZVu8HXmDwgEkhZYr5Xf3V5/d
-fmPlX1igzatWYX0OylFAY69r0V4dqeTubIf83sz1eqtpXjK4czG8A3wMHEXj5Pzs
-e1Qh8K4rHMEATc7Y/cwpQBi2THn2bhufqgaz94m8HrStCZcKCin3fDMbE01WHWX1
-KFqeBtUd7b9pWbXKlLBNpHTZoGxVQk0Hto9pxYzHecRsbQXykYk3Rw2tSuf0aH99
-oY0i3LjOb+f2oq2S4qVHqHZsMJfDVr+x2/LP1SIcc1lVTztWSSAzZEokE0/ejvXf
-wkquBVHXdl6LuzH+/V1I7OsaMhHShYu1LwIDAQAB
-----END RSA PUBLIC KEY-----
--- a/makefu/2configs/homeautomation/default.nix
+++ b/makefu/2configs/homeautomation/default.nix
@ -108,7 +108,6 @@ in {
  ];

  services.home-assistant = {
-    package = pkgs.home-assistant.override { python3 = pkgs.python36; };
    config = {
      homeassistant = {
        name = "Home"; time_zone = "Europe/Berlin";
--- a/makefu/2configs/hw/bluetooth.nix
+++ b/makefu/2configs/hw/bluetooth.nix
@ -5,6 +5,7 @@
  hardware.pulseaudio = {
    enable = true;
    package = pkgs.pulseaudioFull;
+    extraModules = [ pkgs.pulseaudio-modules-bt ];
 # systemWide = true;
    support32Bit = true;
    configFile = pkgs.writeText "default.pa" ''
@ -23,7 +24,7 @@
      load-module module-switch-on-port-available
      '';
  };
-
+  services.blueman.enable = true;
 # presumably a2dp Sink
 # Enable profile:
 ## pacmd set-card-profile "$(pactl list cards short | egrep -o bluez_card[[:alnum:]._]+)" a2dp_sink
@ -32,10 +33,17 @@
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = false;
+
    extraConfig = ''
      [general]
      Enable=Source,Sink,Media,Socket
    '';
  };
  services.dbus.packages = [ pkgs.blueman ];
+  nixpkgs.overlays = [
+  (self: super: {
+    blueman = super.blueman.overrideAttrs (oldAttrs: {
+      buildInputs = oldAttrs.buildInputs ++ [ self.gnome3.adwaita-icon-theme ];
+    });
+  })];
 }
--- a/makefu/2configs/hw/network-manager.nix
+++ b/makefu/2configs/hw/network-manager.nix
@ -20,13 +20,17 @@
      RestartSec = "5";
    };
  };
-  networking.networkmanager.enable = true;

 # nixOSUnstable
+  networking.networkmanager.enable = true;
  networking.networkmanager.wifi = {
    powersave = true;
    scanRandMacAddress = true;
+    backend = "iwd";
  };
+  services.gnome3.gnome-keyring.enable = true;
+  networking.wireless.iwd.enable = true;
+
  state = [
    "/etc/NetworkManager/system-connections"  #NM stateful config files
  ];
--- a/makefu/5pkgs/studio-link/default.nix
+++ b/makefu/5pkgs/studio-link/default.nix
@ -1,44 +1,13 @@
-{ stdenv, fetchurl, buildFHSUserEnv, writeTextFile, alsaLib, atk, cairo, cups
-, dbus, expat, fontconfig, freetype, gcc, gdk_pixbuf, glib, gnome2, gtk2, nspr
-, nss, pango, systemd, xorg, utillinuxMinimal, unzip, openssl, zlib, libjack2 }:
+{ stdenv
+, fetchurl
+, alsaLib
+, unzip
+, openssl_1_0_2
+, zlib
+, libjack2
+, autoPatchelfHook
+}:

-let
-  libPath = stdenv.lib.makeLibraryPath [
-    alsaLib
-    atk
-    cairo
-    cups
-    dbus
-    expat
-    fontconfig
-    freetype
-    gcc.cc
-    gdk_pixbuf
-    glib
-    gnome2.GConf
-    gtk2
-    nspr
-    nss
-    pango
-
-    openssl
-    zlib
-    libjack2
-
-    systemd
-    xorg.libX11
-    xorg.libXScrnSaver
-    xorg.libXcomposite
-    xorg.libXcursor
-    xorg.libXdamage
-    xorg.libXext
-    xorg.libXfixes
-    xorg.libXi
-    xorg.libXrandr
-    xorg.libXrender
-    xorg.libXtst
-  ];
-in
 stdenv.mkDerivation rec {
  name = "studio-link-${version}";
  version = "17.03.1-beta";
@ -46,19 +15,24 @@ stdenv.mkDerivation rec {
    url = "https://github.com/Studio-Link-v2/backend/releases/download/v${version}/studio-link-standalone-linux.zip";
    sha256 = "1y21nymin7iy64hcffc8g37fv305b1nvmh944hkf7ipb06kcx6r9";
  };
-  buildInputs = [ unzip ];
-  phases = ["unpackPhase" "installPhase" "fixupPhase"];
+  nativeBuildInputs = [ unzip autoPatchelfHook ];
+  buildInputs = [
+      alsaLib
+
+      openssl_1_0_2
+      zlib
+      libjack2
+  ];
+
  unpackPhase = ''
    unzip $src
  '';
+
  installPhase = ''
    mkdir -p $out/bin
    cp studio-link-standalone $out/bin/studio-link
    chmod +x $out/bin/studio-link
  '';
-  postFixup = ''
-    patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath "${libPath}:\$ORIGIN" "$out/bin/studio-link"
-  '';

  meta = with stdenv.lib; {
    homepage = https://studio-link.com;
				`@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZR8LsswO/5f9/jc+tKNHHWtty5HTs13Vytbyz8DzJZrGJgOKeVA6OFPgWtaAKvxL/DUTVVVvqpOng2vACTC+CoPaCxE8yJchitkVQNg3zwsf8a8RdWsJAvZklfPz9qmmz+tM37yLpowiMNmCR5vrteRDso6GK4pUjikS5YvjT+vsvRWcVQpmjnAVYsBPgS9NIBjMDR3etoJgpSaF/oU4rDE2JElm/qOQ04W45JiJKVB2BkFomQ1EFl8oORYiMQzvaYA2BCsciBb6X+Jf0RZkVChErfawPzABhAcYpyNRhamaqiSWirw5o4l+ZaDkgezUf3ue6QuHjzuS02+3qIwXP felix@denkplatte`