From 1eeccb54a2ca0a2451781c0d528a410dbffae3c2 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 19 Jul 2019 16:04:45 +0200
Subject: [PATCH 01/11] wolf.r: graphite.shack redirect to graphite:8080
---
krebs/1systems/wolf/config.nix | 8 ++++----
krebs/2configs/{ => shack}/graphite.nix | 20 +++++++++++++-------
krebs/2configs/shack/influx.nix | 18 ++++++++++++++++++
3 files changed, 35 insertions(+), 11 deletions(-)
rename krebs/2configs/{ => shack}/graphite.nix (87%)
create mode 100644 krebs/2configs/shack/influx.nix
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 3cb358ca3..3c3cf61fa 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -42,19 +42,19 @@ in
# connect to git.shackspace.de as group runner for rz
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
- # Statistics collection and visualization
- <stockholm/krebs/2configs/graphite.nix>
+ # Statistics collection and visualization
+ <stockholm/krebs/2configs/shack/graphite.nix>
## Collect data from mqtt.shack and store in graphite database
<stockholm/krebs/2configs/shack/mqtt_sub.nix>
## Collect radioactive data and put into graphite
<stockholm/krebs/2configs/shack/radioactive.nix>
## mqtt.shack
<stockholm/krebs/2configs/shack/mqtt.nix>
+ ## influx.shack
+ <stockholm/krebs/2configs/shack/influx.nix>
## Collect local statistics via collectd and send to collectd
<stockholm/krebs/2configs/stats/wolf-client.nix>
- { services.influxdb.enable = true; }
-
<stockholm/krebs/2configs/shack/netbox.nix>
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
diff --git a/krebs/2configs/graphite.nix b/krebs/2configs/shack/graphite.nix
similarity index 87%
rename from krebs/2configs/graphite.nix
rename to krebs/2configs/shack/graphite.nix
index 64222e43a..1c8ec6a8b 100644
--- a/krebs/2configs/graphite.nix
+++ b/krebs/2configs/shack/graphite.nix
@@ -1,16 +1,22 @@
{ config, lib, pkgs, ... }:
+# hostname: graphite.shack
+
# graphite-web on port 8080
# carbon cache on port 2003 (tcp/udp)
-
-# TODO: krebs.graphite.minimal.enable
-# TODO: configure firewall
-with import <stockholm/lib>;
-{
- imports = [ ];
-
+let
+ port = 8080;
+in {
+ networking.firewall.allowedTCPPorts = [ 2003 port ];
+ networking.firewall.allowedUDPPorts = [ 2003 ];
+ services.nginx.virtualHosts."graphite.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${toString port}/";
+ };
+ };
services.graphite = {
api = {
+ inherit port;
enable = true;
listenAddress = "0.0.0.0";
};
diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix
new file mode 100644
index 000000000..599416c97
--- /dev/null
+++ b/krebs/2configs/shack/influx.nix
@@ -0,0 +1,18 @@
+let
+ port = 8086;
+in
+{
+ networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications
+ services.nginx.virtualHosts."influx.shack" = {
+ locations."/" = {
+ proxyPass = "http://localhost:${toString port}/";
+ };
+ };
+ services.influxdb = {
+ enable = true;
+ extraConfig = {
+ bind-address = ":${toString port}";
+ http.log-enabled = false;
+ };
+ };
+}
From c929afa9f3513eb457aa72762514ccfd3407dcb7 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 20 Jul 2019 00:09:47 +0200
Subject: [PATCH 02/11] wolf.r: grafana to seperate config
---
krebs/1systems/wolf/config.nix | 14 +++-----------
krebs/2configs/shack/grafana.nix | 19 +++++++++++++++++++
krebs/2configs/shack/influx.nix | 3 ++-
3 files changed, 24 insertions(+), 12 deletions(-)
create mode 100644 krebs/2configs/shack/grafana.nix
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index 3c3cf61fa..f3db30fc4 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -1,7 +1,6 @@
{ config, pkgs, ... }:
let
shack-ip = config.krebs.build.host.nets.shack.ip4.addr;
- influx-host = "127.0.0.1";
ext-if = "et0";
external-mac = "52:54:b0:0b:af:fe";
@@ -56,11 +55,13 @@ in
<stockholm/krebs/2configs/stats/wolf-client.nix>
<stockholm/krebs/2configs/shack/netbox.nix>
+ # prometheus.shack
<stockholm/krebs/2configs/shack/prometheus/server.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
+ # grafana.shack
+ <stockholm/krebs/2configs/shack/grafana.nix>
<stockholm/krebs/2configs/collectd-base.nix> # home-assistant
- { services.influxdb.enable = true; }
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
@@ -70,15 +71,6 @@ in
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
- services.grafana = {
- enable = true;
- addr = "0.0.0.0";
- users.allowSignUp = true;
- users.allowOrgCreate = true;
- users.autoAssignOrg = true;
- auth.anonymous.enable = true;
- security = import <secrets/grafana_security.nix>;
- };
nix = {
# use the up to date prism cache
diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix
new file mode 100644
index 000000000..adf0a4bc3
--- /dev/null
+++ b/krebs/2configs/shack/grafana.nix
@@ -0,0 +1,19 @@
+let
+ port = 3000;
+in {
+
+ networking.firewall.allowedTCPPorts = [ port ]; # legacy
+ services.nginx.virtualHosts."grafana.shack" = {
+ locations."/".proxyPass = "http://localhost:${toString port}";
+ };
+ services.grafana = {
+ enable = true;
+ port = port;
+ addr = "0.0.0.0";
+ users.allowSignUp = true;
+ users.allowOrgCreate = true;
+ users.autoAssignOrg = true;
+ auth.anonymous.enable = true;
+ security = import <secrets/grafana_security.nix>;
+ };
+}
diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix
index 599416c97..91b4fa9b7 100644
--- a/krebs/2configs/shack/influx.nix
+++ b/krebs/2configs/shack/influx.nix
@@ -1,3 +1,4 @@
+# hostname: influx.shack
let
port = 8086;
in
@@ -11,7 +12,7 @@ in
services.influxdb = {
enable = true;
extraConfig = {
- bind-address = ":${toString port}";
+ http.bind-address = "0.0.0.0:${toString port}";
http.log-enabled = false;
};
};
From 91833c560a2656d39bda5f87c0c4786670e2fc1f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sat, 20 Jul 2019 00:10:16 +0200
Subject: [PATCH 03/11] shack/prometheus: remove legacy config
---
krebs/2configs/shack/mqtt.nix | 1 +
krebs/2configs/shack/prometheus/server.nix | 11 ++++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/krebs/2configs/shack/mqtt.nix b/krebs/2configs/shack/mqtt.nix
index 8e5438db2..e78f0f974 100644
--- a/krebs/2configs/shack/mqtt.nix
+++ b/krebs/2configs/shack/mqtt.nix
@@ -1,3 +1,4 @@
+# hostname: mqtt.shack
{
networking.firewall.allowedTCPPorts = [ 1883 ];
networking.firewall.allowedUDPPorts = [ 1883 ];
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index c936f2531..93af88fad 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -3,14 +3,19 @@
{
networking = {
firewall.allowedTCPPorts = [
- 3000 # grafana
9090 # prometheus
9093 # alertmanager
];
- useDHCP = true;
};
-
services = {
+ nginx.virtualHosts = {
+ "prometheus.shack" = {
+ locations."/".proxyPass = "http://localhost:9090";
+ };
+ "alert.prometheus.shack" = {
+ locations."/".proxyPass = "http://localhost:9093";
+ };
+ };
prometheus = {
enable = true;
extraFlags = [
From 3189052d4deb516d49f721d5cf496818034ef9b0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Thu, 25 Jul 2019 22:13:14 +0200
Subject: [PATCH 04/11] krebs: cleanup default.nix
---
krebs/1systems/wolf/config.nix | 14 --------------
krebs/2configs/default.nix | 14 +-------------
2 files changed, 1 insertion(+), 27 deletions(-)
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index f3db30fc4..d4a52e71d 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -67,20 +67,10 @@ in
# use your own binary cache, fallback use cache.nixos.org (which is used by
# apt-cacher-ng in first place)
-
# local discovery in shackspace
nixpkgs.config.packageOverrides = pkgs: { tinc = pkgs.tinc_pre; };
krebs.tinc.retiolum.extraConfig = "TCPOnly = yes";
- nix = {
- # use the up to date prism cache
- binaryCaches = [
- "https://cache.nixos.org/"
- ];
- binaryCachePublicKeys = [
- "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
- ];
- };
networking = {
firewall.enable = false;
@@ -125,10 +115,6 @@ in
swapDevices = [
{ device = "/dev/disk/by-label/swap"; }
];
- # fallout of ipv6calypse
- networking.extraHosts = ''
- hass.shack 10.42.2.191
- '';
users.extraUsers.root.openssh.authorizedKeys.keys = [
config.krebs.users."0x4a6f".pubkey
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 8771c0e1d..d7d6fbf37 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -14,18 +14,13 @@ with import <stockholm/lib>;
];
krebs.announce-activation.enable = true;
krebs.enable = true;
- krebs.tinc.retiolum.enable = true;
+ krebs.tinc.retiolum.enable = mkDefault true;
krebs.build.user = mkDefault config.krebs.users.krebs;
networking.hostName = config.krebs.build.host.name;
nix.maxJobs = 1;
- nix.trustedBinaryCaches = [
- "https://cache.nixos.org"
- "http://cache.nixos.org"
- "http://hydra.nixos.org"
- ];
nix.useSandbox = true;
environment.systemPackages = with pkgs; [
@@ -39,8 +34,6 @@ with import <stockholm/lib>;
defaultLocale = lib.mkForce "C";
};
-
-
programs.ssh.startAgent = false;
services.openssh = {
@@ -55,18 +48,13 @@ with import <stockholm/lib>;
users.mutableUsers = false;
users.extraUsers.root.openssh.authorizedKeys.keys = [
- # TODO
config.krebs.users.jeschli-brauerei.pubkey
config.krebs.users.lass.pubkey
config.krebs.users.lass-mors.pubkey
config.krebs.users.makefu.pubkey
- # TODO HARDER:
- config.krebs.users.makefu-omo.pubkey
config.krebs.users.tv.pubkey
];
-
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "17.03";
-
}
From 726aff83056d913029168bd48fa91c1f6b7bf8c0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 26 Aug 2019 11:37:23 +0200
Subject: [PATCH 05/11] ma prison-break: bump to 1.3.0
---
makefu/5pkgs/prison-break/default.nix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix
index 672e0b3a0..affeb8c4d 100644
--- a/makefu/5pkgs/prison-break/default.nix
+++ b/makefu/5pkgs/prison-break/default.nix
@@ -3,12 +3,12 @@ with pkgs.python3.pkgs;
buildPythonPackage rec {
pname = "prison-break";
- version = "1.2.0";
+ version = "1.3.0";
src = fetchFromGitHub {
owner = "makefu";
repo = pname;
rev = version;
- sha256 = "07wy6f06vj9s131c16gw1xl1jf9gq5xiqia8awfb26s99gxlv7l9";
+ sha256 = "sha256:1kjfwsz6wg5l9pa7484vq64f054qil0ksf6dh9arwspxwnzshgdh";
};
propagatedBuildInputs = [
docopt
From 18badcd7c6b196095214ea1cbc9141e19f3cba03 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Sep 2019 13:56:03 +0200
Subject: [PATCH 06/11] puyak.r,wolf.r: configure monitoring for shack infra
---
krebs/1systems/puyak/config.nix | 4 ++++
krebs/1systems/wolf/config.nix | 19 ++++++++++++++++---
.../{wolf-client.nix => shack-client.nix} | 10 +---------
.../shack-debugging.nix} | 4 ++--
4 files changed, 23 insertions(+), 14 deletions(-)
rename krebs/2configs/stats/{wolf-client.nix => shack-client.nix} (85%)
rename krebs/2configs/{collectd-base.nix => stats/shack-debugging.nix} (84%)
diff --git a/krebs/1systems/puyak/config.nix b/krebs/1systems/puyak/config.nix
index ea73e4bd2..6321b6cc4 100644
--- a/krebs/1systems/puyak/config.nix
+++ b/krebs/1systems/puyak/config.nix
@@ -15,6 +15,10 @@
<stockholm/krebs/2configs/news-spam.nix>
<stockholm/krebs/2configs/shack/prometheus/node.nix>
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
+
+ ## Collect local statistics via collectd and send to collectd
+ <stockholm/krebs/2configs/stats/shack-client.nix>
+ <stockholm/krebs/2configs/stats/shack-debugging.nix>
];
krebs.build.host = config.krebs.hosts.puyak;
diff --git a/krebs/1systems/wolf/config.nix b/krebs/1systems/wolf/config.nix
index d4a52e71d..c6622fdec 100644
--- a/krebs/1systems/wolf/config.nix
+++ b/krebs/1systems/wolf/config.nix
@@ -38,6 +38,10 @@ in
# mobile.lounge.mpd.shack
<stockholm/krebs/2configs/shack/mobile.mpd.nix>
+
+ # hass.shack
+ <stockholm/krebs/2configs/shack/glados>
+
# connect to git.shackspace.de as group runner for rz
<stockholm/krebs/2configs/shack/gitlab-runner.nix>
@@ -51,8 +55,10 @@ in
<stockholm/krebs/2configs/shack/mqtt.nix>
## influx.shack
<stockholm/krebs/2configs/shack/influx.nix>
+
## Collect local statistics via collectd and send to collectd
- <stockholm/krebs/2configs/stats/wolf-client.nix>
+ <stockholm/krebs/2configs/stats/shack-client.nix>
+ <stockholm/krebs/2configs/stats/shack-debugging.nix>
<stockholm/krebs/2configs/shack/netbox.nix>
# prometheus.shack
@@ -61,7 +67,6 @@ in
<stockholm/krebs/2configs/shack/prometheus/unifi.nix>
# grafana.shack
<stockholm/krebs/2configs/shack/grafana.nix>
- <stockholm/krebs/2configs/collectd-base.nix> # home-assistant
];
# use your own binary cache, fallback use cache.nixos.org (which is used by
@@ -120,14 +125,22 @@ in
config.krebs.users."0x4a6f".pubkey
config.krebs.users.ulrich.pubkey
config.krebs.users.raute.pubkey
- config.krebs.users.makefu-omo.pubkey
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDb9NPa2Hf51afcG1H13UPbE5E02J8aC9a1sGCRls592wAVlQbmojYR1jWDPA2m32Bsyv0ztqi81zDyndWWZPQVJVBk00VjYBcgk6D5ifqoAuWLzfuHJPWZGOvBf/U74/LNFNUkj1ywjneK7HYTRPXrRBBfBSQNmQzkvue7s599L2vdueZKyjNsMpx2m6nm2SchaMuDskSQut/168JgU1l4M8BeT68Bo4WdelhBYnhSI1a59FGkgdu2SCjyighLQRy2sOH3ksnkHWENPkA+wwQOlKl7R3DsEybrNd4NU9FSwFDyDmdhfv5gJp8UGSFdjAwx43+8zM5t5ruZ25J0LnVb0PuTuRA00UsW83MkLxFpDQLrQV08tlsY6iGrqxP67C3VJ6t4v6oTp7/vaRLhEFc1PhOLh+sZ18o8MLO+e2rGmHGHQnSKfBOLUvDMGa4jb01XBGjdnIXLOkVo79YR5jZn7jJb2gTZ95OD6bWSDADoURSuwuLa7kh4ti1ItAKuhkIvbuky3rRVvQEc92kJ6aNUswIUXJa0K2ibbIY6ycKAA3Ljksl3Mm9KzOn6yc/i/lSF+SOrTGhabPJigKkIoqKIwnV5IU3gkfsxPQJOBMPqHDGAOeYQe3WpWedEPYuhQEczw4exMb9TkNE96F71PzuQPJDl5sPAWyPLeMKpy5XbfRiF2by4nxN3ZIQvjtoyVkjNV+qM0q0yKBzLxuRAEQOZ2yCEaBudZQkQiwHD97H2vu4SRQ/2aOie1XiOnmdbQRDZSO3BsoDK569K1w+gDfSnqY7zVUMj6tw+uKx6Gstck5lbvYMtdWKsfPv/pDM8eyIVFLL93dKTX+ertcQj6xDwLfOiNubE5ayFXhYkjwImV6NgfBuq+3hLK0URP2rPlOZbbZTQ0WlKD6CCRZPMSZCU9oD2zYfqpvRArBUcdkAwGePezORkfJQLE6mYEJp6pdFkJ/IeFLbO6M0lZVlfnpzAC9kjjkMCRofZUETcFSppyTImCbgo3+ok59/PkNU5oavBXyW80ue2tWHr08HX/QALNte3UITmIIlU6SFMCPMWJqadK1eDPWfJ4H4iDXRNn3D5wqN++iMloKvpaj0wieqXLY4+YfvNTNr177OU48GEWW8DnoEkbpwsCbjPxznGDQhdDqdYyMY/fDgRQReKITvKYGHRzesGysw5cKsp9LEfXD0R6WE2TeiiENla5AWzTgXJB0AyZEcOiIfqOgT9Nr9S8q5gc/BdA7P+jhGGJgEHhV3dVlfIZ7pmZc27Yu7UTQ0lbAKWqcMSTOdne+QL6ILzbvLrQwdvax4tQdm5opfU16SrOox1AMwAbkdq84z6uJqYVx3cUXfMJgTyDNrVv3or root@plattenschwein" # for backup
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1Lx5MKtVjB/Ef6LpEiIAgVwY5xKQFdHuLQR+odQO4cAgxj1QaIXGN0moixY52DebVQhAtiCNiFZ83uJyOj8kmu30yuXwtSOQeqziA859qMJKZ4ZcYdKvbXwnf2Chm5Ck/0FvtpjTWHIZAogwP1wQto/lcqHOjrTAnZeJfQuHTswYUSnmUU5zdsEZ9HidDPUc2Gv0wkBNd+KMQyOZl0HkaxHWvn0h4KK4hYZisOpeTfXJxD87bo+Eg4LL2vvnHW6dF6Ygrbd/0XRMsRRI8OAReVBUoJn7IE1wwAl/FpblNmhaF9hlL7g7hR1ADvaWMMw0e8SSzW6Y+oIa8qFQL6wR1 gitlab-builder" # for being deployed by gitlab ci
];
+
services.udev.extraRules = ''
SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
'';
time.timeZone = "Europe/Berlin";
sound.enable = false;
+
+ # avahi
+ services.avahi = {
+ enable = true;
+ wideArea = false;
+ };
+ environment.systemPackages = [ pkgs.avahi ];
+
}
diff --git a/krebs/2configs/stats/wolf-client.nix b/krebs/2configs/stats/shack-client.nix
similarity index 85%
rename from krebs/2configs/stats/wolf-client.nix
rename to krebs/2configs/stats/shack-client.nix
index 0412eba9a..ceb7d9edd 100644
--- a/krebs/2configs/stats/wolf-client.nix
+++ b/krebs/2configs/stats/shack-client.nix
@@ -53,15 +53,7 @@
LoadPlugin network
<Plugin "network">
- Server "stats.makefu.r" "25826"
- </Plugin>
-
- LoadPlugin curl
- <Plugin curl>
- <Page "smarthome">
- URL "http://smarthome.shack/";
- MeasureResponseTime true
- </Page>
+ Server "influx.shack" "25826"
</Plugin>
'';
};
diff --git a/krebs/2configs/collectd-base.nix b/krebs/2configs/stats/shack-debugging.nix
similarity index 84%
rename from krebs/2configs/collectd-base.nix
rename to krebs/2configs/stats/shack-debugging.nix
index 71a00be3a..b5a0cf05e 100644
--- a/krebs/2configs/collectd-base.nix
+++ b/krebs/2configs/stats/shack-debugging.nix
@@ -9,7 +9,7 @@ let
ModulePath "${collectd-connect-time}/lib/${python.libPrefix}/site-packages/"
Import "collectd_connect_time"
<Module collectd_connect_time>
- target "localhost:22" "google.com" "google.de" "gum.r:22" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de"
+ target "localhost:22" "google.com" "google.de" "gum.krebsco.de" "10.42.0.1:22" "heise.de" "t-online.de""10.0.1.3" "10.0.0.3:22" "10.0.0.4:22"
interval 10
</Module>
</Plugin>
@@ -18,7 +18,7 @@ let
LoadPlugin write_graphite
<Plugin "write_graphite">
<Carbon>
- Host "wolf.r"
+ Host "graphite.shack"
Port "2003"
Prefix "retiolum."
EscapeCharacter "_"
From 86592a723309d45dc09ff90872c0ee4aa7e52dc0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Sep 2019 13:56:34 +0200
Subject: [PATCH 07/11] shack/influx: enable collectd receiver
---
krebs/2configs/shack/influx.nix | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/krebs/2configs/shack/influx.nix b/krebs/2configs/shack/influx.nix
index 91b4fa9b7..92cb24bf3 100644
--- a/krebs/2configs/shack/influx.nix
+++ b/krebs/2configs/shack/influx.nix
@@ -1,9 +1,12 @@
-# hostname: influx.shack
+{pkgs, ... }: # hostname: influx.shack
let
port = 8086;
+ collectd-port = 25826;
+ db = "collectd_db";
in
{
networking.firewall.allowedTCPPorts = [ port ]; # for legacy applications
+ networking.firewall.allowedUDPPorts = [ collectd-port ];
services.nginx.virtualHosts."influx.shack" = {
locations."/" = {
proxyPass = "http://localhost:${toString port}/";
@@ -14,6 +17,17 @@ in
extraConfig = {
http.bind-address = "0.0.0.0:${toString port}";
http.log-enabled = false;
+ http.write-tracing = false;
+ http.suppress-write-log = true;
+ data.trace-logging-enabled = false;
+ data.query-log-enabled = false;
+ monitoring.enabled = false;
+ collectd = [{
+ enabled = true;
+ typesdb = "${pkgs.collectd}/share/collectd/types.db";
+ database = db;
+ bind-address = ":${toString collectd-port}";
+ }];
};
};
}
From e4c836b9c4901f99fe870dae8c338dbe648494ac Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Sep 2019 13:57:06 +0200
Subject: [PATCH 08/11] shack/glados: init home-assistant config
---
krebs/2configs/shack/glados/default.nix | 130 ++++++++++++++++++
.../2configs/shack/glados/deps/dwd_pollen.nix | 32 +++++
.../2configs/shack/glados/deps/gtts-token.nix | 27 ++++
.../shack/glados/deps/pyhaversion.nix | 33 +++++
krebs/2configs/shack/glados/sensors/hass.nix | 22 +++
krebs/2configs/shack/glados/sensors/power.nix | 25 ++++
6 files changed, 269 insertions(+)
create mode 100644 krebs/2configs/shack/glados/default.nix
create mode 100644 krebs/2configs/shack/glados/deps/dwd_pollen.nix
create mode 100644 krebs/2configs/shack/glados/deps/gtts-token.nix
create mode 100644 krebs/2configs/shack/glados/deps/pyhaversion.nix
create mode 100644 krebs/2configs/shack/glados/sensors/hass.nix
create mode 100644 krebs/2configs/shack/glados/sensors/power.nix
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
new file mode 100644
index 000000000..a984536bd
--- /dev/null
+++ b/krebs/2configs/shack/glados/default.nix
@@ -0,0 +1,130 @@
+{ config, pkgs, lib, ... }:
+let
+in {
+ services.nginx.virtualHosts."hass.shack".locations."/" = {
+ proxyPass = "http://localhost:8123";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+
+ proxy_buffering off;
+ '';
+ };
+ services.home-assistant = let
+ dwd_pollen = pkgs.fetchFromGitHub {
+ owner = "marcschumacher";
+ repo = "dwd_pollen";
+ rev = "0.1";
+ sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
+ };
+ in {
+ enable = true;
+ package = (pkgs.home-assistant.overrideAttrs (old: {
+ # TODO: find correct python package
+ installCheckPhase = ''
+ echo LOLLLLLLLLLLLLLL
+ '';
+ postInstall = ''
+ cp -r ${dwd_pollen} $out/lib/python3.7/site-packages/homeassistant/components/dwd_pollen
+ '';
+ })).override {
+ extraPackages = ps: with ps; [
+ python-forecastio jsonrpc-async jsonrpc-websocket mpd2
+ (callPackage ./deps/gtts-token.nix { })
+ (callPackage ./deps/pyhaversion.nix { })
+ ];
+ };
+ autoExtraComponents = true;
+ config = {
+ homeassistant = {
+ name = "Bureautomation";
+ time_zone = "Europe/Berlin";
+ latitude = "48.8265";
+ longitude = "9.0676";
+ elevation = 303;
+ auth_providers = [
+ { type = "homeassistant";}
+ { type = "legacy_api_password";}
+ { type = "trusted_networks";
+ # allow_bypass_login = true;
+ }
+ ];
+ };
+ # https://www.home-assistant.io/components/influxdb/
+ influxdb = {
+ database = "hass";
+ tags = {
+ instance = "wolf";
+ source = "hass";
+ };
+ };
+ mqtt = {
+ broker = "localhost";
+ port = 1883;
+ client_id = "home-assistant";
+ keepalive = 60;
+ protocol = 3.1;
+ birth_message = {
+ topic = "glados/hass/status/LWT";
+ payload = "Online";
+ qos = 1;
+ retain = true;
+ };
+ will_message = {
+ topic = "glados/hass/status/LWT";
+ payload = "Offline";
+ qos = 1;
+ retain = true;
+ };
+ };
+ switch = [];
+ light = [];
+ media_player = [
+ { platform = "mpd";
+ host = "lounge.mpd.shack";
+ }
+ ];
+ sensor =
+ [{ platform = "version"; }]
+ ++ (import ./sensors/hass.nix)
+ ++ (import ./sensors/power.nix);
+
+ camera = [];
+
+ frontend = { };
+ http = {
+ # TODO: https://github.com/home-assistant/home-assistant/issues/16149
+ base_url = "http://hass.shack";
+ use_x_forwarded_for = true;
+ trusted_proxies = "127.0.0.1";
+ api_password = "shackit";
+ trusted_networks = [
+ "127.0.0.1/32"
+ "10.42.0.0/16"
+ "::1/128"
+ "fd00::/8"
+ ];
+ };
+ conversation = {};
+ history = {};
+ logbook = {};
+ tts = [
+ { platform = "google";
+ language = "de";
+ }
+ { platform = "picotts";
+ language = "de-DE";
+ }
+ ];
+ recorder = {};
+ sun = {};
+
+ automation = [];
+ device_tracker = [];
+ };
+ };
+}
diff --git a/krebs/2configs/shack/glados/deps/dwd_pollen.nix b/krebs/2configs/shack/glados/deps/dwd_pollen.nix
new file mode 100644
index 000000000..39d9c3069
--- /dev/null
+++ b/krebs/2configs/shack/glados/deps/dwd_pollen.nix
@@ -0,0 +1,32 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, python
+, voluptuous
+}:
+
+buildPythonPackage rec {
+ format = "other";
+ pname = "dwd_pollen";
+ version = "0.1";
+
+ src = fetchFromGitHub {
+ owner = "marcschumacher";
+ repo = "dwd_pollen";
+ rev = version;
+ sha256 = "1af2mx99gv2hk1ad53g21fwkdfdbymqcdl3jvzd1yg7dgxlkhbj1";
+ };
+ propagatedBuildInputs = [
+ voluptuous
+ ];
+ installPhase = ''
+ install -D -t $out/${python.sitePackages}/homeassistant/components/sensor/dwd_pollen *
+ '';
+
+ meta = with lib; {
+ description = "Home Assistant component to retrieve Pollen data from DWD (Germany)";
+ homepage = https://github.com/marcschumacher/dwd_pollen;
+ license = licenses.mit;
+ maintainers = [ maintainers.makefu ];
+ };
+}
diff --git a/krebs/2configs/shack/glados/deps/gtts-token.nix b/krebs/2configs/shack/glados/deps/gtts-token.nix
new file mode 100644
index 000000000..69640f03d
--- /dev/null
+++ b/krebs/2configs/shack/glados/deps/gtts-token.nix
@@ -0,0 +1,27 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, requests
+}:
+
+buildPythonPackage rec {
+ pname = "gtts-token";
+ version = "1.1.3";
+
+ src = fetchPypi {
+ pname = "gTTS-token";
+ inherit version;
+ sha256 = "9d6819a85b813f235397ef931ad4b680f03d843c9b2a9e74dd95175a4bc012c5";
+ };
+
+ propagatedBuildInputs = [
+ requests
+ ];
+
+ meta = with lib; {
+ description = "Calculates a token to run the Google Translate text to speech";
+ homepage = https://github.com/boudewijn26/gTTS-token;
+ license = licenses.mit;
+ # maintainers = [ maintainers. ];
+ };
+}
diff --git a/krebs/2configs/shack/glados/deps/pyhaversion.nix b/krebs/2configs/shack/glados/deps/pyhaversion.nix
new file mode 100644
index 000000000..a75c6a976
--- /dev/null
+++ b/krebs/2configs/shack/glados/deps/pyhaversion.nix
@@ -0,0 +1,33 @@
+{ lib
+, buildPythonPackage
+, fetchpatch
+, fetchPypi
+, aiohttp
+, async-timeout
+}:
+
+buildPythonPackage rec {
+ pname = "pyhaversion";
+ version = "2.2.1";
+
+ src = fetchPypi {
+ inherit pname version;
+ sha256 = "72b65aa25d7b2dbb839a4d0218df2005c2335e93526035904d365bb668030b9f";
+ };
+ patches = [
+ (fetchpatch { url = "https://github.com/makefu/pyhaversion/commit/f3bdc38970272cd345c2cfbde3037ea492ca27c4.patch";
+ sha256 =
+ "1rhq4z7mdgnwhwpf5fmarnbc1ba3qysk1wqjdr0hvbzi8vmvbfcc";})
+ ];
+ doCheck = false;
+ propagatedBuildInputs = [
+ aiohttp
+ async-timeout
+ ];
+
+ meta = with lib; {
+ description = "";
+ homepage = https://github.com/ludeeus/pyhaversion;
+ # maintainers = [ maintainers. ];
+ };
+}
diff --git a/krebs/2configs/shack/glados/sensors/hass.nix b/krebs/2configs/shack/glados/sensors/hass.nix
new file mode 100644
index 000000000..634758701
--- /dev/null
+++ b/krebs/2configs/shack/glados/sensors/hass.nix
@@ -0,0 +1,22 @@
+let
+ esphome_temp = name:
+ { platform = "mqtt";
+ name = "${name} Temperature";
+ device_class = "temperature";
+ state_topic = "glados/${name}/sensor/temperature/state";
+ availability_topic = "glados/${name}/status";
+ payload_available = "online";
+ payload_not_available = "offline";
+ };
+ esphome_hum = name:
+ { platform = "mqtt";
+ device_class = "humidity";
+ name = "${name} Humidity";
+ state_topic = "glados/${name}/sensor/humidity/state";
+ availability_topic = "glados/${name}/status";
+ payload_available = "online";
+ payload_not_available = "offline";
+ };
+in
+ (map esphome_temp [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
+ ++ (map esphome_hum [ "lounge" "werkstatt" "herrenklo" "dusche" "fablab" "whc" ])
diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix
new file mode 100644
index 000000000..940888c7d
--- /dev/null
+++ b/krebs/2configs/shack/glados/sensors/power.nix
@@ -0,0 +1,25 @@
+let
+ power_x = name: phase:
+ { platform = "mqtt";
+ name = "${phase} ${name}";
+ state_topic = "/power/total/${phase}/${name}";
+ availability_topic = "/power/lwt";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+ power_consumed =
+ { platform = "mqtt";
+ name = "Power Consumed";
+ state_topic = "/power/total/consumed";
+ availability_topic = "/power/lwt";
+ payload_available = "Online";
+ payload_not_available = "Offline";
+ };
+ power_volt = power_x "Voltage";
+ power_watt = power_x "Power";
+ power_curr = power_x "Current";
+in
+ (map power_volt [ "L1" "L2" "L3" ])
+++ (map power_watt [ "L1" "L2" "L3" ])
+++ (map power_curr [ "L1" "L2" "L3" ])
+++ [ power_consumed ]
From 6d7fe1f11554e8d123c01f1545456b15daa6a26a Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Sep 2019 15:31:30 +0200
Subject: [PATCH 09/11] shack/prometheus/server: lower retention time due to
space limitation
---
krebs/2configs/shack/prometheus/server.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index 93af88fad..12f757e89 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -19,7 +19,7 @@
prometheus = {
enable = true;
extraFlags = [
- "-storage.local.retention 8760h"
+ "-storage.local.retention 720h"
"-storage.local.series-file-shrink-ratio 0.3"
"-storage.local.memory-chunks 2097152"
"-storage.local.max-chunks-to-persist 1048576"
From 39b1e08ad1358cc54527e9b87cb5fbc01349b62e Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 2 Sep 2019 15:45:59 +0200
Subject: [PATCH 10/11] stats/shack-client: ignore docker interfaces
---
krebs/2configs/stats/shack-client.nix | 2 ++
1 file changed, 2 insertions(+)
diff --git a/krebs/2configs/stats/shack-client.nix b/krebs/2configs/stats/shack-client.nix
index ceb7d9edd..5131b0f78 100644
--- a/krebs/2configs/stats/shack-client.nix
+++ b/krebs/2configs/stats/shack-client.nix
@@ -17,6 +17,8 @@
Interface "lo"
Interface "vboxnet*"
Interface "virbr*"
+ Interface "veth*"
+ Interface "br-*"
IgnoreSelected true
</Plugin>
From fce2c4275caf7df064fb13a4280291a9aefaef1f Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Fri, 6 Sep 2019 01:07:20 +0200
Subject: [PATCH 11/11] shack/glados: init shackopen and auto watering
---
krebs/2configs/shack/glados/default.nix | 12 +++-
.../2configs/shack/glados/multi/shackopen.nix | 23 +++++++
krebs/2configs/shack/glados/multi/wasser.nix | 65 +++++++++++++++++++
krebs/2configs/shack/glados/sensors/power.nix | 2 +
4 files changed, 99 insertions(+), 3 deletions(-)
create mode 100644 krebs/2configs/shack/glados/multi/shackopen.nix
create mode 100644 krebs/2configs/shack/glados/multi/wasser.nix
diff --git a/krebs/2configs/shack/glados/default.nix b/krebs/2configs/shack/glados/default.nix
index a984536bd..54e7aef5c 100644
--- a/krebs/2configs/shack/glados/default.nix
+++ b/krebs/2configs/shack/glados/default.nix
@@ -1,5 +1,7 @@
{ config, pkgs, lib, ... }:
let
+ shackopen = import ./multi/shackopen.nix;
+ wasser = import ./multi/wasser.nix;
in {
services.nginx.virtualHosts."hass.shack".locations."/" = {
proxyPass = "http://localhost:8123";
@@ -81,17 +83,21 @@ in {
retain = true;
};
};
- switch = [];
+ switch = wasser.switch;
light = [];
media_player = [
{ platform = "mpd";
host = "lounge.mpd.shack";
}
];
+
sensor =
[{ platform = "version"; }]
++ (import ./sensors/hass.nix)
- ++ (import ./sensors/power.nix);
+ ++ (import ./sensors/power.nix)
+ ++ shackopen.sensor;
+
+ binary_sensor = shackopen.binary_sensor;
camera = [];
@@ -123,7 +129,7 @@ in {
recorder = {};
sun = {};
- automation = [];
+ automation = wasser.automation;
device_tracker = [];
};
};
diff --git a/krebs/2configs/shack/glados/multi/shackopen.nix b/krebs/2configs/shack/glados/multi/shackopen.nix
new file mode 100644
index 000000000..354405d06
--- /dev/null
+++ b/krebs/2configs/shack/glados/multi/shackopen.nix
@@ -0,0 +1,23 @@
+{
+ binary_sensor = [
+ { platform = "mqtt";
+ name = "Portal Lock";
+ device_class = "door";
+ state_topic = "portal/gateway/status";
+ availability_topic = "portal/gateway/lwt";
+ payload_on = "open";
+ payload_off = "closed";
+ payload_available = "online";
+ payload_not_available = "offline";
+ }
+ ];
+ sensor = [
+ { platform = "mqtt";
+ name = "Keyholder";
+ state_topic = "portal/gateway/keyholder";
+ availability_topic = "portal/gateway/lwt";
+ payload_available = "online";
+ payload_not_available = "offline";
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/multi/wasser.nix b/krebs/2configs/shack/glados/multi/wasser.nix
new file mode 100644
index 000000000..a2c80851b
--- /dev/null
+++ b/krebs/2configs/shack/glados/multi/wasser.nix
@@ -0,0 +1,65 @@
+let
+ tasmota_plug = name: topic:
+ { platform = "mqtt";
+ inherit name;
+ state_topic = "sonoff/stat/${topic}/POWER1";
+ command_topic = "sonoff/cmnd/${topic}/POWER1";
+ availability_topic = "sonoff/tele/${topic}/LWT";
+ payload_on= "ON";
+ payload_off= "OFF";
+ payload_available= "Online";
+ payload_not_available= "Offline";
+ retain = false;
+ qos = 1;
+ };
+in
+{
+ switch = [
+ (tasmota_plug "Wasser" "plug")
+ ];
+ automation =
+ [
+ { alias = "Water the plant for 10 seconds";
+ trigger = [
+ { # trigger at 20:00 no matter what
+ # TODO: retry or run only if switch.wasser is available
+ platform = "time";
+ at = "20:00:00";
+ }
+ ];
+ action =
+ [
+ {
+ service = "homeassistant.turn_on";
+ entity_id = [
+ "switch.wasser"
+ ];
+ }
+ { delay.seconds = 10; }
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [
+ "switch.wasser"
+ ];
+ }
+ ];
+ }
+ { alias = "Always turn off water after 15 seconds";
+ trigger = [
+ {
+ platform = "state";
+ entity_id = "switch.wasser";
+ to = "on";
+ for.seconds = 15;
+ }
+ ];
+ action =
+ [
+ {
+ service = "homeassistant.turn_off";
+ entity_id = [ "switch.wasser" ];
+ }
+ ];
+ }
+ ];
+}
diff --git a/krebs/2configs/shack/glados/sensors/power.nix b/krebs/2configs/shack/glados/sensors/power.nix
index 940888c7d..1aa250a19 100644
--- a/krebs/2configs/shack/glados/sensors/power.nix
+++ b/krebs/2configs/shack/glados/sensors/power.nix
@@ -2,6 +2,7 @@ let
power_x = name: phase:
{ platform = "mqtt";
name = "${phase} ${name}";
+ # device_class = "power";
state_topic = "/power/total/${phase}/${name}";
availability_topic = "/power/lwt";
payload_available = "Online";
@@ -10,6 +11,7 @@ let
power_consumed =
{ platform = "mqtt";
name = "Power Consumed";
+ #device_class = "power";
state_topic = "/power/total/consumed";
availability_topic = "/power/lwt";
payload_available = "Online";