From 00ea95a20c02467812c4a9d945cfd7088e5cca5e Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 13 Apr 2019 18:16:37 +0200 Subject: [PATCH 01/36] ma tools: disable packages broken in 19.03 --- makefu/2configs/tools/android-pentest.nix | 2 +- makefu/2configs/tools/core-gui.nix | 3 ++- makefu/2configs/tools/media.nix | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/makefu/2configs/tools/android-pentest.nix b/makefu/2configs/tools/android-pentest.nix index 05560db90..036f6e6fe 100644 --- a/makefu/2configs/tools/android-pentest.nix +++ b/makefu/2configs/tools/android-pentest.nix @@ -3,7 +3,7 @@ { nixpkgs.config.android_sdk.accept_license = true; users.users.makefu.packages = with pkgs; [ - mitmproxy + # mitmproxy nmap msf drozer diff --git a/makefu/2configs/tools/core-gui.nix b/makefu/2configs/tools/core-gui.nix index 41bfef270..ee4f05980 100644 --- a/makefu/2configs/tools/core-gui.nix +++ b/makefu/2configs/tools/core-gui.nix @@ -10,7 +10,8 @@ keepassx pcmanfm evince - mirage + # replacement for mirage: + sxiv tightvnc gnome3.dconf xdotool diff --git a/makefu/2configs/tools/media.nix b/makefu/2configs/tools/media.nix index 88a7c6882..3f2cf3096 100644 --- a/makefu/2configs/tools/media.nix +++ b/makefu/2configs/tools/media.nix @@ -7,7 +7,7 @@ vlc mumble mplayer - quodlibet # exfalso + # quodlibet # exfalso plowshare streamripper From 8058af6c74fca7725393750f3a6653512db6c72e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 14:16:53 +0200 Subject: [PATCH 02/36] realwallpaper: reduce log noise --- krebs/3modules/realwallpaper.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index cb940efef..a0c00c20d 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -78,7 +78,7 @@ let serviceConfig = { Type = "simple"; ExecStart = pkgs.writeDash "generate-wallpaper" '' - set -xeuf + set -euf # usage: getimg FILENAME URL fetch() { From 40f83f1140d9d4cd669d692d594f232be434e654 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:37:28 +0200 Subject: [PATCH 03/36] external: add ada.r --- krebs/3modules/external/default.nix | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index c9715cb85..9bfc920a3 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -429,6 +429,17 @@ in { }; }; }; + ada = { + owner = config.krebs.users.filly; + nets = { + wiregrill = { + aliases = [ "ada.w" ]; + wireguard = { + pubkey = "+t0j9j7TZqvSFPzgunnON/ArXVGpMS/L3DldpanLoUk="; + }; + }; + }; + }; }; users = { ciko = { @@ -464,6 +475,8 @@ in { }; miaoski = { }; + filly = { + }; }; } From c4af929d398e9e8bcb9a67644814018451c87d45 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:15 +0200 Subject: [PATCH 04/36] l shodan.r: add syncthing.id --- krebs/3modules/lass/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 3396c2802..1daaffbfb 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -240,6 +240,7 @@ in { secure = true; ssh.privkey.path = ; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9vup68R0I+62FK+8LNtwM90V9P4ukBmU7G7d54wf4C"; + syncthing.id = "AU5RTWC-HXNMDRT-TN4ZHXY-JMQ6EQB-4ZPOZL7-AICZMCZ-LNS2XXQ-DGTI2Q6"; }; icarus = { cores = 2; From d61f9654f294f4e491e6ff8bb04f34c916d7cf67 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:38:57 +0200 Subject: [PATCH 05/36] l daedalus.r: add ublock origin --- krebs/3modules/lass/default.nix | 1 + lass/1systems/daedalus/config.nix | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/krebs/3modules/lass/default.nix b/krebs/3modules/lass/default.nix index 1daaffbfb..41f3852b9 100644 --- a/krebs/3modules/lass/default.nix +++ b/krebs/3modules/lass/default.nix @@ -39,6 +39,7 @@ in { io 60 IN NS ions.lassul.us. ions 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} lol 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} + matrix 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} paste 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} radio 60 IN A ${config.krebs.hosts.prism.nets.internet.ip4.addr} ''; diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index e28fbf2f8..56c9c5fba 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -27,6 +27,12 @@ with import ; enable = true; systemWide = true; }; + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + ]; + }; environment.systemPackages = with pkgs; [ pavucontrol #firefox From cef929303a5c0a992aeddedc6aa57d503c7891df Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:39:50 +0200 Subject: [PATCH 06/36] l littleT: import green-host --- lass/1systems/littleT/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/littleT/config.nix b/lass/1systems/littleT/config.nix index eee23ee60..d44e62053 100644 --- a/lass/1systems/littleT/config.nix +++ b/lass/1systems/littleT/config.nix @@ -8,6 +8,7 @@ with import ; + ]; networking.networkmanager.enable = true; From 0dc099791b311afabf4ce26de98e9ab628b2d2a0 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:41:51 +0200 Subject: [PATCH 07/36] l mors.r: add dns update scripts --- lass/1systems/mors/config.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 52bcc9e15..3db29a712 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -137,6 +137,18 @@ with import ; (pkgs.writeDashBin "btc-kraken" '' ${pkgs.curl}/bin/curl -Ss 'https://api.kraken.com/0/public/Ticker?pair=BTCEUR' | ${pkgs.jq}/bin/jq '.result.XXBTZEUR.a[0]' '') + (pkgs.writeDashBin "krebsco.de" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.brain}/bin/brain show krebs-secrets/ovh-secrets.json > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.krebszones}/bin/krebszones import + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') + (pkgs.writeDashBin "lassul.us" '' + TMPDIR=$(${pkgs.coreutils}/bin/mktemp -d) + ${pkgs.pass}/bin/pass show admin/ovh/api.config > "$TMPDIR"/ovh-secrets.json + OVH_ZONE_CONFIG="$TMPDIR"/ovh-secrets.json ${pkgs.ovh-zone}/bin/ovh-zone import /etc/zones/lassul.us lassul.us + ${pkgs.coreutils}/bin/rm -rf "$TMPDIR" + '') ]; #TODO: fix this shit From 8d6957c64f310b38df47da587ee1a01437bd6489 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:48:20 +0200 Subject: [PATCH 08/36] l green.r: sync .weechat --- lass/1systems/green/config.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 6ae157e38..3abc03c2f 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -16,12 +16,13 @@ with import ; krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; - #networking.nameservers = [ "1.1.1.1" ]; #time.timeZone = "Europe/Berlin"; From 2e6376fbd04000597557e69bce0c00ee0db5277e Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 17:50:47 +0200 Subject: [PATCH 09/36] l mors.r: sync the_playlist with prism.r --- lass/1systems/mors/config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 3db29a712..706c3f58b 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -51,7 +51,7 @@ with import ; { krebs.syncthing.folders = [ { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" ]; } + { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ From 631bc1c48068a3649762074178f85e3024bd1736 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:10:23 +0200 Subject: [PATCH 10/36] l: add more green.r hosts --- lass/1systems/shodan/config.nix | 1 + lass/1systems/skynet/config.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 39c0791fc..7236d5e9f 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -15,6 +15,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/1systems/skynet/config.nix b/lass/1systems/skynet/config.nix index 0bf3e6b4d..70787e514 100644 --- a/lass/1systems/skynet/config.nix +++ b/lass/1systems/skynet/config.nix @@ -8,6 +8,7 @@ with import ; + { services.xserver.enable = true; services.xserver.desktopManager.xfce.enable = true; From ff86e4a137ff28b0a3ef2279d7397aa81cea1c03 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 18:12:47 +0200 Subject: [PATCH 11/36] l shodan.r & icarus.r: decrypt via ssh --- lass/1systems/icarus/config.nix | 1 + lass/1systems/shodan/config.nix | 1 + lass/2configs/ssh-cryptsetup.nix | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) create mode 100644 lass/2configs/ssh-cryptsetup.nix diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 06b1e7366..d8c8699ae 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -20,6 +20,7 @@ + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix index 7236d5e9f..5de87d790 100644 --- a/lass/1systems/shodan/config.nix +++ b/lass/1systems/shodan/config.nix @@ -16,6 +16,7 @@ with import ; + ]; krebs.build.host = config.krebs.hosts.shodan; diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix new file mode 100644 index 000000000..c5e1c5928 --- /dev/null +++ b/lass/2configs/ssh-cryptsetup.nix @@ -0,0 +1,17 @@ +{ config, ... }: +{ + boot.initrd = { + network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = with config.krebs.users; [ + config.krebs.users.lass-mors.pubkey + config.krebs.users.lass-blue.pubkey + config.krebs.users.lass-shodan.pubkey + config.krebs.users.lass-icarus.pubkey + ]; + }; + }; + }; +} From f6e73456d0a3acbd8c59fdfde2faf930ec085bf9 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 19:41:33 +0200 Subject: [PATCH 12/36] l: add green-host.nix --- lass/2configs/green-host.nix | 83 ++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 lass/2configs/green-host.nix diff --git a/lass/2configs/green-host.nix b/lass/2configs/green-host.nix new file mode 100644 index 000000000..860d7c113 --- /dev/null +++ b/lass/2configs/green-host.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, ... }: +with import ; + +{ + imports = [ + + + { #hack for already defined + systemd.services."container@green".reloadIfChanged = mkForce false; + systemd.services."container@green".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q ' on /var/lib/containers/green ' + ''; + systemd.services."container@green".postStop = '' + set -x + ${pkgs.umount}/bin/umount /var/lib/containers/green + ls -la /dev/mapper/control + ${pkgs.devicemapper}/bin/dmsetup ls + ${pkgs.cryptsetup}/bin/cryptsetup -v luksClose /var/lib/sync-containers/green.img + ''; + } + ]; + + lass.ensure-permissions = [ + { folder = "/var/lib/sync-containers"; owner = "root"; group = "syncthing"; } + ]; + + krebs.syncthing.folders = [ + { path = "/var/lib/sync-containers"; peers = [ "icarus" "skynet" "littleT" "shodan" ]; } + ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + + containers.green = { + config = { ... }: { + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + config.krebs.users.lass.pubkey + ]; + }; + autoStart = false; + enableTun = true; + privateNetwork = true; + hostAddress = "10.233.2.15"; + localAddress = "10.233.2.16"; + }; + + environment.systemPackages = [ + (pkgs.writeDashBin "start-green" '' + set -fu + CONTAINER='green' + IMAGE='/var/lib/sync-containers/green.img' + + ${pkgs.cryptsetup}/bin/cryptsetup status "$CONTAINER" >/dev/null + if [ "$?" -ne 0 ]; then + ${pkgs.cryptsetup}/bin/cryptsetup luksOpen "$IMAGE" "$CONTAINER" + fi + + mkdir -p /var/lib/containers/"$CONTAINER" + + ${pkgs.mount}/bin/mount | grep -q " on /var/lib/containers/"$CONTAINER" " + if [ "$?" -ne 0 ]; then + ${pkgs.mount}/bin/mount -o sync /dev/mapper/"$CONTAINER" /var/lib/containers/"$CONTAINER" + fi + + STATE=$(${pkgs.nixos-container}/bin/nixos-container status "$CONTAINER") + if [ "$STATE" = 'down' ]; then + ${pkgs.nixos-container}/bin/nixos-container start "$CONTAINER" + fi + ping -c1 green.r + if [ "$?" -ne 0 ]; then + ${pkgs.nixos-container}/bin/nixos-container run green -- nixos-rebuild -I /var/src switch + fi + + '') + ]; +} From bfff3b0a698bd5a7ea1f90511c2578bdb4828b97 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:00:06 +0200 Subject: [PATCH 13/36] l: reorganize syncs --- lass/1systems/blue/config.nix | 11 ++--------- lass/1systems/green/config.nix | 12 ++---------- lass/1systems/mors/config.nix | 6 ++---- lass/2configs/sync/decsync.nix | 8 ++++++++ lass/2configs/sync/weechat.nix | 8 ++++++++ 5 files changed, 22 insertions(+), 23 deletions(-) create mode 100644 lass/2configs/sync/decsync.nix create mode 100644 lass/2configs/sync/weechat.nix diff --git a/lass/1systems/blue/config.nix b/lass/1systems/blue/config.nix index 43c80d52f..14f4971f7 100644 --- a/lass/1systems/blue/config.nix +++ b/lass/1systems/blue/config.nix @@ -9,19 +9,12 @@ with import ; + + ]; krebs.build.host = config.krebs.hosts.blue; - krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; - environment.shellAliases = { deploy = pkgs.writeDash "deploy" '' set -eu diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix index 3abc03c2f..0b4b50ee4 100644 --- a/lass/1systems/green/config.nix +++ b/lass/1systems/green/config.nix @@ -8,21 +8,13 @@ with import ; - # + + ]; krebs.build.host = config.krebs.hosts.green; - krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } - ]; - lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } - ]; - #networking.nameservers = [ "1.1.1.1" ]; #time.timeZone = "Europe/Berlin"; diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 706c3f58b..01410cdb6 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -26,6 +26,8 @@ with import ; + + @@ -50,14 +52,10 @@ with import ; } { krebs.syncthing.folders = [ - { id = "contacts"; path = "/home/lass/contacts"; peers = [ "mors" "blue" "green" "phone" ]; } { id = "the_playlist"; path = "/home/lass/tmp/the_playlist"; peers = [ "mors" "phone" "prism" ]; } - { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } ]; lass.ensure-permissions = [ - { folder = "/home/lass/contacts"; owner = "lass"; group = "syncthing"; } { folder = "/home/lass/tmp/the_playlist"; owner = "lass"; group = "syncthing"; } - { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } ]; } { diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix new file mode 100644 index 000000000..94569c94d --- /dev/null +++ b/lass/2configs/sync/decsync.nix @@ -0,0 +1,8 @@ +{ + krebs.syncthing.folders = [ + { id = "decsync"; path = "/home/lass/decsync"; peers = [ "mors" "blue" "green" "phone" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/decsync"; owner = "lass"; group = "syncthing"; } + ]; +} diff --git a/lass/2configs/sync/weechat.nix b/lass/2configs/sync/weechat.nix new file mode 100644 index 000000000..d10177b1d --- /dev/null +++ b/lass/2configs/sync/weechat.nix @@ -0,0 +1,8 @@ +{ + krebs.syncthing.folders = [ + { path = "/home/lass/.weechat"; peers = [ "blue" "green" "mors" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/lass/.weechat"; owner = "lass"; group = "syncthing"; } + ]; +} From 23e81c6a15f1617fc9064eb13372fb7e12498ff3 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:03 +0200 Subject: [PATCH 14/36] l daedalus.r: add zsnes --- lass/1systems/daedalus/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 56c9c5fba..37a1b6d4c 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -47,6 +47,7 @@ with import ; geeqie vlc minecraft + zsnes ]; nixpkgs.config.firefox.enableAdobeFlash = true; services.xserver.enable = true; From ee89afab29f40c70fc863ea1aa27f72ed0411d3d Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:14 +0200 Subject: [PATCH 15/36] l daedalus.r: remove minecraft --- lass/1systems/daedalus/config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/lass/1systems/daedalus/config.nix b/lass/1systems/daedalus/config.nix index 37a1b6d4c..6e3df12f0 100644 --- a/lass/1systems/daedalus/config.nix +++ b/lass/1systems/daedalus/config.nix @@ -46,7 +46,6 @@ with import ; wine geeqie vlc - minecraft zsnes ]; nixpkgs.config.firefox.enableAdobeFlash = true; From 61da9d16449409f02509c1c2ec201f8dc7ad87b2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:01:34 +0200 Subject: [PATCH 16/36] l iso: fix build --- lass/1systems/iso.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lass/1systems/iso.nix b/lass/1systems/iso.nix index be064bed2..a814cc6b9 100644 --- a/lass/1systems/iso.nix +++ b/lass/1systems/iso.nix @@ -6,7 +6,6 @@ with import ; - { @@ -40,9 +39,10 @@ with import ; networking.hostName = "lass-iso"; } { + nixpkgs.config.packageOverrides = import pkgs; krebs.enable = true; krebs.build.user = config.krebs.users.lass; - krebs.build.host = config.krebs.hosts.iso; + krebs.build.host = {}; } { nixpkgs.config.allowUnfree = true; @@ -174,11 +174,13 @@ with import ; user = "lass"; }; windowManager.default = "xmonad"; - windowManager.session = [{ + windowManager.session = let + xmonad-lass = pkgs.callPackage { inherit config; }; + in [{ name = "xmonad"; start = '' ${pkgs.xorg.xhost}/bin/xhost +LOCAL: - ${pkgs.xmonad-lass}/bin/xmonad & + ${xmonad-lass}/bin/xmonad & waitPID=$! ''; }]; From 9f19b5f9619688a8249c0db5fcc9aec4d2fc7fbf Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:05:20 +0200 Subject: [PATCH 17/36] l mors.r: add transgui to pkgs --- lass/1systems/mors/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 01410cdb6..69b931a95 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -92,6 +92,7 @@ with import ; pkgs.ovh-zone pkgs.bank pkgs.adb-sync + pkgs.transgui ]; } { From b246b8ac43c0ab552617956357cc12b36d5a18fd Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:08:14 +0200 Subject: [PATCH 18/36] l morpheus.r: add autologin --- lass/1systems/morpheus/config.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lass/1systems/morpheus/config.nix b/lass/1systems/morpheus/config.nix index 0d82ba611..cab267d54 100644 --- a/lass/1systems/morpheus/config.nix +++ b/lass/1systems/morpheus/config.nix @@ -30,4 +30,12 @@ with import ; ]; }; }; + + + services.xserver.desktopManager.default = "none"; + services.xserver.displayManager.lightdm.autoLogin = { + enable = true; + user = "lass"; + timeout = 5; + }; } From 40968c0129b389415bdca5647b71b3a82b1ddd15 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:10:20 +0200 Subject: [PATCH 19/36] l prism.r: add samba wiregrill share --- lass/1systems/prism/config.nix | 36 ++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index b3b7ac0df..d7b0b701a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -413,6 +413,42 @@ with import ; ]; }; } + { #macos mounting of yellow + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i wiregrill -p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-i wiregrill -p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + download = { + path = "/var/download/finished"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; + } ]; krebs.build.host = config.krebs.hosts.prism; From e4c59ba54992a80671c45d38ab96f7ff0d22b900 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:11:20 +0200 Subject: [PATCH 20/36] l yellow.r: reduce transmission journal spam --- lass/1systems/yellow/config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 8b3b2814f..cda0d0a33 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -31,6 +31,7 @@ with import ; download-dir = "/var/download/finished"; incomplete-dir = "/var/download/incoming"; incomplete-dir-enable = true; + message-level = 1; umask = "002"; rpc-whitelist-enabled = false; rpc-host-whitelist-enabled = false; From d06a5ce073133f74de8d5513d457e2c470d1eaa2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:12:01 +0200 Subject: [PATCH 21/36] l: add xdg-open settings --- lass/2configs/baseX.nix | 1 + lass/2configs/xdg-open.nix | 66 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 lass/2configs/xdg-open.nix diff --git a/lass/2configs/baseX.nix b/lass/2configs/baseX.nix index 26d6622ae..5003d2279 100644 --- a/lass/2configs/baseX.nix +++ b/lass/2configs/baseX.nix @@ -9,6 +9,7 @@ in { ./power-action.nix ./copyq.nix ./urxvt.nix + ./xdg-open.nix { hardware.pulseaudio = { enable = true; diff --git a/lass/2configs/xdg-open.nix b/lass/2configs/xdg-open.nix new file mode 100644 index 000000000..824c36dc7 --- /dev/null +++ b/lass/2configs/xdg-open.nix @@ -0,0 +1,66 @@ +{ config, pkgs, lib, ... }: with import ; let + + xdg-open-wrapper = pkgs.writeDashBin "xdg-open" '' + /run/wrappers/bin/sudo -u lass ${xdg-open} "$@" + ''; + + xdg-open = pkgs.writeBash "xdg-open" '' + set -e + FILE="$1" + mime= + + case "$FILE" in + http://*|https://*) + mime=text/html + ;; + mailto:*) + mime=special/mailaddress + ;; + magnet:*) + mime=application/x-bittorrent + ;; + irc:*) + mime=x-scheme-handler/irc + ;; + *) + # it’s a file + + # strip possible protocol + FILE=''${FILE#file://} + mime=''$(file -E --brief --mime-type "$FILE") \ + || (echo "$mime" 1>&2; exit 1) + # ^ echo the error message of file + ;; + esac + + case "$mime" in + special/mailaddress) + urxvtc --execute vim "$FILE" ;; + ${optionalString (hasAttr "browser" config.lass) '' + text/html) + ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + text/xml) + ${config.lass.browser.select}/bin/browser-select "$FILE" ;; + ''} + text/*) + urxvtc --execute vim "$FILE" ;; + image/*) + sxiv "$FILE" ;; + application/x-bittorrent) + env DISPLAY=:0 transgui "$FILE" ;; + application/pdf) + zathura "$FILE" ;; + inode/directory) + sudo -u lass -i urxvtc --execute mc "$FILE" ;; + *) + # open dmenu and ask for program to open with + $(dmenu_path | dmenu) "$FILE";; + esac + ''; +in { + environment.systemPackages = [ xdg-open-wrapper ]; + + security.sudo.extraConfig = '' + cr ALL=(lass) NOPASSWD: ${xdg-open} * + ''; +} From cc986ff84ba2893b8f68b95842b46fb65987e437 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:12:38 +0200 Subject: [PATCH 22/36] l: add more emails --- lass/2configs/exim-smarthost.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index aec59261c..4216bd67a 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -100,6 +100,9 @@ with import ; { from = "box@lassul.us"; to = lass.mail; } { from = "paloalto@lassul.us"; to = lass.mail; } { from = "subtitles@lassul.us"; to = lass.mail; } + { from = "lobsters@lassul.us"; to = lass.mail; } + { from = "fysitech@lassul.us"; to = lass.mail; } + { from = "threema@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } From 5e4e3fb82edee271204021cc9d44624a2fb3ff26 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:13:10 +0200 Subject: [PATCH 23/36] l mail: remove deprecated notmuch fix --- lass/2configs/mail.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 0803846aa..6de111ba8 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -233,8 +233,4 @@ in { tag-new-mails tag-old-mails ]; - - nixpkgs.config.packageOverrides = opkgs: { - notmuch = (opkgs.notmuch.overrideAttrs (o: { doCheck = false; })); - }; } From 32664bdbd53f1989169278d9196ecabf350cddf2 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:14:06 +0200 Subject: [PATCH 24/36] l radio: reduce journal spam --- lass/2configs/radio.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index f88b2627b..f14b28219 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -59,6 +59,9 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + log_level "default" + auto_update "yes" + audio_output { type "shout" encoding "lame" From c48e24665017cce5a1a859799f7060bbad8ccc83 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:14:36 +0200 Subject: [PATCH 25/36] l prism-share: set export to ro --- lass/2configs/prism-share.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix index 70e616ec6..aa3eb541d 100644 --- a/lass/2configs/prism-share.nix +++ b/lass/2configs/prism-share.nix @@ -21,7 +21,7 @@ with import ; shares = { incoming = { path = "/mnt/prism"; - "read only" = "no"; + "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; From f35ccc7529427e543044998549104191b5bdbb06 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:15:07 +0200 Subject: [PATCH 26/36] l radio: sync the_playlist folder --- lass/2configs/radio.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index f14b28219..d67d970f8 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -248,4 +248,10 @@ in { alias ${html}; ''; }; + krebs.syncthing.folders = [ + { id = "the_playlist"; path = "/home/radio/music/the_playlist"; peers = [ "mors" "phone" "prism" ]; } + ]; + lass.ensure-permissions = [ + { folder = "/home/radio/music/the_playlist"; owner = "radio"; group = "syncthing"; } + ]; } From 47c4919a066b9ac06b822d9f4111b4e06f9ad17b Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:15:38 +0200 Subject: [PATCH 27/36] l syncthing: share sync with shodan --- lass/2configs/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix index d8b3c9f90..fc10b2cb4 100644 --- a/lass/2configs/syncthing.nix +++ b/lass/2configs/syncthing.nix @@ -16,7 +16,7 @@ with import ; key = toString ; peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts); folders = [ - { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; } + { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism" "shodan" ]; } ]; }; From 24d7e2fa03a4533368a8ec90599211366feb1510 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:16:06 +0200 Subject: [PATCH 28/36] l domsen: run verify_arg as root --- lass/2configs/websites/domsen.nix | 2 +- lass/3modules/usershadow.nix | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 5bd5a7cac..2131c7c62 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -119,7 +119,7 @@ in { authenticators.PLAIN = '' driver = plaintext public_name = PLAIN - server_condition = ''${run{${config.lass.usershadow.path}/bin/verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} + server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth2 $auth3}{yes}{no}} ''; authenticators.LOGIN = '' driver = plaintext diff --git a/lass/3modules/usershadow.nix b/lass/3modules/usershadow.nix index d967a108a..51da2ec93 100644 --- a/lass/3modules/usershadow.nix +++ b/lass/3modules/usershadow.nix @@ -45,6 +45,10 @@ source = "${usershadow}/bin/verify_pam"; owner = "root"; }; + security.wrappers.shadow_verify_arg = { + source = "${usershadow}/bin/verify_arg"; + owner = "root"; + }; }; usershadow = let { From d0d3fcb2d2b9ed82dd1ff2864b9fbbd88aa65ff4 Mon Sep 17 00:00:00 2001 From: lassulus Date: Wed, 17 Apr 2019 20:24:50 +0200 Subject: [PATCH 29/36] l mors.r: remove chromecast firewall rule --- lass/1systems/mors/config.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/lass/1systems/mors/config.nix b/lass/1systems/mors/config.nix index 69b931a95..7e183f40f 100644 --- a/lass/1systems/mors/config.nix +++ b/lass/1systems/mors/config.nix @@ -43,8 +43,6 @@ with import ; krebs.iptables.tables.filter.INPUT.rules = [ #risk of rain { predicate = "-p tcp --dport 11100"; target = "ACCEPT"; } - #chromecast - { predicate = "-p udp -m multiport --sports 32768:61000 -m multiport --dports 32768:61000"; target = "ACCEPT"; } #quake3 { predicate = "-p tcp --dport 27950:27965"; target = "ACCEPT"; } { predicate = "-p udp --dport 27950:27965"; target = "ACCEPT"; } From 491c3bf4edcef3c34515f99303995855aea44d2d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 20:42:45 +0200 Subject: [PATCH 30/36] ma home-assistant: use python36 --- makefu/2configs/bureautomation/default.nix | 3 +++ makefu/2configs/homeautomation/default.nix | 1 + 2 files changed, 4 insertions(+) diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 917044d63..1782becd8 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -20,6 +20,9 @@ let mosquitto_pub -t /bam/$topic/cmnd/POWER -m OFF ''; in { + imports = [ + ./ota.nix + ]; services.logstash = { package = pkgs.logstash5; enable = true; diff --git a/makefu/2configs/homeautomation/default.nix b/makefu/2configs/homeautomation/default.nix index 4e9ac0ee3..c4fef1bfc 100644 --- a/makefu/2configs/homeautomation/default.nix +++ b/makefu/2configs/homeautomation/default.nix @@ -108,6 +108,7 @@ in { ]; services.home-assistant = { + package = pkgs.home-assistant.override { python3 = pkgs.python36; }; config = { homeassistant = { name = "Home"; time_zone = "Europe/Berlin"; From 5ea220f251c672841a2d8e55bd962c10a9032f79 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 20:44:42 +0200 Subject: [PATCH 31/36] ma hw/thinpad: remove unused zramSwap.numDevices option --- makefu/2configs/hw/tp-x2x0.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix index 42ae309d0..b4b2562fe 100644 --- a/makefu/2configs/hw/tp-x2x0.nix +++ b/makefu/2configs/hw/tp-x2x0.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: -with import ; { imports = [ ./tpm.nix @@ -19,7 +18,6 @@ with import ; hardware.cpu.intel.updateMicrocode = true; zramSwap.enable = true; - zramSwap.numDevices = 2; # enable synaptics so we can easily disable the touchpad # enable the touchpad with `synclient TouchpadOff=0` From 6fa6659b8fc5d2e00131aa470408a17c9002ac75 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 20:46:12 +0200 Subject: [PATCH 32/36] ma pkgs.prison-break: 0.1.0 -> 1.0.0 --- makefu/5pkgs/prison-break/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/makefu/5pkgs/prison-break/default.nix b/makefu/5pkgs/prison-break/default.nix index f86ac3762..051a46184 100644 --- a/makefu/5pkgs/prison-break/default.nix +++ b/makefu/5pkgs/prison-break/default.nix @@ -3,12 +3,12 @@ with pkgs.python3.pkgs; buildPythonPackage rec { pname = "prison-break"; - version = "0.1.0"; + version = "1.0.0"; src = fetchFromGitHub { owner = "makefu"; repo = pname; - rev = "5eed6371e151e716faafa054e005bd98d77b4b5d"; - sha256 = "170zs9grbgkx83ghg6pm13v7vhi604y44j550ypp2x26nidaw63j"; + rev = "1.0.0"; + sha256 = "0ab42z6qr42vz4fc077irn9ykrrylagx1dzlw8dqcanf49dxd961"; }; propagatedBuildInputs = [ docopt From bccb2fd4e51448a2e9794acd47e7df16339f64aa Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 20:46:58 +0200 Subject: [PATCH 33/36] ma bureautomation: refactor --- .../automation/bureau-shutdown.nix | 42 ++++++++--- .../automation/hass-restart.nix | 31 ++++++++ .../bureautomation/automation/nachtlicht.nix | 72 +++++++++---------- makefu/2configs/bureautomation/hass.nix | 27 ++++++- .../bureautomation/light/statuslight.nix | 5 +- makefu/2configs/bureautomation/ota.nix | 15 ++++ .../sensor/tasmota_firmware.nix | 16 +++++ 7 files changed, 154 insertions(+), 54 deletions(-) create mode 100644 makefu/2configs/bureautomation/automation/hass-restart.nix create mode 100644 makefu/2configs/bureautomation/ota.nix create mode 100644 makefu/2configs/bureautomation/sensor/tasmota_firmware.nix diff --git a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix index c632a9e69..d54d9762a 100644 --- a/makefu/2configs/bureautomation/automation/bureau-shutdown.nix +++ b/makefu/2configs/bureautomation/automation/bureau-shutdown.nix @@ -5,14 +5,40 @@ entity_id = "group.team"; from = "not_home"; to = "home"; + for.seconds = 30; }; - action = { - service = "homeassistant.turn_on"; - entity_id = [ - "switch.fernseher" - "switch.feuer" - ]; - }; + action = [ + { + service = "homeassistant.turn_on"; + entity_id = [ + "switch.fernseher" + "switch.feuer" + ]; + } + { + service = "media_player.kodi_call_method"; + data = { + entity_id = "media_player.kodi"; + method = "Player.Open"; + item.partymode = "music"; + }; + } + { + service = "tts.google_say"; + entity_id = "media_player.kodi"; + data = { + message = "Willkommen in deinem Lieblingsbüro"; + language = "de"; + }; + } + { + service = "notify.telegrambot"; + data = { + title = "Bureau Startup"; + message = "Willkommen {{ trigger.platform }}"; + }; + } + ]; } { alias = "Turn off Fernseher after last in group left"; trigger = [ @@ -42,7 +68,7 @@ service = "notify.telegrambot"; data = { title = "Bureau Shutdown"; - message = "All devices are turned off due to {{ trigger.platform }} - {{ trigger }}"; + message = "All devices are turned off due to {{ trigger.platform }}"; }; } ]; diff --git a/makefu/2configs/bureautomation/automation/hass-restart.nix b/makefu/2configs/bureautomation/automation/hass-restart.nix new file mode 100644 index 000000000..be16f6966 --- /dev/null +++ b/makefu/2configs/bureautomation/automation/hass-restart.nix @@ -0,0 +1,31 @@ +[ + { alias = "State on HA start-up"; + trigger = { + platform = "homeassistant"; + event = "start"; + }; + action = [ + # Startup State + { service = "mqtt.publish"; + data = { + topic = "/bam/sonoffs/cmnd/state"; + payload = ""; + }; + } + # Firmware Version + { service = "mqtt.publish"; + data = { + topic = "/bam/sonoffs/cmnd/status"; + payload = "2"; + }; + } + # Will trigger restart of all devices! + #{ service = "mqtt.publish"; + # data = { + # topic = "sonoffs/cmnd/SetOption59"; # configure sending state on power change + # payload = "1"; + # }; + #} + ]; + } +] diff --git a/makefu/2configs/bureautomation/automation/nachtlicht.nix b/makefu/2configs/bureautomation/automation/nachtlicht.nix index 2becd4a39..ec6fa20c7 100644 --- a/makefu/2configs/bureautomation/automation/nachtlicht.nix +++ b/makefu/2configs/bureautomation/automation/nachtlicht.nix @@ -1,43 +1,35 @@ [ - { - alias = "Turn off Nachtlicht on sunrise"; - trigger = - { - platform = "sun"; - event = "sunrise"; - }; - action = - { - service = "homeassistant.turn_off"; - entity_id = [ "group.nachtlicht" ]; - }; - } + # TODO: trigger if it is before dusk and somebody arives but nachtlichter are + # off from last day + # TODO: do not have nachtlicht turned on at night + { + alias = "Turn on Nachtlicht at dusk"; # when it gets dim + trigger = + { platform = "numeric_state"; + entity_id = "sun.sun"; + value_template = "{{ state.attributes.elevation }}"; + below = 10; - { - alias = "Turn on Nachtlicht on motion and dusk"; - trigger = - { - platform = "state"; - entity_id = "binary_sensor.motion"; - to = "on"; - }; - condition = # 'when dark' - { - condition = "or"; - conditions = [ - { condition = "sun"; - after = "sunset"; - after_offset = "-00:45:00"; # on dusk - } - { condition = "sun"; - before = "sunrise"; - } - ]; - }; - action = - { - service = "homeassistant.turn_on"; - entity_id = [ "group.nachtlicht" ]; - }; - } + }; + action = + { service = "homeassistant.turn_on"; + entity_id = [ "group.nachtlicht" ]; + }; + } + { + alias = "Turn off Nachtlicht at dawn"; + trigger = + { platform = "sun"; + event = "sunrise"; + offset = "01:30:00"; # on dawn + }; + # TODO: when somebody is still in the buero + # condition = + #{ + #}; + action = + { service = "homeassistant.turn_off"; + entity_id = [ "group.nachtlicht" ]; + }; + } ] diff --git a/makefu/2configs/bureautomation/hass.nix b/makefu/2configs/bureautomation/hass.nix index 4e5fe7b63..02465520c 100644 --- a/makefu/2configs/bureautomation/hass.nix +++ b/makefu/2configs/bureautomation/hass.nix @@ -6,6 +6,7 @@ in { state = [ "/var/lib/hass/known_devices.yaml" ]; services.home-assistant = { enable = true; + package = pkgs.home-assistant.override { python3 = pkgs.python36; }; config = { homeassistant = { name = "Bureautomation"; @@ -13,8 +14,14 @@ in { latitude = "48.8265"; longitude = "9.0676"; elevation = 303; + auth_providers = [ + { type = "homeassistant";} + { type = "legacy_api_password";} + { type = "trusted_networks"; + # allow_bypass_login = true; + } + ]; }; - mqtt = { broker = "localhost"; port = 1883; @@ -79,7 +86,8 @@ in { sensor = (import ./sensor/espeasy.nix) ++ ((import ./sensor/outside.nix) {inherit lib;}) ++ - (import ./sensor/influxdb.nix); + (import ./sensor/influxdb.nix) ++ + (import ./sensor/tasmota_firmware.nix); camera = (import ./camera/verkehrskamera.nix); @@ -89,12 +97,22 @@ in { # (import ./person/team.nix ); frontend = { }; - http = { }; + http = { + # TODO: https://github.com/home-assistant/home-assistant/issues/16149 + api_password = "sistemas"; + trusted_networks = [ + "127.0.0.1/32" + "192.168.8.0/24" + "::1/128" + "fd00::/8" + ]; + }; conversation = {}; history = {}; logbook = {}; tts = [ { platform = "google";} ]; recorder = {}; + sun = {}; telegram_bot = [ (builtins.fromJSON (builtins.readFile )) @@ -156,8 +174,10 @@ in { outside = [ # "sensor.ditzingen_pm10" # "sensor.ditzingen_pm25" + "sensor.dark_sky_icon" "sensor.dark_sky_temperature" "sensor.dark_sky_humidity" + "sensor.dark_sky_uv_index" # "sensor.dark_sky_pressure" "sensor.dark_sky_hourly_summary" "device_tracker.router" @@ -169,6 +189,7 @@ in { # home-assistant automation = (import ./automation/bureau-shutdown.nix) ++ (import ./automation/nachtlicht.nix) ++ + (import ./automation/hass-restart.nix) ++ (import ./automation/10h_timer.nix); device_tracker = (import ./device_tracker/openwrt.nix ); }; diff --git a/makefu/2configs/bureautomation/light/statuslight.nix b/makefu/2configs/bureautomation/light/statuslight.nix index 0acab7281..31f52f492 100644 --- a/makefu/2configs/bureautomation/light/statuslight.nix +++ b/makefu/2configs/bureautomation/light/statuslight.nix @@ -20,7 +20,7 @@ let payload_not_available= "Offline"; # brightness brightness_state_topic = "/bam/${topic}/tele/STATE"; - brightness_value_template = "{{value_json.Dimmer}}"; + brightness_value_template = "{{value_json.Dimmer|default(100)}}"; brightness_command_topic = "/bam/${topic}/cmnd/Dimmer"; brightness_scale = 100; # color @@ -30,9 +30,8 @@ let rgb_command_template = "{{ '%02x%02x%02x' | format(red, green, blue)}}"; # effects effect_state_topic = "/bam/${topic}/tele/STATE"; - effects_value_template = "{{value_json.Scheme}}"; + effects_value_template = "{{value_json.Scheme|default(0)}}"; effect_command_topic = "/bam/${topic}/cmnd/Scheme"; - effect_value_template = "{{ value_json.Scheme }}"; effect_list = [ 0 # single color for LED light 1 # start wake up sequence (same as Wakeup) diff --git a/makefu/2configs/bureautomation/ota.nix b/makefu/2configs/bureautomation/ota.nix new file mode 100644 index 000000000..f2f931d21 --- /dev/null +++ b/makefu/2configs/bureautomation/ota.nix @@ -0,0 +1,15 @@ +{ + # mosquitto_pub -t /bam/sonoffs/cmnd/OtaUrl -m "http://192.168.8.11/sonoff.bin" + # mosquitto_pub -t /bam/sonoffs/cmnd/upgrade -m "6.5.0" + # wget https://github.com/arendst/Sonoff-Tasmota/releases/download/v6.5.0/sonoff.bin + # wget https://github.com/arendst/Sonoff-Tasmota/releases/download/v6.5.0/sonoff-minimal.bin + services.nginx = { + enable = true; + virtualHosts."192.168.8.11" = { + root = "/var/www/tasmota"; + extraConfig = '' + autoindex on; + ''; + }; + }; +} diff --git a/makefu/2configs/bureautomation/sensor/tasmota_firmware.nix b/makefu/2configs/bureautomation/sensor/tasmota_firmware.nix new file mode 100644 index 000000000..1a4738e12 --- /dev/null +++ b/makefu/2configs/bureautomation/sensor/tasmota_firmware.nix @@ -0,0 +1,16 @@ +let + tasmota_firmware = topic: + { platform = "mqtt"; + name = "${topic} Firmware"; + state_topic = "/bam/${topic}/stat/STATUS2"; + availability_topic = "/bam/${topic}/tele/LWT"; + value_template = "v{{value_json.StatusFWR.Version}}"; + payload_available= "Online"; + payload_not_available= "Offline"; + }; +in + map tasmota_firmware [ + "plug" "plug2" "plug3" "plug4" "plug5" + "status1" "status2" "buslicht" + "rfbridge" + ] From 807546f87b6cbc7e704036057b8115fc570afbba Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 20:47:30 +0200 Subject: [PATCH 34/36] ma krops: bump to latest ref --- makefu/krops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makefu/krops.nix b/makefu/krops.nix index 219e00d72..36c882d7e 100644 --- a/makefu/krops.nix +++ b/makefu/krops.nix @@ -71,7 +71,7 @@ (lib.mkIf ( host-src.home-manager ) { home-manager.git = { url = https://github.com/rycee/home-manager; - ref = "4aa07c3"; + ref = "ff602cb906e3dd5d5f89c7c1d0fae65bc67119a0"; }; }) ]; From a7828387a9d38d6b921439d6a130dad1b253de7e Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 20:52:51 +0200 Subject: [PATCH 35/36] ma deployment/owncloud: owncloud -> nextcloud --- makefu/2configs/deployment/owncloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix index d7c082662..6f073fd4c 100644 --- a/makefu/2configs/deployment/owncloud.nix +++ b/makefu/2configs/deployment/owncloud.nix @@ -23,9 +23,9 @@ let in { system.activationScripts."prepare-nextcloud-${domain}" = '' if test ! -e ${root} ;then - echo "copying latest ${pkgs.owncloud.name} release to ${root}" + echo "copying latest ${pkgs.nextcloud.name} release to ${root}" mkdir -p $(dirname "${root}") - cp -r ${pkgs.owncloud} "${root}" + cp -r ${pkgs.nextcloud} "${root}" chown -R nginx:nginx "${root}" chmod 770 "${root}" fi From e9743b162d51c4eb04d7939f8445e1acaa2d723d Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 17 Apr 2019 21:44:00 +0200 Subject: [PATCH 36/36] ma home-manager: fix build --- makefu/2configs/home-manager/default.nix | 2 ++ makefu/2configs/home-manager/desktop.nix | 6 ++++-- makefu/2configs/home-manager/recording.nix | 4 ++++ makefu/2configs/home-manager/taskwarrior.nix | 6 ++++++ makefu/2configs/home-manager/zsh.nix | 1 + 5 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 makefu/2configs/home-manager/recording.nix diff --git a/makefu/2configs/home-manager/default.nix b/makefu/2configs/home-manager/default.nix index 2a4574cc8..f68b1092f 100644 --- a/makefu/2configs/home-manager/default.nix +++ b/makefu/2configs/home-manager/default.nix @@ -2,7 +2,9 @@ imports = [ ]; + home-manager.useUserPackages = true; home-manager.users.makefu = { + home.stateVersion = "19.03"; }; environment.variables = { GTK_DATA_PREFIX = "/run/current-system/sw"; diff --git a/makefu/2configs/home-manager/desktop.nix b/makefu/2configs/home-manager/desktop.nix index 63a5cdbef..406f7f0d1 100644 --- a/makefu/2configs/home-manager/desktop.nix +++ b/makefu/2configs/home-manager/desktop.nix @@ -5,7 +5,10 @@ home-manager.users.makefu = { systemd.user.services.network-manager-applet.Service.Environment = ''XDG_DATA_DIRS=/run/current-system/sw/share:${pkgs.networkmanagerapplet}/share GDK_PIXBUF_MODULE_FILE=${pkgs.librsvg.out}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache''; programs.browserpass = { browsers = [ "firefox" ] ; enable = true; }; - programs.firefox.enable = true; + programs.firefox = { + enable = true; + enableIcedTea = true; + }; programs.obs-studio.enable = true; xdg.enable = true; services.network-manager-applet.enable = true; @@ -20,7 +23,6 @@ filenamePattern=%F_%T_shot ''; - systemd.user.services.pasystray.Service.Environment = "PATH=" + (lib.makeBinPath (with pkgs;[ pavucontrol paprefs /* pavumeter */ /* paman */ ]) ); programs.chromium = { enable = true; extensions = [ diff --git a/makefu/2configs/home-manager/recording.nix b/makefu/2configs/home-manager/recording.nix new file mode 100644 index 000000000..31ca77b2b --- /dev/null +++ b/makefu/2configs/home-manager/recording.nix @@ -0,0 +1,4 @@ +{pkgs, ... }: +{ + home-manager.users.makefu.programs.obs-studio.enable = true; +} diff --git a/makefu/2configs/home-manager/taskwarrior.nix b/makefu/2configs/home-manager/taskwarrior.nix index 8ad16dcf2..57ba1a08d 100644 --- a/makefu/2configs/home-manager/taskwarrior.nix +++ b/makefu/2configs/home-manager/taskwarrior.nix @@ -3,6 +3,12 @@ let loc = "/home/makefu/.task"; in { state = [ "${loc}/keys" ]; + environment.shellAliases = { + tshack = "task tags:shack"; + tkrebs = "task tags:krebs"; + thome = "task tags:home"; + t = "task project: "; + }; home-manager.users.makefu.programs.taskwarrior = { enable = true; dataLocation = loc; diff --git a/makefu/2configs/home-manager/zsh.nix b/makefu/2configs/home-manager/zsh.nix index 6c7b632e1..267a2e878 100644 --- a/makefu/2configs/home-manager/zsh.nix +++ b/makefu/2configs/home-manager/zsh.nix @@ -67,6 +67,7 @@ home-manager.users.makefu.programs.zsh.shellAliases = { cat = "bat"; catn = "${pkgs.coreutils}/bin/cat"; + ncat = "${pkgs.coreutils}/bin/cat"; }; } ];