diff options
Diffstat (limited to 'nixos/configurations')
| -rw-r--r-- | nixos/configurations/adm-mpd.nix | 58 | ||||
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 41 | ||||
| -rw-r--r-- | nixos/configurations/adm-omnia2.nix | 2 | ||||
| -rw-r--r-- | nixos/configurations/albert.nix | 41 | ||||
| -rw-r--r-- | nixos/configurations/binky.nix | 9 | ||||
| -rw-r--r-- | nixos/configurations/dean.nix | 15 | ||||
| -rw-r--r-- | nixos/configurations/errol.nix | 90 | ||||
| -rw-r--r-- | nixos/configurations/gaspode.nix | 1 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 78 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 29 | ||||
| -rw-r--r-- | nixos/configurations/spt-mox.nix | 125 | ||||
| -rw-r--r-- | nixos/configurations/spt-mox2.nix | 23 | ||||
| -rw-r--r-- | nixos/configurations/spt-mpd.nix | 1 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 42 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 128 |
15 files changed, 427 insertions, 256 deletions
diff --git a/nixos/configurations/adm-mpd.nix b/nixos/configurations/adm-mpd.nix index ac3b4de..47ac008 100644 --- a/nixos/configurations/adm-mpd.nix +++ b/nixos/configurations/adm-mpd.nix @@ -5,26 +5,18 @@ }: let inherit (lib) filterAttrs; in { - nixpkgs.hostPlatform.system = "aarch64-linux"; + system.stateVersion = "24.05"; - fileSystems = { - "/" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/mmcblk0p1"; - }; + cynerd.rpi = 3; + deploy = { + enable = true; + ssh.host = "nixos@mpd.adm"; }; networking.wireless = { enable = true; networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks; - environmentFile = "/run/secrets/wifi.env"; + secretsFile = "/run/secrets/wifi.secrets"; userControlled.enable = true; }; @@ -33,24 +25,24 @@ in { #alsa.enable = true; #pulse.enable = true; #}; - hardware.pulseaudio = { - enable = true; - systemWide = true; - zeroconf.publish.enable = true; - }; + #hardware.pulseaudio = { + # enable = true; + # systemWide = true; + # zeroconf.publish.enable = true; + #}; - services.spotifyd = { - enable = true; - settings.global = { - device_name = "Adámkovi"; - device = "sysdefault"; - mixer = "Master"; - bitrate = 320; - cache_path = "/var/cahe/spotify"; - no_audio_cache = true; - volume_normalisation = true; - normalisation_pregain = -10; - initial_volume = 60; - }; - }; + #services.spotifyd = { + # enable = true; + # settings.global = { + # device_name = "Adámkovi"; + # device = "sysdefault"; + # mixer = "Master"; + # bitrate = 320; + # cache_path = "/var/cahe/spotify"; + # no_audio_cache = true; + # volume_normalisation = true; + # normalisation_pregain = -10; + # initial_volume = 60; + # }; + #}; } diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 056a68e..2b80bbc 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -1,10 +1,12 @@ {config, ...}: let hosts = config.cynerd.hosts.adm; in { + system.stateVersion = "24.05"; + turris.board = "omnia"; deploy = { - enable = false; - ssh.host = "omnia.adm"; + enable = true; + ssh.host = "adm.cynerd.cz"; }; cynerd = { @@ -13,7 +15,6 @@ in { wan = "pppoe-wan"; lanIP = hosts.omnia; staticLeases = { - "70:85:c2:4a:59:f2" = hosts.ridcully; "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; "b8:27:eb:49:54:5a" = hosts.mpd; @@ -23,16 +24,16 @@ in { }; }; wifiAP.adm = { - enable = false; + enable = true; ar9287 = { - interface = "wlp1s0"; + interface = "wlp2s0"; bssids = config.secrets.wifiMacs.adm-omnia.ar9287; - channel = 11; + channel = 7; }; qca988x = { - interface = "wlp3s0"; + interface = "wlp1s0"; bssids = config.secrets.wifiMacs.adm-omnia.qca988x; - channel = 36; + channel = 44; }; }; wireguard = true; @@ -48,12 +49,18 @@ in { fileSystems = ["/"]; }; - networking = { - useNetworkd = true; - useDHCP = false; + services.fail2ban = { + enable = true; + ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; }; + + networking.useDHCP = false; systemd.network = { networks = { + "end2" = { + matchConfig.Name = "end2"; # Ensure that it is managed by systemd-networkd + networkConfig.IPv6AcceptRA = false; + }; "pppoe-wan" = { matchConfig.Name = "pppoe-wan"; networkConfig = { @@ -75,7 +82,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { - matchConfig.Name = "lan[1-4]"; + matchConfig.Name = "lan4"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -86,7 +93,7 @@ in { ]; }; "lan-guest" = { - matchConfig.Name = "lan0"; + matchConfig.Name = "lan[0-3]"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -114,10 +121,14 @@ in { password 02 ''; }; - systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"]; + systemd.services."pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.device"]; + partOf = ["systemd-networkd.service"]; + }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept + iifname {"home", "wg"} oifname {"home", "wg"} accept + iifname "home" oifname "guest" accept comment "Allow home to access guest devices" ''; } diff --git a/nixos/configurations/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix index 8b47e63..fc5a92d 100644 --- a/nixos/configurations/adm-omnia2.nix +++ b/nixos/configurations/adm-omnia2.nix @@ -1,4 +1,6 @@ {config, ...}: { + system.stateVersion = "24.05"; + turris.board = "omnia"; deploy = { enable = true; diff --git a/nixos/configurations/albert.nix b/nixos/configurations/albert.nix deleted file mode 100644 index a6a4ee1..0000000 --- a/nixos/configurations/albert.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - nixpkgs.hostPlatform.system = "x86_64-linux"; - - cynerd = { - desktop = { - enable = true; - laptop = true; - }; - wifiClient = true; - openvpn = { - oldpersonal = true; - }; - }; - - boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"]; - - hardware.cpu.intel.updateMicrocode = true; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/E403-124B"; - fsType = "vfat"; - }; - - "/home2" = { - device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - }; -} diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 7765d01..6111637 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -5,6 +5,7 @@ }: let inherit (lib) mkDefault; in { + system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy = { enable = true; @@ -88,15 +89,7 @@ in { services.syncthing = { enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; }; environment.systemPackages = [pkgs.heroic]; diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix index 187e148..a95d9f1 100644 --- a/nixos/configurations/dean.nix +++ b/nixos/configurations/dean.nix @@ -1,4 +1,5 @@ {pkgs, ...}: { + system.stateVersion = "24.05"; turris.board = "mox"; deploy.enable = true; @@ -10,6 +11,20 @@ }; }; + boot.initrd.availableKernelModules = ["dm-mod"]; + + hardware.enableAllFirmware = false; # No wifi so we do not need firmwares + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + }; + networking = { useNetworkd = true; useDHCP = false; diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix index fd348e8..defacf3 100644 --- a/nixos/configurations/errol.nix +++ b/nixos/configurations/errol.nix @@ -1,11 +1,5 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { +{pkgs, ...}: { + system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy.enable = true; @@ -26,6 +20,7 @@ in { "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; + #"encback" = "/dev/disk/by-uuid/1bd8c637-f71e-4fb0-96de-b660c4f1afaf"; }; fileSystems = { "/" = { @@ -53,6 +48,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + #"/back" = { + # device = "/dev/mapper/encback"; + # fsType = "btrfs"; + # options = ["compress=lzo"]; + #}; }; services.btrfs.autoScrub = { enable = true; @@ -83,75 +83,11 @@ in { pkgs.nvtopPackages.amd ]; - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; - - nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO - services.home-assistant = { - enable = true; - openFirewall = true; - configDir = "/var/lib/hass"; - config = { - homeassistant = { - name = "SPT"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - time_zone = "Europe/Prague"; - country = "CZ"; - }; - http.server_port = 8808; - mqtt = { - sensor = import ../modules/home-assistant/sensors.nix; - light = import ../modules/home-assistant/light.nix; - }; - default_config = {}; - automation = "!include automations.yaml"; - }; - extraComponents = ["met"]; - package = pkgs.home-assistant.override { - extraPackages = pkgs: - with pkgs; [ - securetar - pyipp - ]; - }; - }; - - services.zigbee2mqtt = { - enable = true; - settings = { - serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00"; - mqtt = { - server = "mqtt://${config.cynerd.hosts.spt.mox}:1883"; - user = "zigbee2mqtt"; - password = "!secret.yaml mqtt_password"; - }; - advanced = { - network_key = "!secret.yaml network_key"; - homeassistant_legacy_entity_attributes = false; - legacy_api = false; - legacy_availability_payload = false; - last_seen = "epoch"; - }; - frontend = true; - availability = true; - homeassistant = { - legacy_triggers = false; - }; - device_options.legacy = false; - permit_join = false; - devices = config.secrets.zigbee2mqttDevices; + ############################################################################## + services = { + syncthing = { + enable = true; + dataDir = "/home/cynerd"; }; }; } diff --git a/nixos/configurations/gaspode.nix b/nixos/configurations/gaspode.nix index 78d8277..5d6d090 100644 --- a/nixos/configurations/gaspode.nix +++ b/nixos/configurations/gaspode.nix @@ -1,4 +1,5 @@ { + system.stateVersion = "25.05"; nixpkgs.hostPlatform.system = "armv7l-linux"; fileSystems = { diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 7d00a37..a02f57c 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -7,6 +7,7 @@ imports = [inputModules.vpsadminos]; config = { + system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy = { @@ -19,12 +20,14 @@ hw = false; drives = false; }; - syncthing = { - enable = false; - baseDir = "/nas"; - }; wireguard = true; - openvpn.oldpersonal = true; + borgjobs = { + postgresql.dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' + /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall + ''; + nextcloud_data.paths = "/nas/nextcloud/data"; + sync_data.paths = "/sync"; + }; }; boot.loader.systemd-boot.enable = false; @@ -39,7 +42,7 @@ ]; }; "/nas/nextcloud-sync" = { - device = "/nas/sync"; + device = "/sync"; fsType = "fuse.bindfs"; options = ["map=syncthing/nextcloud:@syncthing/@nextcloud"]; }; @@ -108,9 +111,9 @@ forceSSL = true; useACMEHost = "cynerd.cz"; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; - extraConfig = "proxy_set_header Host $host;"; + proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; proxyWebsockets = true; + recommendedProxySettings = true; }; }; "searx.cynerd.cz" = { @@ -132,6 +135,7 @@ defaults.email = "cynerd+acme@email.cz"; certs."cynerd.cz".extraDomainNames = [ "cloud.cynerd.cz" + "office.cynerd.cz" "git.cynerd.cz" "grafana.cynerd.cz" "searx.cynerd.cz" @@ -191,7 +195,7 @@ # Nextcloud ################################################################ services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud31; https = true; hostName = "cloud.cynerd.cz"; datadir = "/nas/nextcloud"; @@ -200,11 +204,25 @@ adminpassFile = "/run/secrets/nextcloud.admin.pass"; dbtype = "pgsql"; dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; }; settings = { #log_type = "systemd"; + default_locale = "CZ"; default_phone_region = "CZ"; + default_timezone = "Europe/Prague"; + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; }; phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; phpOptions = { @@ -230,29 +248,33 @@ previewgenerator spreed tasks - twofactor_nextcloud_notification twofactor_webauthn ; # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab" - passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.9.0/passwords.tar.gz"; - sha256 = "L+jumcussL0c9xNMg/GMs1GSd1IY9wUvC8ZEg+3U+sc="; + # NEXTCLOUD_VERSIONS=31 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab,fileslibreofficeedit" + fileslibreofficeedit = pkgs.fetchNextcloudApp { + url = "https://github.com/allotropia/nextcloud_files_libreoffice_edit/releases/download/v2.0.1/fileslibreofficeedit.tar.gz"; + hash = "sha256-Xqx5snQWintYJG3Q1Crw22TkNw18DdADXkurMQqt3X8="; license = "agpl3Plus"; }; integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.7/integration_github-v2.0.7.tar.gz"; - sha256 = "x4BrBdrvmbdwZcZL6FLAY27B5OpkXIsw92XsD076Aqg="; + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.2.1/integration_github-v3.2.1.tar.gz"; + hash = "sha256-iBWphFaXmQHNxgoi9qkfV7vCTChwtk6yg0aVr9Lhn4c="; license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.1.1/integration_gitlab-v3.1.1.tar.gz"; - sha256 = "nBqnBDVoNEqRGp+WKq4okis1kCr6pzEz4G6368MaxuE="; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.2.0/integration_gitlab-v3.2.0.tar.gz"; + hash = "sha256-BDDuqQIDV3pn1mYutjA7Z3L2nib2wW6DlZgyqU46f8Q="; license = "agpl3Plus"; }; money = pkgs.fetchNextcloudApp { - url = "https://github.com/powerpaul17/nc_money/releases/download/v0.29.0/money.tar.gz"; - sha256 = "EXcY69z5h6rT0RdkmOhQYKSWmVBr2zaWuSRj/m5dMkI="; + url = "https://github.com/powerpaul17/nc_money/releases/download/v0.30.0/money.tar.gz"; + hash = "sha256-4gHm6sF9S+1G1naRTr+eR8ZyjCpB3viXTzRCNQFUtF0="; + license = "agpl3Plus"; + }; + passwords = pkgs.fetchNextcloudApp { + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.9.0/passwords.tar.gz"; + hash = "sha256-BMu7TPd6xwa/bSQOgN/wFPnK7AK0KgsUKqSqMatjqqw="; license = "agpl3Plus"; }; }; @@ -339,7 +361,7 @@ } ]; }; - runInUwsgi = true; + configureUwsgi = true; uwsgiConfig = { socket = "/run/searx/searx.sock"; chmod-socket = "660"; @@ -348,16 +370,12 @@ }; users.groups.searx.members = ["nginx"]; - # Old Syncthing ############################################################ + # Syncthing ################################################################ services.syncthing = { enable = true; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/nas/sync"; - configDir = "/nas/sync/.syncthing"; + user = "syncthing"; + group = "syncthing"; + dataDir = "/sync"; }; }; } diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 2be1a7a..3dd9beb 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -1,10 +1,5 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { +{pkgs, ...}: { + system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy.enable = true; @@ -26,6 +21,7 @@ in { cynerd.autounlock = { "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; + "encback" = "/dev/disk/by-uuid/b426cbe7-fba2-473b-90f9-9ebe3e34b76e"; }; fileSystems = { "/" = { @@ -48,6 +44,11 @@ in { fsType = "btrfs"; options = ["compress=lzo" "subvol=@home"]; }; + "/back" = { + device = "/dev/mapper/encback"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; }; services.btrfs.autoScrub = { enable = true; @@ -61,10 +62,6 @@ in { systemd.network = { wait-online.enable = false; }; - #networking.vlans."enp6s0.adm" = { - #id = 2; - #interface = "enp6s0"; - #}; environment.systemPackages = [ pkgs.nvtopPackages.amd @@ -72,17 +69,9 @@ in { services.syncthing = { enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; }; # Force nix to use less jobs - nix.settings.max-jobs = 8; + nix.settings.max-jobs = 4; } diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index 989df29..4dfa2c8 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -1,12 +1,17 @@ -{config, ...}: { +{ + config, + pkgs, + ... +}: { + system.stateVersion = "24.05"; turris.board = "mox"; deploy = { enable = true; ssh.host = "mox.spt"; + configurationLimit = 8; }; cynerd = { - home-assistant = true; monitoring.drives = false; switch = { enable = true; @@ -23,13 +28,17 @@ }; }; - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; + boot.initrd.availableKernelModules = ["dm-mod"]; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; }; networking = { @@ -49,4 +58,104 @@ ]; }; }; + + ############################################################################## + networking.firewall.allowedTCPPorts = [ + 1883 # Mosquitto + ]; + services = { + mosquitto = { + enable = true; + listeners = [ + { + users = { + cynerd = { + acl = ["readwrite #"]; + passwordFile = "/run/secrets/mosquitto.cynerd.pass"; + }; + telegraf = { + acl = ["read bigclown/node/#"]; + passwordFile = "/run/secrets/mosquitto.telegraf.pass"; + }; + bigclown = { + acl = ["readwrite bigclown/#"]; + passwordFile = "/run/secrets/mosquitto.bigclown.pass"; + }; + }; + } + ]; + }; + + telegraf.extraConfig = { + outputs.influxdb_v2 = [ + { + urls = ["http://cynerd.cz:8086"]; + token = "$INFLUX_TOKEN"; + organization = "personal"; + bucket = "bigclown"; + tagpass.source = ["bigclown"]; + } + ]; + inputs.mqtt_consumer = let + consumer = data_type: topics: { + tags = {source = "bigclown";}; + servers = ["tcp://localhost:1883"]; + inherit topics; + username = "telegraf"; + password = "$MQTT_PASSWORD"; + data_format = "value"; + inherit data_type; + topic_parsing = [ + { + topic = "bigclown/node/+/+/+/+"; + measurement = "_/_/_/_/_/measurement"; + tags = "_/_/device/field/_/_"; + } + ]; + }; + in [ + (consumer "float" [ + "bigclown/node/+/battery/+/voltage" + "bigclown/node/+/thermometer/+/temperature" + "bigclown/node/+/hygrometer/+/relative-humidity" + "bigclown/node/+/lux-meter/+/illuminance" + "bigclown/node/+/barometer/+/pressure" + "bigclown/node/+/pir/+/event-count" + "bigclown/node/+/push-button/+/event-count" + ]) + (consumer "boolean" [ + "bigclown/node/+/flood-detector/+/alarm" + ]) + ]; + processors.pivot = [ + { + tag_key = "field"; + value_key = "value"; + tagpass.source = ["bigclown"]; + } + ]; + }; + + bcg = { + enable = true; + device = "/dev/ttyUSB0"; + baseTopicPrefix = "bigclown/"; + environmentFiles = ["/run/secrets/bigclown.env"]; + mqtt = { + username = "bigclown"; + password = "\${MQTT_PASSWORD}"; + }; + }; + }; + + systemd.services = { + telegraf.wants = ["mosquitto.service"]; + + bigclown-leds = { + description = "Bigclown LEDs control"; + wantedBy = ["multi-user.target"]; + wants = ["mosquitto.service"]; + serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini"; + }; + }; } diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index b416671..2e76449 100644 --- a/nixos/configurations/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -1,8 +1,5 @@ -{ - config, - pkgs, - ... -}: { +{config, ...}: { + system.stateVersion = "24.05"; turris.board = "mox"; deploy = { enable = true; @@ -26,13 +23,17 @@ }; }; - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; + boot.initrd.availableKernelModules = ["dm-mod"]; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; }; networking = { diff --git a/nixos/configurations/spt-mpd.nix b/nixos/configurations/spt-mpd.nix index b212932..1849d9b 100644 --- a/nixos/configurations/spt-mpd.nix +++ b/nixos/configurations/spt-mpd.nix @@ -2,6 +2,7 @@ imports = [inputModules.nixos-hardware.raspberry-pi-2]; config = { + system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "armv7l-linux"; fileSystems = { diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index e55e34f..8449f0d 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -1,6 +1,7 @@ {config, ...}: let hosts = config.cynerd.hosts.spt; in { + system.stateVersion = "24.05"; turris.board = "omnia"; deploy = { enable = true; @@ -14,6 +15,7 @@ in { lanIP = hosts.omnia; staticLeases = { "a8:a1:59:10:32:c4" = hosts.errol; + "70:85:c2:4a:59:f2" = hosts.ridcully; "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; "b8:27:eb:57:a2:31" = hosts.mpd; @@ -28,7 +30,7 @@ in { channel = 11; }; qca988x = { - interface = "wlp3s0"; + interface = "wlp2s0"; bssids = config.secrets.wifiMacs.spt-omnia.qca988x; channel = 36; }; @@ -37,18 +39,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + }; }; networking.useDHCP = false; @@ -121,10 +125,22 @@ in { password metronet ''; }; - systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"]; + systemd.services."pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.848.device"]; + partOf = ["systemd-networkd.service"]; + }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept + iifname {"home", "wg"} oifname {"home", "wg"} accept ''; + + ############################################################################## + cynerd.ha = { + enable = true; + domain = "spt.cynerd.cz"; + extraOptions = [ + "--device=/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00:/dev/ttyACM0" + ]; + }; } diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix new file mode 100644 index 0000000..a6f327c --- /dev/null +++ b/nixos/configurations/zd-mox.nix @@ -0,0 +1,128 @@ +{config, ...}: let + hosts = config.cynerd.hosts.zd; +in { + system.stateVersion = "25.05"; + turris.board = "mox"; + deploy = { + enable = true; + ssh.host = "zd.cynerd.cz"; + }; + + cynerd = { + router = { + enable = true; + wan = "pppoe-wan"; + lanIP = hosts.mox; + staticLeases = { + "4c:d5:77:0d:85:d9" = hosts.binky; + }; + }; + wifiAP.zd = { + enable = false; + qca988x = { + interface = "wlp1s0"; + bssids = config.secrets.wifiMacs.zd-mox.qca988x; + channel = 36; + }; + }; + wireguard = true; + monitoring.speedtest = true; + }; + + boot.initrd.availableKernelModules = ["dm-mod"]; + + services = { + journald.extraConfig = '' + SystemMaxUse=512M + ''; + + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + fail2ban = { + enable = true; + ignoreIP = ["10.8.0.0/24" "10.8.1.0/24" "10.8.2.0/24"]; + }; + }; + + networking.useDHCP = false; + systemd.network = { + netdevs = { + "end2.848" = { + netdevConfig = { + Kind = "vlan"; + Name = "end2.848"; + }; + vlanConfig.Id = 848; + }; + }; + networks = { + "end2" = { + matchConfig.Name = "end2"; + networkConfig.VLAN = ["end2.848"]; + }; + "end2.848" = { + matchConfig.Name = "end2.848"; + networkConfig.BindCarrier = "end2"; + }; + "pppoe-wan" = { + matchConfig.Name = "pppoe-wan"; + networkConfig = { + BindCarrier = "end2.848"; + DHCP = "ipv6"; + IPv6AcceptRA = "no"; + DHCPPrefixDelegation = "yes"; + #DNS = ["84.19.64.3" "84.19.64.4" "1.1.1.1"]; + DNS = "1.1.1.1"; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/56"; + UseDNS = "no"; + }; + dhcpPrefixDelegationConfig = { + UplinkInterface = ":self"; + SubnetId = 0; + Announce = "no"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + "lan-brlan" = { + matchConfig.Name = "lan*"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + EgressUntagged = 1; + PVID = 1; + } + {VLAN = 2;} + ]; + }; + }; + }; + + services.pppd = { + enable = true; + peers."wan".config = '' + plugin pppoe.so end2.848 + ifname pppoe-wan + lcp-echo-interval 1 + lcp-echo-failure 5 + lcp-echo-adaptive + defaultroute + defaultroute6 + maxfail 1 + # user and password added in secrets + ''; + }; + systemd.services."pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.848.device"]; + partOf = ["systemd-networkd.service"]; + }; + # TODO limit NSS clamping to just pppoe-wan + networking.firewall.extraForwardRules = '' + tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" + iifname {"home", "wg"} oifname {"home", "wg"} accept + ''; +} |