diff --git a/hosts/chonk/acme.nix b/hosts/chonk/acme.nix deleted file mode 100644 index ce9fd60e..00000000 --- a/hosts/chonk/acme.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - pkgs, - config, - ... -}: { - security.acme = { - acceptTerms = true; - defaults.email = "hensoko@gssws.de"; - }; -} diff --git a/hosts/chonk/authelia.nix b/hosts/chonk/authelia.nix deleted file mode 100644 index 86164a39..00000000 --- a/hosts/chonk/authelia.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - pkgs, - config, - flake, - ... -}: let - containerStateDir = "/var/lib/authelia-gssws"; - hostStateDir = "/opt/authelia"; - domain = "auth.gssws.de"; - redirectDomain = "home.gssws.de"; - servicePort = 9091; -in { - age.secrets.authelia_users = { - file = "${flake.self}/secrets/chonk_authelia_users.age"; - owner = "999"; - group = "999"; - }; - - age.secrets.authelia_storage_encryption_key = { - file = "${flake.self}/secrets/chonk_authelia_storage_encryption_key.age"; - owner = "999"; - group = "999"; - }; - - age.secrets.authelia_jwt_secret = { - file = "${flake.self}/secrets/chonk_authelia_jwt_secret.age"; - owner = "999"; - group = "999"; - }; - - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString servicePort}"; - }; - }; - - containers."authelia" = { - autoStart = true; - ephemeral = true; - bindMounts = { - "${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - "/run/agenix" = { - hostPath = "/run/agenix"; - isReadOnly = false; - }; - - "/run/agenix.d" = { - hostPath = "/run/agenix.d"; - isReadOnly = false; - }; - }; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.enable = false; - - services.authelia.instances."gssws" = { - enable = true; - - secrets = { - jwtSecretFile = "/run/agenix/authelia_jwt_secret"; - storageEncryptionKeyFile = "/run/agenix/authelia_storage_encryption_key"; - }; - - settings = { - theme = "dark"; - server.port = servicePort; - - session.domain = domain; - default_redirection_url = "https://${redirectDomain}/"; - - access_control.default_policy = "two_factor"; - - authentication_backend = { - password_reset.disable = true; - file = { - path = "/run/agenix/authelia_users"; - }; - }; - - storage.local.path = "/var/lib/authelia-gssws/db.sqlite3"; - - totp = { - issuer = "auth.gssws.de"; - algorithm = "SHA512"; - digits = 8; - }; - - webauthn = { - display_name = "auth.gssws.de"; - }; - - notifier.smtp = { - host = "mail.gssws.de"; - port = 25; - sender = "Authelia "; - identifier = "auth.gssws.de"; - }; - }; - }; - - system.stateVersion = "23.05"; - }; - }; -} diff --git a/hosts/chonk/backup.nix b/hosts/chonk/backup.nix deleted file mode 100644 index 6f5b6f60..00000000 --- a/hosts/chonk/backup.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - lib, - flake, - ... -}: { - age.secrets.restic_repository_password.file = "${flake.self}/secrets/chonk_restic_repository_password.age"; - age.secrets.restic_nextcloud_password.file = "${flake.self}/secrets/chonk_restic_nextcloud_password.age"; - - programs.ssh.extraConfig = '' - Host backup - HostName 10.0.1.12 - Port 32222 - User backup - IdentityFile /run/agenix/restic_ssh_private_key - ''; - - services.postgresqlBackup = { - enable = true; - backupAll = true; - compression = "zstd"; - }; - - services.restic.backups = { - cox = { - passwordFile = "/run/agenix/restic_repository_password"; - paths = [ - "/mnt/internal/nextcloud" - "/var/backup/postgresql" - ]; - repositoryFile = "/run/agenix/restic_nextcloud_password"; - timerConfig = { - OnCalendar = "02:00"; - }; - }; - }; -} diff --git a/hosts/chonk/builder.nix b/hosts/chonk/builder.nix deleted file mode 100644 index ae5e74da..00000000 --- a/hosts/chonk/builder.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - pkgs, - lib, - flake, - ... -}: let - psCfg = config.pub-solar; -in { - age.secrets.nix-builder-private-key = { - owner = "builder"; - group = "builder"; - file = "${flake.self}/secrets/chonk_nix_builder_private_key.age"; - }; - - nix = { - gc.automatic = lib.mkForce false; - settings.trusted-users = ["builder"]; - }; - - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - - users.groups."builder" = {}; - - users.users."builder" = { - isNormalUser = true; - group = "builder"; - shell = pkgs.bashInteractive; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8hTdDTA+LVlHkOm5IBjT32PvAdCxYfUfFFRx+JGeS6 root@norman"]; - }; - - nix.settings.secret-key-files = "/run/agenix/nix-builder-private-key"; -} diff --git a/hosts/chonk/configuration.nix b/hosts/chonk/configuration.nix deleted file mode 100644 index 602b5f52..00000000 --- a/hosts/chonk/configuration.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - boot.loader.systemd-boot.enable = lib.mkForce false; - - #pub-solar.concourse-server.enable = true; - - time.timeZone = "Europe/Berlin"; - - services.openssh.ports = [2222]; - - networking.nat.enable = true; - networking.nat.internalIPs = ["10.10.42.0/24" "10.0.1.1"]; - networking.nat.externalInterface = "br0"; - - networking.firewall.enable = lib.mkForce true; - networking.firewall.allowedTCPPorts = [80 443 2222]; - networking.firewall.allowedUDPPorts = [51899]; - - pub-solar.server.enable = true; - hardware.ksm.enable = true; - - system.stateVersion = "21.05"; # Did you read the comment? -} diff --git a/hosts/chonk/default.nix b/hosts/chonk/default.nix deleted file mode 100644 index 9a7977c7..00000000 --- a/hosts/chonk/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - - ./acme.nix - ./backup.nix - ./drone.nix - ./home-assistant.nix - ./nextcloud.nix - ./wireguard.nix - ./builder.nix - ./invidious.nix - ./factorio.nix - - ./invoiceplane.nix - #./tang.nix - #./whiteboard.nix - - ./libvirt-container.nix - ./monitoring.nix - - ./authelia.nix - ]; -} diff --git a/hosts/chonk/drone.nix b/hosts/chonk/drone.nix deleted file mode 100644 index 9e893b1b..00000000 --- a/hosts/chonk/drone.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - pkgs, - flake, - ... -}: { - age.secrets.drone_exec_runner_config = { - file = "${flake.self}/secrets/chonk_drone_exec_runner_config.age"; - owner = "999"; - }; - - pub-solar.docker-ci-runner = { - enable = true; - enableKvm = true; - nixCacheLocation = "/srv/drone-nix-cache/nix"; - - runnerEnvironment = { - DRONE_RUNNER_CAPACITY = "10"; - DRONE_RUNNER_LABELS = "hosttype:baremetal"; - }; - - runnerVarsFile = "/run/agenix/drone_exec_runner_config"; - }; -} diff --git a/hosts/chonk/factorio.nix b/hosts/chonk/factorio.nix deleted file mode 100644 index bce2b050..00000000 --- a/hosts/chonk/factorio.nix +++ /dev/null @@ -1,180 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with pkgs; let - modDrv = pkgs.factorio-utils.modDrv { - allRecommendedMods = true; - allOptionalMods = false; - }; - - # Krastorio - flib = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/EsrBq2XpR9bTp7b/download/flib_0.12.6.zip" - ]; - sha256 = "Wf/w3Bh4jT5DDEp6GCVdg181DxEjiWe1iN3h5X7/oAw="; - }; - }; - - krastorio2Assets = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/czsmnaiis25TX8m/download/Krastorio2Assets_1.2.1.zip" - ]; - sha256 = "1Y8I40I8EQLdLuiWDr+aty8p7PNh1pY6IPkRVz2pi5E="; - }; - }; - - krastorio2 = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/DepN4zWWjiEJpZt/download/Krastorio2_1.3.18.zip" - ]; - sha256 = "wuMVVW7SbDdBxcUmJLT9MzpC9W1RRJaTs2cYylt6ilU="; - }; - - deps = [flib krastorio2Assets]; - }; - - # Alien Biomes - alienBiomes = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/FH22nM54PfcTios/download/alien-biomes_0.6.8.zip" - ]; - sha256 = "oy7VeSIxJmTNmpu/0tGqhbrfPFoJRQc5eS6eI/Epp1A="; - }; - }; - - # Auto Deconstruct - autoDeconstruct = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/fSLQCfRGFKTbQSw/download/AutoDeconstruct_0.3.7.zip" - ]; - sha256 = "VYgLhfWSaWtbY8l+c+9v498IPA/Q7XdRveEsw/pxuJw="; - }; - }; - - # Cargo Ships - cargoShips = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/tcYXBymFT8idCdb/download/cargo-ships_0.1.22.zip" - ]; - sha256 = "pfP97myiibmp00o75Yo9rVYS6cYKgflGiRNsP+FTjFU="; - }; - }; - - # Electrical Trains - electricalTrains = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/oHXWpoi7kD52Dzt/download/Realistic_Electric_Trains_Krastorio_2_1.0.0.zip" - ]; - sha256 = "ujO5qRHzKgxX/vsYYvoBjh1UKukGD31FvjLQZzCqxlk="; - }; - }; - - # far reach - farReach = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/KAqfr826ccHHRpG/download/far-reach_1.1.2.zip" - ]; - sha256 = "y1XuduS9WKMtGKLj7hQgh7wOy8l3l5WWlLTm6BJ1yxA="; - }; - }; - - # Fluid Must Flow - fluidMustFlow = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/J2XA4jPNNWxSSti/download/FluidMustFlow_1.3.1.zip" - ]; - sha256 = "X2dGJCFL1dRRP7BFhFKI7mgtFd4zjHYWO8ehII6aaDc="; - }; - }; - - # Recipe Book - recipeBook = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/oRQYJ4H7xkc3rtq/download/RecipeBook_3.5.2.zip" - ]; - sha256 = "dPj9FH0r4dXtdrXyAkVIwXveECCBzcVGlJmQsF0oSpE="; - }; - }; - - # Regenerate Terrain - regenerateTerrain = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/YWTEB6rQeptmxGL/download/regenerate-terrain_0.3.1.zip" - ]; - sha256 = "EIZQeTzHAvSEFAOh6pN0Xd5GbqV9O/wI2QA5YtR8GxU="; - }; - }; - - # Space Exploration - spaceExploration = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/yy79DMAQtqCcWYW/download/space-exploration_0.6.104.zip" - ]; - sha256 = "5vFD+6R4jqp2PH6ASa1JJ0+acXi+dBwyrM/xil8RyU0="; - }; - }; - - # Todo List - todoList = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/bJjpgSMamwex7pF/download/Todo-List_19.3.0.zip" - ]; - sha256 = "0QPp7W2OOrkpLs+fOvTxut+6rV0heZdfEA4sbvyb+rs="; - }; - }; - - # Vehicle Snap - vehicleSnap = modDrv { - src = fetchurl { - urls = [ - "https://cloud.pub.solar/s/ZgDTAgY4dxiwZ3d/download/VehicleSnap_1.18.5.zip" - ]; - sha256 = "VRo2feta/CZGXGHbOwLOWdXZUoiqwlLPne0dC3YPyDA="; - }; - }; -in rec -{ - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "factorio-headless" - ]; - - services.factorio = { - enable = true; - package = pkgs.factorio-headless-experimental; - openFirewall = true; - game-name = "pub.solar Factorio"; - game-password = "pub.solar"; - admins = ["hensoko"]; - mods = [ - krastorio2 - alienBiomes - autoDeconstruct - cargoShips - electricalTrains - farReach - fluidMustFlow - recipeBook - regenerateTerrain - spaceExploration - todoList - vehicleSnap - ]; - }; -} diff --git a/hosts/chonk/garage.nix b/hosts/chonk/garage.nix deleted file mode 100644 index cc8b0eed..00000000 --- a/hosts/chonk/garage.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, config, lib, self, ... }: - -{ - age.secrets.garage_rpc_token = { - file = "${self}/secrets/chonk_garage_rpc_secret.age"; - owner = "garage"; - group = "garage"; - }; - - networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3900 3901 ]; - - users.groups.garage = {}; - users.users.garage = { - group = "garage"; - isSystemUser = true; - }; - - # overwrite dynamicuser - systemd.services.garage.serviceConfig = { - User = "garage"; - Group = "garage"; - DynamicUser = false; - StateDirectory = lib.mkForce null; - }; - - services.garage = { - enable = true; - package = pkgs.garage_0_8; - settings = { - replication_mode = "1"; - rpc_bind_addr = "[::]:3901"; - rpc_secret_file = config.age.secrets.garage_rpc_token.path; - s3_api = { - api_bind_addr = "[::]:3900"; - s3_region = "garage"; - root_domain = ".s3.gssws.de"; - }; - }; - }; -} diff --git a/hosts/chonk/hardware-configuration.nix b/hosts/chonk/hardware-configuration.nix deleted file mode 100644 index 3d15545e..00000000 --- a/hosts/chonk/hardware-configuration.nix +++ /dev/null @@ -1,119 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - ... -}: { - boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - boot.extraModprobeConfig = "options kvm_intel nested=1"; - - boot.kernelPackages = pkgs.linuxPackages_6_1; - boot.kernelParams = [ "ip=80.244.242.2::80.244.242.1:255.255.255.248:chonk::off" ]; - - boot.loader.grub = { - enable = true; - device = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_03025429121421051300-0:0"; - }; - - boot.supportedFilesystems = [ "zfs" ]; - - boot.initrd = { - systemd.enable = true; - - luks = { - forceLuksSupportInInitrd = true; - devices."cryptroot" = { - device = "/dev/disk/by-uuid/9e13c8ea-96d3-45b1-85f4-d1a61233da6f"; - }; - }; - - network = { - enable = true; - ssh = { - enable = true; - port = 2234; - authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"]; - hostKeys = [/etc/secrets/initrd/ssh_host_ed25519_key]; - }; - postCommands = '' - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - services.swraid = { - enable = true; - mdadmConf = '' - ARRAY /dev/md/debian:0 metadata=1.2 name=debian:0 UUID=1156202f:835af09b:2e05e02a:a1869d1c - ''; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "ext4"; - }; - - "/mnt/internal" = { - device = "/dev/disk/by-uuid/3563f624-f8ed-4664-95d0-ca8b9db1c60a"; - fsType = "ext4"; - }; - }; - - swapDevices = [ - {device = "/dev/disk/by-label/swap";} - ]; - - networking.bonds."bond0" = { - interfaces = ["eno1" "eno2"]; - driverOptions = { - miimon = "100"; - mode = "balance-xor"; - xmit_hash_policy = "layer3+4"; - }; - }; - - networking = { - hostId = "c418ba82"; - defaultGateway = { - address = "80.244.242.1"; - interface = "br0"; - }; - - defaultGateway6 = { - address = "2001:4d88:1ffa:26::1"; - interface = "br0"; - }; - - nameservers = ["95.129.51.51" "80.244.244.244"]; - - bridges."br0".interfaces = ["bond0"]; - - interfaces."br0" = { - ipv4.addresses = [ - { - address = "80.244.242.2"; - prefixLength = 29; - } - ]; - ipv6.addresses = [ - { - address = "2001:4d88:1ffa:26::2"; - prefixLength = 64; - } - ]; - }; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/chonk/home-assistant.nix b/hosts/chonk/home-assistant.nix deleted file mode 100644 index cba7334a..00000000 --- a/hosts/chonk/home-assistant.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - pkgs, - config, - ... -}: { - # HTTP - services.nginx.virtualHosts = let - makeVirtualHost = target: { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = target; - proxyWebsockets = true; - extraConfig = '' - proxy_ssl_server_name on; - proxy_pass_header Authorization; - ''; - }; - }; - in { - "ha.gssws.de" = makeVirtualHost "http://10.0.1.11:8123"; - "ha2.gssws.de" = makeVirtualHost "http://10.0.1.11:8123"; - "ha.karinsokolowski.de" = makeVirtualHost "http://10.0.1.13:8123"; - }; -} diff --git a/hosts/chonk/invidious.nix b/hosts/chonk/invidious.nix deleted file mode 100644 index 97dcf31e..00000000 --- a/hosts/chonk/invidious.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: let - domain = "yt.gssws.de"; -in { - age.secrets.invidious_db_password.file = "${flake.self}/secrets/chonk_invidious_db_password.age"; - - services.invidious = { - inherit domain; - enable = true; - nginx.enable = true; - database = { - createLocally = true; - passwordFile = "/run/agenix/invidious_db_password"; - }; - settings = { - https_only = true; - }; - }; -} diff --git a/hosts/chonk/invoiceplane.nix b/hosts/chonk/invoiceplane.nix deleted file mode 100644 index 5b8a6658..00000000 --- a/hosts/chonk/invoiceplane.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - config, - pkgs, - ... -}: let - hostAddress = "10.10.42.1"; - serviceAddress = "10.10.42.11"; - - domain = "inv.gssws.de"; - hostStateDir = "/mnt/internal/invoiceplane"; - containerStateDir = "/var/lib/invoiceplane"; -in { - # nginx - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://${serviceAddress}:80"; - }; - }; - }; - - # invoiceplane - containers."invoiceplane" = { - privateNetwork = true; - hostAddress = "10.10.42.1"; - localAddress = serviceAddress; - - bindMounts."${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.allowedTCPPorts = [80]; - - services.rsyslogd.enable = true; - - services.phpfpm.pools."invoiceplane-${domain}".phpOptions = '' - date.timezone = Europe/Berlin - ''; - services.caddy.virtualHosts."http://${domain}".listenAddresses = ["0.0.0.0"]; - - services.invoiceplane.sites."${domain}" = { - enable = true; - stateDir = containerStateDir; - - database = { - user = "invoiceplane"; - name = "invoiceplane"; - }; - }; - - system.stateVersion = "22.11"; - }; - }; -} diff --git a/hosts/chonk/libvirt-container.nix b/hosts/chonk/libvirt-container.nix deleted file mode 100644 index fd318b2a..00000000 --- a/hosts/chonk/libvirt-container.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - pkgs, - ... -}: { - networking.firewall.allowedTCPPorts = [4222]; - - containers."libvirt-container" = { - autoStart = true; - - bindMounts."/dev/kvm" = { - hostPath = "/dev/kvm"; - isReadOnly = false; - }; - - allowedDevices = [ - { - node = "/dev/kvm"; - modifier = "rw"; - } - { - node = "/dev/net/tun"; - modifier = "rw"; - } - { - node = "/dev/vnet*"; - modifier = "rw"; - } - ]; - - forwardPorts = [ - { - hostPort = 4222; - } - ]; - - enableTun = true; - - #extraFlags = [ "-U" ]; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.enable = false; - - virtualisation.libvirtd.enable = true; - security.polkit.enable = true; - - services.openssh = { - enable = true; - ports = [4222]; - }; - - users.users.root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s" - ]; - }; - - system.stateVersion = "22.11"; - }; - }; -} diff --git a/hosts/chonk/monitoring.nix b/hosts/chonk/monitoring.nix deleted file mode 100644 index 97e7107d..00000000 --- a/hosts/chonk/monitoring.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ - config, - lib, - flake, - ... -}: { - pub-solar.monitoring-server = { - enable = true; - listenAddress = "10.0.1.6"; - grafana.enable = true; - node_exporter = { - enable = true; - hosts = [ - "10.0.1.11:9002" - "10.0.1.12:9002" - "10.0.1.13:9002" - "10.0.1.254:9100" - ]; - }; - snmp = { - enable = true; - hosts = [ - "192.168.42.1" - #"10.0.1.254:9116" = [ - # { - # targets = [ "192.168.42.1" ]; - # auth = [ "public_v2" ]; - # modules = [ "if_mib" ]; - # } - #]; - ]; - }; - smokeping = { - enable = true; - hosts = [ - "mail.gssws.de" - "cust.gssws.de" - "data.gssws.de" - "mail.hosting.de" - "blog.fefe.de" - - # hosting.de - "ovh2.goekal.de" - "83.151.16.16" - "83.151.16.17" - "83.151.16.51" - "r2backup17.masterlogin.de" - "demo.routing.net" - "vsrv07344.customer.vlinux.de" - "213.160.76.43" - "185.11.139.27" - "185.11.137.4" - "83.151.30.176" - "83.151.28.246" - "83.151.21.204" - "79.140.42.4" - "31.15.67.23" - "31.15.64.79" - "80.244.244.244" - "95.129.51.51" - "185.11.137.122" - "79.140.41.12" - - # pub.solar - "pub.solar" - "git.pub.solar" - "auth.pub.solar" - "cloud.pub.solar" - "collabora.pub.solar" - ]; - }; - }; - - # wireguard exporter - networking.firewall.allowedTCPPorts = [9585]; - services.prometheus = { - exporters.wireguard = { - enable = true; - withRemoteIp = true; - }; - scrapeConfigs = [ - { - job_name = "chonk-wireguard"; - static_configs = [ - { - targets = ["10.0.1.6:9586"]; - } - ]; - } - ]; - }; -} diff --git a/hosts/chonk/nextcloud-apps.nix b/hosts/chonk/nextcloud-apps.nix deleted file mode 100644 index d5c443ad..00000000 --- a/hosts/chonk/nextcloud-apps.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: { - services.nextcloud.extraApps = with pkgs.nextcloud27Packages.apps; { - inherit bookmarks - calendar - contacts - files_markdown - impersonate - keeweb - maps - news - notes - notify_push - tasks - #twofactor_totp - twofactor_webauthn - user_saml; - - "twofactor_totp" = pkgs.fetchzip { - sha256 = "zAPNugbvngXcpgWJLD78YAg4G1QtGaphx1bhhg7mLKE="; - url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; - }; - }; -} diff --git a/hosts/chonk/nextcloud-collabora.nix b/hosts/chonk/nextcloud-collabora.nix deleted file mode 100644 index 27f74776..00000000 --- a/hosts/chonk/nextcloud-collabora.nix +++ /dev/null @@ -1,39 +0,0 @@ -{...}: { - # Collabora Code server - virtualisation.oci-containers.containers."nextcloud-collabora-code" = { - image = "collabora/code"; - autoStart = true; - ports = ["127.0.0.1:9980:9980"]; - environment.domain = "data\\.gssws\\.de"; - extraOptions = ["--cap-add" "MKNOD"]; - }; - - services.nginx.virtualHosts."office.gssws.de" = let - proxyPass = "https://127.0.0.1:9980"; - extraConfig = "proxy_ssl_verify off;"; - in { - enableACME = true; - forceSSL = true; - - locations."^~ /browser" = { - inherit proxyPass extraConfig; - }; - locations."^~ /hosting/discovery" = { - inherit proxyPass extraConfig; - }; - locations."^~ /hosting/capabilities" = { - inherit proxyPass extraConfig; - }; - locations."~ ^/cool/(.*)/ws''$" = { - inherit proxyPass extraConfig; - proxyWebsockets = true; - }; - locations."~ ^/(c|l)ool" = { - inherit proxyPass extraConfig; - }; - locations."^~ /cool/adminws" = { - inherit proxyPass extraConfig; - proxyWebsockets = true; - }; - }; -} diff --git a/hosts/chonk/nextcloud.nix b/hosts/chonk/nextcloud.nix deleted file mode 100644 index e25940ab..00000000 --- a/hosts/chonk/nextcloud.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ - flake, - pkgs, - config, - lib, - ... -}: let - notifyPushPort = 7867; -in { - imports = [ - ./nextcloud-apps.nix - ./nextcloud-collabora.nix - ]; - - age.secrets.nextcloud_db_pass = { - owner = "nextcloud"; - group = "nextcloud"; - file = "${flake.self}/secrets/chonk_nextcloud_db_pass.age"; - }; - - age.secrets.nextcloud_admin_pass = { - owner = "nextcloud"; - group = "nextcloud"; - file = "${flake.self}/secrets/chonk_nextcloud_admin_pass.age"; - }; - - # HTTP - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - virtualHosts."data.gssws.de" = { - enableACME = true; - forceSSL = true; - }; - }; - - # DATABASES - services.postgresql = { - enable = true; - package = pkgs.postgresql_11; - - settings = { - max_connections = "200"; - }; - - ensureDatabases = ["nextcloud"]; - ensureUsers = [ - { - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - } - ]; - }; - - # NOTIFY PUSH - services.nextcloud.notify_push.enable = true; - - # REDIS - services.redis.servers."nextcloud".enable = true; - users.groups."redis-nextcloud".members = ["nextcloud"]; - - # NEXTCLOUD - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - }; - - services.nextcloud = { - enable = true; - package = pkgs.nextcloud27; - enableBrokenCiphersForSSE = false; - hostName = "data.gssws.de"; - https = true; - datadir = "/mnt/internal/nextcloud"; - - caching.apcu = true; - caching.redis = true; - - phpPackage = lib.mkForce pkgs.php82; - - poolSettings = { - "pm" = "dynamic"; - "pm.max_children" = "128"; - "pm.start_servers" = "64"; - "pm.min_spare_servers" = "32"; - "pm.max_spare_servers" = "76"; - "pm.max_requests" = "500"; - }; - - phpOptions = { - short_open_tag = "Off"; - expose_php = "Off"; - error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; - display_errors = "stderr"; - "opcache.enable_cli" = "1"; - "opcache.interned_strings_buffer" = "32"; - "opcache.max_accelerated_files" = "100000"; - "opcache.memory_consumption" = "256"; - "opcache.revalidate_freq" = "1"; - "opcache.fast_shutdown" = "1"; - "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; - catch_workers_output = "yes"; - }; - - config = { - overwriteProtocol = "https"; - - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "127.0.0.1:5432"; - dbname = "nextcloud"; - dbpassFile = "/run/agenix/nextcloud_db_pass"; - adminpassFile = "/run/agenix/nextcloud_admin_pass"; - adminuser = "admin"; - - trustedProxies = ["80.244.242.2"]; - defaultPhoneRegion = "DE"; - }; - }; -} diff --git a/hosts/chonk/tang-container.nix b/hosts/chonk/tang-container.nix deleted file mode 100644 index 385f8755..00000000 --- a/hosts/chonk/tang-container.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - pkgs, - config, - ... -}: let - containerStateDir = "/data"; - hostStateDir = "/opt/tangd"; - domain = ""; - serviceAddress = "10.10.42.12"; -in { - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${serviceAddress}:${toString servicePort}"; - }; - }; - - containers."tang" = { - autoStart = true; - ephemeral = true; - bindMounts."${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.enable = false; - - users.groups."_tang" = {}; - - users.users."_tang" = { - group = "_tang"; - isSystemUser = true; - }; - - environment.systemPackages = ["${pkgs.jose}"]; - - systemd.services."tangd@" = { - enable = true; - serviceConfig = { - ExecStartPre = "${pkgs.bash}/bin/bash -c \"mkdir -p ${containerStateDir}/tang-db\""; - ExecStart = "${pkgs.tang}/libexec/tangd ${containerStateDir}/tang-db"; - StandardInput = "socket"; - StandardOutput = "socket"; - StandardError = "journal"; - User = "_tang"; - Group = "_tang"; - }; - }; - - systemd.sockets."tangd" = { - enable = true; - listenStreams = ["${toString servicePort}"]; - wantedBy = ["sockets.target"]; - socketConfig = { - Accept = true; - }; - }; - - system.stateVersion = "22.11"; - }; - }; -} diff --git a/hosts/chonk/tang.nix b/hosts/chonk/tang.nix deleted file mode 100644 index ea33e6aa..00000000 --- a/hosts/chonk/tang.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - pkgs, - ... -}: let - domain = "t.gssws.de"; - servicePort = 63080; -in { - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${builtins.toString servicePort}"; - }; - }; - - virtualisation.oci-containers.containers."tang" = { - image = "cloggo/tangd"; - ports = ["127.0.0.1:${builtins.toString servicePort}:8080"]; - environment = { - IP_WHITELIST = "172.17.0.1"; - }; - }; -} diff --git a/hosts/chonk/wireguard.nix b/hosts/chonk/wireguard.nix deleted file mode 100644 index de5a9d68..00000000 --- a/hosts/chonk/wireguard.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: { - age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/chonk_wireguard_key.age"; - - systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure"; - systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s"; - - # Enable WireGuard - networking.wireguard.interfaces = { - wg0 = { - ips = ["10.0.1.6"]; - listenPort = 51899; - - privateKeyFile = "/run/agenix/home_controller_wireguard"; - - peers = [ - { - # router - publicKey = "xqifcPfCgLNQ1M3w6zfoWVMkkz2lO5GZ/LlOECnPQFc="; - allowedIPs = ["10.0.1.1/32"]; - - persistentKeepalive = 25; - } - { - # giggles - publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg="; - allowedIPs = ["10.0.1.11/32"]; - - persistentKeepalive = 25; - } - { - # cox - publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k="; - allowedIPs = ["10.0.1.12/32"]; - - persistentKeepalive = 25; - } - { - # companion - publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0="; - allowedIPs = ["10.0.1.13/32"]; - - persistentKeepalive = 25; - } - { - # norman - publicKey = "FRNg+bJWPn4vAA2Fw8PXYsTpxdEKdVE+b7eTtl8ORxM="; - allowedIPs = ["10.0.1.121/32"]; - - persistentKeepalive = 25; - } - { - # hsha - publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc="; - allowedIPs = ["10.0.1.254/32"]; - - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/hosts/companion/configuration.nix b/hosts/companion/configuration.nix deleted file mode 100644 index 24772a1b..00000000 --- a/hosts/companion/configuration.nix +++ /dev/null @@ -1,44 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - flake, - pkgs, - builtins, - config, - lib, - ... -}: { - imports = [ - ./home-controller.nix - ./home-assistant.nix - ]; - - pub-solar.server.enable = true; - hardware.ksm.enable = true; - boot.loader.timeout = lib.mkForce 0; - - boot.loader.generic-extlinux-compatible.enable = lib.mkForce false; - - boot.loader.grub = { - enable = lib.mkForce true; - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - - extraInstallCommands = '' - cp -r ${flake.inputs.nixpkgs-hensoko.packages.aarch64-linux.raspberrypi4_firmware_uefi}/share/raspberrypi4-firmware-uefi/* /boot/ - ''; - }; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - networking.useDHCP = false; - networking.interfaces.enabcm6e4ei0.useDHCP = true; - networking.networkmanager.enable = lib.mkForce false; - - boot.loader.systemd-boot.enable = lib.mkForce false; - - system.stateVersion = "22.11"; # Did you read the comment? -} diff --git a/hosts/companion/default.nix b/hosts/companion/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/companion/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/companion/hardware-configuration.nix b/hosts/companion/hardware-configuration.nix deleted file mode 100644 index afdd61f9..00000000 --- a/hosts/companion/hardware-configuration.nix +++ /dev/null @@ -1,61 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage" "uas"]; - - #boot.kernelParams = [ "usb-storage.quirks=2109:0716:u,174c:55aa:u" ]; - - boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - - boot.loader.efi.canTouchEfiVariables = false; - - boot.loader.systemd-boot.enable = false; - boot.loader.generic-extlinux-compatible.enable = false; - boot.loader.timeout = 0; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/2538df0f-9d17-4651-a7ee-26d6f28e4e71"; - keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04017028021722045451-0:0-part1"; - fallbackToPassword = true; - bypassWorkqueues = true; - }; - - fileSystems."/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/5552-1B21"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-label/swap";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; -} diff --git a/hosts/companion/home-assistant.nix b/hosts/companion/home-assistant.nix deleted file mode 100644 index fcee8017..00000000 --- a/hosts/companion/home-assistant.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: { - pub-solar.home-assistant = { - enable = true; - - extraComponents = ["androidtv" "brother" "ffmpeg" "fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt" "zeroconf"]; - extraPackages = python3Packages: - with python3Packages; [ - # androidtv - adb-shell - aiofiles - androidtv - - # deutsche bahn - schiene - - # dwd - markdownify - - # hacs - aiogithubapi - - # totop - pyotp - ]; - - mqtt = { - enable = true; - users = { - ha = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA=="; - }; - nono = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$votbflBI1KrRRzBy$hCC/qo7Ggaf2vaLv7lo5uPnyrTCb0i6hPQvXuL/OrrUpzP+KNl6efEU7yQ0cDH6/rJ16Fe2PWSTcW+pL8dlgmg=="; - }; - z2m = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ=="; - }; - }; - }; - - zigbee2mqtt = { - enable = true; - device = "/dev/ttyS0"; - adapter = "deconz"; - }; - - config = { - homeassistant = { - name = "Berrendorf"; - time_zone = "Europe/Berlin"; - temperature_unit = "C"; - unit_system = "metric"; - latitude = "50.9279036523298"; - longitude = "6.583225751885932"; - country = "DE"; - external_url = "https://ha.karinsokolowski.de"; - internal_url = "http://192.168.178.254:8123"; - }; - http = { - ip_ban_enabled = false; - use_x_forwarded_for = true; - trusted_proxies = [ - "127.0.0.1" - "10.254.0.21" - "10.0.1.5" - "10.0.1.6" - ]; - }; - - default_config = {}; - energy = {}; - - "automation ui" = "!include automations.yaml"; - - map = {}; - mobile_app = {}; - network = {}; - notify = {}; - person = {}; - }; - }; -} diff --git a/hosts/companion/home-controller.nix b/hosts/companion/home-controller.nix deleted file mode 100644 index ab1e206c..00000000 --- a/hosts/companion/home-controller.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: { - config = { - age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/home_controller_companion_wireguard_key.age"; - - pub-solar.home-controller = { - enable = true; - ownIp = "10.0.1.13"; - wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard"; - }; - }; -} diff --git a/hosts/cox/backup.nix b/hosts/cox/backup.nix deleted file mode 100644 index 957f1ccf..00000000 --- a/hosts/cox/backup.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: - -let - resticListenPort = 18000; -in -{ - age.secrets.backup_restic_htpasswd = { - file = "${flake.self}/secrets/cox_backup_restic_htpasswd.age"; - owner = "${toString config.ids.uids.restic}"; - }; - - networking.firewall.allowedTCPPorts = [ resticListenPort ]; - - systemd.mounts = [ - { - what = "/dev/mapper/crypt-backup"; - where = "/opt/backup/hdd"; - type = "ext4"; - } - ]; - - systemd.services."container@backup".unitConfig.RequiresMountsFor = ["/opt/backup/hdd"]; - - containers."backup" = { - autoStart = true; - ephemeral = true; - bindMounts = { - "/var/lib/restic" = { - hostPath = "/opt/backup/hdd/restic"; - isReadOnly = false; - }; - "/var/lib/restic/.htpasswd" = { - hostPath = "/run/agenix/backup_restic_htpasswd"; - isReadOnly = false; - }; - }; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.enable = false; - - services.restic.server = { - enable = true; - listenAddress = "0.0.0.0:${toString resticListenPort}"; - privateRepos = true; - extraFlags = [ - "--append-only" - "--prometheus" - "--prometheus-no-auth" - ]; - }; - - time.timeZone = "Europe/Berlin"; - system.stateVersion = "22.11"; - }; - }; -} diff --git a/hosts/cox/configuration.nix b/hosts/cox/configuration.nix deleted file mode 100644 index 36b05619..00000000 --- a/hosts/cox/configuration.nix +++ /dev/null @@ -1,68 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - pkgs, - lib, - ... -}: { - imports = [ - ./backup.nix - ./home-controller.nix - ./paperless.nix - ./owntone.nix - ./jellyfin.nix - ./photoprism.nix - ]; - - time.timeZone = "Europe/Berlin"; - - boot.plymouth.enable = lib.mkForce false; - pub-solar.nextcloud.enable = lib.mkForce false; - - networking = { - vlans = { - vlan102 = { - id = 102; - interface = "eth0"; - }; # iot vlan - vlan104 = { - id = 104; - interface = "eth0"; - }; # media vlan - }; - interfaces = { - eth0 = { - useDHCP = true; - mtu = 1460; - }; - - vlan102 = { - mtu = 1460; - ipv4.addresses = [{ - address = "172.16.0.12"; - prefixLength = 24; - }]; - }; - - vlan104 = { - mtu = 1460; - ipv4.addresses = [{ - address = "10.42.0.12"; - prefixLength = 24; - }]; - }; - }; - }; - - networking.networkmanager.enable = false; - - networking.firewall = { - allowedUDPPorts = [1900]; - }; - - virtualisation.podman.enable = true; - - system.stateVersion = "22.11"; -} diff --git a/hosts/cox/default.nix b/hosts/cox/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/cox/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/cox/hardware-configuration.nix b/hosts/cox/hardware-configuration.nix deleted file mode 100644 index fe213645..00000000 --- a/hosts/cox/hardware-configuration.nix +++ /dev/null @@ -1,70 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage" "uas"]; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = ["usb-storage.quirks=2109:0716:ouw,174c:55aa:u,2109:2813:ouw,2109:0813:ouw"]; - - boot.loader = { - timeout = 0; - efi.canTouchEfiVariables = false; - - systemd-boot.enable = false; - generic-extlinux-compatible.enable = false; - - grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - }; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/d86a20a6-686c-4bf8-bd3b-911901272742"; - keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_03024516121421043657-0:0-part1"; - fallbackToPassword = true; - bypassWorkqueues = true; - }; - - fileSystems."/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-label/swap";} - ]; - - hardware = { - raspberry-pi."4".apply-overlays-dtmerge.enable = true; - deviceTree = { - enable = true; - filter = "*rpi-4-*.dtb"; - }; - }; - - environment.systemPackages = with pkgs; [ - libraspberrypi - raspberrypi-eeprom - ]; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; -} diff --git a/hosts/cox/home-controller.nix b/hosts/cox/home-controller.nix deleted file mode 100644 index f970ee90..00000000 --- a/hosts/cox/home-controller.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: { - config = { - age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/home_controller_cox_wireguard_key.age"; - - pub-solar.home-controller = { - enable = true; - ownIp = "10.0.1.12"; - - wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard"; - }; - }; -} diff --git a/hosts/cox/jellyfin.nix b/hosts/cox/jellyfin.nix deleted file mode 100644 index 5df96376..00000000 --- a/hosts/cox/jellyfin.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: - -{ - #boot.kernelModules = [ "v4l2loopback" ]; - #boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; - - systemd.mounts = [ - { - what = "/dev/mapper/crypt-media"; - where = "/opt/media"; - type = "ext4"; - } - - { - what = "/dev/mapper/crypt-movies"; - where = "/opt/media/media/video/movies"; - type = "ext4"; - } - - { - what = "/dev/mapper/crypt-tvshows"; - where = "/opt/media/media/video/tv-shows"; - type = "ext4"; - } - ]; - - systemd.services.jellyfin.unitConfig.RequiresMountsFor = [ - "/opt/media" - "/opt/media/media/video/movies" - "/opt/media/media/video/tv-shows" - ]; - - users.users.jellyfin.extraGroups = [ "video" ]; - - environment.systemPackages = [ pkgs.jellyfin-ffmpeg ]; - - services.jellyfin = { - enable = true; - openFirewall = true; - }; -} diff --git a/hosts/cox/owntone.nix b/hosts/cox/owntone.nix deleted file mode 100644 index ea148dd6..00000000 --- a/hosts/cox/owntone.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: - -let - owntoneConfigDir = "/opt/media/config/owntone"; - owntoneMusicDir = "/opt/media/media"; -in -{ - networking.firewall.allowedTCPPorts = [ - 3688 # websocket - 3689 # http - 6600 # mpd - 13988 # airplay - 13989 # airplay - ]; - - systemd.services."podman-owntone".unitConfig.RequiresMountsFor = [ - owntoneConfigDir - owntoneMusicDir - ]; - - virtualisation.oci-containers.containers."owntone" = { - image = "linuxserver/daapd"; - autoStart = true; - extraOptions = ["--network=host"]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - - volumes = [ - "${owntoneConfigDir}:/config" - "${owntoneMusicDir}:/music" - ]; - }; -} diff --git a/hosts/cox/paperless.nix b/hosts/cox/paperless.nix deleted file mode 100644 index 82e61c51..00000000 --- a/hosts/cox/paperless.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - pkgs, - config, - ... -}: { - systemd.mounts = [ - { - what = "/dev/mapper/crypt-documents"; - where = "/opt/documents"; - type = "ext4"; - } - ]; - - pub-solar.paperless = { - enable = true; - hostStateDir = "/opt/documents/paperless"; - domain = "cox.lan"; - path = "/paperless"; - - ftp = { - enable = true; - listenPort = 20021; - }; - - nextcloud = { - enable = true; - }; - }; -} diff --git a/hosts/cox/photoprism.nix b/hosts/cox/photoprism.nix deleted file mode 100644 index c1a04bf1..00000000 --- a/hosts/cox/photoprism.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ lib, ... }: - -{ - systemd.services.photoprism = { - unitConfig.RequiresMountsFor = [ "/opt/media/photoprism" ]; - serviceConfig = { - DynamicUser = lib.mkForce false; - User = "photoprism"; - Group = "photoprism"; - }; - }; - - services.nginx.virtualHosts."cox.lan".locations."/photoprism" = { - proxyPass = "http://127.0.0.1:18899"; - proxyWebsockets = true; - }; - - users.users.photoprism = { - group = "photoprism"; - isSystemUser = true; - }; - users.groups.photoprism = {}; - - services.photoprism = { - enable = true; - originalsPath = "/opt/media/photoprism/originals"; - storagePath = "/opt/media/photoprism/data"; - importPath = "/opt/media/photoprism/import"; - port = 18899; - address = "127.0.0.1"; - settings = { - PHOTOPRISM_DEFAULT_LOCALE = "de"; - PHOTOPRISM_SITE_URL = "http://cox.lan/photoprism"; - PHOTOPRISM_TRUSTED_PROXY = "127.0.0.1/8"; - }; - }; -} diff --git a/hosts/cube/configuration.nix b/hosts/cube/configuration.nix deleted file mode 100644 index cae558f1..00000000 --- a/hosts/cube/configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - pub-solar.server.enable = true; - hardware.ksm.enable = true; - pub-solar.core.disk-encryption-active = false; - - networking.networkmanager.enable = lib.mkForce false; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/disk/by-id/usb-HP_iLO_Internal_SD-CARD_000002660A01-0:0"; - - boot.loader.systemd-boot.enable = lib.mkForce false; - - time.timeZone = "Europe/Berlin"; - - networking.interfaces.eno1.useDHCP = true; - - networking.nat.enable = true; - networking.nat.internalIPs = ["10.10.42.0/24"]; - networking.nat.externalInterface = "eno1"; - - networking.firewall.allowedTCPPorts = [80 443 22]; - networking.firewall.allowedUDPPorts = [51899]; - - networking.firewall.enable = lib.mkForce true; - - system.stateVersion = "21.05"; # Did you read the comment? -} diff --git a/hosts/cube/default.nix b/hosts/cube/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/cube/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/cube/hardware-configuration.nix b/hosts/cube/hardware-configuration.nix deleted file mode 100644 index f14aff1f..00000000 --- a/hosts/cube/hardware-configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.loader.grub = { - enable = true; - device = "/dev/disk/by-id/usb-HP_iLO_Internal_SD-CARD_000002660A01-0:0"; - }; - - boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "megaraid_sas" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = ["dm-snapshot"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/24ddd650-e9fc-4407-ba4c-cc237de4c484"; - keyFile = "/dev/disk/by-id/usb-Kingston_DataTraveler_3.0_E0D55E625BE3E72078790030-0:0-part1"; - fallbackToPassword = true; - bypassWorkqueues = true; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/c47cdc43-d77c-4a01-87b3-a289fa97ef14"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/3ee236cc-c4a6-423b-ba77-7a15ba642123"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/0ddcb856-f39e-45d6-bde3-4fbf9c81fe6c";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/cube/wireguard.nix b/hosts/cube/wireguard.nix deleted file mode 100644 index 92b1ffd1..00000000 --- a/hosts/cube/wireguard.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ self, config, pkgs, ... }: - -{ - age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age"; - - - systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure"; - systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s"; - - # Enable WireGuard - networking.wireguard.interfaces = { - wg1 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "10.0.1.5" ]; - listenPort = 51899; # to match firewall allowedUDPPorts (without this wg uses random port numbers) - - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = "/run/agenix/home_controller_wireguard"; - - peers = [ - # For a client configuration, one peer entry for the server will suffice. - - { - # giggles - publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg="; - allowedIPs = [ "10.0.1.11/32" ]; - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - { - # cox - publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k="; - allowedIPs = [ "10.0.1.12/32" ]; - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - { - # companion - publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0="; - allowedIPs = [ "10.0.1.13/32" ]; - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - - { - # hsha - publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc="; - allowedIPs = [ "10.0.1.254/32" ]; - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/hosts/default.nix b/hosts/default.nix index cde5e1ea..0f80521f 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -7,7 +7,7 @@ let networking.hostName = host; imports = [ self.nixosModules.base - ./${host} + inputs.nixos-config.nixosHosts.${host} self.nixosModules.${user} ]; }; diff --git a/hosts/falcone/configuration.nix b/hosts/falcone/configuration.nix deleted file mode 100644 index 7b380f66..00000000 --- a/hosts/falcone/configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ inputs, pkgs, builtins, config, lib, ... }: - -{ - boot.plymouth.enable = lib.mkForce false; - pub-solar.nextcloud.enable = lib.mkForce false; - pub-solar.core.disk-encryption-active = false; - - boot.loader.grub.enable = lib.mkForce false; - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.loader.generic-extlinux-compatible.enable = lib.mkForce true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.eth0.useDHCP = true; - networking.networkmanager.enable = lib.mkForce false; - - boot.initrd.network = { - enable = true; - }; - - - # Open ports in the firewall. - #networking.firewall.allowedTCPPorts = [ ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? -} - diff --git a/hosts/falcone/default.nix b/hosts/falcone/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/falcone/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/falcone/hardware-configuration.nix b/hosts/falcone/hardware-configuration.nix deleted file mode 100644 index 8c0056eb..00000000 --- a/hosts/falcone/hardware-configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - #boot.initrd.supportedFilesystems = [ "zfs" ]; - #boot.supportedFilesystems = [ "zfs" ]; - - boot.kernelPackages = lib.mkForce pkgs.linuxPackages; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/9f3208ae-ee05-44b8-a0bc-dc1e7499bdb8"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/997A-7FBA"; - fsType = "vfat"; - }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = false; - networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; -} diff --git a/hosts/giggles/aioairctrl.nix b/hosts/giggles/aioairctrl.nix deleted file mode 100644 index f4074eb3..00000000 --- a/hosts/giggles/aioairctrl.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, python311 }: -let - pycryptodomex = python311.pkgs.buildPythonPackage rec { - pname = "pycryptodomex"; - version = "3.18.0"; - src = pkgs.fetchPypi { - inherit pname version; - sha256 = "Pj7LX+l558G7ACflGDQKz37mBBXXkpXlJR0Txo3eV24="; - }; - }; -in - python311.pkgs.buildPythonPackage rec { - pname = "aioairctrl"; - version = "0.2.4"; - - src = pkgs.fetchFromGitHub { - owner = "kongo09"; - repo = "aioairctrl"; - rev = "v${version}"; - sha256 = "JBXh590wu85ig+LZCgG9S7y9uLOKednFJ/1UfDLz5Fo="; - }; - - propagatedBuildInputs = [ - python311.pkgs.aiocoap - pycryptodomex - ]; - } diff --git a/hosts/giggles/avahi-reflector.nix b/hosts/giggles/avahi-reflector.nix deleted file mode 100644 index 223cd664..00000000 --- a/hosts/giggles/avahi-reflector.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - services.avahi = { - enable = true; - openFirewall = true; - allowInterfaces = ["eth0" "vlan104"]; - reflector = true; - publish.enable = true; - extraConfig = '' - reflect-filters=_googlecast._tcp.local - ''; - }; -} diff --git a/hosts/giggles/configuration.nix b/hosts/giggles/configuration.nix deleted file mode 100644 index c2f6353a..00000000 --- a/hosts/giggles/configuration.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - imports = [ - ./network.nix - ./network-dhcp.nix - ./avahi-reflector.nix - ./unifi.nix - - ./home-controller.nix - ./home-assistant.nix - - ./frigate.nix - - # ./tang-container.nix - ]; - - pub-solar.server.enable = true; - hardware.ksm.enable = true; - boot.loader.timeout = 0; - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.loader.generic-extlinux-compatible.enable = lib.mkForce false; - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - - boot.plymouth.enable = lib.mkForce false; - pub-solar.nextcloud.enable = lib.mkForce false; - - time.timeZone = "Europe/Berlin"; - - system.stateVersion = "22.11"; # Did you read the comment? -} diff --git a/hosts/giggles/default.nix b/hosts/giggles/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/giggles/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/giggles/forecast-solar.nix b/hosts/giggles/forecast-solar.nix deleted file mode 100644 index e3705488..00000000 --- a/hosts/giggles/forecast-solar.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, python311 }: - -python311.pkgs.buildPythonPackage rec { - pname = "forecast_solar"; - version = "3.0.0"; - src = pkgs.fetchFromGitHub { - owner = "home-assistant-libs"; - repo = "forecast_solar"; - rev = version; - sha256 = "Go0DF2qyVyGVYEeoEEuxsSR9Ge8Pg4S77zM1HL83ELc="; - }; - - pythonImportsCheck = [ "pytest" "flake8" ]; - - propagatedBuildInputs = with python311.pkgs; [ - aiodns - aiohttp - flake8 - pytest - ]; -} diff --git a/hosts/giggles/frigate.nix b/hosts/giggles/frigate.nix deleted file mode 100644 index ca33871b..00000000 --- a/hosts/giggles/frigate.nix +++ /dev/null @@ -1,76 +0,0 @@ -{ ... }: - -let - camIp = "10.0.42.31"; -in -{ - networking.firewall.allowedTCPPorts = [80 5000 8554 8555]; - - #services.go2rtc = { - # enable = true; - # settings = { - # streams = { - # burgi_cam = [ - # "rtsp://admin:XpkFk5Df912VWSwM@${camIp}:554/Streaming/Channels/101/?transportmode=unicast" - # "ffmpeg:burgi_cam_sub#audio=opus" - # ]; - # burgi_cam_sub = [ - # "rtsp://admin:XpkFk5Df912VWSwM@${camIp}:554/Streaming/Channels/102/?transportmode=unicast" - # ]; - # }; - # webrtc = { - # candidates = [ "192.168.42.11:8555" ]; - # }; - # }; - #}; - - services.frigate = { - enable = false; - hostname = "frigate"; - settings = { - cameras.burgi = { - ffmpeg = { - inputs = [ - { - path = "rtsp://admin:XpkFk5Df912VWSwM@${camIp}:554/Streaming/Channels/101/?transportmode=unicast"; - #path = "rtsp://127.0.0.1:8554/burgi_cam"; - #input_args = "preset-rtsp-restream"; - roles = [ - "record" - "rtmp" - ]; - } - { - path = "rtsp://admin:XpkFk5Df912VWSwM@${camIp}:554/Streaming/Channels/102/?transportmode=unicast"; - #path = "rtsp://127.0.0.1:8554/burgi_cam_sub"; - #input_args = "preset-rtsp-restream"; - roles = [ - "detect" - ]; - } - ]; - }; - detect = { - width = 1280; - height = 720; - fps = 5; - }; - }; - objects.track = [ "person" "dog" ]; - - mqtt = { - enabled = true; - host = "127.0.0.1"; - user = "frigate"; - password = "rDAnboXJhW8K2OJlPI5KpZhggPJusA=="; - }; - - rtmp.enabled = true; - - #detectors.coral = { - # type = "edgetpu"; - # device = "usb"; - #}; - }; - }; -} diff --git a/hosts/giggles/hardware-configuration.nix b/hosts/giggles/hardware-configuration.nix deleted file mode 100644 index 0ae01f2e..00000000 --- a/hosts/giggles/hardware-configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage" "uas"]; - boot.kernelPackages = pkgs.linuxPackages_latest; - - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - - boot.loader.efi.canTouchEfiVariables = false; - - boot.loader.systemd-boot.enable = false; - boot.loader.generic-extlinux-compatible.enable = false; - boot.loader.timeout = 0; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/5edec8af-5f84-4d9f-9755-8abbb55e00af"; - keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04020116120721075123-0:0-part1"; - fallbackToPassword = true; - bypassWorkqueues = true; - }; - - fileSystems."/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-label/swap";} - ]; - - networking.interfaces.enabcm6e4ei0.useDHCP = true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; -} diff --git a/hosts/giggles/home-assistant-automation-helpers.nix b/hosts/giggles/home-assistant-automation-helpers.nix deleted file mode 100644 index edf85dee..00000000 --- a/hosts/giggles/home-assistant-automation-helpers.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - action = rec { - callService = service: entity: { - service = service; - target.entity_id = entity; - }; - - delayed = f: delay: [ - {delay.seconds = delay;} - (f) - ]; - - turnOn = entity: callService "homeassistant.turn_on" entity; - turnOff = entity: callService "homeassistant.turn_off" entity; - }; - - condition = { - state = entity: state: { - condition = "state"; - entity_id = entity; - state = state; - }; - - stateNot = entity: state: { - condition = "not"; - conditions = [{ - condition = "state"; - entity_id = entity; - state = state; - }]; - }; - }; - - trigger = { - state = entity: { - platform = "state"; - entity_id = entity; - }; - - stateFrom = entity: stateFrom: { - platform = "state"; - entity_id = entity; - from = stateFrom; - }; - - stateTo = entity: stateTo: { - platform = "state"; - entity_id = entity; - to = stateTo; - }; - - stateNotTo = entity: stateNotTo: { - platform = "state"; - entity_id = entity; - not_to = stateNotTo; - }; - }; -} diff --git a/hosts/giggles/home-assistant-customize-vacuum.nix b/hosts/giggles/home-assistant-customize-vacuum.nix deleted file mode 100644 index 6c08a629..00000000 --- a/hosts/giggles/home-assistant-customize-vacuum.nix +++ /dev/null @@ -1,26 +0,0 @@ -let - mapSegments = [ - {id = 1; name = "Hendrik";} - {id = 2; name = "Schlafzimmer";} - {id = 3; name = "Badezimmer";} - {id = 4; name = "Toilette";} - {id = 5; name = "Flur";} - {id = 6; name = "Vorratsraum";} - {id = 7; name = "Küche";} - {id = 8; name = "Caro";} - {id = 9; name = "Wohnzimmer";} - ]; - - mkCustomize = id: [ - { - name = "input_boolean.vacuum_segment_${toString id}"; - value = { - room_id = id; - }; - } - ]; - - mkCustomizes = ms: builtins.concatMap (s: (mkCustomize s.id)) ms; - -in -builtins.listToAttrs (mkCustomizes mapSegments) diff --git a/hosts/giggles/home-assistant-package-light.nix b/hosts/giggles/home-assistant-package-light.nix deleted file mode 100644 index 2cccec1d..00000000 --- a/hosts/giggles/home-assistant-package-light.nix +++ /dev/null @@ -1,95 +0,0 @@ -let - helper = import ./home-assistant-automation-helpers.nix; - - entityLightSleepingHoursNotBefore = "light_sleeping_hours_not_before"; - entityLightSleepingHoursNotAfter = "light_sleeping_hours_not_after"; - entityLightDarkHoursNotBefore = "light_dark_hours_not_before"; - entityLightDarkHoursNotAfter = "light_dark_hours_not_after"; - - conditionalAutomation = slug: triggers: conditions: actions: { - alias = "Light: ${slug}"; - id = "light_automation_${slug}"; - trigger = triggers; - condition = conditions; - action = actions; - }; - automation = slug: triggers: actions: (conditionalAutomation slug triggers [] actions); - - lightOnOnMovement = room: opts: (conditionalAutomation - "${room}_movement_turn_on" - (map (e: helper.trigger.stateTo e "on") opts.triggers) - opts.conditions - (map (e: helper.action.turnOn e) opts.entities) - ); - - # switch off light when trigger entity switches to off and all given trigger - # entities are not in state "on" (prevents hassle with unavailable state) - lightOffAfterMovement = room: opts: (conditionalAutomation - "${room}_movement_turn_off" - (map (e: helper.trigger.stateTo e "off") opts.triggers) - (map (e: helper.condition.stateNot e "on") opts.triggers) - (map (e: helper.action.turnOff e) opts.entities) - ); - - outsideSleepingHoursCondition = [{ - condition = "not"; - conditions = [{ - condition = "time"; - after = "input_datetime.${entityLightSleepingHoursNotBefore}"; - before = "input_datetime.${entityLightSleepingHoursNotAfter}"; - }]; - }]; - withinDarkHoursCondition = [{ - condition = "time"; - after = "input_datetime.${entityLightDarkHoursNotBefore}"; - before = "input_datetime.${entityLightDarkHoursNotAfter}"; - }]; - - roomEntitiesMap = { - # should switch on when its dark outside but not when someone sleeps - flur = { - triggers = ["binary_sensor.pir_flur_1_occupancy" "binary_sensor.pir_flur_2_occupancy"]; - entities = ["light.flur_deckenlicht"]; - conditions = [] ++ withinDarkHoursCondition ++ outsideSleepingHoursCondition; - }; - #kueche = { - # triggers = []; - # entites = []; - # conditions = [] ++ withinDarkHoursCondition; - #}; - # should switch on every time - vorratsraum = { - triggers = ["binary_sensor.pir_vorratsraum_occupancy"]; - entities = ["light.vorratsraum_deckenlicht"]; - conditions = []; - }; - }; -in -{ - input_datetime = { - "${entityLightDarkHoursNotBefore}" = { - name = "TIME Light: Dark hours start not before"; - has_date = false; - has_time = true; - }; - "${entityLightDarkHoursNotAfter}" = { - name = "TIME Light: Dark hours start not after"; - has_date = false; - has_time = true; - }; - "${entityLightSleepingHoursNotBefore}" = { - name = "TIME Light: Sleeping hours start not before"; - has_date = false; - has_time = true; - }; - "${entityLightSleepingHoursNotAfter}" = { - name = "TIME Light: Sleeping hours start not after"; - has_date = false; - has_time = true; - }; - }; - - automation = [] ++ - (builtins.attrValues (builtins.mapAttrs (r: o: lightOnOnMovement r o) roomEntitiesMap)) ++ - (builtins.attrValues (builtins.mapAttrs (r: o: lightOffAfterMovement r o) roomEntitiesMap)); -} diff --git a/hosts/giggles/home-assistant-package-vacuum.nix b/hosts/giggles/home-assistant-package-vacuum.nix deleted file mode 100644 index d4b19d98..00000000 --- a/hosts/giggles/home-assistant-package-vacuum.nix +++ /dev/null @@ -1,67 +0,0 @@ -let - vacuumName = "IdenticalVeneratedCat"; - entityVacuum = "vacuum.valetudo_identicalveneratedcat"; - mapSegments = [ - {id = 1; name = "Hendrik";} - {id = 2; name = "Schlafzimmer";} - {id = 3; name = "Badezimmer";} - {id = 4; name = "Toilette";} - {id = 5; name = "Flur";} - {id = 6; name = "Vorratsraum";} - {id = 7; name = "Küche";} - {id = 8; name = "Caro";} - {id = 9; name = "Wohnzimmer";} - ]; - - mkBooleanHelper = id: name: [ - { - name = "vacuum_segment_${toString id}"; - value = { - name = name; - }; - } - ]; - - mkBooleanHelpers = ms: builtins.concatMap (s: (mkBooleanHelper s.id s.name)) ms; -in -{ - input_boolean = builtins.listToAttrs (mkBooleanHelpers mapSegments); - - group = { - vacuum_rooms = { - name = "Vacuum Rooms"; - entities = builtins.concatMap (s: ["input_boolean.vacuum_segment_${toString s.id}"]) mapSegments; - }; - }; - - script = { - vacuum_clean_segments = { - mode = "single"; - alias = "vacuum_clean_segments"; - icon = "mdi:arrow-right"; - sequence = [{ - service = "script.turn_on"; - target = { - entity_id = "script.vacuum_clean_segments_message"; - }; - data = { - variables = { - segments = "{{expand(\"group.vacuum_rooms\") | selectattr(\"state\",\"eq\",\"on\") | map(attribute=\"attributes.room_id\") | list | to_json}}"; - }; - }; - }]; - }; - - vacuum_clean_segments_message = { - alias = "vacuum_clean_segments_message"; - mode = "single"; - sequence = [{ - service = "mqtt.publish"; - data = { - topic = "valetudo/${vacuumName}/MapSegmentationCapability/clean/set"; - payload_template = ''{"segment_ids": {{segments}}}''; - }; - }]; - }; - }; -} diff --git a/hosts/giggles/home-assistant-package-wohnzimmer-tv.nix b/hosts/giggles/home-assistant-package-wohnzimmer-tv.nix deleted file mode 100644 index 103f7054..00000000 --- a/hosts/giggles/home-assistant-package-wohnzimmer-tv.nix +++ /dev/null @@ -1,246 +0,0 @@ -let - helper = import ./home-assistant-automation-helpers.nix; - - entityMediaplayerFireTV = "media_player.wohnzimmer_firetv"; - entityMediaplayerXBOX = "media_player.wohnzimmer_xbox"; - entityMediaplayerZeppelin = "media_player.wohnzimmer_zeppelin"; - - entitySwitchTV = "switch.wohnzimmer_tv_steckdosenleiste_tv"; - entitySwitchFireTV = "switch.wohnzimmer_tv_steckdosenleiste_firetv"; - entitySwitchXBOX = "switch.wohnzimmer_tv_steckdosenleiste_xbox"; - entitySwitchZeppelin = "switch.wohnzimmer_tv_steckdosenleiste_zeppelin"; - - entityActivitySelect = "wohnzimmer_tv_activity"; - entityVolumeMute = "wohnzimmer_tv_volume_mute"; - entityVolumeLevel = "wohnzimmer_tv_volume_level"; - - entityHarmonyActivitySelect = "select.wohnzimmer_harmony_activities"; - - activityOptionOff = "Aus"; - activityOptionOffHarmony = "power_off"; - activityOptionMusic = "Musik"; - activityOptionFireTV = "FireTV"; - activityOptionXBOX = "XBOX"; - - # because of tasmota - switchDelaySecondsZeppelin = 1; - switchDelaySecondsTV = 2; - switchDelaySecondsFireTV = 3; - switchDelaySecondsXBOXOn = 4; - switchDelaySecondsXBOXOff = 60; # because it needs longer to shut down - - mkAutomationCondition = slug: triggers: conditions: actions: { - alias = "Wohnzimmer TV: ${slug}"; - id = "wohnzimmer_tv_automation_${slug}"; - trigger = triggers; - condition = conditions; - action = actions; - }; - mkAutomation = slug: triggers: actions: (mkAutomationCondition slug triggers [] actions); - - rokuButtonPressed = key: { - platform = "event"; - event_type = "roku_command"; - event_data = { - type = "keypress"; - key = key; - }; - }; - - mkRokuVolumeAutomation = key: action: mkAutomation - "roku_vol_${action}" - [(rokuButtonPressed key)] - [(helper.action.callService "input_number.${action}" "input_number.${entityVolumeLevel}")]; - - tvSelect = option: { - service = "input_select.select_option"; - target.entity_id = "input_select.${entityActivitySelect}"; - data.option = option; - }; - - harmonySelect = option: { - service = "select.select_option"; - target.entity_id = entityHarmonyActivitySelect; - data.option = option; - }; - - tvChangedTo = stateTo: (helper.trigger.stateTo "input_select.${entityActivitySelect}" stateTo); - tvChangedNotTo = stateNotTo: (helper.trigger.stateNotTo "input_select.${entityActivitySelect}" stateNotTo); - - harmonyChangedTo = stateTo: (helper.trigger.stateTo entityHarmonyActivitySelect stateTo); - harmonyChangedNotTo = stateNotTo: (helper.trigger.stateNotTo entityHarmonyActivitySelect stateNotTo); -in -{ - input_boolean = { - "${entityVolumeMute}" = { - name = "Wohnzimmer TV Mute"; - icon = "mdi:volume-mute"; - }; - }; - - input_number = { - "${entityVolumeLevel}" = { - name = "Wohnzimmer TV Lautstärke"; - icon = "mdi:volume-high"; - unit_of_measurement = "%"; - min = "0.0"; - max = "1.0"; - step = "0.01"; - }; - }; - - input_select = { - "${entityActivitySelect}" = { - name = "Wohnzimmer TV Aktivität"; - options = [ - activityOptionOff - activityOptionMusic - activityOptionFireTV - activityOptionXBOX - ]; - }; - }; - - media_player = [ - { - platform = "universal"; - name = "Wohnzimmer TV Universal"; - device_class = "tv"; - unique_id = "media_player_universal_wohnzimmer_tv"; - - children = [ - entityMediaplayerFireTV - entityMediaplayerXBOX - entityMediaplayerZeppelin - ]; - - active_child_template = '' - {% if is_state('input_select.${entityActivitySelect}', '${activityOptionMusic}') %} - ${entityMediaplayerZeppelin} - {% elif is_state('input_select.${entityActivitySelect}', '${activityOptionFireTV}') %} - ${entityMediaplayerFireTV} - {% elif is_state('input_select.${entityActivitySelect}', '${activityOptionXBOX}') %} - ${entityMediaplayerXBOX} - {% endif %} - ''; - state_template = '' - {% if is_state('input_select.${entityActivitySelect}', '${activityOptionMusic}') %} - {{ states('${entityMediaplayerZeppelin}') }} - {% elif is_state('input_select.${entityActivitySelect}', '${activityOptionFireTV}') %} - {{ states('${entityMediaplayerFireTV}') }} - {% elif is_state('input_select.${entityActivitySelect}', '${activityOptionXBOX}') %} - {{ states('${entityMediaplayerXBOX}') }} - {% else %} - off - {% endif %} - ''; - - commands = { - turn_on = tvSelect activityOptionFireTV; - turn_off = tvSelect activityOptionOff; - volume_set = helper.action.callService "input_number.set_value" "input_number.${entityVolumeLevel}" // {data.value = "{{ volume_level }}";}; - volume_up = helper.action.callService "input_number.increment" "input_number.${entityVolumeLevel}"; - volume_down = helper.action.callService "input_number.decrement" "input_number.${entityVolumeLevel}"; - volume_mute = helper.action.callService "input_boolean.toggle" "input_boolean.${entityVolumeMute}"; - }; - - attributes = { - is_volume_muted = "input_boolean.${entityVolumeMute}"; - volume_level = "input_number.${entityVolumeLevel}"; - }; - } - ]; - - automation = [ - (mkRokuVolumeAutomation "Up" "increment") - (mkRokuVolumeAutomation "Down" "decrement") - (mkAutomation "roku_vol_mute" [(rokuButtonPressed "Right")] [(helper.action.callService "input_boolean.toggle" "input_boolean.${entityVolumeMute}")]) - (mkAutomation "sync_off_to_harmony" [(tvChangedTo activityOptionOff)] [(harmonySelect activityOptionOffHarmony)]) - (mkAutomation "sync_activity_to_harmony" [(tvChangedNotTo activityOptionOff)] [(harmonySelect "{{ trigger.to_state.state }}")]) - (mkAutomation "sync_off_from_harmony" [(harmonyChangedTo activityOptionOffHarmony)] [(tvSelect activityOptionOff)]) - (mkAutomation "sync_activity_from_harmony" [(harmonyChangedNotTo activityOptionOffHarmony)] [(tvSelect "{{ trigger.to_state.state }}")]) - ( - mkAutomationCondition - "set_speaker_volume" - [ - (helper.trigger.state "input_number.${entityVolumeLevel}") - (helper.trigger.stateTo "input_boolean.${entityVolumeMute}" "off") - (helper.trigger.stateFrom entityMediaplayerZeppelin "unavailable") - ] - [{ - condition = "state"; - entity_id = "input_boolean.${entityVolumeMute}"; - state = "off"; - }] - [(helper.action.callService "media_player.volume_set" entityMediaplayerZeppelin // {data.volume_level = "{{ states(\"input_number.${entityVolumeLevel}\") }}";})] - ) - ( - mkAutomation - "mute_speaker" - [(helper.trigger.stateTo "input_boolean.${entityVolumeMute}" "on")] - [(helper.action.callService "media_player.volume_set" entityMediaplayerZeppelin // {data.volume_level = "0";})] - ) - ( - mkAutomation - "switch_off_tv" - [ - (tvChangedTo activityOptionOff) - (tvChangedTo activityOptionMusic) - ] - (helper.action.delayed (helper.action.turnOff entitySwitchTV) switchDelaySecondsTV) - ) - ( - mkAutomation - "switch_off_firetv" - [ - (tvChangedTo activityOptionOff) - (tvChangedTo activityOptionMusic) - (tvChangedTo activityOptionXBOX) - ] - (helper.action.delayed (helper.action.turnOff entitySwitchFireTV) switchDelaySecondsFireTV) - ) - ( - mkAutomation - "switch_off_xbox" - [ - (tvChangedTo activityOptionOff) - (tvChangedTo activityOptionMusic) - (tvChangedTo activityOptionFireTV) - ] - (helper.action.delayed (helper.action.turnOff entitySwitchXBOX) switchDelaySecondsXBOXOff) - ) - ( - mkAutomation - "switch_off_zeppelin" - [(tvChangedTo activityOptionOff)] - (helper.action.delayed (helper.action.turnOff entitySwitchZeppelin) switchDelaySecondsZeppelin) - ) - ( - mkAutomation - "switch_on_tv" - [ - (tvChangedTo activityOptionFireTV) - (tvChangedTo activityOptionXBOX) - ] - (helper.action.delayed (helper.action.turnOn entitySwitchTV) switchDelaySecondsTV) - ) - ( - mkAutomation - "switch_on_firetv" - [(tvChangedTo activityOptionFireTV)] - (helper.action.delayed (helper.action.turnOn entitySwitchFireTV) switchDelaySecondsFireTV) - ) - ( - mkAutomation - "switch_on_xbox" - [(tvChangedTo activityOptionXBOX)] - (helper.action.delayed (helper.action.turnOn entitySwitchXBOX) switchDelaySecondsXBOXOn) - ) - ( - mkAutomation - "switch_on_zeppelin" - [(tvChangedNotTo activityOptionOff)] - (helper.action.delayed (helper.action.turnOn entitySwitchZeppelin) switchDelaySecondsZeppelin) - ) - ]; -} diff --git a/hosts/giggles/home-assistant.nix b/hosts/giggles/home-assistant.nix deleted file mode 100644 index 4ca70193..00000000 --- a/hosts/giggles/home-assistant.nix +++ /dev/null @@ -1,304 +0,0 @@ -{ - flake, - config, - pkgs, - python3Packages, - inputs, - lib, - ... -}: - -{ - age.secrets.home-assistant_giggles_secrets = { - file = "${flake.self}/secrets/home-assistant_giggles_secrets.age"; - path = "${config.services.home-assistant.configDir}/secrets.yaml"; - owner = config.systemd.services.home-assistant.serviceConfig.User; - group = config.systemd.services.home-assistant.serviceConfig.Group; - mode = "0644"; - }; - - users.users."hass".extraGroups = ["dialout"]; - - networking.firewall.allowedTCPPortRanges = [{from = 40000; to = 41000;}]; - networking.firewall.allowedUDPPortRanges = [{from = 40000; to = 41000;}]; - - pub-solar.home-assistant = { - enable = true; - extraComponents = [ - "default_config" - "homeassistant_hardware" - "homeassistant_sky_connect" - - "apcupsd" - "androidtv" - "androidtv_remote" - "cast" - "esphome" - "emulated_hue" - "emulated_roku" - "harmony" - "homekit_controller" - "icloud" - "ipp" - "jellyfin" - "luci" - "met" - "nina" - "python_script" - "radio_browser" - "rpi_power" - "shopping_list" - "spotify" - "tasmota" - "unifi" - "upnp" - "wyoming" - "vacuum" - "xbox" - "xiaomi_aqara" - "xiaomi_miio" - "zeroconf" - ]; - - extraPackages = python311Packages: - with python311Packages; [ - # esphome - aiodiscover - scapy - - # deutsche bahn - schiene - - # dwd - dwdwfsapi - - # forecast_solar - (callPackage ./forecast-solar.nix {}) - - # hacs - aiogithubapi - - # owntone - pyatv - (callPackage ./pyforked-daapd.nix {}) - - # philips_airpurifier_coap - (callPackage ./aioairctrl.nix {}) - - # totp - pyotp - pyqrcode - ]; - - config = { - homeassistant = { - name = "Wohnung"; - - country = "DE"; - currency = "EUR"; - language = "de"; - temperature_unit = "C"; - time_zone = "Europe/Berlin"; - unit_system = "metric"; - - latitude = "52.31501090166047"; - longitude = "8.910633035293603"; - elevation = "59"; - - external_url = "https://ha2.gssws.de"; - internal_url = "http://192.168.42.11:8123"; - - packages = { - package_light = (import ./home-assistant-package-light.nix); - package_vacuum = (import ./home-assistant-package-vacuum.nix); - package_wohnzimmer_tv = (import ./home-assistant-package-wohnzimmer-tv.nix); - }; - - customize = (import ./home-assistant-customize-vacuum.nix) // { }; - }; - - http = { - ip_ban_enabled = false; - use_x_forwarded_for = true; - trusted_proxies = [ - "127.0.0.1" - "10.254.0.21" - "10.0.1.5" - "10.0.1.6" - ]; - }; - - default_config = {}; - energy = {}; - - "automation ui" = "!include automations.yaml"; - - device_tracker = [ - { - platform = "luci"; - host = "192.168.42.1"; - username = "!secret router_admin_username"; - password = "!secret router_admin_password"; - } - ]; - - emulated_hue = { - host_ip = "172.16.0.11"; - listen_port = 40000; - expose_by_default = false; - entities = { - "light.light_wohnzimmer_kugel_links" = { - name = "Kugel links"; - }; - "light.light_wohnzimmer_kugel_rechts" = { - name = "Kugel rechts"; - }; - "light.light_wohnzimmer_klemmlampe" = { - name = "Klemmlampe"; - }; - }; - }; - - emulated_roku = { - servers = [{ - name = "Home Assistant"; - host_ip = "172.16.0.11"; - listen_port = 40001; - }]; - }; - - python_script = {}; - - waste_collection_schedule = { - sources = [ - { - name = "jumomind_de"; - args = { - service_id = "sbm"; - city = "Minden"; - street = "Schwerinstr."; - house_number = "17b"; - }; - } - ]; - }; - - zone = [ - { - name = "Home"; - latitude = "52.31501090166047"; - longitude = "8.910633035293603"; - radius = "50"; - } - { - name = "DKSB"; - latitude = "52.31249954762553"; - longitude = "8.910920619964601"; - radius = "60"; - } - { - name = "Hainweg"; - latitude = "52.3176809501406"; - longitude = "8.890610933303835"; - radius = "60"; - } - { - name = "Lande"; - latitude = "52.35688908037632"; - longitude = "8.898582458496096"; - radius = "87"; - } - { - name = "Rürups"; - latitude = "52.317152702118655"; - longitude = "8.89446449221293"; - radius = "70"; - } - { - name = "Schule"; - latitude = "52.30213492276748"; - longitude = "8.88126075267792"; - radius = "200"; - } - { - name = "Sokos"; - latitude = "50.92777444599559"; - longitude = "6.583169284373658"; - radius = "50"; - } - { - name = "Wohnung Aachen"; - latitude = "50.7800954893528"; - longitude = "6.154607534408569"; - radius = "13"; - } - ]; - }; - - mqtt = { - enable = true; - users = { - ha = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$lFt8hQl3O8aKF+bO$pcZuI18IT5t4/fpKZmLZQwQs+vcbxZdAQAYJOxRwXGYsxCRjb8jUSU+ZRlpqokOGqf/Cgvymfvml+yoGaC8eaw=="; - }; - z2m = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$M0Q/s9ReWPaMy+pT$Y8t9DwmW3y74lyvYrCE+sqEcz9yGG9VaHw8vt4wVZgUVVV9muY00ymjkwsTNtaTIlnQyB7z7POPLT3PURtQfeg=="; - }; - - frigate = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$BZvoqhiaWo8TbFEv$KlE8XiE9dhfNV50SoUiBjTgnvSRaCwWdouuVcN4ZeHkR7/4JufQ7adW0VhVmtpv+6V9KOPDlN3wRaV+5eVlF3Q=="; - }; - nuki_wohnung = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$21wWveYvOyQKNuhd$rXD8d4F+Wf4k6LDkM09bsfkQfc+iXakRaH2sygYgOQqfrJ5Egt8D+9LVKa9ZQ12HLPSHDo0bP8ygVmY6iVJCjQ=="; - }; - poffertjes = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$n5J9RKGzFF7bOsOH$YNPQawxsfuDZk/N6NrNzkE5rEfTRlCW5Fjpk6kgwyTg4C6Peyz4I79ii4UMSANJ8DFNsPRL1KohCcXK07SMW2w=="; - }; - shelly1_flur_deckenlicht = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$n0PyELB9214BiluQ$P24lJlXDpKLaGSerrp51z5UUl3wYSek9SbJN+buqoS9acrCn7s3mtSLZfeMP0JT8zXx83GJrNwlDaA0BOu00xg=="; - }; - shelly25_abstellraum = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$n9IcybeGEAhnoWv5$RSnkEJFgDsrKUzEaLfNIa/5v4gkTMZSAq2bb7KzWSG6zaufHdnvtDZT+q7dZ3pkBFXndKtoelmuvm7XJLJC1mg=="; - }; - shelly25_badezimmer = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$PNWBSZUE4Ar5dOhx$2u6dneedx7OLOjH1auoax2AC1GP4oVcXe4OAmO3riNpzXZF9V1cJ7k/GREx9/vO/ONt5PuUygilk3X4SIYnf9A=="; - }; - tasmota_wohnzimmer_tv_steckdosenleiste = { - acl = [ - "readwrite #" - ]; - hashedPassword = "$7$101$cywQWWzxPUUpUqdC$Q9tjqE4bW0VaNMVKIuts/wuyFetC//PyLVcRtpaK02HxwlTPY7jWivXUBA/t8l0wGZsS8lsiOIAu8e6bHb+7Xw=="; - }; - }; - }; - - zigbee2mqtt = { - enable = true; - device = "/dev/serial/by-id/usb-Nabu_Casa_SkyConnect_v1.0_aaf7050fdb42ed11bb2843ab2a61ed69-if00-port0"; - }; - }; -} diff --git a/hosts/giggles/home-controller.nix b/hosts/giggles/home-controller.nix deleted file mode 100644 index 690d6e74..00000000 --- a/hosts/giggles/home-controller.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - flake, - config, - pkgs, - ... -}: { - config = { - age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/home_controller_giggles_wireguard_key.age"; - - pub-solar.home-controller = { - enable = true; - ownIp = "10.0.1.11"; - - wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard"; - }; - }; -} diff --git a/hosts/giggles/lrad.nix b/hosts/giggles/lrad.nix deleted file mode 100644 index 0a94dcae..00000000 --- a/hosts/giggles/lrad.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - pkgs, - config, - ... -}: let - serviceAddress = "10.10.41.11"; - containerStateDir = "/data"; - hostStateDir = "/srv/container/lrad"; -in { - containers."lrad" = { - privateNetwork = true; - hostAddress = "10.10.41.1"; - localAddress = serviceAddress; - - bindMounts."${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.allowedTCPPorts = [63080]; - - #users.users."tang".isSystemUser = true; - - systemd.services."tangd" = { - enable = true; - # TODO: require data/tangd to exist - serviceConfig = { - ExecStart = "${pkgs.tang}/bin/tangd ${containerStateDir}/data/tangd"; - StandardInput = "socket"; - StandardOutput = "socket"; - StandardError = "journal"; - User = "tang"; - }; - }; - - systemd.sockets."tangd" = { - enable = true; - listenStreams = ["63080"]; - wantedBy = ["sockets.target"]; - socketConfig = { - Accept = true; - }; - }; - }; - }; -} diff --git a/hosts/giggles/network-dhcp.nix b/hosts/giggles/network-dhcp.nix deleted file mode 100644 index 75fcc24e..00000000 --- a/hosts/giggles/network-dhcp.nix +++ /dev/null @@ -1,150 +0,0 @@ -{...}: - -let - vlan101Hosts = [ - # switches - {mac = "28:80:88:72:ae:60"; ip = "10.0.42.15"; hostname = "sw-wohnung";} # statically configured - {mac = "28:87:ba:24:6a:2b"; ip = "10.0.42.16"; hostname = "sw-wohnzimmer";} # statically configured - - # access points - {mac = "18:e8:29:c6:29:84"; ip = "10.0.42.21"; hostname = "ap-caro";} - {mac = "e4:38:83:e7:00:10"; ip = "10.0.42.22"; hostname = "ap-hendrik";} - {mac = "e4:38:83:e7:0a:c4"; ip = "10.0.42.23"; hostname = "ap-wohnzimmer";} - - # security devices - {mac = "e0:ca:3c:7d:37:5b"; ip = "10.0.42.31"; hostname = "cam-wohnzimmer";} - ]; - - vlan102Hosts = [ - {mac = "38:1a:52:04:37:d8"; ip = "172.16.0.15"; hostname = "printer";} - - {mac = "3c:e9:0e:87:d2:1c"; ip = "172.16.0.21"; hostname = "nspanel-hendrik";} - {mac = "3c:e9:0e:87:ef:d0"; ip = "172.16.0.22"; hostname = "nspanel-schlafzimmer";} - {mac = "98:0c:33:fe:3d:a8"; ip = "172.16.0.23"; hostname = "nuki-wohnung";} - {mac = "c8:5c:cc:5c:54:06"; ip = "172.16.0.24"; hostname = "presence-wohnzimmer";} - {mac = "c8:5c:cc:5c:28:7b"; ip = "172.16.0.25"; hostname = "presence-hendrik";} - {mac = "04:78:63:7f:0e:bb"; ip = "172.16.0.26"; hostname = "airpurifier-wohnzimmer";} - {mac = "48:e7:29:c1:a3:f0"; ip = "172.16.0.27"; hostname = "nspanel-caro";} - {mac = "5c:c5:63:eb:e8:b8"; ip = "172.16.0.28"; hostname = "poffertjes";} - {mac = "d0:ba:e4:e7:7d:d5"; ip = "172.16.0.29"; hostname = "airpurifier-hendrik";} - {mac = "98:f4:ab:f2:43:98"; ip = "172.16.0.30"; hostname = "shelly1-flur-deckenlicht";} - {mac = "a4:cf:12:ba:72:c1"; ip = "172.16.0.31"; hostname = "shelly25-abstellraum";} - {mac = "c8:2b:96:11:10:46"; ip = "172.16.0.32"; hostname = "shelly25-badezimmer";} - {mac = "24:62:ab:41:06:f2"; ip = "172.16.0.33"; hostname = "tasmota-tv-steckdosenleiste";} - {mac = "c8:db:26:0d:4f:f4"; ip = "172.16.0.34"; hostname = "harmonyhub-tv";} - ]; - - vlan104Hosts = [ - {mac = "30:58:90:1a:3b:ef"; ip = "10.42.0.21"; hostname = "box-hendrik";} - {mac = "30:58:90:19:b5:03"; ip = "10.42.0.22"; hostname = "box-schlafzimmer";} - {mac = "30:58:90:28:7e:30"; ip = "10.42.0.23"; hostname = "box-esstisch";} - - {mac = "1c:53:f9:23:d7:c4"; ip = "10.42.0.31"; hostname = "nh-hendrik";} - {mac = "1c:53:f9:14:7b:65"; ip = "10.42.0.32"; hostname = "nh-kueche";} - {mac = "1c:53:f9:1c:9e:22"; ip = "10.42.0.33"; hostname = "nh-wohnzimmer";} - {mac = "20:1f:3b:96:9f:29"; ip = "10.42.0.34"; hostname = "nm-schlafzimmer";} - {mac = "6c:ad:f8:73:a0:94"; ip = "10.42.0.35"; hostname = "cc-wohnzimmer";} - {mac = "ec:66:d1:8a:79:71"; ip = "10.42.0.36"; hostname = "zeppelin-wohnzimmer";} - {mac = "c0:91:b9:1e:2b:80"; ip = "10.42.0.37"; hostname = "firetv-wohnzimmer";} - {mac = "cc:60:c8:14:26:2c"; ip = "10.42.0.38"; hostname = "xbox-wohnzimmer";} - ]; - - mkDnsmasqHosts = hosts : map (h : "${h.mac},${h.hostname},${h.ip}") hosts; - - mkKeaHosts = hosts : map (h : { hw-address = h.mac; ip-address = h.ip; }) hosts; - mkKeaOptions = router: dns: mtu: - [ - { - name = "routers"; - data = "${router}"; - } - { - name = "domain-name-servers"; - data = "${dns}"; - } - { - name = "interface-mtu"; - data = "${toString mtu}"; - } - ]; - mkKeaSubnet = interface : subnet : pool : options : hosts : { - subnet = subnet; - interface = interface; - pools = [{ pool = pool; }]; - option-data = mkKeaOptions options.router options.dns options.mtu; - reservations = mkKeaHosts hosts; - }; - - enableKea = true; - enableDnsmasq = false; - - mtu = 1500; -in -{ - networking.firewall.checkReversePath = false; - networking.firewall.allowedUDPPorts = [67]; # allow dhcp request - - services.kea.dhcp4 = { - enable = enableKea; - settings = { - authoritative = true; - interfaces-config = { - interfaces = ["vlan101" "vlan102" "vlan104"]; - dhcp-socket-type = "raw"; - }; - valid-lifetime = 3600; - host-reservation-identifiers = [ "hw-address" ]; - - subnet4 = [ - (mkKeaSubnet "vlan101" "10.0.42.0/24" "10.0.42.100 - 10.0.42.200" {router = "10.0.42.1"; dns = "10.0.42.1"; mtu = mtu;} vlan101Hosts) - (mkKeaSubnet "vlan102" "172.16.0.0/24" "172.16.0.100 - 172.16.0.200" {router = "172.16.0.1"; dns = "172.16.0.1"; mtu = mtu;} vlan102Hosts) - (mkKeaSubnet "vlan104" "10.42.0.0/24" "10.42.0.100 - 10.42.0.200" {router = "10.42.0.1"; dns = "10.42.0.1"; mtu = mtu;} vlan104Hosts) - ]; - }; - }; - - services.dnsmasq = { - enable = enableDnsmasq; - settings = { - interface = [ - "vlan101" # network - "vlan102" # iot - "vlan104" # media - ]; - - no-resolv = true; - no-poll = true; - - server = [ - "1.1.1.1" - "9.9.9.9" - ]; - - dhcp-authoritative = true; - - dhcp-host = (mkDnsmasqHosts vlan101Hosts) ++ - (mkDnsmasqHosts vlan102Hosts) ++ - (mkDnsmasqHosts vlan104Hosts); - - dhcp-range = [ - "vlan101,10.0.42.51,10.0.42.100" - "vlan102,172.16.0.101,172.16.0.150" - "vlan104,10.42.0.51,10.42.0.100" - ]; - - dhcp-option = [ - "option:dns-server,1.1.1.1" - "option:mtu,${mtu}" - - # vlan101 - "vlan101,option:router,10.0.42.1" - - # vlan102 - "vlan102,option:router,172.16.0.1" - - # vlan104 - "vlan104,option:router,10.42.0.1" - ]; - }; - }; -} diff --git a/hosts/giggles/network.nix b/hosts/giggles/network.nix deleted file mode 100644 index 637d6923..00000000 --- a/hosts/giggles/network.nix +++ /dev/null @@ -1,55 +0,0 @@ -{lib, ...}: { - networking = { - enableIPv6 = false; - useDHCP = false; - vlans = { - vlan101 = { - id = 101; - interface = "eth0"; - }; # network vlan - vlan102 = { - id = 102; - interface = "eth0"; - }; # iot vlan - vlan104 = { - id = 104; - interface = "eth0"; - }; # media vlan - }; - interfaces = { - eth0 = { - useDHCP = true; - mtu = 1460; - }; - - vlan101 = { - mtu = 1460; - ipv4.addresses = [ - { - address = "10.0.42.11"; - prefixLength = 24; - } - ]; - }; - vlan102 = { - mtu = 1460; - ipv4.addresses = [ - { - address = "172.16.0.11"; - prefixLength = 24; - } - ]; - }; - vlan104 = { - mtu = 1460; - ipv4.addresses = [ - { - address = "10.42.0.11"; - prefixLength = 24; - } - ]; - }; - }; - networkmanager.enable = lib.mkForce false; - }; -} diff --git a/hosts/giggles/pyforked-daapd.nix b/hosts/giggles/pyforked-daapd.nix deleted file mode 100644 index c02c038f..00000000 --- a/hosts/giggles/pyforked-daapd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, python311 }: - -let - pyLibrespotJava = python311.pkgs.buildPythonPackage rec { - pname = "pylibrespot-java"; - version = "0.1.0"; - src = pkgs.fetchPypi { - inherit pname version; - sha256 = "DbKPW3mB5IMhj0EqLhQpZ66wGjOGWxhaXM39IjkN/yA="; - }; - - propagatedBuildInputs = [ - python311.pkgs.aiohttp - ]; - }; -in -python311.pkgs.buildPythonPackage rec { - pname = "pyforked-daapd"; - version = "0.1.14"; - src = pkgs.fetchPypi { - inherit pname version; - sha256 = "v1NOlwP8KtBsQiqwbx1y8p8lABEuEJdNhvR2kGzLxKs="; - }; - - propagatedBuildInputs = [ - pyLibrespotJava - python311.pkgs.aiohttp - ]; -} diff --git a/hosts/giggles/pyforkeddappd.nix b/hosts/giggles/pyforkeddappd.nix deleted file mode 100644 index f4074eb3..00000000 --- a/hosts/giggles/pyforkeddappd.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, python311 }: -let - pycryptodomex = python311.pkgs.buildPythonPackage rec { - pname = "pycryptodomex"; - version = "3.18.0"; - src = pkgs.fetchPypi { - inherit pname version; - sha256 = "Pj7LX+l558G7ACflGDQKz37mBBXXkpXlJR0Txo3eV24="; - }; - }; -in - python311.pkgs.buildPythonPackage rec { - pname = "aioairctrl"; - version = "0.2.4"; - - src = pkgs.fetchFromGitHub { - owner = "kongo09"; - repo = "aioairctrl"; - rev = "v${version}"; - sha256 = "JBXh590wu85ig+LZCgG9S7y9uLOKednFJ/1UfDLz5Fo="; - }; - - propagatedBuildInputs = [ - python311.pkgs.aiocoap - pycryptodomex - ]; - } diff --git a/hosts/giggles/tang-container.nix b/hosts/giggles/tang-container.nix deleted file mode 100644 index 142fe5f8..00000000 --- a/hosts/giggles/tang-container.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - pkgs, - config, - ... -}: let - containerStateDir = "/data"; - hostStateDir = "/opt/tangd"; - servicePort = 8081; -in { - networking.firewall.allowedTCPPorts = [servicePort]; - - containers."tang" = { - autoStart = true; - ephemeral = true; - bindMounts."${containerStateDir}" = { - hostPath = hostStateDir; - isReadOnly = false; - }; - - config = { - config, - pkgs, - ... - }: { - networking.firewall.enable = false; - - users.groups."_tang" = {}; - - users.users."_tang" = { - group = "_tang"; - isSystemUser = true; - }; - - environment.systemPackages = with pkgs; [jose tang]; - - systemd.services."tangd@" = { - enable = true; - serviceConfig = { - ExecStartPre = "${pkgs.bash}/bin/bash -c \"mkdir -p ${containerStateDir}/tang-db\""; - ExecStart = "${pkgs.tang}/libexec/tangd ${containerStateDir}/tang-db"; - User = "_tang"; - Group = "_tang"; - }; - }; - - systemd.sockets."tangd" = { - enable = true; - listenStreams = ["${toString servicePort}"]; - wantedBy = ["sockets.target"]; - socketConfig = { - Accept = true; - }; - }; - - system.stateVersion = "22.11"; - }; - }; -} diff --git a/hosts/giggles/unifi.nix b/hosts/giggles/unifi.nix deleted file mode 100644 index 5cabe99e..00000000 --- a/hosts/giggles/unifi.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, lib, ...}: - -{ - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "mongodb" "unifi-controller" ]; - - networking.firewall.allowedTCPPorts = [8443]; # open unifi web interface port - - services.unifi = { - enable = true; - unifiPackage = pkgs.unifi7; - openFirewall = true; - }; -} diff --git a/hosts/harrison/.config/sway/config.d/screens.conf b/hosts/harrison/.config/sway/config.d/screens.conf deleted file mode 100644 index e3d66c29..00000000 --- a/hosts/harrison/.config/sway/config.d/screens.conf +++ /dev/null @@ -1,19 +0,0 @@ -set $left 'Dell Inc. DELL S2721DS D0SVQ43' -set $middle 'Samsung Electric Company SMBX2450L 0x00003231' -set $right 'Eizo Nanao Corporation EV2316W 39117013' - -output $left { - scale 1 - pos 0 0 - transform 270 -} - -output $middle { - scale 1 - pos 1440 1150 -} - -output $right { - scale 1 - pos 3360 1150 -} diff --git a/hosts/harrison/configuration.nix b/hosts/harrison/configuration.nix deleted file mode 100644 index 24cf89d4..00000000 --- a/hosts/harrison/configuration.nix +++ /dev/null @@ -1,102 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: - -let - psCfg = config.pub-solar; -in -{ - # work - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.social.enable = true; - pub-solar.office.enable = true; - - systemd.enableUnifiedCgroupHierarchy = true; - - environment.systemPackages = with pkgs; [ - jetbrains.goland - minicom - openjdk11 - putty - remmina - thunderbird - vscode - vscode-extensions.golang.go - vscode-extensions.ms-python.python - wireshark - go_1_20 - meld - - ardour - helm - ]; - - # unfree - hardware.enableRedistributableFirmware = true; - - # graphical - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; - - # daw - pub-solar.audio.enable = lib.mkForce true; - musnix.enable = true; - services.pipewire.jack.enable = true; - - # gaming - pub-solar.gaming.enable = true; - - # emulated building for raspi - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - home-manager.users."${psCfg.user.name}".xdg.configFile = lib.mkIf psCfg.sway.enable { - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - }; - - pub-solar.paranoia.enable = true; - - programs.ausweisapp.enable = true; - services.pcscd = { - enable = true; - plugins = [ pkgs.pcsc-cyberjack ]; - }; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - time.hardwareClockInLocalTime = true; # easiest quirk for windows time offset feature - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.dhcpcd.wait = "background"; - networking.useDHCP = false; - networking.interfaces.eno1 = { - useDHCP = true; - wakeOnLan = { - enable = true; - }; - }; - networking.networkmanager.enable = lib.mkForce false; - - nixpkgs.config.allowUnsupportedSystem = true; - - # List services that you want to enable: - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? -} - diff --git a/hosts/harrison/default.nix b/hosts/harrison/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/harrison/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/harrison/hardware-configuration.nix b/hosts/harrison/hardware-configuration.nix deleted file mode 100644 index 3863bc96..00000000 --- a/hosts/harrison/hardware-configuration.nix +++ /dev/null @@ -1,70 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid1" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/e3a0394d-8bb5-4049-bf65-90d7202163cd"; - keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04011806021722115743-0:0-part1"; - fallbackToPassword = true; - bypassWorkqueues = true; - }; - - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.loader.efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - boot.loader.grub = { - efiSupport = true; - enable = lib.mkForce true; - extraEntries = '' - menuentry "Windows" { - insmod part_gpt - insmod fat - insmod search_fs_uuid - insmod chain - search --fs-uuid --set=root 02DB-F12C - chainloader /efi/Microsoft/Boot/bootmgfw.efi - } - ''; - devices = [ "nodev" ]; - }; - - - fileSystems = { - "/" = - { - device = "/dev/disk/by-uuid/4ad4db6d-543e-4cc5-a781-396e3b527a05"; - fsType = "ext4"; - }; - - "/boot" = - { - device = "/dev/disk/by-uuid/4B4A-B1B4"; - fsType = "vfat"; - }; - - "/boot2" = - { - device = "/dev/disk/by-uuid/4B2C-385A"; - fsType = "vfat"; - }; - }; - - swapDevices = - [{ device = "/dev/mapper/vg0-swap"; }]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/norman/.config/sway/config.d/custom-keybindings.conf b/hosts/norman/.config/sway/config.d/custom-keybindings.conf deleted file mode 100644 index a2938d77..00000000 --- a/hosts/norman/.config/sway/config.d/custom-keybindings.conf +++ /dev/null @@ -1,16 +0,0 @@ -# Screen brightness controls -bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')" -bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')" - -# Keyboard backlight brightness controls -bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" -bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" - -# Pulse Audio controls -bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume -bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume -bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound -# Media player controls -bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'" -bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'" -bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'" diff --git a/hosts/norman/.config/sway/config.d/inputs.conf b/hosts/norman/.config/sway/config.d/inputs.conf deleted file mode 100644 index 0fa6d5af..00000000 --- a/hosts/norman/.config/sway/config.d/inputs.conf +++ /dev/null @@ -1 +0,0 @@ -input 2:7:SynPS/2_Synaptics_TouchPad events disabled diff --git a/hosts/norman/.config/sway/config.d/screens.conf b/hosts/norman/.config/sway/config.d/screens.conf deleted file mode 100644 index e72c3df9..00000000 --- a/hosts/norman/.config/sway/config.d/screens.conf +++ /dev/null @@ -1,19 +0,0 @@ -set $left 'Dell Inc. DELL S3222DGM G1FFT63' -set $right 'Dell Inc. DELL S2721DS D0SVQ43' -set $bottom 'Chimei Innolux Corporation 0x14D4' - -output $left { - scale 1 - pos 0 690 -} - -output $right { - scale 1 - pos 2560 0 - transform 90 -} - -output $bottom { - scale 1 - pos 0 2130 -} diff --git a/hosts/norman/builder.nix b/hosts/norman/builder.nix deleted file mode 100644 index ac30c4c6..00000000 --- a/hosts/norman/builder.nix +++ /dev/null @@ -1,27 +0,0 @@ -{self, ...}: { - programs.ssh.extraConfig = '' - Host builder - Hostname data.gssws.de - Port 2222 - User builder - IdentitiesOnly yes - IdentityFile /root/.ssh/id_ed25519-builder - ''; - - nix.buildMachines = [ - { - hostName = "builder"; - systems = ["x86_64-linux" "aarch64-linux" "i686-linux"]; - maxJobs = 40; - speedFactor = 20; - supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; - mandatoryFeatures = []; - } - ]; - - nix.distributedBuilds = true; - nix.settings = { - trusted-public-keys = ["chonk:1b/yLBRW2ZeL9jErW1ogMRUTq/hidJnZOxopx363JSo="]; - builders-use-substitutes = true; - }; -} diff --git a/hosts/norman/configuration.nix b/hosts/norman/configuration.nix deleted file mode 100644 index cd4ea2f5..00000000 --- a/hosts/norman/configuration.nix +++ /dev/null @@ -1,100 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - pkgs, - lib, - ... -}: -let - psCfg = config.pub-solar; -in -{ - imports = [ - ./wireguard.nix - ./builder.nix - ]; - - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.social.enable = true; - pub-solar.office.enable = true; - - systemd.enableUnifiedCgroupHierarchy = true; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "goland" - ]; - - environment.systemPackages = with pkgs; [ - jetbrains.goland - minicom - openjdk11 - putty - remmina - thunderbird - vscode - vscode-extensions.golang.go - vscode-extensions.ms-python.python - wireshark - go_1_20 - meld - - factorio-experimental - ]; - hardware.enableRedistributableFirmware = true; - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; - - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - - - pub-solar.audio.bluetooth.enable = false; - - home-manager.users."${psCfg.user.name}".xdg.configFile = lib.mkIf psCfg.sway.enable { - "sway/config.d/10-inputs.conf".source = ./.config/sway/config.d/inputs.conf; - "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - }; - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.firewall = { - allowedUDPPorts = [ - 51820 - 51821 - ]; # Clients and peers can use the same port, see listenport - }; - - services.tlp = { - enable = true; - settings = { - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - - # The following prevents the battery from charging fully to - # preserve lifetime. Run `tlp fullcharge` to temporarily force - # full charge. - # https://linrunner.de/tlp/faq/battery.html#how-to-choose-good-battery-charge-thresholds - START_CHARGE_THRESH_BAT0 = 40; - STOP_CHARGE_THRESH_BAT0 = 80; - - # 100 being the maximum, limit the speed of my CPU to reduce - # heat and increase battery usage: - CPU_MAX_PERF_ON_AC = 100; - CPU_MAX_PERF_ON_BAT = 50; - }; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? -} diff --git a/hosts/norman/default.nix b/hosts/norman/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/norman/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/norman/hardware-configuration.nix b/hosts/norman/hardware-configuration.nix deleted file mode 100644 index 16ee1e97..00000000 --- a/hosts/norman/hardware-configuration.nix +++ /dev/null @@ -1,52 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = []; - - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "uas" "sdhci_pci"]; - boot.initrd.kernelModules = ["dm-snapshot"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - boot.kernelPackages = pkgs.linuxPackages_latest; - - hardware.bluetooth.enable = true; - hardware.bluetooth.powerOnBoot = true; - services.blueman.enable = true; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/cdc29f0f-5b18-4ee7-8d38-1f4bac80b1e6"; - allowDiscards = true; - bypassWorkqueues = true; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/5b441f8f-d7eb-44f8-8df2-7354b3314a61"; - fsType = "ext4"; - options = [ "discard" ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/84CD-91B6"; - fsType = "vfat"; - }; - - swapDevices = [{device = "/dev/disk/by-uuid/54162798-9017-4b59-afd7-ab9578da4bb9";}]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - hardware.trackpoint = { - enable = true; - device = "TPPS/2 ALPS TrackPoint"; - emulateWheel = true; - sensitivity = 100; # default 128 - speed = 64; # default 97 - }; -} diff --git a/hosts/norman/wireguard.nix b/hosts/norman/wireguard.nix deleted file mode 100644 index 276fcf95..00000000 --- a/hosts/norman/wireguard.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ - config, - pkgs, - ... -}: { - systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure"; - systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s"; - systemd.services.wireguard-wg1.serviceConfig.Restart = "on-failure"; - systemd.services.wireguard-wg1.serviceConfig.RestartSec = "5s"; - - # Enable WireGuard - networking.wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface arbitrarily. - wg0 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ - "10.0.0.13/32" - "fc00:200::13/128" - ]; - mtu = 1400; - listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) - - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = "/home/hensoko/.config/wireguard/hosting-de.private"; - - peers = [ - # For a client configuration, one peer entry for the server will suffice. - - { - # Public key of the server (not a file path). - publicKey = "02/MRPduMGx1as7yS4G7GpL4+pQjsjpyS/tD9iPu8X0="; - - # Forward all the traffic via VPN. - allowedIPs = [ - "10.0.0.0/24" - "192.168.50.0/24" - "192.168.200.0/24" - "10.20.30.0/24" - "10.20.50.0/24" - "fc00:200::/120" - "95.129.51.5" - "95.129.54.43" - "134.0.28.89" - "134.0.27.108" - "134.0.25.181" - ]; - - # Set this to the server IP and port. - endpoint = "134.0.30.154:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - ]; - }; - wg1 = { - # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ - "10.0.1.121" - ]; - mtu = 1400; - listenPort = 51821; # to match firewall allowedUDPPorts (without this wg uses random port numbers) - - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = "/home/hensoko/.config/wireguard/data-gssws-de.private"; - - peers = [ - # For a client configuration, one peer entry for the server will suffice. - - { - # Public key of the server (not a file path). - publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8="; - - allowedIPs = [ - "10.0.1.0/24" - ]; - - # Set this to the server IP and port. - endpoint = "80.244.242.2:51899"; - - # Send keepalives every 25 seconds. Important to keep NAT tables alive. - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/hosts/redpanda/configuration.nix b/hosts/redpanda/configuration.nix deleted file mode 100644 index b7bd6289..00000000 --- a/hosts/redpanda/configuration.nix +++ /dev/null @@ -1,105 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: - -{ - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - boot.loader.systemd-boot.enable = lib.mkForce false; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - # networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp0s3.useDHCP = true; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - nix = { - #package = pkgs.nixFlakes; - extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes"; - }; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.layout = "us"; - # services.xserver.xkbOptions = "eurosign:e"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim - wget - firefox - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? - - -} - diff --git a/hosts/redpanda/default.nix b/hosts/redpanda/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/redpanda/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/redpanda/hardware-configuration.nix b/hosts/redpanda/hardware-configuration.nix deleted file mode 100644 index 13fdaa52..00000000 --- a/hosts/redpanda/hardware-configuration.nix +++ /dev/null @@ -1,21 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "ohci_pci" "virtio_pci" "sd_mod" "sr_mod" "virtio_scsi" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; - - #virtualisation.virtualbox.guest.enable = true; -} diff --git a/hosts/ringo/configuration.nix b/hosts/ringo/configuration.nix deleted file mode 100644 index bc85fcf5..00000000 --- a/hosts/ringo/configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - pub-solar.core.lite = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.enp0s25.useDHCP = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.11"; # Did you read the comment? -} - diff --git a/hosts/ringo/default.nix b/hosts/ringo/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/ringo/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/ringo/hardware-configuration.nix b/hosts/ringo/hardware-configuration.nix deleted file mode 100644 index 0c6f019f..00000000 --- a/hosts/ringo/hardware-configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.initrd.luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/bd1ebf98-adc1-4868-842f-3d2c6ee04e13"; - keyFile = "/dev/disk/by-partuuid/9ff6ebf7-01"; - fallbackToPassword = true; - bypassWorkqueues = true; - }; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/1999ec2e-4564-4f5a-8333-6eb23ae03c8b"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/47ED-2F0B"; - fsType = "vfat"; - }; - - fileSystems."/home" = - { - device = "/dev/disk/by-uuid/69c89392-be11-4bd4-8f3b-6b7db20c716e"; - fsType = "ext4"; - }; - - swapDevices = - [{ device = "/dev/disk/by-uuid/4ef0cdbc-38f4-4dcb-8fe8-553bbdb06192"; }]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/ringo/home-controller.nix b/hosts/ringo/home-controller.nix deleted file mode 100644 index f5265ef8..00000000 --- a/hosts/ringo/home-controller.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - self, - config, - pkgs, - ... -}: { - config = { - age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_ringo_wireguard_key.age"; - - pub-solar.home-controller = { - enable = true; - ownIp = "10.0.1.21"; - - wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard"; - }; - }; -} diff --git a/hosts/surfplace/configuration.nix b/hosts/surfplace/configuration.nix deleted file mode 100644 index ed4f54bd..00000000 --- a/hosts/surfplace/configuration.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ inputs, pkgs, builtins, config, lib, ... }: - -{ - time.timeZone = "Europe/Berlin"; - - pub-solar.social.enable = true; - hardware.enableRedistributableFirmware = true; - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.networkmanager.enable = true; - - #boot.loader.systemd-boot.enable = lib.mkForce false; - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? -} diff --git a/hosts/surfplace/default.nix b/hosts/surfplace/default.nix deleted file mode 100644 index 3c4d411a..00000000 --- a/hosts/surfplace/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/hosts/surfplace/hardware-configuration.nix b/hosts/surfplace/hardware-configuration.nix deleted file mode 100644 index 7092de24..00000000 --- a/hosts/surfplace/hardware-configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - inputs, - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - #(modulesPath + "/installer/scan/not-detected.nix") - #inputs.nixos-hardware.nixosModules.raspberry-pi-4 - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - boot.extraModulePackages = [config.boot.kernelPackages.rtl88x2bu]; - - #microsoft-surface.kernelVersion = "6.5.5"; - - fileSystems."/" = { - device = "/dev/disk/by-label/root"; - fsType = "ext4"; - encrypted = { - enable = true; - label = "cryptroot"; - blkDev = "/dev/disk/by-uuid/77829967-0c52-4a52-a65c-cfc093d18776"; - }; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2697-F70A"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-label/swap";} - ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - systemd.services."iptsd" = { - serviceConfig = { - RestartAfter = "5s"; - }; - }; -}