diff --git a/hosts/giggles/aioairctrl.nix b/hosts/giggles/aioairctrl.nix new file mode 100644 index 00000000..5e074aab --- /dev/null +++ b/hosts/giggles/aioairctrl.nix @@ -0,0 +1,24 @@ +{ pkgs, python311 }: +let + pycryptodomex = python311.pkgs.buildPythonPackage rec { + pname = "pycryptodomex"; + version = "3.18.0"; + src = pkgs.fetchPypi { + inherit pname version; + sha256 = "Pj7LX+l558G7ACflGDQKz37mBBXXkpXlJR0Txo3eV24="; + }; + }; +in + python311.pkgs.buildPythonPackage rec { + pname = "aioairctrl"; + version = "0.2.4"; + src = pkgs.fetchPypi { + inherit pname version; + sha256 = "BIJWwMQq3QQjhyO0TSw+C6muyr3Oyv6UHr/Y3iYqRUM="; + }; + + propagatedBuildInputs = with python311.pkgs; [ + aiocoap + pycryptodomex + ]; + } diff --git a/hosts/giggles/avahi-reflector.nix b/hosts/giggles/avahi-reflector.nix new file mode 100644 index 00000000..775070df --- /dev/null +++ b/hosts/giggles/avahi-reflector.nix @@ -0,0 +1,8 @@ +{...}: { + services.avahi = { + enable = true; + allowInterfaces = ["eth0" "vlan102" "vlan104"]; + reflector = true; + publish.enable = true; + }; +} diff --git a/hosts/giggles/configuration.nix b/hosts/giggles/configuration.nix index 68b7204e..56df1bd9 100644 --- a/hosts/giggles/configuration.nix +++ b/hosts/giggles/configuration.nix @@ -1,6 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, @@ -8,17 +5,23 @@ ... }: { imports = [ - # Include the results of the hardware scan. ./hardware-configuration.nix + ./network.nix + ./network-dhcp.nix + ./avahi-reflector.nix + ./unifi.nix + ./home-controller.nix - ./tang-container.nix ./home-assistant.nix + + ./frigate.nix + + # ./tang-container.nix ]; boot.loader.timeout = 0; - + boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.generic-extlinux-compatible.enable = lib.mkForce false; - boot.loader.grub = { enable = true; efiSupport = true; @@ -26,42 +29,7 @@ device = "nodev"; }; - # Set your time zone. time.timeZone = "Europe/Berlin"; - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.eth0.useDHCP = true; - networking.interfaces.wlan0.useDHCP = false; - networking.networkmanager.enable = lib.mkForce false; - - boot.loader.systemd-boot.enable = lib.mkForce false; - - nix = { - #package = pkgs.nixFlakes; - extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes"; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim - wget - ]; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [2380 6443]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? } diff --git a/hosts/giggles/default.nix b/hosts/giggles/default.nix index ebce8516..a4aaa0e4 100644 --- a/hosts/giggles/default.nix +++ b/hosts/giggles/default.nix @@ -1,6 +1,7 @@ -{ suites, ... }: -{ - imports = [ - ./giggles.nix - ] ++ suites.giggles; +{suites, ...}: { + imports = + [ + ./giggles.nix + ] + ++ suites.giggles; } diff --git a/hosts/giggles/frigate.nix b/hosts/giggles/frigate.nix new file mode 100644 index 00000000..c203aafe --- /dev/null +++ b/hosts/giggles/frigate.nix @@ -0,0 +1,73 @@ +{ ... }: + +{ + networking.firewall.allowedTCPPorts = [80 5000 8554 8555]; + + #services.go2rtc = { + # enable = true; + # settings = { + # streams = { + # burgi_cam = [ + # "rtsp://admin:XpkFk5Df912VWSwM@10.0.42.60:554/Streaming/Channels/101/?transportmode=unicast" + # "ffmpeg:burgi_cam_sub#audio=opus" + # ]; + # burgi_cam_sub = [ + # "rtsp://admin:XpkFk5Df912VWSwM@10.0.42.60:554/Streaming/Channels/102/?transportmode=unicast" + # ]; + # }; + # webrtc = { + # candidates = [ "192.168.42.11:8555" ]; + # }; + # }; + #}; + + services.frigate = { + enable = true; + hostname = "frigate"; + settings = { + cameras.burgi = { + ffmpeg = { + inputs = [ + { + path = "rtsp://admin:XpkFk5Df912VWSwM@10.0.42.60:554/Streaming/Channels/101/?transportmode=unicast"; + #path = "rtsp://127.0.0.1:8554/burgi_cam"; + #input_args = "preset-rtsp-restream"; + roles = [ + "record" + "rtmp" + ]; + } + { + path = "rtsp://admin:XpkFk5Df912VWSwM@10.0.42.60:554/Streaming/Channels/102/?transportmode=unicast"; + #path = "rtsp://127.0.0.1:8554/burgi_cam_sub"; + #input_args = "preset-rtsp-restream"; + roles = [ + "detect" + ]; + } + ]; + }; + detect = { + width = 1280; + height = 720; + fps = 5; + }; + }; + objects.track = [ "person" "dog" ]; + + mqtt = { + enabled = true; + host = "127.0.0.1"; + user = "frigate"; + password = "rDAnboXJhW8K2OJlPI5KpZhggPJusA=="; + }; + + rtmp.enabled = true; + + #detectors.coral = { + # type = "edgetpu"; + # device = "usb"; + #}; + }; + }; +} diff --git a/hosts/giggles/giggles.nix b/hosts/giggles/giggles.nix index ca873721..2b07e284 100644 --- a/hosts/giggles/giggles.nix +++ b/hosts/giggles/giggles.nix @@ -1,10 +1,13 @@ -{ config, pkgs, lib, ... }: -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in -{ +in { imports = [ ./configuration.nix ]; diff --git a/hosts/giggles/hardware-configuration.nix b/hosts/giggles/hardware-configuration.nix index fafd29f4..a5a9b725 100644 --- a/hosts/giggles/hardware-configuration.nix +++ b/hosts/giggles/hardware-configuration.nix @@ -1,20 +1,24 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "uas" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage" "uas"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; boot.kernelPackages = pkgs.linuxPackages_latest; - boot.supportedFilesystems = [ ]; + boot.supportedFilesystems = []; boot.loader.grub = { enable = true; @@ -36,19 +40,19 @@ bypassWorkqueues = true; }; - fileSystems."/" = - { device = "/dev/disk/by-label/root"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/root"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-label/swap"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-label/swap";} + ]; networking.interfaces.enabcm6e4ei0.useDHCP = true; diff --git a/hosts/giggles/home-assistant.nix b/hosts/giggles/home-assistant.nix index 19b40be3..04c3e459 100644 --- a/hosts/giggles/home-assistant.nix +++ b/hosts/giggles/home-assistant.nix @@ -2,8 +2,12 @@ self, config, pkgs, + python3Packages, + inputs, ... -}: { +}: + +{ age.secrets.home-assistant_giggles_secrets = { file = "${self}/secrets/home-assistant_giggles_secrets.age"; path = "${config.services.home-assistant.configDir}/secrets.yaml"; @@ -12,14 +16,55 @@ mode = "0644"; }; + users.users."hass".extraGroups = ["dialout"]; + pub-solar.home-assistant = { enable = true; - extraComponents = ["met"]; - extraPackages = python3Packages: - with python3Packages; [ + extraComponents = [ + "default_config" + "homeassistant_hardware" + "homeassistant_sky_connect" + + "apcupsd" + "androidtv" + "cast" + "esphome" + "homekit_controller" + "icloud" + "ipp" + "luci" + "met" + "python_script" + "rpi_power" + "shopping_list" + "spotify" + "tasmota" + "unifi" + "upnp" + "vacuum" + "xiaomi_aqara" + "xiaomi_miio" + "zeroconf" + ]; + + extraPackages = python311Packages: + with python311Packages; [ + # esphome + aiodiscover + scapy + + # deutsche bahn + schiene + + # dwd + dwdwfsapi + # hacs aiogithubapi + # philips_airpurifier_coap + (callPackage ./aioairctrl.nix {}) + # totop pyotp ]; @@ -27,11 +72,20 @@ config = { homeassistant = { name = "Wohnung"; - time_zone = "Europe/Berlin"; + + country = "DE"; + currency = "EUR"; + language = "de"; temperature_unit = "C"; + time_zone = "Europe/Berlin"; unit_system = "metric"; + latitude = "52.31501090166047"; longitude = "8.910633035293603"; + elevation = "59"; + + external_url = "https://ha2.gssws.de"; + internal_url = "http://192.168.42.11:8123"; }; http = { ip_ban_enabled = false; @@ -44,28 +98,86 @@ ]; }; + default_config = {}; energy = {}; - frontend = {}; - history = {}; - map = {}; - my = {}; - mobile_app = {}; - network = {}; - notify = {}; - person = {}; - ssdp = {}; - sun = {}; - system_health = {}; - zeroconf = {}; + + "automation ui" = "!include automations.yaml"; device_tracker = [ { platform = "luci"; - host = "192.168.8.1"; + host = "192.168.42.1"; username = "!secret router_admin_username"; password = "!secret router_admin_password"; } ]; + + python_script = {}; + + waste_collection_schedule = { + sources = [ + { + name = "jumomind_de"; + args = { + service_id = "sbm"; + city = "Minden"; + street = "Schwerinstr."; + house_number = "17b"; + }; + } + ]; + }; + + zone = [ + { + name = "Home"; + latitude = "52.31501090166047"; + longitude = "8.910633035293603"; + radius = "30"; + } + { + name = "DKSB"; + latitude = "52.31249954762553"; + longitude = "8.910920619964601"; + radius = "60"; + } + { + name = "Hainweg"; + latitude = "52.3176809501406"; + longitude = "8.890610933303835"; + radius = "60"; + } + { + name = "Lande"; + latitude = "52.35688908037632"; + longitude = "8.898582458496096"; + radius = "87"; + } + { + name = "Rürups"; + latitude = "52.317152702118655"; + longitude = "8.89446449221293"; + radius = "70"; + } + { + name = "Schule"; + latitude = "52.30213492276748"; + longitude = "8.88126075267792"; + radius = "200"; + } + { + name = "Sokos"; + latitude = "50.92777444599559"; + longitude = "6.583169284373658"; + radius = "50"; + } + { + name = "Wohnung Aachen"; + latitude = "50.7800954893528"; + longitude = "6.154607534408569"; + radius = "13"; + } + ]; }; mqtt = { @@ -83,6 +195,49 @@ ]; hashedPassword = "$7$101$M0Q/s9ReWPaMy+pT$Y8t9DwmW3y74lyvYrCE+sqEcz9yGG9VaHw8vt4wVZgUVVV9muY00ymjkwsTNtaTIlnQyB7z7POPLT3PURtQfeg=="; }; + + frigate = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$BZvoqhiaWo8TbFEv$KlE8XiE9dhfNV50SoUiBjTgnvSRaCwWdouuVcN4ZeHkR7/4JufQ7adW0VhVmtpv+6V9KOPDlN3wRaV+5eVlF3Q=="; + }; + nuki_wohnung = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$21wWveYvOyQKNuhd$rXD8d4F+Wf4k6LDkM09bsfkQfc+iXakRaH2sygYgOQqfrJ5Egt8D+9LVKa9ZQ12HLPSHDo0bP8ygVmY6iVJCjQ=="; + }; + poffertjes = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$n5J9RKGzFF7bOsOH$YNPQawxsfuDZk/N6NrNzkE5rEfTRlCW5Fjpk6kgwyTg4C6Peyz4I79ii4UMSANJ8DFNsPRL1KohCcXK07SMW2w=="; + }; + shelly1_flur_deckenlicht = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$n0PyELB9214BiluQ$P24lJlXDpKLaGSerrp51z5UUl3wYSek9SbJN+buqoS9acrCn7s3mtSLZfeMP0JT8zXx83GJrNwlDaA0BOu00xg=="; + }; + shelly25_abstellraum = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$n9IcybeGEAhnoWv5$RSnkEJFgDsrKUzEaLfNIa/5v4gkTMZSAq2bb7KzWSG6zaufHdnvtDZT+q7dZ3pkBFXndKtoelmuvm7XJLJC1mg=="; + }; + shelly25_badezimmer = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$PNWBSZUE4Ar5dOhx$2u6dneedx7OLOjH1auoax2AC1GP4oVcXe4OAmO3riNpzXZF9V1cJ7k/GREx9/vO/ONt5PuUygilk3X4SIYnf9A=="; + }; + tasmota_wohnzimmer_tv_steckdosenleiste = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$cywQWWzxPUUpUqdC$Q9tjqE4bW0VaNMVKIuts/wuyFetC//PyLVcRtpaK02HxwlTPY7jWivXUBA/t8l0wGZsS8lsiOIAu8e6bHb+7Xw=="; + }; }; }; diff --git a/hosts/giggles/lrad.nix b/hosts/giggles/lrad.nix index 3979ba4f..0a94dcae 100644 --- a/hosts/giggles/lrad.nix +++ b/hosts/giggles/lrad.nix @@ -1,11 +1,12 @@ -{ pkgs, config, ... }: - -let +{ + pkgs, + config, + ... +}: let serviceAddress = "10.10.41.11"; containerStateDir = "/data"; hostStateDir = "/srv/container/lrad"; -in -{ +in { containers."lrad" = { privateNetwork = true; hostAddress = "10.10.41.1"; @@ -16,8 +17,12 @@ in isReadOnly = false; }; - config = { config, pkgs, ... }: { - networking.firewall.allowedTCPPorts = [ 63080 ]; + config = { + config, + pkgs, + ... + }: { + networking.firewall.allowedTCPPorts = [63080]; #users.users."tang".isSystemUser = true; @@ -35,13 +40,12 @@ in systemd.sockets."tangd" = { enable = true; - listenStreams = [ "63080" ]; - wantedBy = [ "sockets.target" ]; + listenStreams = ["63080"]; + wantedBy = ["sockets.target"]; socketConfig = { Accept = true; }; }; }; - }; } diff --git a/hosts/giggles/network-dhcp.nix b/hosts/giggles/network-dhcp.nix new file mode 100644 index 00000000..082d0188 --- /dev/null +++ b/hosts/giggles/network-dhcp.nix @@ -0,0 +1,81 @@ +{...}: { + networking.firewall.checkReversePath = false; + networking.firewall.allowedUDPPorts = [67]; # allow dhcp request + + services.dnsmasq = { + enable = true; + settings = { + interface = [ + "vlan101" # network + "vlan102" # iot + "vlan104" # media + ]; + + no-resolv = true; + no-poll = true; + + server = [ + "1.1.1.1" + "9.9.9.9" + ]; + + dhcp-authoritative = true; + + dhcp-host = [ + # vlan101 + "18:e8:29:c6:29:84,ap-caro,10.0.42.21" # ap-caro + "e4:38:83:e7:00:10,ap-hendrik,10.0.42.22" # ap-hendrik + "e4:38:83:e7:0a:c4,ap-wohnzimmer,10.0.42.23" # ap-wohnzimmer + + # vlan102 + "38:1a:52:04:37:d8,printer,172.16.0.15" # printer + + "3c:e9:0e:87:d2:1c,nspanel-hendrik,172.16.0.21" # nspanel_hendrik + "3c:e9:0e:87:ef:d0,nspanel-schlafzimmer,172.16.0.22" # nspanel_schlafzimmer + "98:0c:33:fe:3d:a8,nuki-wohnung,172.16.0.23" # nuki_wohnung + "c8:5c:cc:5c:54:06,presence-wohnzimmer,172.16.0.24" # presence_wohnzimmer + "c8:5c:cc:5c:28:7b,presence-hendrik,172.16.0.25" # presence_hendrik + "04:78:63:7f:0e:bb,airpurifier-wohnzimmer,172.16.0.26" # airpurifier_wohnzimmer + "48:e7:29:c1:a3:f0,nspanel-caro,172.16.0.27" # nspanel_caro + "5c:c5:63:eb:e8:b8,poffertjes,172.16.0.28" # poffertjes + "d0:ba:e4:e7:7d:d5,airpurifier-hendrik,172.16.0.29" # airpurifier_hendrik + "98:f4:ab:f2:43:98,shelly1-flur-deckenlicht,172.16.0.30" # shelly1 flur deckenlicht + "a4:cf:12:ba:72:c1,shelly25-abstellraum,172.16.0.31" # shelly25 abstellraum + "c8:2b:96:11:10:46,shelly25-badezimmer,172.16.0.32" # shelly25 badezimmer + "24:62:ab:41:06:f2,tasmota-tv-steckdosenleiste,172.16.0.33" # tasmota-tv-steckdosenleiste + + # vlan104 + "30:58:90:1a:3b:ef,box-hendrik,10.42.0.21" # box_hendrik + "30:58:90:19:b5:03,box-schlafzimmer,10.42.0.22" # box_schlafzimmer + "30:58:90:28:7e:30,box-esstisch,10.42.0.23" # box_esstisch + + "1c:53:f9:23:d7:c4,nh-hendrik,10.42.0.31" # nh_hendrik + "1c:53:f9:14:7b:65,nh-kueche,10.42.0.32" # nh_kueche + "1c:53:f9:1c:9e:22,nh-wohnzimmer,10.42.0.33" # nh_wohnzimmer + "20:1f:3b:96:9f:29,nm-schlafzimmer,10.42.0.34" # nm_schlafzimmer + + "6c:ad:f8:73:a0:94,cc-wohnzimmer,10.42.0.41" # cc_wohnzimmer + ]; + + dhcp-range = [ + "vlan101,10.0.42.51,10.0.42.100" + "vlan102,172.16.0.101,172.16.0.150" + "vlan104,10.42.0.51,10.42.0.100" + ]; + + dhcp-option = [ + "option:dns-server,1.1.1.1" + "option:mtu,1460" + + # vlan101 + "vlan101,option:router,10.0.42.1" + + # vlan102 + "vlan102,option:router,172.16.0.1" + + # vlan104 + "vlan104,option:router,10.42.0.1" + ]; + }; + }; +} diff --git a/hosts/giggles/network.nix b/hosts/giggles/network.nix new file mode 100644 index 00000000..637d6923 --- /dev/null +++ b/hosts/giggles/network.nix @@ -0,0 +1,55 @@ +{lib, ...}: { + networking = { + enableIPv6 = false; + useDHCP = false; + vlans = { + vlan101 = { + id = 101; + interface = "eth0"; + }; # network vlan + vlan102 = { + id = 102; + interface = "eth0"; + }; # iot vlan + vlan104 = { + id = 104; + interface = "eth0"; + }; # media vlan + }; + interfaces = { + eth0 = { + useDHCP = true; + mtu = 1460; + }; + + vlan101 = { + mtu = 1460; + ipv4.addresses = [ + { + address = "10.0.42.11"; + prefixLength = 24; + } + ]; + }; + vlan102 = { + mtu = 1460; + ipv4.addresses = [ + { + address = "172.16.0.11"; + prefixLength = 24; + } + ]; + }; + vlan104 = { + mtu = 1460; + ipv4.addresses = [ + { + address = "10.42.0.11"; + prefixLength = 24; + } + ]; + }; + }; + networkmanager.enable = lib.mkForce false; + }; +} diff --git a/hosts/giggles/tang-container.nix b/hosts/giggles/tang-container.nix index 4f1d40cd..142fe5f8 100644 --- a/hosts/giggles/tang-container.nix +++ b/hosts/giggles/tang-container.nix @@ -1,12 +1,13 @@ -{ pkgs, config, ... }: - -let +{ + pkgs, + config, + ... +}: let containerStateDir = "/data"; hostStateDir = "/opt/tangd"; servicePort = 8081; -in -{ - networking.firewall.allowedTCPPorts = [ servicePort ]; +in { + networking.firewall.allowedTCPPorts = [servicePort]; containers."tang" = { autoStart = true; @@ -16,17 +17,21 @@ in isReadOnly = false; }; - config = { config, pkgs, ... }: { + config = { + config, + pkgs, + ... + }: { networking.firewall.enable = false; - users.groups."_tang" = {} ; + users.groups."_tang" = {}; users.users."_tang" = { group = "_tang"; isSystemUser = true; }; - environment.systemPackages = with pkgs; [ jose tang ]; + environment.systemPackages = with pkgs; [jose tang]; systemd.services."tangd@" = { enable = true; @@ -40,8 +45,8 @@ in systemd.sockets."tangd" = { enable = true; - listenStreams = [ "${toString servicePort}" ]; - wantedBy = [ "sockets.target" ]; + listenStreams = ["${toString servicePort}"]; + wantedBy = ["sockets.target"]; socketConfig = { Accept = true; }; @@ -49,6 +54,5 @@ in system.stateVersion = "22.11"; }; - }; } diff --git a/hosts/giggles/unifi.nix b/hosts/giggles/unifi.nix new file mode 100644 index 00000000..b2136ff7 --- /dev/null +++ b/hosts/giggles/unifi.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: + +{ + networking.firewall.allowedTCPPorts = [8443]; # open unifi web interface port + + services.unifi = { + enable = true; + unifiPackage = pkgs.unifi7; + openFirewall = true; + }; +}