Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

many changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-05-08 22:46:20 +02:00
parent 3b01625f7d
commit bc57914131
8 changed files with 219 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
hosts/fw/modules/dnsmasq.nix Normal file
View File

@@ -0,0 +1,160 @@
{ config, ... }: {
services.resolved.enable = false;
services.dnsmasq = {
enable = true;
settings = {
port = "53";
bind-interfaces = true; # force dnsmasq to bind immediately
expand-hosts = true;
log-dhcp = true;
server = [
"/epicenter.works/10.50.60.1"
"/akvorrat.at/10.50.60.1"
"9.9.9.9"
"149.112.112.11"
];
interface = [
"lan"
"server"
"infrastructure"
"multimedia"
"guest"
"smart"
];
domain = [
"cloonar.com,lan"
"cloonar.com,server"
"cloonar.com,infrastructure"
"cloonar.multimedia,multimedia"
"cloonar.smart,smart"
"cloonar.guest,guest"
];
dhcp-option = [
"lan,15,cloonar.com" # domain name
"lan,3,${config.networkPrefix}.96.1" # Gateway
"lan,6,${config.networkPrefix}.96.1" # DNS
"server,15,cloonar.com"
"server,3,${config.networkPrefix}.97.1"
"server,6,${config.networkPrefix}.97.1"
"infrastructure,15,cloonar.com"
"infrastructure,3,${config.networkPrefix}.101.1"
"infrastructure,6,${config.networkPrefix}.101.1"
"multimedia,15,cloonar.multimedia"
"multimedia,3,${config.networkPrefix}.99.1"
"multimedia,6,${config.networkPrefix}.99.1"
"smart,15,cloonar.smart"
"smart,3,${config.networkPrefix}.100.1"
"smart,6,${config.networkPrefix}.100.1"
"guest,15,cloonar.guest"
"guest,3,${config.networkPrefix}.254.1"
"guest,6,9.9.9.9"
];
dhcp-range = [
"lan,${config.networkPrefix}.96.100,${config.networkPrefix}.96.200,24h"
"server,${config.networkPrefix}.97.100,${config.networkPrefix}.97.200,24h"
"infrastructure,${config.networkPrefix}.101.100,${config.networkPrefix}.101.200,24h"
"multimedia,${config.networkPrefix}.99.100,${config.networkPrefix}.99.200,24h"
"smart,${config.networkPrefix}.100.100,${config.networkPrefix}.100.200,24h"
"guest,${config.networkPrefix}.254.100,${config.networkPrefix}.254.200,24h"
];
dhcp-host = [
"30:05:5c:56:62:37,${config.networkPrefix}.96.100,brn30055c566237"
"24:df:a7:b1:1b:74,${config.networkPrefix}.96.101,rmproplus-b1-1b-74"
"1a:c4:04:6e:29:bd,${config.networkPrefix}.97.2,omada"
"02:00:00:00:00:03,${config.networkPrefix}.97.5,web-02"
"02:00:00:00:00:04,${config.networkPrefix}.97.6,matrix"
"ea:db:d4:c1:18:ba,${config.networkPrefix}.97.50,git"
"c2:4f:64:dd:13:0c,${config.networkPrefix}.97.20,home-assistant"
"1a:c4:04:6e:29:02,${config.networkPrefix}.101.25,deconz"
"c4:a7:2b:c7:ea:30,${config.networkPrefix}.99.10,metz"
"f0:2f:9e:d4:3b:21,${config.networkPrefix}.99.11,firetv-living"
"e4:2a:ac:32:3f:79,${config.networkPrefix}.99.13,xbox"
"f0:2f:9e:c1:74:72,${config.networkPrefix}.99.21,firetv-bedroom"
"30:05:5c:56:62:37,${config.networkPrefix}.99.100,brn30055c566237"
"fc:ee:28:03:63:e9,${config.networkPrefix}.100.148,k1c"
"cc:50:e3:bc:27:64,${config.networkPrefix}.100.112,Nuki_Bridge_1A753F72"
"34:6f:24:f3:af:ad,${config.networkPrefix}.100.137,daikin86604"
"34:6f:24:c1:f8:54,${config.networkPrefix}.100.139,daikin53800"
];
address = [
"/fw.cloonar.com/${config.networkPrefix}.97.1"
"/omada.cloonar.com/${config.networkPrefix}.97.2"
"/pc.cloonar.com/${config.networkPrefix}.96.5"
"/home-assistant.cloonar.com/${config.networkPrefix}.97.20"
"/mopidy.cloonar.com/${config.networkPrefix}.97.21"
"/snapcast.cloonar.com/${config.networkPrefix}.97.21"
"/git.cloonar.com/${config.networkPrefix}.97.50"
"/feeds.cloonar.com/188.34.191.144"
"/stage.wsw.at/10.254.235.22"
"/prod.wsw.at/10.254.217.23"
"/piwik.wohnservice-wien.at/10.254.240.109"
"/wohnberatung-wien.at/10.254.240.109"
"/wohnpartner-wien.at/10.254.240.109"
"/wohnservice-wien.at/10.254.240.109"
"/mieterhilfe.at/10.254.240.109"
"/wienbautvor.at/10.254.240.109"
"/wienwohntbesser.at/10.254.240.109"
"/a.stage.wohnberatung-wien.at/10.254.240.110"
"/a.stage.wohnpartner-wien.at/10.254.240.110"
"/a.stage.wohnservice-wien.at/10.254.240.110"
"/a.stage.mieterhilfe.at/10.254.240.110"
"/a.stage.wienbautvor.at/10.254.240.110"
"/a.stage.wienwohntbesser.at/10.254.240.110"
"/b.stage.wohnberatung-wien.at/10.254.240.110"
"/b.stage.wohnpartner-wien.at/10.254.240.110"
"/b.stage.wohnservice-wien.at/10.254.240.110"
"/b.stage.mieterhilfe.at/10.254.240.110"
"/b.stage.wienbautvor.at/10.254.240.110"
"/b.stage.wienwohntbesser.at/10.254.240.110"
"/web.hilgenberg-gmbh.de/91.107.197.169"
# gaming
"/foundry-vtt.cloonar.com/${config.networkPrefix}.97.5"
"/deconz.cloonar.multimedia/${config.networkPrefix}.97.22"
"/ddl-warez.to/172.67.184.30"
"/cdnjs.cloudflare.com/104.17.24.14"
# esphome devices
"/livingroom-bulb-1.cloonar.smart/${config.networkPrefix}.100.11"
"/livingroom-bulb-2.cloonar.smart/${config.networkPrefix}.100.12"
"/livingroom-bulb-3.cloonar.smart/${config.networkPrefix}.100.13"
"/livingroom-bulb-4.cloonar.smart/${config.networkPrefix}.100.14"
"/livingroom-bulb-5.cloonar.smart/${config.networkPrefix}.100.15"
"/livingroom-bulb-6.cloonar.smart/${config.networkPrefix}.100.16"
"/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.21"
"/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.22"
"/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.23"
"/bedroom-bulb-0.cloonar.smart/${config.networkPrefix}.100.24"
"/hallway-bulb-0.cloonar.smart/${config.networkPrefix}.100.31"
"/hallway-bulb-0.cloonar.smart/${config.networkPrefix}.100.32"
"/bath-bulb-0.cloonar.smart/${config.networkPrefix}.100.41"
"/bath-bulb-0.cloonar.smart/${config.networkPrefix}.100.42"
];
};
};
systemd.services.dnsmasq = {
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
};
networking.firewall.allowedUDPPorts = [ 53 67 ];
}

1
hosts/fw/modules/firewall.nix
View File

@@ -34,6 +34,7 @@
iifname "lan" tcp dport 5931 counter accept comment "Spice"
iifname { "server", "vserver", "vm-*", "lan", "wg_cloonar" } counter accept comment "allow trusted to router"
iifname { "multimedia", "smart", "infrastructure", "podman0", "setup" } udp dport { 53, 5353 } counter accept comment "DNS"
iifname { "multimedia", "smart", "infrastructure", "server", "lan", "guest" } udp dport { 67 } counter accept comment "DHCP"
iifname { "wan", "multimedia" } icmp type { echo-request, destination-unreachable, time-exceeded } counter accept comment "Allow select ICMP"
# Accept mDNS for avahi reflection

53
hosts/fw/modules/home-assistant/light.nix
View File

@@ -421,21 +421,62 @@
"light.bathroom_bulb_2"
];
}
{
platform = "switch";
name = "Hallway Switch";
entity_id = "switch.hallway";
}
{
platform = "group";
name = "Hallway Lights";
all = true;
entities = [
"light.hallway_switch"
"light.hallway_light_switch_mini_switch"
"light.hallway_bulb_1"
"light.hallway_bulb_2"
];
}
{
platform = "template";
lights = {
hallway_group_proxy = {
friendly_name = "Hallway Lights (Proxy)";
# follow the real groups on/off state
value_template = "{{ is_state('light.hallway_lights','on') }}";
turn_on = {
service = "light.turn_on";
data = { entity_id = "light.hallway_lights"; };
};
turn_off = {
service = "light.turn_off";
data = { entity_id = "light.hallway_lights"; };
};
# brightness support
set_level = {
service = "light.turn_on";
data_template = {
entity_id = "light.hallway_lights";
brightness = "{{ brightness }}";
};
};
# color temperature support (if you have CT-capable bulbs)
set_temperature = {
service = "light.turn_on";
data_template = {
entity_id = "light.hallway_lights";
color_temp = "{{ color_temp }}";
};
};
# RGB color support
set_color = {
service = "light.turn_on";
data_template = {
entity_id = "light.hallway_lights";
rgb_color = [ "{{ red }}" "{{ green }}" "{{ blue }}" ];
};
};
# always report as “available”
availability_template = "true";
# declare which color modes you need
supported_color_modes = [ "brightness" "color_temp" "rgb" ];
};
};
}
{
platform = "switch";
name = "Toilet Switch";