From c9e4ab6af04f4c4544d5dd2db360b5e25d538dfb Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Wed, 28 Feb 2024 23:38:15 +0100 Subject: [PATCH] changes to home assistant, docker images, rustdesk relay --- hosts/fw.cloonar.com/modules/dhcp4.nix | 53 +++-- hosts/fw.cloonar.com/modules/firewall.nix | 3 +- .../modules/home-assistant/ac.nix | 10 +- .../modules/home-assistant/battery.nix | 32 +-- .../modules/home-assistant/light.nix | 2 +- .../modules/home-assistant/multimedia.nix | 194 ++++++++---------- .../modules/home-assistant/sleep.nix | 6 +- hosts/fw.cloonar.com/modules/palworld.nix | 6 +- hosts/fw.cloonar.com/modules/podman.nix | 60 +++--- hosts/fw.cloonar.com/modules/unbound.nix | 31 ++- .../modules/update-containers.nix | 39 ++++ hosts/nb-01.cloonar.com/configuration.nix | 13 +- hosts/nb-01.cloonar.com/modules/sway/sway.nix | 1 - hosts/web-01.cloonar.com/configuration.nix | 2 +- hosts/web-01.cloonar.com/modules/rustdesk.nix | 39 ++++ 15 files changed, 292 insertions(+), 199 deletions(-) create mode 100644 hosts/fw.cloonar.com/modules/update-containers.nix create mode 100644 hosts/web-01.cloonar.com/modules/rustdesk.nix diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix index ea10aa6..9b5ecc3 100644 --- a/hosts/fw.cloonar.com/modules/dhcp4.nix +++ b/hosts/fw.cloonar.com/modules/dhcp4.nix @@ -17,11 +17,6 @@ persist = true; type = "memfile"; }; - dhcp-ddns = { - enable-updates = true; - qualifying-suffix = "cloonar.com."; - replace-client-name = "when-not-present"; - }; rebind-timer = 2000; renew-timer = 1000; subnet4 = [ @@ -42,27 +37,16 @@ name = "domain-name"; data = "cloonar.com"; } + { + name = "domain-search"; + data = "cloonar.com"; + } { name = "domain-name-servers"; data = "10.42.96.1"; } ]; reservations = [ - { - hw-address = "98:b6:e9:b6:ef:f4"; - ip-address = "10.42.96.21"; - server-hostname = "switch.cloonar.com"; - } - { - hw-address = "c4:a7:2b:c7:ea:30"; - ip-address = "10.42.96.167"; - server-hostname = "metz.cloonar.com"; - } - { - hw-address = "bc:33:29:ed:24:f0"; - ip-address = "10.42.96.176"; - server-hostname = "ps5-living.cloonar.com"; - } ]; } { @@ -171,7 +155,27 @@ { hw-address = "c4:a7:2b:c7:ea:30"; ip-address = "10.42.99.10"; - server-hostname = "metz.cloonar.com"; + hostname = "metz.cloonar.multimedia"; + } + { + hw-address = "f0:2f:9e:d4:3b:21"; + ip-address = "10.42.99.11"; + hostname = "firetv-living"; + } + { + hw-address = "bc:33:29:ed:24:f0"; + ip-address = "10.42.99.12"; + hostname = "ps5"; + } + { + hw-address = "bc:33:29:ed:24:f1"; + ip-address = "10.42.99.13"; + hostname = "xbox"; + } + { + hw-address = "98:b6:e9:b6:ef:f4"; + ip-address = "10.42.99.14"; + hostname = "switch"; } ]; } @@ -209,7 +213,7 @@ } { name = "domain-name"; - data = "cloonar.com"; + data = "cloonar.smart"; } { name = "domain-name-servers"; @@ -217,11 +221,6 @@ } ]; reservations = [ - { - hw-address = "7a:5a:d6:d0:29:fe"; - ip-address = "10.42.100.10"; - server-hostname = "home-assistant.cloonar.com"; - } { hw-address = "60:a4:23:97:4a:ec"; ip-address = "10.42.100.21"; diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix index cc8f214..129db77 100644 --- a/hosts/fw.cloonar.com/modules/firewall.nix +++ b/hosts/fw.cloonar.com/modules/firewall.nix @@ -87,9 +87,10 @@ iifname { "lan", "server", "vserver", "wg_cloonar" } oifname { "lan", "vb-*", "server", "vserver", "infrastructure", "multimedia", "smart", "wg_cloonar" } counter accept iifname { "lan", "server", "wg_cloonar" } oifname { "wrwks", "wg_epicenter", "wg_ghetto_at" } counter accept iifname { "infrastructure" } oifname { "server", "vserver" } counter accept + iifname { "lan", "wan" } udp dport { 8211, 27015 } counter accept comment "palworld" # accept palword server - iifname { "wan", "lan" } oifname "podman0" udp dport { 8211, 27015 } counter accept + iifname { "wan", "lan" } oifname "podman0" udp dport { 8211, 27015 } counter accept comment "palworld" # allow all established, related ct state { established, related } accept comment "Allow established traffic" diff --git a/hosts/fw.cloonar.com/modules/home-assistant/ac.nix b/hosts/fw.cloonar.com/modules/home-assistant/ac.nix index 99c6f74..1998e2c 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/ac.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/ac.nix @@ -24,7 +24,7 @@ action = { service = "climate.set_hvac_mode"; target = { - entity_id = "climate.livingroom_ac"; + entity_id = "climate.living_room"; }; data = { hvac_mode = "off"; @@ -37,8 +37,8 @@ trigger = { platform = "state"; entity_id = [ - "climate.livingroom_ac" - "climate.bedroom_ac" + "climate.living_room" + "climate.bedroom" ]; to = [ "heat" @@ -70,7 +70,7 @@ { service = "climate.set_hvac_mode"; target = { - entity_id = "climate.bedroom_ac"; + entity_id = "climate.bedroom"; }; data = { hvac_mode = "cold"; @@ -93,7 +93,7 @@ action = { service = "climate.set_hvac_mode"; target = { - entity_id = "climate.bedroom_ac"; + entity_id = "climate.bedroom"; }; data = { hvac_mode = "off"; diff --git a/hosts/fw.cloonar.com/modules/home-assistant/battery.nix b/hosts/fw.cloonar.com/modules/home-assistant/battery.nix index 35eff34..6fe7f55 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/battery.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/battery.nix @@ -50,28 +50,28 @@ sensor_low_battery = { name = "Sensor has low battery!"; message = '' - {%- set domains = ['sensor', 'battery'] -%} - {%- set threshold = 30 -%} - {%- set exclude_entities = ['sensor.sensors_lowest_battery_level','sensor.dominiks_iphone_battery_level'] -%} + {% set domains = ['sensor', 'battery'] %} + {% set threshold = 30 %} + {%- set exclude_entities = ['sensor.sensors_lowest_battery_level','sensor.dominiks_iphone_battery_level','sensor.roborock_s8_pro_ultra_battery'] -%} Sensors are below 50% battery: - {%- for domain in domains -%} - {%- for item in states[domain] -%} - {%- if item.entity_id not in exclude_entities -%} - {%- if item.attributes.battery_level is defined -%} - {%- set level = item.attributes.battery_level|int -%} + {% for domain in domains %} + {% for item in states[domain] %} + {% if item.entity_id not in exclude_entities %} + {% if item.attributes.battery_level is defined %} + {% set level = item.attributes.battery_level|int %} {% if level > 0 and level < threshold %} - {{ item.attributes.friendly_name }} ({{ item.attributes['battery_level']|int}}%) {%- endif -%} - {%- endif -%} - {%- if item.attributes.device_class is defined and item.attributes.device_class == 'battery' -%} - {%- set level = item.state|int -%} + {% endif %} + {% if item.attributes.device_class is defined and item.attributes.device_class == 'battery' %} + {% set level = item.state|int %} {% if level > 0 and level <= threshold %} - {{ item.attributes.friendly_name }} ({{ item.state|int }}%) - {%- endif -%} - {%- endif %} - {%- endif -%} - {%- endfor -%} - {%- endfor -%} + {% endif %} + {% endif %} + {% endif %} + {% endfor %} + {% endfor %} ''; entity_id = "binary_sensor.sensor_low_battery"; state = "on"; diff --git a/hosts/fw.cloonar.com/modules/home-assistant/light.nix b/hosts/fw.cloonar.com/modules/home-assistant/light.nix index 85bae9d..2ab5f44 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/light.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/light.nix @@ -99,7 +99,7 @@ ]; } { - conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.bathroom_light' }}" ]; + conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.bathroom_lights' }}" ]; sequence = [ { service = "light.turn_on"; diff --git a/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix b/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix index 76f1c4a..47c95e4 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix @@ -1,34 +1,43 @@ { services.home-assistant.extraComponents = [ + "ping" "broadlink" "androidtv" + "samsungtv" ]; services.home-assistant.config = { - # binary_sensor = [ - # { - # name = "ps5_living"; - # platform = "command_line"; - # command = "python /var/lib/hass/ps5.py -q -b 10.42.96.176"; - # device_class = "connectivity"; - # scan_interval = 5; - # } - # { - # platform = "template"; - # sensors = { - # multimedia_device_on = { - # friendly_name = "Any multimedia device on"; - # device_class = "connectivity"; - # value_template = '' - # {% if is_state('binary_sensor.ps5_living', 'on') or states('media_player.fire_tv_firetv_living_cloonar_com') != 'off' or states('device_tracker.xbox') == 'home' %} - # on - # {% else %} - # off - # {% endif %} - # ''; - # }; - # }; - # } - # ]; + binary_sensor = [ + { + name = "xbox"; + platform = "ping"; + host = "xbox.cloonar.multimedia"; + count = 1; + scan_interval = 2; + } + { + name = "ps5"; + platform = "ping"; + host = "ps5.cloonar.multimedia"; + count = 1; + scan_interval = 2; + } + { + platform = "template"; + sensors = { + multimedia_device_on = { + friendly_name = "Any multimedia device on"; + device_class = "connectivity"; + value_template = '' + {% if is_state('binary_sensor.ps5', 'on') or is_state('binary_sensor.xbox', 'on') or states('media_player.fire_tv_firetv_living_cloonar_multimedia') != 'off' %} + on + {% else %} + off + {% endif %} + ''; + }; + }; + } + ]; # "automation tv scene" = { # alias = "auto tv scene"; # hide_entity = true; @@ -76,8 +85,8 @@ hide_entity = true; trigger = { platform = "state"; - entity_id = "device-tracker.xbox"; - to = "home"; + entity_id = "binary_sensor.xbox"; + to = "on"; }; action = [ { @@ -89,18 +98,18 @@ source = "Xbox"; }; } - { - delay = 5; - } - { - service = "denonavr.get_command"; - target = { - entity_id = "media_player.marantz_sr6015"; - }; - data = { - command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY"; - }; - } + # { + # delay = 5; + # } + # { + # service = "denonavr.get_command"; + # target = { + # entity_id = "media_player.marantz_sr6015"; + # }; + # data = { + # command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY"; + # }; + # } ]; }; "automation firetv on" = { @@ -108,7 +117,7 @@ hide_entity = true; trigger = { platform = "state"; - entity_id = "media_player.fire_tv_firetv_living_cloonar_com"; + entity_id = "media_player.fire_tv_firetv_living_cloonar_multimedia"; from = "off"; }; action = [ @@ -121,52 +130,28 @@ command = "/goform/formiPhoneAppDirect.xml?SIMPLAY"; }; } - { - delay = 5; - } + ]; + }; + "automation ps5 on" = { + alias = "ps5 on"; + hide_entity = true; + trigger = { + platform = "state"; + entity_id = "binary_sensor.ps5"; + to = "on"; + }; + action = [ { service = "denonavr.get_command"; target = { entity_id = "media_player.marantz_sr6015"; }; data = { - command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY"; + command = "/goform/formiPhoneAppDirect.xml?SIBD"; }; } ]; }; - # "automation ps5 on" = { - # alias = "ps5 on"; - # hide_entity = true; - # trigger = { - # platform = "state"; - # entity_id = "binary_sensor.ps5_living"; - # to = "on"; - # }; - # action = [ - # { - # service = "denonavr.get_command"; - # target = { - # entity_id = "media_player.marantz_sr6015"; - # }; - # data = { - # command = "/goform/formiPhoneAppDirect.xml?SIBD"; - # }; - # } - # { - # delay = 5; - # } - # { - # service = "denonavr.get_command"; - # target = { - # entity_id = "media_player.marantz_sr6015"; - # }; - # data = { - # command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY"; - # }; - # } - # ]; - # }; "automation all multimedia off" = { alias = "all multimedia off"; trigger = { @@ -176,18 +161,10 @@ }; action = [ { - conditions = [ "{{ states('media_player.android_tv_metz_cloonar_com') != 'off'}}" ]; - sequence = [ - { - service = "androidtv.adb_command"; - target = { - device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931"; - }; - data = { - command = "POWER"; - }; - } - ]; + service = "media_player.turn_off"; + target = { + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; + }; } { service = "denonavr.get_command"; @@ -212,47 +189,32 @@ conditions = [ { condition = "state"; - entity_id = "media_player.android_tv_metz_cloonar_com"; + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; state = "off"; } { condition = "state"; - entity_id = "media_player.android_tv_metz_cloonar_com"; + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; state = "unavailable"; } ]; }; action = [ - { - service = "androidtv.adb_command"; - target = { - device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931"; - }; - data = { - command = "POWER"; - }; - } - { - delay = 5; - } { choose = [ { conditions = [ { condition = "state"; - entity_id = "media_player.android_tv_metz_cloonar_com"; + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; state = "off"; } ]; sequence = [ { - service = "androidtv.adb_command"; + service = "media_player.turn_on"; target = { - device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931"; - }; - data = { - command = "adb shell am start -a android.intent.action.VIEW -d content://android.media.tv/passthrough/com.mediatek.tvinput%2F.hdmi.HDMIInputService%2FHDMI100004"; + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; }; } ]; @@ -261,7 +223,7 @@ conditions = [ { condition = "state"; - entity_id = "media_player.android_tv_metz_cloonar_com"; + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; state = "unavailable"; } ]; @@ -269,7 +231,7 @@ { service = "remote.send_command"; target = { - device_id = "46988d2d424728f7355fe12b09e88e0e"; + entity_id = "remote.rmproplus"; }; data = { num_repeats = 1; @@ -282,6 +244,18 @@ } ]; } + { + delay = 5; + } + { + service = "androidtv.adb_command"; + target = { + entity_id = "media_player.android_tv_metz_cloonar_multimedia"; + }; + data = { + command = "adb shell am start -a android.intent.action.VIEW -d content://android.media.tv/passthrough/com.mediatek.tvinput%2F.hdmi.HDMIInputService%2FHDMI100004"; + }; + } ]; }; # "automation multimedia input" = { diff --git a/hosts/fw.cloonar.com/modules/home-assistant/sleep.nix b/hosts/fw.cloonar.com/modules/home-assistant/sleep.nix index 44a963d..80f7757 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/sleep.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/sleep.nix @@ -12,7 +12,7 @@ action = { service_template = "switch.turn_on"; data_template = { - entity_id = "switch.coffee_switch"; + entity_id = "switch.coffee"; }; }; }; @@ -49,6 +49,10 @@ service = "light.turn_on"; entity_id = "light.bedroom_bed"; } + { + service = "switch.turn_off"; + entity_id = "switch.coffee"; + } ]; } ]; diff --git a/hosts/fw.cloonar.com/modules/palworld.nix b/hosts/fw.cloonar.com/modules/palworld.nix index 0ba4009..ab14a30 100644 --- a/hosts/fw.cloonar.com/modules/palworld.nix +++ b/hosts/fw.cloonar.com/modules/palworld.nix @@ -4,7 +4,7 @@ virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.containers = { palworld = { - image = "thijsvanloef/palworld-server-docker:v0.24.2"; + image = "thijsvanloef/palworld-server-docker:latest"; autoStart = true; ports = [ "8211:8211/udp" @@ -19,7 +19,5 @@ }; }; - sops.secrets.palworld = { - # owner = config.systemd.services.ddclient.serviceConfig.User; - }; + sops.secrets.palworld = {}; } diff --git a/hosts/fw.cloonar.com/modules/podman.nix b/hosts/fw.cloonar.com/modules/podman.nix index 891d098..ad827cb 100644 --- a/hosts/fw.cloonar.com/modules/podman.nix +++ b/hosts/fw.cloonar.com/modules/podman.nix @@ -2,6 +2,20 @@ let cids = import ../modules/staticids.nix; json = pkgs.formats.json { }; + + update-containers = pkgs.writeShellScriptBin "update-containers" '' + SUDO="" + if [[ $(id -u) -ne 0 ]]; then + SUDO="sudo" + fi + + images=$($SUDO ${pkgs.podman}/bin/podman ps -a --format="{{.Image}}" | sort -u) + + for image in $images + do + $SUDO ${pkgs.podman}/bin/podman pull $image + done + ''; in { users.groups.podman.gid = cids.gids.podman; virtualisation = { @@ -37,27 +51,27 @@ in { }; }); }; - # - # systemd.sockets."netavark-dhcp-proxy" = { - # description = "Netavark DHCP proxy socket"; - # socketConfig = { - # ListenStream = "%t/podman/nv-proxy.sock"; - # SocketMode = 0660; - # }; - # wantedBy = [ "sockets.target" ]; - # }; - # - # systemd.services."netavark-dhcp-proxy" = { - # description = "Netavark DHCP proxy service"; - # after = [ "netavark-dhcp-proxy.socket" ]; - # requires = [ "netavark-dhcp-proxy.socket" ]; - # wantedBy = [ "multi-user.target" "netavark-dhcp-proxy.socket" ]; - # path = [ pkgs.netavark ]; - # startLimitIntervalSec = 0; - # - # serviceConfig = { - # Type = "exec"; - # ExecStart= "${pkgs.netavark}/bin/netavark dhcp-proxy -a 30"; - # }; - # }; + + systemd.timers = { + # ... + updatecontainers = { + timerConfig = { + Unit = "updatecontainers.service"; + OnCalendar = "02:00"; + }; + wantedBy = [ "timers.target" ]; + }; + # ... + }; + + systemd.services = { + # ... + updatecontainers = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${update-containers}/bin/update-containers"; + }; + }; + # ... + }; } diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 401a91a..0534102 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -73,9 +73,10 @@ let "\"upgrade-staging.wienbautvor.at IN A 10.254.240.110\"" "\"upgrade-staging.wienwohntbesser.at IN A 10.254.240.110\"" - "\"metz.cloonar.com IN A 10.42.99.10\"" - "\"firetv-living.cloonar.com IN A 10.42.96.175\"" - "\"ps5-living.cloonar.com IN A 10.42.96.176\"" + "\"metz.cloonar.multimedia IN A 10.42.99.10\"" + "\"ps5.cloonar.multimedia IN A 10.42.99.12\"" + "\"xbox.cloonar.multimedia IN A 10.42.99.13\"" + "\"switch.cloonar.multimedia IN A 10.42.99.14\"" "\"shellycolorbulb-34945479bc57.cloonar.com IN A 10.42.100.130\"" "\"shellycolorbulb-485519d9a1b2.cloonar.com IN A 10.42.100.131\"" @@ -189,7 +190,7 @@ in { function readFileUnique() { readFile "''\$1" ''\$2 | uniq | while IFS=, read -r address hostname do - if [[ "''\${hostname}" == *.cloonar.com ]] ; then + if echo "''\${1}" | grep -Eq '.*\.(cloonar.com|cloonar.multimedia|cloonar.smart)'; then echo ''\${hostname} ''\$2 ''\${address} unbound-control local_data ''\${hostname} ''\$2 ''\${address} if [[ "''\$2" == "A" ]] ; then @@ -199,6 +200,28 @@ in { unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} done fi + else + if [[ "''\$2" == "A" ]] ; then + echo ''\${address} | while IFS=. read -r ip0 ip1 ip2 ip3 + do + if [[ "''\${hostname}" != "" ]] && [[ "''\${hostname}" != *. ]]; then + if [[ "''\${ip2}" == 96 ]]; then + unbound-control local_data ''\${hostname}.cloonar.com ''\$2 ''\${address} + fi + if [[ "''\${ip2}" == 97 ]]; then + unbound-control local_data ''\${hostname}.cloonar.com ''\$2 ''\${address} + fi + if [[ "''\${ip2}" == 99 ]]; then + unbound-control local_data ''\${hostname}.cloonar.multimedia ''\$2 ''\${address} + fi + if [[ "''\${ip2}" == 100 ]]; then + unbound-control local_data ''\${hostname}.cloonar.smart ''\$2 ''\${address} + fi + fi + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.ip4.arpa. PTR ''\${hostname} + unbound-control local_data ''\${ip3}.''\${ip2}.''\${ip1}.''\${ip0}.in-addr.arpa. PTR ''\${hostname} + done + fi fi done } diff --git a/hosts/fw.cloonar.com/modules/update-containers.nix b/hosts/fw.cloonar.com/modules/update-containers.nix new file mode 100644 index 0000000..d5effcb --- /dev/null +++ b/hosts/fw.cloonar.com/modules/update-containers.nix @@ -0,0 +1,39 @@ +{ config, pkgs, ... }: +let + update-containers = pkgs.writeShellScriptBin "update-containers" '' + SUDO="" + if [[ $(id -u) -ne 0 ]]; then + SUDO="sudo" + fi + + images=$($SUDO ${pkgs.podman}/bin/podman ps -a --format="{{.Image}}" | sort -u) + + for image in $images + do + $SUDO ${pkgs.podman}/bin/podman pull $image + done + ''; +in { + systemd.timers = { + # ... + updatecontainers = { + timerConfig = { + Unit = "updatecontainers.service"; + OnCalendar = "02:00"; + }; + wantedBy = [ "timers.target" ]; + }; + # ... + }; + + systemd.services = { + # ... + updatecontainers = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "update-containers"; + }; + }; + # ... + }; +} diff --git a/hosts/nb-01.cloonar.com/configuration.nix b/hosts/nb-01.cloonar.com/configuration.nix index a8b6524..8e843ce 100644 --- a/hosts/nb-01.cloonar.com/configuration.nix +++ b/hosts/nb-01.cloonar.com/configuration.nix @@ -3,7 +3,9 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: -{ +let + unstable = import { config = { allowUnfree = true; }; }; +in { nixpkgs.config.allowUnfree = true; imports = @@ -27,10 +29,10 @@ ]; - nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1v" - "electron-24.8.6" - ]; + # nixpkgs.config.permittedInsecurePackages = [ + # "openssl-1.1.1v" + # "electron-24.8.6" + # ]; fonts.packages = with pkgs; [ open-sans @@ -123,6 +125,7 @@ git-filter-repo ykfde nix-prefetch-git + unstable.rustdesk-flutter ]; environment.variables = { diff --git a/hosts/nb-01.cloonar.com/modules/sway/sway.nix b/hosts/nb-01.cloonar.com/modules/sway/sway.nix index bdb12ba..e1c1fc8 100644 --- a/hosts/nb-01.cloonar.com/modules/sway/sway.nix +++ b/hosts/nb-01.cloonar.com/modules/sway/sway.nix @@ -72,7 +72,6 @@ in { pinentry rbw rofi-rbw - rustdesk slurp sway sway-launcher-desktop diff --git a/hosts/web-01.cloonar.com/configuration.nix b/hosts/web-01.cloonar.com/configuration.nix index 32a94ce..2df995b 100644 --- a/hosts/web-01.cloonar.com/configuration.nix +++ b/hosts/web-01.cloonar.com/configuration.nix @@ -10,6 +10,7 @@ ./modules/zammad ./modules/authelia # ./modules/nextcloud + ./modules/rustdesk.nix ./modules/postgresql.nix ./modules/grafana.nix ./modules/loki.nix @@ -39,7 +40,6 @@ ./sites/api.optiprot.cloonar.dev.nix ./sites/cloonar.dev.nix - # ./sites/diabetes-austria.cloonar.dev.nix ./sites/paraclub.cloonar.dev.nix ./sites/api.paraclub.cloonar.dev.nix ./sites/tandem.paraclub.cloonar.dev.nix diff --git a/hosts/web-01.cloonar.com/modules/rustdesk.nix b/hosts/web-01.cloonar.com/modules/rustdesk.nix new file mode 100644 index 0000000..047aa1b --- /dev/null +++ b/hosts/web-01.cloonar.com/modules/rustdesk.nix @@ -0,0 +1,39 @@ +{ config, pkgs, ... }: + +{ + virtualisation = { + podman.enable = true; + oci-containers.containers = { + rustdesk-server = { + image = "rustdesk/rustdesk-server-s6:1"; + volumes = [ "/var/lib/rustdesk-server:/data" ]; + environment = { + RELAY = "rustdesk.cloonar.com:21117"; + }; + ports = [ + "21115:21115" + "21116:21116" + "21116:21116/udp" + "21118:21118" + "21117:21117" + "21119:21119" + ]; + }; + }; + }; + + users.users.rustdesk-server = { + isSystemUser = true; + group = "rustdesk-server"; + home = "/var/lib/rustdesk-server"; + createHome = true; + }; + users.groups.rustdesk-server = { }; + users.groups.docker.members = [ "rustdesk-server" ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 5000 21115 21116 21117 21118 21119 ]; + allowedUDPPorts = [ 21116 ]; + }; +}