Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove old hosts

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-08 13:56:58 +01:00
parent c512a56c11
commit de318cde63
49 changed files with 0 additions and 2776 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
hosts/git.cloonar.com/configuration.nix
View File

@@ -1,71 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./fleet.nix
./utils/bento.nix
./utils/modules/sops.nix
./utils/modules/lego/lego.nix
./modules/gitea.nix
./modules/drone/server.nix
./modules/drone/runner.nix
./modules/fwmetrics.nix
./utils/modules/borgbackup.nix
./utils/modules/netdata.nix
./utils/modules/promtail
# ./utils/modules/victoriametrics
./utils/modules/autoupgrade.nix
./hardware-configuration.nix
];
nixpkgs.overlays = [
(import ./utils/overlays/packages.nix)
(let
pinnedPkgs = import(pkgs.fetchFromGitHub {
owner = "NixOS";
repo = "nixpkgs";
rev = "b6bbc53029a31f788ffed9ea2d459f0bb0f0fbfc";
sha256 = "sha256-JVFoTY3rs1uDHbh0llRb1BcTNx26fGSLSiPmjojT+KY=";
}) {};
in
final: prev: {
docker = pinnedPkgs.docker;
})
];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
boot.loader.grub.device = "/dev/sda";
networking.hostName = "git";
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
environment.systemPackages = with pkgs; [
bento
vim
git
];
# backups
borgbackup.repo = "u149513-sub3@u149513-sub3.your-backup.de:borg";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8000 ];
};
nix.gc = {
automatic = true;
options = "--delete-older-than 60d";
};
system.stateVersion = "23.05";
}

1
hosts/git.cloonar.com/fleet.nix
View File

@@ -1 +0,0 @@
../../fleet.nix

30
hosts/git.cloonar.com/hardware-configuration.nix
View File

@@ -1,30 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "aesni_intel" "cryptd" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4973f85d-da13-4094-8c71-936c275e24d0";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/049162b7-81f0-4f2d-a440-5956a0958337"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

47
hosts/git.cloonar.com/modules/drone/runner.nix
View File

@@ -1,47 +0,0 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
users.users.drone-runner = {
isSystemUser = true;
group = "drone-runner";
home = "/var/lib/drone-runner";
createHome = true;
};
users.groups.drone-runner = { };
users.groups.docker.members = [ "drone-runner" ];
systemd.services.drone-runner = {
description = "Drone Runner (CI CD Service)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.docker ];
serviceConfig = {
# Type = "simple";
Name = "drone-runner";
User = "drone-runner";
Group = "drone-runner";
Restart = "always";
ExecStartPre= ''
-${pkgs.docker}/bin/docker stop %n \
${pkgs.docker}/bin/docker rm %n
'';
ExecStart= ''
${pkgs.docker}/bin/docker run --rm --name %n \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--env-file=/run/secrets/drone-runner \
--env=DRONE_RPC_PROTO=https \
--env=DRONE_RPC_HOST=drone.cloonar.com \
--env=DRONE_RUNNER_CAPACITY=2 \
drone/drone-runner-docker:1.8.3
'';
};
};
sops.secrets.drone-runner = {
owner = config.systemd.services.drone-runner.serviceConfig.User;
key = "drone";
};
}

30
hosts/git.cloonar.com/modules/drone/secrets.yaml
View File

@@ -1,30 +0,0 @@
drone: ENC[AES256_GCM,data:Z1Rjso+5XYfvp2xJDXCQkI88GXl83v2oEkMLmOV/rb0DwRmhxCYzYX6fcdidk271Drf1YaPstVvm2LQB38jlBnJtg98aAGegj2fWfT44IbPIi8qDe93M2gFxFDgosoA2eOS2MjEwyBDp9GEUnKyi2gHR8khnTCvegVIntsusWOW/1tbzymKXavZAJUlX+82d/+6NWUEcnbislxhyph8P1Lgw546q,iv:SllCBHlq8ZCBqOHwMaCUcX6D/VDWsbN7uICZKb/R35w=,tag:mEb4E02VUaYGVjyI30FcXA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OW1JN0hjYjh4cDlmLyt6
dHRlSjN6Y1JWUFdzNWlZZ3c0Z2F4bXBCa1NFCjM3b3pPZVhtbDdob3lsR2xlMmJI
bjRRMHFjQ2kwWWJKT1p5VW5NVGJuZ3MKLS0tICtRcTFoSmxyeUhaaVlxQUxRWkJl
SXR2M293UFBxNFovRnlTQ1o4SzloaEEK+onGdd/7aEF71ibLoLXE5/SbJQWsKigh
h8BhfT1z9P5UYNoGHVv8Ry6LndyrBLEv+PUBuT0XJpEVPjKLm99KbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyL3dDczRNMjNQUWVjelR5
TG93QUFjVGtMNFplaTErOTJjT2dHbWtWUVNzCjNTV0tUY2hpcnp1SDZ4UTB2aFNI
M2JwSkdNS0RFQVlPRUNzRG41aW5aS3cKLS0tIEJtaTRXdTI3NGJxZENJTk9jT1hi
N3RLRjdkMmZkSmZWZGlYbXRRUTJOZFEK2bJo7iyE3A5ds7tW5bAHgyfGqgH4cRjY
hLzYp083QYbXKAqP1w8a3JFXofv1RWd7tUb61I6R4Rd6hXZUv1a5Qw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-10T12:35:53Z"
mac: ENC[AES256_GCM,data:44J9abLbHkvjAtIUqXVZlcEAnizgg5yxKwyaZhnqIzzebWEpzqcKP6b72blaD7/jSdAiUo7bk/m4BxKVGHf9XKGxyLastbgYoFtz40rsKg9LOKpEfO2kl3JV5dj7C1f8IgsHWZ8L3Vb6KFKcrK2bzjZ5K5p22hCze4lQbK7CZTE=,iv:TE+6juCOTjTrx5nQhi8W5gaZkMFYrEDtoPrGdSTJSNE=,tag:AVsCIkzPjtfk3uSlsv6Dlg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

62
hosts/git.cloonar.com/modules/drone/server.nix
View File

@@ -1,62 +0,0 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
users.users.drone-server = {
isSystemUser = true;
group = "drone-server";
home = "/var/lib/drone-server";
createHome = true;
};
users.groups.drone-server = { };
users.groups.docker.members = [ "drone-server" ];
systemd.services.drone-server = {
description = "Drone Server (CI CD Service)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.docker ];
serviceConfig = {
# Type = "simple";
Name = "drone-server";
User = "drone-server";
Group = "drone-server";
Restart = "always";
ExecStartPre= ''
-${pkgs.docker}/bin/docker stop %n \
${pkgs.docker}/bin/docker rm %n
'';
ExecStart= ''
${pkgs.docker}/bin/docker run --rm --name %n \
--env-file=/run/secrets/drone-server \
--env=DRONE_AGENTS_ENABLED=true \
--env=DRONE_GITEA_SERVER=https://git.cloonar.com \
--env=DRONE_GITEA_CLIENT_ID=6a7b8c57-bd71-49c8-b67d-c2de68fda649 \
--env=DRONE_GIT_ALWAYS_AUTH=true \
--env=DRONE_SERVER_HOST=drone.cloonar.com \
--env=DRONE_SERVER_PROTO=https \
--env=DRONE_USER_CREATE=username:dominik.polakovics,admin:true \
-v /var/lib/drone:/data \
--publish=8080:80 \
drone/drone:2
'';
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."drone.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://localhost:8080";
};
};
sops.secrets.drone-server = {
owner = config.systemd.services.drone-server.serviceConfig.User;
key = "drone";
};
}

34
hosts/git.cloonar.com/modules/fwmetrics.nix
View File

@@ -1,34 +0,0 @@
{ config, pkgs, ... }:
let
configure_prom = builtins.toFile "prometheus.yml" ''
scrape_configs:
- job_name: '${config.networking.hostName}'
stream_parse: true
static_configs:
- targets:
- 127.0.0.1:9100
- job_name: 'fw'
stream_parse: true
static_configs:
- targets:
- fw.cloonar.com:9100
'';
in {
sops.secrets.victoria-agent-env = {
sopsFile = ../utils/modules/victoriametrics/secrets.yaml;
};
services.prometheus.exporters.node.enable = true;
systemd.services.export-fw-to-prometheus = {
path = with pkgs; [victoriametrics];
enable = true;
after = ["network-online.target"];
wantedBy = ["multi-user.target"];
script = "vmagent -promscrape.config=${configure_prom} -envflag.enable -remoteWrite.url=https://victoria-server.cloonar.com/api/v1/write";
serviceConfig = {
EnvironmentFile=config.sops.secrets.victoria-agent-env.path;
};
};
}

36
hosts/git.cloonar.com/modules/gitea.nix
View File

@@ -1,36 +0,0 @@
{ config, ... }:
let
domain = "git.cloonar.com";
in
{
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001/";
};
};
services.gitea = {
enable = true;
appName = "Cloonar Gitea server"; # Give the site a name
settings = {
server = {
ROOT_URL = "https://${domain}/";
HTTP_PORT = 3001;
DOMAIN = domain;
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.example.com";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
};
webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
};
};
}

32
hosts/git.cloonar.com/secrets.yaml
View File

@@ -1,32 +0,0 @@
borg-passphrase: ENC[AES256_GCM,data:exjDVqrSVJzKrDrM3f8zALfrzNVDRfJP8PE8ykr21dfobYcG5q8dz45dxWt4sgChtWggfYpn4cklSfxwbbe9cw==,iv:BwST15IfZVRpYYPUbydyfTR2CVm7XmUGL+1jbnd2VUI=,tag:RS6vetOvaFMPcBKL51zH1g==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:v3L+l3mfwLtczvuvYy9JNSTYmOFb7zukqEBMAr3jmFg/axKyGAt8gkYzmFXhVOndRxoq2jbKyvATPqA5dz0p0RWFUoZ4/dcnKQ+G2qLon5kkEAaPSiXDNi2IWDx5toOueHirFjX4R/PEMfPMxLsVA+x8mNJEC03nIJ4Y8G3fATkmay7TVtGXEXzLJH6/WAD2nGmnHQbpEIntsxvM2s11lh6uetUtrQ/79SKB9iZPWCD76j2+kLsr5jDKyjSeC/xrLehtBJFuFwB3keUJGCRk1GMSYsmlJm8ADi0tIkBf2hPEFCmO0j2QEHeK9zmh9WUiy6e8472+rOm+DKAWJz2mLmwjNXqGvX+mYjl0FW/BRipodUDVC6xipfh3mN4B4OEV5vo48xhvf7Ip6ZjIC5Z9j6cpk81GG1rLnJfw6Yjn8bcjkF1uelYy9poMBxGqQLRlQSP0vFttAh5Z5omlGl7laO/1bKs6dXxpxmHBYRcnHHP1frL92bUgVbHjC8naBqS4gjRhVrANNtkuQmIZHuCmdphKMDpIRqypXNT5OdO7GkuEIxAqiUFy+QjyRSHSjroMHPqxSOSNc/d9vQVC9JR3Fb7QP2ysvL1hz0L0Yz9PNiNNh1yRc5coFQ6L0TGotCsQQE9JOscDvZsary9vghWLWo6VT2RBMMCDcwTs1W8zLCnW09D5DNgIAjn3ykDIvR5x2RjnS6RDaOJqamQpakTmKhvff+kXGbAQfDq8Hnx9nj8+27lmu1g2B41F+8fUmjXXK+5vfoL+9Xcv+XrWpIQxdvhRBKzGiVLnn5pB1QBOHBjpNqLd+Ahv82x7jxNKLie1kLy2x/VN2DP3SIYWTl9QdRngpICTy1aapMeNbNSXhhSq873laVUXPWhOcm8MphatUlyrdySjF0RM6DBp40KlCXCebNGRSv0Yjn5zxIFXXEh6o5kJtoUzgsv3Y+Fzy5VibkFAHoAvMPCJZDtfFHLrmryp+L4GzgLktCKefsASL/xDxSiu5dJceOsefj7etXr5GoEvmrteS8Hm935R9I7MycmmDKAEKOPhO1RO1p/m9f8qUmaiY8WGkPoIJVHp+fQd2WjlE7qrvIr5e5U4aUV3FvRm1TEuWNuZ4gQ3lpQFNsWcnVpBwOtIT5OsDH45oVZ8xVyK2duMvFoMYRkRW4QnCZWPt0oaLa9/GHmPd39yAfStvK0ksOQwWiQGp3feeFtTxTWiWJicnAAMB6BK7xX3A2gOF4RkVii1YyuGXaj3c0fZakO2k2pQ9TXOn29lSxBNwNvxhP8uUnPVE5izlwSiPAcIy2x3cPEOWNeQQJJZxLunOil17Le+WDtxDsbcdmcEGUQLLQJRzUxWOvaiIo9PUwVcSjHEI8+t8JN7IgMNT8QOvIextuhY4G3ApVJCkgvXs+QwTckWKDcSIiHdIt/I6SHlv6BkNfja0zqZIJ727i4huNSfoO/vq4BUA89plxVMugmS/oLXIUQuKZM1xC1sypvjxu3W430BN3tkPmtSD5n4cuP4hLN7TtNNfkFBXe9qT4bynGHJ+q5Zr0SMK/sgF+cluuR6GLljUSCv4KH4UiVIj5ZS/iDE96vAfi0LXuOLe9TZmxgPeDVqWM1392sSwE62vJ/xTVb8Smq0yMqsGTCDg5yGBcXly3FTcbe6AU8NGGWhY+n2UoV3McHSZNzVVdeD9YvhXh1YbmXoYwguiPpv16GpxL+OnWkMFXHN0p/kK/nEX7eAq/okeMc8RHSZcp91ZYW62S7QXkIsxvQj025l589ta9S95S3BdeOWHmn/lE03yxRXn5Jn60gs02fWLnqkwPO0X6nrIWWZ5SHft3owpSttjertO27d+lZ9J41JJPU7m9wgDTENtK1UqxCsSA4x0943FLcZWNM1bNwStfHpWQsCdtcCNdNSWOJ5qpTySOnzyItckOLXOlTW/9L06kQeBFZj9Ci76TtcGUfdArRMA4xumbZAdiXsNz4IM6YjERkMj4iDL+jtRpPjCynQ/NVjd1IiWaMkndFxvlqyCcI83IZaqvRqbh6zd8p86IdGcWJYiB1cRlKNeIvltzsO4X6HM1LI8PHcBb+dXoU+c7Nik/2w0N42xvdFeMpCakNRA7wtqWDnvkEAkn+gaaQCKuk+aif/rPWey0JaE/f2JLrQiuBc1CHEOclPRNOW8UnQ4nBtddL6h7KdUJb5fTt1Hamsluzmz3/rR5v08pyKIvxGHDM4YZ/2t3mbK56pJuQhhrfPD8ZuzqYaxKTojG6Sk3ollN6CbjEsdO68aaLNyK7fzfSU5NbN45uLgo1w/+JywWhYIuWEm72GhoqJyaj74NpPn8Nz4dcL15wrivnuynfQ5rr93QZbxSoTFntHMJ9AIY3aNmyzVt+VB5F1Y/I4SfZ66MuCwXyAuZCNe1cHPk/CHB9BtrO/n5KzNdVnvNvH9edQYSzP63qRmGwtQ3iiNwIo2uMmEvmzfSgcrOE5ZCaY2roqESO8sPSoasbF9STOlMT4JfWkyjAozY9eRUnbqTAl6StYmTOaJ71Qyy0okujQVxXsq7ZFshsbX5xhy+h26pUQy/951frrAPn3cIhcBXFuoW9Re9Tiyx76L5cUzGGN1AcaQ0FvlLj5V40zfvSOOFrZEqjSGTWnFuRam8lVxGZEWy5zESeeWN97S7IyDlgOfq6KsH8UEr1ePnuLG7jyTSEeNGJQ56l6ht1MVyA+4To6KIEkhepEpOMd4G5wKpJbLHSqZLxbT8Z46VTOFr7ePllmBhZeFdw7YlI7E810BTB1qx7C8gQvSC+N7CrnRGoE90SRGBKBE3smHN44hdvHWl/tS3EdC0Jt7uev4v2jLhLyriuSyal87Nf8vVTsoiTV8y40R7CCum403RAowHVuPfhRWNl4kGR4wqb9Xib2g9siq8NyaY0Z7kIZloBPezCONpfjkIAYrTf8K6g5EVk/Jl5tG/ZzkfW9z9bTiO6jcrfAnQ7B+K5hTq7I1n9xTr7tejscFWUPZnDgx8hl1BpD5TkN8UoA/TtjqdofwqgYT5so/xqXc6mCCAB/OJyh6Q/6GCthP1haAwkyQpqLPlKklIo+gFWXJG4nsf570piqQ0OdKZ5LLKcUpysmCp0OHivQr/6sfNWxMXwMdCiEBt6pLaqv6tMI7PobZNJWHeesu3sPAngFwgf1c6BGxaVWXDY/eF5OBJevq9AoKrdsnt4Nd0veVgKrp3wImvw2HQBdR4wdCVizhESgvCFY8Lv/8zCQpNhSXlfQ32F8onRuMZl/ZHJ/+N1Vec3HQ61AAwObML3vs1xrkr52QG60UZQCUUYoxYBcfPU0RXNYOvrejCIVIHWb/NnWGQ8x+l3ysjf1fvT9DDcuLtcCO3+m7Qvl9WZdNChQchEGmscDOO1geT6oZUDH+ogzKUOWInccaX7eoUjL00CUF6D27KALXN+ySbVLG+ASFe/L/ntW+P9Y/p6CNL6KLZq4isrXSQ==,iv:FV3HSPTmmRT0TeT4eYzVN+nfSqgOnfgngDALBCDRhYE=,tag:vZy57/c/xwfowvTsEZ31CA==,type:str]
drone: ENC[AES256_GCM,data:2HfYPiXGlp/4/qnS0yvQGoBdZB49AOef/WsVgd9HKSYEDLoUVPslQ6C0rjuMbumjAfgMs48zKDx5//T0kSkf/Z+YQxs1qPJrGRuyTIWJYyRjdlk6hUogihLWzeZcBfHB2fTI7sKllJLSWJU6gRVwHz1CONqtUedNg+E4+V4alnb7mDJ1wmzHK3Ue4dkE9npOOjCvonqjWnSp8Kr6Vt86VgzObnnc,iv:+Rae9lAJS5YsBBWBB26lwRhIVi7vqyXYBPKQLtTd7sw=,tag:YiSBFZReefcedF/apaMHrw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWUmdFMFI2SndUVHM4TTNl
Q2ladjlZdVBrbEswQzJhN3ZKa2x2SjEydWw0Cmo4UHBKYWpJTTFvUis2cVY1djIy
RkZiS3huWWRnV25LSmZLc1MxNkhHRVkKLS0tIHpCSjVYd3FCZHhwL25iZXZKYXFJ
bGZ5cUs1TmZwTXhDZGZzMjZIMzY0dTgKq5APl91yuaaStDkDJ2L697sKJGeNLBt4
/Eatck1dvd+q5lHoqIDS5kInCfqFAxinR8oamLoYHbqKou1ArNpGbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQ3N6cVNjOVE1R2w5VS9I
RDF2TFR3Q0w3M3VVZVpCei9MNUF2Nk1aaVh3Cmk5SzlhVzcrK1ZvdmVob2J5SXVF
dmpQVW54RVhGR1BxM254Q0ZQdS9JWG8KLS0tIEE4WEdNdU9tVWRzWW5zajdLblNx
b3FkMi9iZjlKaDFyQ3Bid0sxSzluRkkKUgdqPYbOaWG+iSGNSIkvPc9V4O/WztQc
ak8iaZ83KR46o1m453ZesEGDjCRyfFQomcm+WcqM0Sdj1uT+JSVJSw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-19T12:29:53Z"
mac: ENC[AES256_GCM,data:Bc6CdwfVI46SKwFAORB/GOlrmIOAzLZ5uCl+TWXW0IZEfTrczyNKngwEw6iEybBVVFvF5AgqLu7rLMs5QIAHqu2A77dXzwQMsCcpK1NzUtmsxKjw3aePtv0/0xjLeUZUv4E1nTCTyg5E+PQZvLZ/JJN5vTVLyRhGIib4dv6KehA=,iv:irVZkVJ+Ivio0ar5ffKungVBSnG0X3H+Lm2lRLnUFOc=,tag:Q75b85s35RXuoBe8grYMjw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

1
hosts/git.cloonar.com/utils
View File

@@ -1 +0,0 @@
../../utils

53
hosts/home-assistant.cloonar.com/configuration.nix
View File

@@ -1,53 +0,0 @@
{ lib, config, pkgs, ... }:
{
imports = [
./utils/bento.nix
./utils/modules/autoupgrade.nix
./utils/modules/sops.nix
./utils/modules/lego/lego.nix
./utils/modules/nginx.nix
./modules/home-assistant/new.nix
./modules/mopidy.nix
./modules/mosquitto.nix
./modules/snapserver.nix
./modules/deconz
./utils/modules/borgbackup.nix
./utils/modules/promtail
./utils/modules/victoriametrics
./utils/modules/netdata.nix
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking.hostName = "home-assistant";
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w"
];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
environment.systemPackages = with pkgs; [
pkgs.jq
vim
];
# backups
borgbackup.repo = "u149513-sub6@u149513-sub6.your-backup.de:borg";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
system.stateVersion = "22.11";
}

35
hosts/home-assistant.cloonar.com/hardware-configuration.nix
View File

@@ -1,35 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.loader.grub.device = "/dev/sda";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/b93c9cce-edc0-4019-b5be-29da49652433";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/66de22b5-db14-4a73-8000-e52bdfdd794c"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

60
hosts/home-assistant.cloonar.com/modules/deconz/default.nix
View File

@@ -1,60 +0,0 @@
{ config, lib, pkgs, stdenv, ... }:
let
deconz-full = pkgs.callPackage ./pkg/default.nix { };
deconz = deconz-full.deCONZ;
in
{
environment.systemPackages = with pkgs; [
deconz
];
users.users."deconz" = {
createHome = true;
isSystemUser = true;
group = "dialout";
home = "/home/deconz";
};
systemd.services.deconz = {
enable = true;
description = "deconz";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
stopIfChanged = false;
serviceConfig = {
ExecStart = "${deconz}/bin/deCONZ -platform minimal --http-port=8080 --ws-port=8081 --http-listen=127.0.0.1 --dev=/dev/ttyACM0";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Restart = "always";
RestartSec = "10s";
# StartLimitInterval = "1min";
# StateDirectory = "/var/lib/deconz";
User = "deconz";
# DeviceAllow = "char-ttyUSB rwm";
# DeviceAllow = "char-usb_device rwm";
# AmbientCapabilities="CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME";
};
};
services.nginx.virtualHosts."deconz.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
set $p 8080;
if ($http_upgrade = "websocket") {
set $p 8081;
}
proxy_pass http://127.0.0.1:$p;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
}

50
hosts/home-assistant.cloonar.com/modules/deconz/pkg/default.nix
View File

@@ -1,50 +0,0 @@
{ config, pkgs, stdenv, buildFHSUserEnv, fetchurl, dpkg, qt5, sqlite, hicolor-icon-theme, libcap, libpng, libxcrypt-legacy, ... }:
#ith import <nixpkgs> {};
let
version = "2.21.02";
name = "deconz-${version}";
in
rec {
deCONZ-deb = stdenv.mkDerivation {
#builder = ./builder.sh;
inherit name;
dpkg = dpkg;
src = fetchurl {
url = "https://deconz.dresden-elektronik.de/ubuntu/stable/${name}-qt5.deb";
sha256 = "2d5ab8af471ffa82fb0fd0c8a2f0bb09e7c0bd9a03ef887abe49c616c63042f0";
};
dontConfigure = true;
dontBuild = true;
dontStrip = true;
buildInputs = [ dpkg sqlite hicolor-icon-theme libcap libpng qt5.qtbase qt5.qtserialport qt5.qtwebsockets qt5.wrapQtAppsHook libxcrypt-legacy ]; # qt5.qtserialport qt5.qtwebsockets ];
unpackPhase = "dpkg-deb -x $src .";
installPhase = ''
cp -r usr/* .
cp -r ${libxcrypt-legacy}/lib/* share/deCONZ/plugins/
cp -r share/deCONZ/plugins/* lib/
cp -r . $out
'';
};
deCONZ = buildFHSUserEnv {
name = "deCONZ";
targetPkgs = pkgs: [
deCONZ-deb
];
multiPkgs = pkgs: [
dpkg
qt5.qtbase
qt5.qtserialport
qt5.qtwebsockets
qt5.wrapQtAppsHook
sqlite
hicolor-icon-theme
libcap
libpng
];
runScript = "deCONZ";
};
}

103
hosts/home-assistant.cloonar.com/modules/home-assistant/ac.nix
View File

@@ -1,103 +0,0 @@
{
services.home-assistant.extraComponents = [
"daikin"
];
services.home-assistant.config = {
sensor = [
{
name = "Living Room Window Handle";
platform = "enocean";
id = [ 129 0 227 53 ];
device_class = "windowhandle";
}
];
"automation ac_livingroom" = {
alias = "ac_livingroom";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "sensor.windowhandle_living_room_window_handle";
to = [ "open" "tilt" ];
};
action = {
service = "climate.set_hvac_mode";
target = {
entity_id = "climate.livingroom_ac";
};
data = {
hvac_mode = "off";
};
};
};
"automation ac_eco" = {
alias = "ac_eco";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"climate.livingroom_ac"
"climate.bedroom_ac"
];
to = [
"heat"
"cold"
];
};
action = {
service = "climate.set_preset_mode";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
preset_mode = "eco";
};
};
};
"automation bedroom_ac_on" = {
alias = "bedroom ac on";
hide_entity = true;
trigger = {
platform = "time";
at = "00:30:00";
};
action = {
choose = [
{
conditions = [ "{{ states('sensor.bedroom_ac_inside_temperature') > 25 and states('sensor.bedroom_ac_outside_temperature') > 22 }}" ];
sequence = [
{
service = "climate.set_hvac_mode";
target = {
entity_id = "climate.bedroom_ac";
};
data = {
hvac_mode = "cold";
};
}
];
}
];
};
};
"automation bedroom_ac_off" = {
alias = "bedroom ac on";
hide_entity = true;
trigger = {
platform = "template";
value_template = ''
{{ now().timestamp() | timestamp_custom('%H:%M') == (as_timestamp(strptime(states('sensor.bedtime_alarm'), "%H:%M")) - 1800) | timestamp_custom('%H:%M', false) }}
'';
};
action = {
service = "climate.set_hvac_mode";
target = {
entity_id = "climate.bedroom_ac";
};
data = {
hvac_mode = "off";
};
};
};
};
}

31
hosts/home-assistant.cloonar.com/modules/home-assistant/aeg.nix
View File

@@ -1,31 +0,0 @@
{ pkgs, ... }:
{
services.home-assistant.package = pkgs.home-assistant.override {
extraPackages = ps: with ps; [ pyelectroluxconnect ];
packageOverrides = self: super: {
pyelectroluxconnect = super.buildPythonPackage rec {
pname = "pyelectroluxconnect";
version = "0.3.12";
src = super.fetchPypi {
inherit pname version;
sha256 = "sha256-g9UxkWuTIqJe0/CDk3kwU3dSmc+GXlfDMxdzu6CqyY0=";
};
doCheck = false;
};
};
};
# services.home-assistant.extraPackages = python3Packages: with python3Packages; [
# (callPackage ../../pkgs/pyelectroluxconnect.nix)
# ];
services.home-assistant.config = {
electrolux_status = {
username = "dominik@superbros.tv";
password = "U26tTTYtXdhErWpbRxRRVZy541vFvWyn";
region = "emea";
};
};
}

91
hosts/home-assistant.cloonar.com/modules/home-assistant/battery.nix
View File

@@ -1,91 +0,0 @@
{
services.home-assistant.config = {
sensor = [
{
platform = "template";
sensors = {
sensors_lowest_battery_level = {
friendly_name = "Lowest battery level (Sensors)";
entity_id = "sun.sun";
device_class = "battery";
unit_of_measurement = "%";
value_template = ''
{% set domains = ['sensor', 'battery'] %}
{% set ns = namespace(min_batt=100, entities=[]) %}
{%- set exclude_sensors = ['sensor.sensors_lowest_battery_level','sensor.dominiks_iphone_battery_level'] -%}
{% for domain in domains %}
{% set ns.entities = states[domain] %}
{% for sensor in exclude_sensors %}
{% set ns.entities = ns.entities | rejectattr('entity_id', 'equalto', sensor) %}
{% endfor %}
{% set batt_sensors = ns.entities | selectattr('attributes.device_class','equalto','battery') | map(attribute='state') | reject('equalto', 'unknown') | reject('equalto', 'None') | map('int') | reject('equalto', 0) | list %}
{% set batt_attrs = ns.entities | selectattr('attributes.battery_level','defined') | map(attribute='attributes.battery_level') | reject('equalto', 'unknown') | reject('equalto', 'None') | map('int') | reject('equalto', 0) | list %}
{% set batt_lvls = batt_sensors + batt_attrs %}
{% if batt_lvls|length > 0 %}
{% set _min = batt_lvls|min %}
{% if _min < ns.min_batt %}
{% set ns.min_batt = _min %}
{% endif %}
{% endif %}
{% endfor %}
{{ ns.min_batt }}
'';
};
};
}
];
binary_sensor = [
{
platform = "template";
sensors = {
sensor_low_battery = {
value_template = "{{ states('sensor.sensors_lowest_battery_level')|int <= 30 }}";
friendly_name = "A sensor has low battery";
device_class = "problem";
};
};
}
];
alert = {
sensor_low_battery = {
name = "Sensor has low battery!";
message = ''
{%- set domains = ['sensor', 'battery'] -%}
{%- set threshold = 30 -%}
{%- set exclude_entities = ['sensor.sensors_lowest_battery_level','sensor.dominiks_iphone_battery_level'] -%}
Sensors are below 50% battery:
{%- for domain in domains -%}
{%- for item in states[domain] -%}
{%- if item.entity_id not in exclude_entities -%}
{%- if item.attributes.battery_level is defined -%}
{%- set level = item.attributes.battery_level|int -%}
{% if level > 0 and level < threshold %}
- {{ item.attributes.friendly_name }} ({{ item.attributes['battery_level']|int}}%)
{%- endif -%}
{%- endif -%}
{%- if item.attributes.device_class is defined and item.attributes.device_class == 'battery' -%}
{%- set level = item.state|int -%}
{% if level > 0 and level <= threshold %}
- {{ item.attributes.friendly_name }} ({{ item.state|int }}%)
{%- endif -%}
{%- endif %}
{%- endif -%}
{%- endfor -%}
{%- endfor -%}
'';
entity_id = "binary_sensor.sensor_low_battery";
state = "on";
repeat = [
5
60
360
];
skip_first = true;
can_acknowledge = true;
notifiers = [
"NotificationGroup"
];
};
};
};
}

128
hosts/home-assistant.cloonar.com/modules/home-assistant/default.nix
View File

@@ -1,128 +0,0 @@
{ pkgs, ... }: {
imports = [
./ac.nix
# ./aeg.nix
./battery.nix
./ecovacs.nix
./enocean.nix
./ldap.nix
./light.nix
./locks.nix
./multimedia.nix
./notify.nix
./pc.nix
./presence.nix
./pushover.nix
./roborock.nix
./scene-switch.nix
./sleep.nix
./snapcast.nix
];
services.home-assistant = {
enable = true;
};
services.home-assistant.extraComponents = [
"mobile_app"
"shopping_list"
"backup"
"denonavr"
"androidtv"
"rainbird"
];
services.home-assistant.config =
let
hiddenEntities = [
"sensor.last_boot"
"sensor.date"
];
in
{
homeassistant = {
name = "Home";
latitude = "!secret home_latitude";
longitude = "!secret home_longitude";
# elevation = "!secret home_elevation";
unit_system = "metric";
time_zone = "Europe/Vienna";
country = "AT";
};
automation = "!include automations.yaml";
frontend = { };
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
];
};
history.exclude = {
entities = hiddenEntities;
domains = [
"automation"
"updater"
];
};
"map" = { };
enocean = {
device = "/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0";
};
# logbook.exclude.entities = "hiddenEntities";
logger = {
default = "info";
};
#icloud = {
# username = "!secret icloud_email";
# password = "!secret icloud_password";
# with_family = true;
#};
network = { };
zeroconf = { };
system_health = { };
default_config = { };
system_log = { };
sensor = [
{
platform = "template";
sensors.bedtime_alarm = {
friendly_name = "Bedtime Alarm";
value_template = "09:00";
};
}
];
};
services.nginx.virtualHosts."home-assistant.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass";
path = "/var/lib/hass/secrets.yaml";
restartUnits = [ "home-assistant.service" ];
};
users.users.hass.extraGroups = [ "dialout" ];
networking.firewall = {
allowedUDPPorts = [ 5683 ];
};
}

5
hosts/home-assistant.cloonar.com/modules/home-assistant/ecovacs.nix
View File

@@ -1,5 +0,0 @@
{
services.home-assistant.extraComponents = [
"ecovacs"
];
}

12
hosts/home-assistant.cloonar.com/modules/home-assistant/enocean.nix
View File

@@ -1,12 +0,0 @@
{
services.home-assistant.config = {
"binary_sensor pc_0" = [
{
platform = "enocean";
id = [ 254 235 105 198 ];
name = "enocean_switch_pc";
}
];
logger.logs."homeassistant.components.enocean" = "debug";
};
}

59
hosts/home-assistant.cloonar.com/modules/home-assistant/ldap.nix
View File

@@ -1,59 +0,0 @@
{ pkgs
, config
, lib
, ... }:
let
ldap-auth-sh = pkgs.stdenv.mkDerivation {
name = "ldap-auth-sh";
src = pkgs.fetchFromGitHub {
owner = "efficiosoft";
repo = "ldap-auth-sh";
rev = "93b2c00413942908139e37c7432a12bcb705ac87";
sha256 = "1pymp6ki353aqkigr89g7hg5x1mny68m31c3inxf1zr26n5s2kz8";
};
nativeBuildInputs = [ pkgs.makeWrapper ];
installPhase = ''
mkdir -p $out/etc
cat > $out/etc/home-assistant.cfg << 'EOF'
CLIENT="ldapsearch"
SERVER="ldaps://ldap.cloonar.com:636"
USERDN="cn=home-assistant,ou=system,ou=users,dc=cloonar,dc=com"
PW="$(<${config.sops.secrets.home-assistant-ldap.path})"
BASEDN="ou=users,dc=cloonar,dc=com"
SCOPE="one"
FILTER="(&(objectClass=cloonarUser)(memberOf=cn=HomeAssistant,ou=groups,dc=cloonar,dc=com)(mail=$(ldap_dn_escape "$username")))"
USERNAME_PATTERN='^[a-z|A-Z|0-9|_|-|.|@]+$'
on_auth_success() {
# print the meta entries for use in HA
if echo "$output" | grep -qE '^(dn|DN):: '; then
# ldapsearch base64 encodes non-ascii
output=$(echo "$output" | sed -n -e "s/^\(dn\|DN\)\s*::\s*\(.*\)$/\2/p" | base64 -d)
else
output=$(echo "$output" | sed -n -e "s/^\(dn\|DN\)\s*:\s*\(.*\)$/\2/p")
fi
name=$(echo "$output" | sed -nr 's/^cn=([^,]+).*/\1/Ip')
[ -z "$name" ] || echo "name=$name"
}
EOF
install -D -m755 ldap-auth.sh $out/bin/ldap-auth.sh
wrapProgram $out/bin/ldap-auth.sh \
--prefix PATH : ${lib.makeBinPath [pkgs.openldap pkgs.coreutils pkgs.gnused pkgs.gnugrep]} \
--add-flags "$out/etc/home-assistant.cfg"
'';
};
in
{
services.home-assistant.config.homeassistant.auth_providers = [
{
type = "command_line";
command = "${ldap-auth-sh}/bin/ldap-auth.sh";
meta = true;
}
];
sops.secrets.home-assistant-ldap.owner = "hass";
}

335
hosts/home-assistant.cloonar.com/modules/home-assistant/light.nix
View File

@@ -1,335 +0,0 @@
{
services.home-assistant.extraComponents = [
"deconz"
"shelly"
"sun"
];
services.home-assistant.config = {
homeassistant = {
customize_domain = {
light = {
assumed_state = false;
};
};
};
"automation light_sunrise" = {
alias = "light_sunrise";
hide_entity = true;
trigger = {
platform = "sun";
event = "sunrise";
};
action = {
service = "light.turn_on";
target = {
entity_id = "{{ states.light | selectattr(\"state\",\"eq\",\"on\") | map(attribute=\"entity_id\") | list }}";
};
data = {
brightness_pct = 254;
color_temp = 250;
};
};
};
"automation light_sunset" = {
alias = "light_sunset";
hide_entity = true;
trigger = {
platform = "sun";
event = "sunset";
};
action = {
service = "light.turn_on";
target = {
entity_id = "{{ states.light | selectattr(\"state\",\"eq\",\"on\") | map(attribute=\"entity_id\") | list }}";
};
data = {
brightness_pct = 30;
color_temp = 450;
};
};
};
"automation light_on" = {
alias = "light_on";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"light.bed_room"
"light.kitchen"
"light.livingroom_lights"
"light.hallway_lights"
"light.bathroom_light"
"light.toilett_lights"
"light.storage_lights"
];
to = "on";
};
action = [
{
choose = [
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.toilett_lights' }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 30;
color_temp = 450;
};
}
];
}
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.hallway_lights' }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 1;
color_temp = 450;
};
}
];
}
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.bathroom_light' }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 30;
color_temp = 450;
};
}
];
}
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.livingroom_lights' }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 5;
color_temp = 450;
};
}
];
}
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and state_attr(trigger.entity_id, 'is_deconz_group') != None }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 30;
color_temp = 450;
};
}
];
}
{
conditions = [ "{{ state_attr('sun.sun', 'elevation') > 4 }}" ];
sequence = [
{
service = "light.turn_on";
target = {
entity_id = "{{ trigger.entity_id }}";
};
data = {
brightness_pct = 100;
color_temp = 250;
};
}
];
}
];
}
];
};
"automation bathroom light small" = {
alias = "bathroom light small";
mode = "restart";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"light.bathroom_switch_channel_1"
];
from = "on";
to = "off";
};
action = [
{
service = "switch.turn_off";
target = {
entity_id = "switch.bathroom_small";
};
}
];
};
"automation bathroom light" = {
alias = "bathroom light";
mode = "restart";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"light.bathroom_switch_channel_1"
];
from = "off";
to = "on";
};
action = [
{
delay = 3600;
}
{
service = "light.turn_off";
target = {
entity_id = "light.bathroom_switch_channel_1";
};
}
];
};
"automation bed_led" = {
alias = "bed_led";
mode = "restart";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"light.bedroom_led"
];
from = "off";
to = "on";
};
action = [
{
delay = 10800;
}
{
service = "light.turn_off";
target = {
entity_id = "{{ trigger.entity_id }}";
};
}
];
};
"automation hallway_motion" = {
alias = "Hallway Motion";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "binary_sensor.hallway_motion_motion";
};
action = {
service_template = "light.turn_{{ trigger.to_state.state }}";
target = {
entity_id = "light.hallway_lights";
};
};
};
"automation bed_button_1" = {
alias = "bed_button_1";
trigger = {
platform = "event";
event_type = "shelly.click";
event_data = {
device = "shellybutton1-E8DB84AA196D";
};
};
action = [
{
choose = [
{
conditions = [ "{{ trigger.event.data.click_type == \"single\" }}" ];
sequence = [
{
service = "light.toggle";
entity_id = "light.bed_reading_1";
}
];
}
{
conditions = [ "{{ trigger.event.data.click_type == \"double\" }}" ];
sequence = [
{
service = "light.toggle";
entity_id = "light.bedroom_lights";
}
];
}
{
conditions = [ "{{ trigger.event.data.click_type == \"triple\" }}" ];
sequence = [
{
service = "light.toggle";
entity_id = "light.bedroom_bed";
}
];
}
];
}
];
};
"automation bed_button_2" = {
alias = "bed_button_2";
trigger = {
platform = "event";
event_type = "shelly.click";
event_data = {
device = "shellybutton1-E8DB84AA136D";
};
};
action = [
{
choose = [
{
conditions = [ "{{ trigger.event.data.click_type == \"single\" }}" ];
sequence = [
{
service = "light.toggle";
entity_id = "light.bed_reading_2";
}
];
}
{
conditions = [ "{{ trigger.event.data.click_type == \"double\" }}" ];
sequence = [
{
service = "light.toggle";
entity_id = "light.bedroom_lights";
}
];
}
{
conditions = [ "{{ trigger.event.data.click_type == \"triple\" }}" ];
sequence = [
{
service = "light.toggle";
entity_id = "light.bedroom_bed";
}
];
}
];
}
];
};
};
}

117
hosts/home-assistant.cloonar.com/modules/home-assistant/locks.nix
View File

@@ -1,117 +0,0 @@
{
services.home-assistant.extraComponents = [
"nuki"
];
services.home-assistant.config = {
"automation house_door" = {
alias = "house_door";
mode = "restart";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"person.dominik"
];
from = "not_home";
to = "home";
};
action = [
{
service = "lock.unlock";
target = {
entity_id = "lock.house_door";
};
}
{
delay = "00:05:00";
}
{
service = "lock.lock";
target = {
entity_id = "lock.house_door";
};
}
];
};
"automation house_door_ring" = {
alias = "house_door_ring";
trigger = {
platform = "event";
event_type = "nuki_event";
event_data = {
type = "ring";
};
};
action = [
{
choose = [
{
conditions = [ "{{ state.house_door == \"unlocked\" }}" ];
sequence = [
{
service = "lock.lock";
target = {
entity_id = "lock.house_door";
};
}
];
}
];
}
];
};
binary_sensor = [
{
platform = "template";
sensors = {
lock_critical_battery = {
value_template = ''
{% set domains = ['lock'] %}
{% set ns = namespace(crit=battery_critical, entities=[]) %}
{% for domain in domains %}
{% set batt_critical = states[domain] | selectattr('attributes.battery_critical','defined') | map(attribute='attributes.battery_critical') | reject('equalto', 'unknown') | reject('equalto', 'None') | map('int') | reject('equalto', 0) | list %}
{% if batt_critical|length > 0 %}
{% set ns.battery_critical = true %}
{% endif %}
{% endfor %}
{{ ns.battery_critical }}
'';
friendly_name = "A lock has critical battery";
device_class = "problem";
};
};
}
];
alert = {
battery_critical = {
name = "Lock has low battery!";
message = ''
{%- set domains = ['lock'] -%}
Lock battery is critical:
{%- for domain in domains -%}
{%- for item in states[domain] -%}
{%- if item.attributes.battery_critical is defined -%}
{% if item.attributes.battery_critical %}
- {{ item.attributes.friendly_name }}
{%- endif -%}
{%- endif -%}
{%- endfor -%}
{%- endfor -%}
'';
entity_id = "binary_sensor.lock_critical_battery";
state = "on";
repeat = [
5
60
360
];
skip_first = true;
can_acknowledge = true;
notifiers = [
"NotificationGroup"
];
};
};
};
}

270
hosts/home-assistant.cloonar.com/modules/home-assistant/multimedia.nix
View File

@@ -1,270 +0,0 @@
{
services.home-assistant.config = {
binary_sensor = [
{
name = "ps5_living";
platform = "command_line";
command = "python /var/lib/hass/ps5.py -q -b 10.42.96.176";
device_class = "connectivity";
scan_interval = 5;
}
{
platform = "template";
sensors = {
multimedia_device_on = {
friendly_name = "Any multimedia device on";
device_class = "connectivity";
value_template = ''
{% if is_state('binary_sensor.ps5_living', 'on') or states('media_player.fire_tv_firetv_living_cloonar_com') != 'off' or states('device_tracker.xbox') == 'home' %}
on
{% else %}
off
{% endif %}
'';
};
};
}
];
# "automation tv scene" = {
# alias = "auto tv scene";
# hide_entity = true;
# trigger = {
# platform = "event";
# event_type = "button_pressed";
# event_data = {
# id = [ 254 235 105 198 ];
# };
# };
# action = {
# service_template = "switch.turn_on";
# data_template = {
# entity_id = "switch.computer";
# };
# };
# };
# "automation beamer switch" = {
# alias = "auto beamer scene";
# hide_entity = true;
# trigger = {
# platform = "state";
# entity_id = "sensor.computer_power";
# };
# condition = {
# condition = "and";
# conditions = [
# {
# condition = "numeric_state";
# entity_id = "sensor.computer_power";
# below = 15;
# }
# "{{ (as_timestamp(now()) - as_timestamp(states.switch.computer.last_changed)) > 300 }}"
# ];
# };
# action = {
# service = "switch.turn_off";
# target = {
# entity_id = [ "switch.computer" ];
# };
# };
# };
"automation xbox on" = {
alias = "xbox on";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "device-tracker.xbox";
to = "home";
};
action = [
{
service = "media_player.select_source";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
source = "Xbox";
};
}
{
delay = 5;
}
{
service = "denonavr.get_command";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY";
};
}
];
};
"automation firetv on" = {
alias = "firetv on";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "media_player.fire_tv_firetv_living_cloonar_com";
from = "off";
};
action = [
{
service = "denonavr.get_command";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
command = "/goform/formiPhoneAppDirect.xml?SIMPLAY";
};
}
{
delay = 5;
}
{
service = "denonavr.get_command";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY";
};
}
];
};
"automation ps5 on" = {
alias = "ps5 on";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "binary_sensor.ps5_living";
to = "on";
};
action = [
{
service = "denonavr.get_command";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
command = "/goform/formiPhoneAppDirect.xml?SIBD";
};
}
{
delay = 5;
}
{
service = "denonavr.get_command";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY";
};
}
];
};
"automation all multimedia off" = {
alias = "all multimedia off";
trigger = {
platform = "state";
entity_id = "binary_sensor.multimedia_device_on";
to = "off";
};
action = [
{
conditions = [ "{{ states('media_player.android_tv_metz_cloonar_com') != 'off'}}" ];
sequence = [
{
service = "androidtv.adb_command";
target = {
device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931";
};
data = {
command = "POWER";
};
}
];
}
{
service = "denonavr.get_command";
target = {
entity_id = "media_player.marantz_sr6015";
};
data = {
command = "/goform/formiPhoneAppDirect.xml?PWSTANDBY";
};
}
];
};
"automation all_multimedia_on" = {
alias = "all multimedia on";
trigger = {
platform = "state";
entity_id = "binary_sensor.multimedia_device_on";
to = "on";
};
condition = {
condition = "or";
conditions = [
{
condition = "state";
entity_id = "media_player.android_tv_metz_cloonar_com";
state = "off";
}
{
condition = "state";
entity_id = "media_player.android_tv_metz_cloonar_com";
state = "unavailable";
}
];
};
action = [
{
service = "androidtv.adb_command";
target = {
device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931";
};
data = {
command = "POWER";
};
}
{
delay = 5;
}
{
service = "androidtv.adb_command";
target = {
device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931";
};
data = {
command = "adb shell am start -a android.intent.action.VIEW -d content://android.media.tv/passthrough/com.mediatek.tvinput%2F.hdmi.HDMIInputService%2FHDMI100004";
};
}
];
};
# "automation multimedia input" = {
# hide_entity = true;
# trigger = {
# platform = "state";
# entity_id = "sensor.computer_power";
# };
# condition = {
# condition = "and";
# conditions = [
# {
# condition = "numeric_state";
# entity_id = "sensor.computer_power";
# below = 15;
# }
# "{{ (as_timestamp(now()) - as_timestamp(states.switch.computer.last_changed)) > 300 }}"
# ];
# };
# action = {
# service = "switch.turn_off";
# target = {
# entity_id = [ "switch.computer" ];
# };
# };
# };
};
}

65
hosts/home-assistant.cloonar.com/modules/home-assistant/music.nix
View File

@@ -1,65 +0,0 @@
{
services.home-assistant.extraComponents = [
"nuki"
];
services.home-assistant.config = {
"automation house_door" = {
alias = "house_door";
mode = "restart";
hide_entity = true;
trigger = {
platform = "state";
entity_id = [
"person.dominik"
];
from = "not_home";
to = "home";
};
action = [
{
service = "lock.unlock";
target = {
entity_id = "lock.house_door";
};
}
{
delay = "00:05:00";
}
{
service = "lock.lock";
target = {
entity_id = "lock.house_door";
};
}
];
};
"automation house_door_ring" = {
alias = "house_door_ring";
trigger = {
platform = "event";
event_type = "nuki_event";
event_data = {
type = "ring";
};
};
action = [
{
choose = [
{
conditions = [ "{{ state.house_door == \"unlocked\" }}" ];
sequence = [
{
service = "lock.lock";
target = {
entity_id = "lock.house_door";
};
}
];
}
];
}
];
};
};
}

55
hosts/home-assistant.cloonar.com/modules/home-assistant/new.nix
View File

@@ -1,55 +0,0 @@
{ ... }: {
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
# For Nixos version > 22.11
#defaultNetwork.settings = {
# dns_enabled = true;
#};
};
};
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
volumes = [ "home-assistant:/config" ];
environment.TZ = "Europe/Vienna";
image = "ghcr.io/home-assistant/home-assistant:2023.9.3";
extraOptions = [
"--network=host"
"--device=/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0:/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0"
];
};
};
services.nginx.virtualHosts."home-assistant.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
networking.firewall = {
allowedUDPPorts = [
5683 # shelly coiot
];
};
}

15
hosts/home-assistant.cloonar.com/modules/home-assistant/notify.nix
View File

@@ -1,15 +0,0 @@
{
services.home-assistant.config = {
notify = [
{
name = "NotificationGroup";
platform = "group";
services = [
{
service = "pushover_dominik";
}
];
}
];
};
}

46
hosts/home-assistant.cloonar.com/modules/home-assistant/pc.nix
View File

@@ -1,46 +0,0 @@
{
services.home-assistant.config = {
"automation pc_switch" = {
alias = "switch pc";
hide_entity = true;
trigger = {
platform = "event";
event_type = "button_pressed";
event_data = {
id = [ 254 235 105 198 ];
};
};
action = {
service_template = "switch.turn_on";
data_template = {
entity_id = "switch.computer";
};
};
};
"automation pc power" = {
alias = "auto pc power off";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "sensor.computer_power";
};
condition = {
condition = "and";
conditions = [
{
condition = "numeric_state";
entity_id = "sensor.computer_power";
below = 15;
}
"{{ (as_timestamp(now()) - as_timestamp(states.switch.computer.last_changed)) > 300 }}"
];
};
action = {
service = "switch.turn_off";
target = {
entity_id = [ "switch.computer" ];
};
};
};
};
}

23
hosts/home-assistant.cloonar.com/modules/home-assistant/presence.nix
View File

@@ -1,23 +0,0 @@
{
services.home-assistant.extraComponents = [
"mqtt_room"
"opnsense"
];
services.home-assistant.config = {
opnsense = {
url = "https://fw.cloonar.com/api";
api_secret = "!secret opnsense_api_secret";
api_key = "!secret opnsense_api_key";
};
sensor = [
{
platform = "mqtt_room";
name = "Dominiks iPhone BLE";
device_id = "roomAssistant:d2a41d13-16bf-41fb-af4b-c520bdc7b68a";
# device_id = "0a666fe0ccd0d587414fec9b9946168f";
state_topic = "espresense/rooms";
away_timeout = 30;
}
];
};
}

34
hosts/home-assistant.cloonar.com/modules/home-assistant/ps5.nix
View File

@@ -1,34 +0,0 @@
{ config, ... }:
{
config.sops.secrets.ps5-mqtt-env.restartUnits = [ "podman-ps5Mqtt.service" ];
config.virtualisation.oci-containers.containers = {
ps5Mqtt = {
image = "ghcr.io/funkeyflo/ps5-mqtt/amd64:latest ";
# ports = ["127.0.0.1:8645:8645"];
volumes = [
"/var/lib/ps5-mqtt:/config"
];
# entrypoint = "/config/run.sh";
entrypoint = "/usr/bin/node";
cmd = [
"app/server/dist/index.js"
];
# entrypoint = "/bin/bash";
# cmd = [
# "-c \"echo $MQTT_HOST\""
# ];
environmentFiles = [
config.sops.secrets.ps5-mqtt-env.path
];
extraOptions = [
"--network=host"
];
};
};
config.networking.firewall = {
enable = true;
allowedTCPPorts = [ 8645 ];
};
}

16
hosts/home-assistant.cloonar.com/modules/home-assistant/pushover.nix
View File

@@ -1,16 +0,0 @@
{
services.home-assistant.extraComponents = [
"pushover"
];
# services.home-assistant.config = {
# notify = [
# {
# name = "pushover_dominik";
# platform = "pushover";
# api_key = "!secret pushover_dominik_api_key";
# user_key = "!secret pushover_dominik_user_key";
# }
# ];
# };
}

28
hosts/home-assistant.cloonar.com/modules/home-assistant/roborock.nix
View File

@@ -1,28 +0,0 @@
{
services.home-assistant.extraComponents = [
"roborock"
];
services.home-assistant.config = {
"automation roborock" = {
alias = "roborock";
hide_entity = false;
trigger = {
platform = "state";
entity_id = [
"person.dominik"
];
from = "home";
to = "not_home";
};
action = [
{
service = "vacuum.start";
target = {
device_id = "136c307ff46cd968d08e9f9d20886755";
};
}
];
};
};
}

21
hosts/home-assistant.cloonar.com/modules/home-assistant/scene-switch.nix
View File

@@ -1,21 +0,0 @@
{
services.home-assistant.config = {
"automation scene_switch" = {
alias = "switch scene";
hide_entity = true;
trigger = {
platform = "event";
event_type = "button_pressed";
event_data = {
id = [ 254 242 234 134 ];
};
};
action = {
service_template = "switch.turn_on";
data_template = {
entity_id = "switch.computer";
};
};
};
};
}

32
hosts/home-assistant.cloonar.com/modules/home-assistant/secrets.yaml
View File

@@ -1,32 +0,0 @@
home-assistant-ldap: ENC[AES256_GCM,data:De7kuRji+flc0juqE3z1MyNo938Y18jhYtxHkvBX1AsmcJO6a37qJ6o9eCVyhcN/uyaS8cySucqKErh3SlCOZw==,iv:DD4Bp7yU0TCQ/Zeildmrt1HSUbuJgQ0L2UUSmMi6Obo=,tag:t1Hz0GiXzodVK64e0Xuf6g==,type:str]
home-assistant-secrets.yaml: ENC[AES256_GCM,data:owCBlfPXA66zxGaMwo6mViSZS7f3WPXOTtWiWFR8R/9Cqv7YvIaY7cqYX1OYFfEJyMyq6YLhVV9Zi0/K40VtUmhgR324x/knQbKkZGxv6gwqdIZ/zaZgQIu29xtY4DQnK24/5942HtisSnQnJxgbpchnjJCAQqri2/68LjGh8GoJVhF34Zji0MHBLAxR1y5JApOb5GUpc0ftMu4j6cbU/qxiZbRkzbrjlgAjBFjARYmsaWiilXg5jT2pf0Fz6bOHslcO+b3qePgIb/cJPP9aVYy76QA0oZ03f3Qu0w+IsjBKuXGaWKVBWBDyK1E37Y/Xif8w3H3cPqkAI6qxCPXi7djYfEpOz2M1L+5GTJGJz8fmvYzVJqU+hpZeI/7qJdiQ4/98YfuDU6nTEwWumcsPKsafJzdSeVfFYcE2x1H+QJDfJ3sgWJkfLDOrRxaXIwoXeSBSYAXPxjdomBzcdgKvo8MBH47pDbR4hK+y8+0LnoPafIyh8+FeAFzbn6/9ScWzF/MOyxFnap3edd12k5yWN+Yc4xacye3RR1h/mp1+DQF9xZ1xMTE70nwNdtIsGU0cV8qUvPgknZB/0US2oZ19fdxVuAN2rneEkK/nIGoKVw==,iv:x/F8CnsxROweCosvX1yAMHzwtI34kGauPvWF8yu2Yf8=,tag:WbzjtVhEPgUhL8g07kHjdA==,type:str]
ps5-mqtt-env: ENC[AES256_GCM,data:g079HmYjMQ/Dr/vHSuxnLDwyOG3bSmzGtUfQLXJgKFUoC+5dAyUwYu8WRD1hskER2v8yIz2oHx8dQXLuWsmKYRErk6Sybpe0+FOcqOvAXgzv1ow95sjClkrS+rwjHcoHb1nts5lP5bGkY0e4Z6Dfn5AoeQ4pEA1TOzANvPDqDZUBh+L4hUDkDSWg7sAH3pHK0BqZHwiDNrvE9ac8MFHJmrPVEr4dqhRwAip+YMAdGCwp0ofdm2amUL7aHTaCQhjgsAW306C8ksMwuFE+dAvsqJGZ1N5T2nxP9LYVWcc8ZsKV8VklZ/QS6ScBGz4Oi4YpPDvkt+ErY929t0vISjKengnDHhu/+WYaBxeVbre5G29hK+jrnmUHFBa6pjwCSFVJq8mRIn6KorGwltxObyFBxddf+kiAMDbvnqW3E6sZtW+mF+48hTD8ygjSE8D8h7IoyYYTh0nPY4DzkfMR2OXqpz+bh+dpjnh3UQktJ1HXh902A2ljmxUEMGWtcOc2fDTxEMheTqdvg2z7Ek/FIwq/curVbdHIrzeIXDis7LIRk4G8b4mA6nHG4KrzCF00LAV7Ph9Nx1wAgrxvBTq4bqnO2VP44vtDsQ/O+Dr+wZSlP3EL4PsAJznfa7YcvStvV1Nn6FrVY04W,iv:1vttyQqYffChK12Wy5KTZEZ00pESsMefXHbulKsDSqU=,tag:pzgw0jJqICaro2U2FfQEiA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieVNmLy9zK1hXWHdGRHF3
WXd5b0pjR0pBaFkvVSt5ZVNyaUlCL0R1c2lnCkRCY1RmZnY1UVFuWURUMElHcFU1
WHgrZE5ZY3FQUVp2VkhIcHh3WDV4aUUKLS0tIGFRZFNsKzU4ZDhPQ0NLbmtPSEJB
YW8zNjhYWGNRcy9VbEZoaWplakVNWkUK48LBhFusDMZj2momMwRXdU7bLiGvzvqX
QwdxorLMP2/GW6x5xpFj1khLCwxYDOys4xGvmE89hYZa++OSYU+Ejw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwY0pGaUU3alJrYmhQM2Y4
TTMrbGsrRThlTUN1R3RCbFZFeVR1KzVDMWg4CnlQTzBzdTNPMTFvTUVYRXFEbUVP
YWFvRTJqZjcxZHhtRkJrajNuUWoyYzgKLS0tIEhVcFI4N0E4VEVOZDIxREJ4bkNi
UjRhRVpkTHF5a3p2bjhiVDZwMWRWMkEKpsHLWcPGQWpBo4Z8h7XFOP0bCct83BPj
d/QDjarzugd6jamWVXKidZwADxfP59Pvo9JmLlFL5isgZ1TL3ZHL+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-26T13:33:07Z"
mac: ENC[AES256_GCM,data:i/2+Qr0ihMaDPF22pyo7Qy3SYEr0Fr5dfRJSZ9xMu/5TFSm3GXNhd2KZVXjl6isbPbD22/siuI2MZeSB/iTFcRadtswmGnb6Lgsi8K/LULKvwXHf5t/Py/z59CpXBSgfUQQ6BuodNc25DRpCX8HEhFfd3Ajgyavc8vHVpnwG8eQ=,iv:Xu3WsyIqDbtReP9pBsiEf17pAbdVrY/y6wM2dleguFQ=,tag:gh6m7MUzMx2/lsZ5XExwyw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

16
hosts/home-assistant.cloonar.com/modules/home-assistant/shelly.nix
View File

@@ -1,16 +0,0 @@
{
services.home-assistant.config.shelly = {
FindAndroid = {
speech.text = "Send notification";
action = {
service = "notify.pushover";
data = {
message = "Phonefinderalert";
target = "android";
data.sound = "echo";
data.priority = 1;
};
};
};
};
}

59
hosts/home-assistant.cloonar.com/modules/home-assistant/sleep.nix
View File

@@ -1,59 +0,0 @@
{
services.home-assistant.config = {
"automation wakeup" = {
alias = "wakeup";
hide_entity = true;
trigger = {
platform = "template";
value_template = ''
{{ now().timestamp() | timestamp_custom('%H:%M') == (as_timestamp(strptime(states('sensor.bedtime_alarm'), "%H:%M")) - 1800) | timestamp_custom('%H:%M', false) }}
'';
};
action = {
service_template = "switch.turn_on";
data_template = {
entity_id = "switch.coffee_switch";
};
};
};
"automation sleep" = {
alias = "sleep";
hide_entity = true;
trigger = [
{
platform = "event";
event_type = "shelly.click";
event_data = {
device = "shellybutton1-E8DB84AA196D";
};
}
{
platform = "event";
event_type = "shelly.click";
event_data = {
device = "shellybutton1-E8DB84AA136D";
};
}
];
action = [
{
choose = [
{
conditions = [ "{{ trigger.event.data.click_type == \"long\" }}" ];
sequence = [
{
service = "light.turn_off";
entity_id = "all";
}
{
service = "light.turn_on";
entity_id = "light.bedroom_bed";
}
];
}
];
}
];
};
};
}

66
hosts/home-assistant.cloonar.com/modules/home-assistant/snapcast.nix
View File

@@ -1,66 +0,0 @@
{
services.home-assistant = {
extraComponents = [ "snapcast" ];
config = {
# "media_player" = {
# platform = "snapcast";
# host = "snapcast.cloonar.com";
# };
"automation toilett_music" = {
alias = "toilett music";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "light.toilett_switch";
};
action = {
choose = [
{
conditions = [ "{{trigger.to_state.state == 'on'}}" ];
sequence = [
{
service = "media_player.volume_mute";
target = {
entity_id = "media_player.snapcast_client_e4_5f_01_3c_fb_c3";
};
data = {
is_volume_muted = false;
};
}
];
}
{
conditions = [ "{{trigger.to_state.state == 'off'}}" ];
sequence = [
{
service = "media_player.volume_mute";
target = {
entity_id = "media_player.snapcast_client_e4_5f_01_3c_fb_c3";
};
data = {
is_volume_muted = true;
};
}
];
}
];
};
};
"automation piano" = {
alias = "piano";
hide_entity = true;
trigger = {
platform = "state";
entity_id = "media_player.snapcast_client_e4_5f_01_96_c1_1e";
attribute = "is_volume_muted";
};
action = {
service = "switch.turn_on";
target = {
entity_id = "switch.piano_switch_power";
};
};
};
};
};
}

59
hosts/home-assistant.cloonar.com/modules/mopidy.nix
View File

@@ -1,59 +0,0 @@
{ pkgs, lib, ... }:
let
mopidy-autoplay = pkgs.python3Packages.buildPythonApplication rec {
pname = "Mopidy-Autoplay";
version = "0.2.3";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
sha256 = "sha256-E2Q+Cn2LWSbfoT/gFzUfChwl67Mv17uKmX2woFz/3YM=";
};
propagatedBuildInputs = [
pkgs.mopidy
] ++ (with pkgs.python3Packages; [
configobj
]);
# no tests implemented
doCheck = false;
meta = with lib; {
homepage = "https://codeberg.org/sph/mopidy-autoplay";
};
};
in
{
services.mopidy = {
enable = true;
extensionPackages = [ pkgs.mopidy-iris pkgs.mopidy-tunein mopidy-autoplay ];
configuration = ''
[audio]
output = audioresample ! audioconvert ! audio/x-raw,rate=48000,channels=2,format=S16LE ! wavenc ! filesink location=/run/snapserver/mopidy
[file]
enabled = false
[autoplay]
enabled = true
'';
};
services.nginx.virtualHosts."mopidy.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:6680;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
}

32
hosts/home-assistant.cloonar.com/modules/mosquitto.nix
View File

@@ -1,32 +0,0 @@
{ config, pkgs, ... }:
{
services.mosquitto = {
enable = true;
listeners = [
{
users."espresense" = {
password = "insecure-password";
acl = [ "readwrite #" ];
};
users."home-assistant" = {
hashedPassword = "$7$101$7uaagoQWQ3ICJ/wg$5cWZs4ae4DjToe44bOzpDopPv1kRaaVD+zF6BE64yDJH2/MBqXfD6f2/o9M/65ArhV92DAK+txXRYsEcZLl45A==";
acl = [ "readwrite #" ];
};
users."ps5-mqtt" = {
password = "insecure-password";
acl = [ "readwrite #" ];
};
users."shairport-mqtt" = {
password = "insecure-password";
acl = [ "readwrite #" ];
};
}
];
};
networking.firewall = {
allowedTCPPorts = [ 1883 ];
};
}

128
hosts/home-assistant.cloonar.com/modules/snapserver.nix
View File

@@ -1,128 +0,0 @@
{ pkgs, config, python3Packages, ... }:
let
shairport-sync = pkgs.shairport-sync.overrideAttrs (_: {
configureFlags = [
"--with-alsa" "--with-pipe" "--with-pa" "--with-stdout"
"--with-avahi" "--with-ssl=openssl" "--with-soxr"
# "--with-mqtt-client"
"--without-configfiles"
"--sysconfdir=/etc"
"--with-metadata"
];
# buildInputs = [
# pkgs.openssl
# pkgs.avahi
# pkgs.popt
# pkgs.libconfig
# pkgs.mosquitto
# pkgs.alsa-lib
# pkgs.libpulseaudio
# pkgs.pipewire
# pkgs.libjack2
# pkgs.soxr
# ];
});
in
{
environment.etc = {
# Creates /etc/nanorc
shairport = {
text = ''
whatever you want to put in the file goes here.
metadata =
{
enabled = "yes"; // set this to yes to get Shairport Sync to solicit metadata from the source and to pass it on via a pipe
include_cover_art = "yes"; // set to "yes" to get Shairport Sync to solicit cover art from the source and pass it via the pipe. You must also set "enabled" to "yes".
cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart"; // artwork will be stored in this directory if the dbus or MPRIS interfaces are enabled or if the MQTT client is in use. Set it to "" to prevent caching, which may be useful on some systems
pipe_name = "/tmp/shairport-sync-metadata";
pipe_timeout = 5000; // wait for this number of milliseconds for a blocked pipe to unblock before giving up
};
mqtt =
{
enabled = "yes"; // set this to yes to enable the mqtt-metadata-service
hostname = "127.0.0.1"; // Hostname of the MQTT Broker
port = 1883; // Port on the MQTT Broker to connect to
username = "espresense"; //set this to a string to your username in order to enable username authentication
password = "insecure-password"; //set this to a string you your password in order to enable username & password authentication
topic = "shairport"; //MQTT topic where this instance of shairport-sync should publish. If not set, the general.name value is used.
// publish_raw = "no"; //whether to publish all available metadata under the codes given in the 'metadata' docs.
publish_parsed = "yes"; //whether to publish a small (but useful) subset of metadata under human-understandable topics
publish_cover = "yes"; //whether to publish the cover over mqtt in binary form. This may lead to a bit of load on the broker
// enable_remote = "no"; //whether to remote control via MQTT. RC is available under `topic`/remote.
};
'';
# The UNIX file mode bits
mode = "0440";
};
};
services.snapserver = {
enable = true;
codec = "flac";
http.docRoot = "${pkgs.snapcast}/share/snapserver/snapweb";
streams.mopidy = {
type = "pipe";
location = "/run/snapserver/mopidy";
};
streams.airplay = {
type = "airplay";
location = "${shairport-sync}/bin/shairport-sync";
query = {
devicename = "Multi Room";
port = "5000";
params = "--mdns=avahi";
};
};
streams.mixed = {
type = "meta";
location = "/airplay/mopidy";
};
};
services.avahi.enable = true;
services.avahi.publish.enable = true;
services.avahi.publish.userServices = true;
# services.shairport-sync = {
# enable = true;
# arguments = "-v -o=pipe -- pipe:name=/run/snapserver/airplay";
# };
services.nginx.virtualHosts."snapcast.cloonar.com" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:1780;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
networking.firewall.allowedTCPPorts = [
80 # http
443 # https
1704 # snapcast
1705 # snapcast
5000 # airplay
5353 # airplay
];
networking.firewall.allowedUDPPorts = [
5000 # airplay
5353 # airplay
];
networking.firewall.allowedUDPPortRanges = [
{ from = 6001; to = 6011; } # airplay
];
}

34
hosts/home-assistant.cloonar.com/secrets.yaml
View File

@@ -1,34 +0,0 @@
borg-passphrase: ENC[AES256_GCM,data:Z7JftGp60YzKLXpfqRlIOFBx+WDbOA7nrqyYNeKWR5c2+tSAeQ+nsKxYS8cViIZor+OI8/PwkSgBYmslJ4iHpQ==,iv:d3kvQj2Eheu8uXnXYLmAw4YmL6be43NZJbCCR0RaJdg=,tag:K9LmnJQiyQu1MoHGDq8Jtw==,type:str]
borg-ssh-key: ENC[AES256_GCM,data:3lAMkLbKLcvPUU+qYgvGINVLtbKY0pHGAzLaQUsX5RUCqPfmhXRtffTjXtSNAdU4dhiu423BMUjjloe1V9nOsr9Z7Mq9cu0X+kSqJjyHpACsGx18BKJH1jBkTv3JF6Hp419UhAJEZ1X9DI5vEb+KPwHshNMAmQ6qGqkqy0UjnpOEzMV53393ZTgiPU5HxhRvGrhYK12SmFshmoT+KC6nZZQNL60vCvGtlGv1qiGW/U2IY3qKZdxO4bw6mETwF2Jc0B+plEe1ArV5HpfklB7OZkKcxXPPzcLwpUGnEyW9dlZxJOTAYr+l6KGacFmBfHied52J4UKfVEOoz3kMMoiL+v7rkD1iP1U2KDUqvTOfQld4MrEDo3tOc+8tbsvIVkUDDA5L/AyPTRcoerk5+TYTQTbEb5EjOGg0ULlpK0BuvlXmrUhrD1OVCSxKPL70FmgR7lkiH5Hkh/0XUXY9GVRR0PfYB4DSVyfwNV3gpGc2n+BLBfIHQGRMeLuevddkl+UaklRCC7+/6kzg83r6ER21bzuo2jLzTC2WEkZ6Iql03CH3rCpArNxIibROovwghLATW2sjYJJpU6L17N+3pyexHmOFOtK1heQqZsAQ3oRB6PwKwDW2ppW3BCFftKV9UI+uzxoheE2hOfkoaEP0+j3DUrpyB/iM12egPnzI7hUuJ9EnCcUXptnoazYz1KvKHXLy65vQh4FjlbFnLqdQQaavoX6OZe5O1RrhkLXt1kHyBS6H8dF6MdWBStMFuXfMFZovAvNa+1rvohYoDWVHTPyj0JaMCs2N7e7tXZGPNoMLRZQC9t/u4663yp3R24DWkzd/CYgEDJVKNgcroqWkXXsKL0D5yfHisnEykD/t7EostAgBuSII+1apjoCbk4WVI8v+bcHIKXtTVStKdnfMYwje1nzLVdCAlHIYTO2dRSJ+2z+dF/l7J3pQ4bK620UIo7nUMWt1vPpIS/cD+k6PqJikjpv1zad8UcUqIiZErKXSOn/hFQ0WkevjlgzeUpj02cjlIOKfSCF65BccEgdUP/V44327z5qzHztEk71qZp9udsLRDJ7z04yYPMuGTsu9hMjzN2sNflFqk29KDF6QJf5eGkbgQKU52iIViKttvLt8JJ1qrmQfuCMzKim6MaDqeOLbLdOKlXlNt+M+STNsZ6jphCzC2ILnpcwxZtCdl4uZJUy7XTRm70ESGY9P3mUXoNaRyyNe02DRr+AHB7hy7cLjv9EcJDjr2tv//3tSh3HKsy7DT7XXW0zU+pk1T7AIVgVaVByqAM9fgEkPFBZQDTB7AMFCnktYvOkK+7waa40A1S1V3o9SdN2WqiOk5vcI6bBI7V0k5SN1kLENICGlnA/v97n6Xd/53eb3GD3/FuDG1Tx4BI5uOuVc1UP+rJGvvg1s8cM3MGmwZXm1tLsrHaDaoDNJXdlwymnyvq/N/JUsSr1GQZeFrbq/LKsJrz24hC+8SzHPyMLNZGyCj6dfYjHC2jaazYKua305eMXv53a4kaZ45aj5v33A8lOeAGFzACbZxsE0SOFKEyYjVWXnZ/HPkgYn7jDxKKX0M3utbMoFU/T9H7S7qAvc4tL0CDq0y6AGc6ejb2OVKC6Fg4TtL2J23i2b5ybGi4ODDn8fXSxB04ovccZ3CzyxDkbrQWiyLGSRrF2yYDItdilnNgS1199dztP6D75UqpVx/u48I+uatpKU/QfD5b5+qduV9SHe9nzPBQuOsyQmUju4DvYrp1xmrTnAPR+UolenkUd+3anCvPVTbv7c/p/yrEQW53mbfABbNlcmrygItWruSkjKiX4JbM5dafrdBwdn+/QeRbDS3TbCHdQfRPuaKAb6LryPGQFNKSgSMpu6SGnQSig31FnyVfZ4tA+ItgAFByEOoK0r1JX2YktHDXsRXwb9wSsDYNl4LCatXkltdiNVC7lPSsMxZjJ5q7VwovjsqoHtBsEhrQJeObJ66ifeQdznPtnW3AFgmI8ms9n2SA942KDf3xtCZWN+lkmCISOXB4ZHh91XGvDFmJ1YmjFNupz5ZAX4MWLsdRj6eSmHkZLhZ7XP++80w3r/tIAqNZbheot/r4uBs5kaFdwIjcrihlIxAC0HNXJ0f4r9vpcUx4WIiYuVmz5BJktD3gCyL2DEGY/6Lq1EXCxf9RGnRo4blV77C5rhgI+a1wirHkhYC+4wU9di+V5PILg1tTKvq9ZLDUhR1FFE06+lfGe9JOwtVIgr7rS+VRqNYEmNSj+r/5L/7MwPQkzFTXfzDZLapR6UoJ64J96m7FwVGHPHctmVcThJ1bDOKziGPoELb7gpiv87pCsFcpegyHAEPfkmE+RwaFH19Rmwn2DFRjxN2RQmcFSoER1nt7Ei2J4O5Fd/Y4yYass4BZnvp2OBu/zORLqxXpMNtvQwNPKPGHQU2x8ukOHehuuxHt1ncFJ92aqSEsdM8jG5CqoSpqTS9FvutGOeWjBXOp89drc9QLqGgSmI4/orizBvJSE3NjSZAtN8/7A3pRSk/H3lmA/nmz8ES8I2FbXi7G245dE8zhFbn2kimP6bOOPrwv42qXoKm1uO2lii63299M+83i75gdpMvDP+4oqC4iryDyBQfT+QmlosGWw8hazf2TGrsHRekQSolw8vzXl1G84B+0tu7Xh/+0oPpCRH7AHV1ena1rGywCVTw3LK1nXGvSyvPmBvdftwCSsh9puFlT5rS5zv38SF1d9v/cguUfei4K+vwmTwZK+qsNTFWf1tWmnSKaK+zM9Gl9ooea/BDHcv0NO6ue4KjAt5Cn6PlFnSbFgQI7GGIkgcWo/2q/dNz85beJWsTHdzrQO2SN3a5FaK8MvnFUwM0Vdv51o80Yxzm8MYp/Rzttc4QpTudCST/HMdqUVJw7yC4FmPNgSJK9Ri6tXt7Io09T/Qizxrw4khxECXNJCFt+xBwD7Fu4QUH3H7/atHpfkT+tH4TE9WUN5WKx8kc/9fb7dep0U0LUZFjvucxeV+jPMEjWAxHHLtA8ZWfgaxbeOHgF+7qVysWD1BmxE3STkQ3zdX7wXGaHDxfyb6PESGghk13JnTRQXDZyPFOvgFiwYm7UrMghTXMi7yIYHzxf+rrM8QU82nZfbINth/qi1qbMTrrSDPd8YebQCI57OSHrI7W8vcoppYyiyGUUIZXQJ+zbOVJj2nuxTyL2aH8kO5skkBw6I9pWTRzEDj+lvMwyJeZ30cK1+sUH0Y9S5UOKRpFDOxYRSI/RiKxtscbaG8DCbLii4Ck/3qfyHO6vdPqMVMObmy9vrt6yG75g3SBkSLMfXcnETcWMusdpI7gVqJaJP3A/bKrb6R/pfFTwalfDcihlm5n7FLhCEV5OCVEfp4+S6U59pc8vsILK+SbRPtTfcYGDQKU+G3ylHFC1UzribgXL/Ij+VqSjvVWTpdV0xFWUSUguGwJOZs9M9po+IkBOvWug1rVanIrHdX7hJxGQ3AO9lEpw==,iv:W3cwoql686CZ/1gvN/2peskuOPj5FnEnQ7bV28+nHJ4=,tag:heszwVzajuFJKQLmT/h6/w==,type:str]
home-assistant-ldap: ENC[AES256_GCM,data:goVtStX95X3B4XqzJKmPNt5FLOtG9AcZRKV8HaNWaHOQQCvMuAeTE5GVllkgisQt3IT7nQDAC4y5O7Ol08GPew==,iv:Fr9sodSAlP/pA7q7eoJ8uj5FRHI5lZ55Q+ChJksmINA=,tag:mk/j3iq9UQEks3Pxfl9cKg==,type:str]
home-assistant-secrets.yaml: ENC[AES256_GCM,data:S0qrCCvlNMZwpcGZww5ER9u2Aqy77/ZT5Sfr0biME9qjlFliiPjTd9NtM6TEktAYPHdbx94pQ9jvUg0EHCaG+0VSPhO/q4a5CkdokcU7xaInwY8r8gEx1US5MDESrWwO3THIVXFGQi7z78VrE8D4XaEiUl0GYXHre0TYJevkxr6/F7tr/JCzREAdCACyP5U8HoCrm6lWryWcCDLst15NheY4dfRAv0PsMjNDc4oWfs+BPmvC+kfvLw2YjdETrABaG0QTiUVrrRpnVcyVBSwQDTi6b8CIbrkd+S6I7dMI4Of5b6+wPBBrToSdZKhZd/lJrY9nSht3NPUrcGbkbpCBCpDmS26U0ZYiH0BApmsP7UIn4iYwuN+DZwsdE1riK2dt1qeXUE0wcj1Jt0vFbSuxPpvWaATaYTJTRVnhKkRLMYaEIjO5x9XQIkAdsHLpK8/rgfUSvLoTd3cqab+mPvm47R22HD4h1LvIiRgpgy9hsorg9vQ/y9npA4MSDbyS/tnJfleieLYIqiB9kRzjExairmHbu8Pi8UqRYD6zuKmKgc8s4DIxWDarrsKgXwyj3pBTPEv2lO+nApQkgIVAJ5qy1GyMLV7sta2F6uQbP8ek+Q==,iv:ofV96M6hCYgAEz8eKW97gMl1METkN40jV2yOXWsSpw4=,tag:UJ1uaGxjY0tQFITf65Cqqg==,type:str]
ps5-mqtt-env: ENC[AES256_GCM,data:Db+RZBLLFk/gHUBAIH41sT4ykhqVOTfsjw/DMuF+YWzUkOMNuOEymeTiL8w0UxIOVr4ARQHefjB/E2kkqvRAE2b0ZOQ/dNnhsia0okpwU53aOExOe9xcUz6NoCi7aYRx9Gk1yySNJcCpUENUcyoVLEogEsB4/JNc06EDslMKAclMEXmIo4cPRX11/WSCgLx8j22dlSm9fVQWIigEmf6jDvSkZZN68ArHpazBnXJgHZRuXmpjSWsVkqyYqvCMPu2xvChCRmzA6s8nIlyzB/aW1hyZeQQLxM73t+YGda1SEwdiG4tl3AdUa4AoGDTtUoGr62SRl8pyCGengiivzOnzTGBV4w5sa/DXH4pLHFgkZAI/FVl+XZJrNJ5NfWIYS6DO3CvXU87GWdsJ3yaUZiIGUVMqXeFmgvU5hUjHBl4lhCJZvrWpIT9ZXR7nSlET/7v3ovgpw1cyeVic9McxCDh5kOgPH8Y0nXFjJWVDCSJgPEiIEtf94tj8m4yHULd6J+TRcmMND30dAmTAstdPveP5JPzHlHJU7Zq8My0R/yw/MCN8meX4/gQJf9MUOj5XJmdAv4nTB3Szp17n6i0sK0j0exJ5UIpxskaHiAMBPrZpNte+jLShuQ1VG6gPA5PVnyDHGVmpFI9V,iv:IawfKpwBwn6JcHZdxyRU/8mS4oIhfad7WtnBVFdlcUs=,tag:hfQOM5FxB0q7DYRBQWCxDQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOR2NFU2Q1Wjl1YmNFSXBa
S0lZcFdkYmtRTUNiZVRKUkxxTTcrNmZsbWkwCm9xY0dsQzIrN3lzR3luSU1VaUxN
bWdRVm1uZmZUc0QwQklzYnowQjgwUlUKLS0tIGw0OEh0aThibTRtNExqeGV1Vjkz
NUFqVXo4aVNlMzZNSlJZU3ozeHM0R28KJdZHqBdjssWQdCl/60JEqDRvFsQElQBx
ZSCQCKPBmpj0y1/QBeItsRYCnn3rety9ZnD6HUE9Oc0OF4b0ByRZhw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ezq2j34qngky22enhnslx6hzh4ekwk8dtmn6c9us0uqxqpn7hgpsspjz58
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTk41UGFGQktiakQ0VFFN
SjgxL1Y4VXF1UTViSVpZSVYzdlFGd0s5aEZjCmc2UXg1SHllYVZ4RXRSUHpXZHl4
WEJjcDhTSmNpM3hoWUoyYi84Sm0wTEEKLS0tIHQ2bVJnM0RVQnkvUk92Ulo5OU45
U0hkcXFObndTMTN3d1hzcnVyUktKRFkKd0LP3Ex+2oUDphP7alk7jvaj/vu4jM2X
MkEOoG8cm/uIIu85Yuz5wRZKhb1tU/1iXTZD6Nc0IcIxRZPl/o0Llw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-19T12:40:23Z"
mac: ENC[AES256_GCM,data:efRmRltjulYzHiCM5Dz/3sU3vtRML4tbm6J/rIuURKCw5YkWDYRZPKK9peCefYczIZrrBUGB9Z7OIOSNbCaPKvegcxUyO45A/wox029DuosTX49T3jTJlzowm4eFu4qbeSNj2/s4BhnsAbYGS6P40f0pQ242NoUlr1omLnFcQ9I=,iv:FMr1omABdoVVYNT7H+hcp4g+yavxn+jJP+A9m09d8iY=,tag:2/JeC/UnK4ADSygvo/QKOg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

1
hosts/home-assistant.cloonar.com/utils
View File

@@ -1 +0,0 @@
../../utils

119
hosts/steamdeck.cloonar.com/configuration.nix
View File

@@ -1,119 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
(
# Put the most recent revision here:
let revision = "ab1bdc6a387c7a614f53fe78a77f51e3f234820e"; in
builtins.fetchTarball {
url = "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/${revision}.tar.gz";
# Update the hash as needed:
sha256 = "sha256:1fpnhwgwkciwjfbxcmcrzblnz4j16dbjnyhgqzmk6m2px9zpha1k";
} + "/modules"
)
./utils/bento.nix
./modules/sway/sway.nix
./modules/wow-addon-manager.nix
./modules/wow.nix
./hardware-configuration.nix
];
nixpkgs.overlays = [
(import ./utils/overlays/packages.nix)
];
cloonar.sway.additionalConfig = ''
output eDP-1 disable
'';
programs.steam.enable = true;
hardware.xone.enable = true;
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steamdeck-hw-theme"
"steam"
"steam-jupiter-original"
"steam-run"
"1password"
"libsciter"
"xow_dongle-firmware"
];
programs.sway.enable = true;
jovian.steam = {
enable = true;
autoStart = true;
user = "dominik";
desktopSession = "sway";
};
jovian.devices.steamdeck.enable = true;
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Setup keyfile
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
networking.hostName = "steamdeck"; # Define your hostname.
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Vienna";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
environment.systemPackages = with pkgs; [
ykfde
firefox
chiaki
lutris
wineWowPackages.stable
winetricks
];
users.users.dominik = {
isNormalUser = true;
description = "Dominik Polakovics";
extraGroups = [ "networkmanager" "wheel" ];
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
# Enable automatic login for the user.
services.xserver.displayManager.autoLogin.enable = true;
services.xserver.displayManager.autoLogin.user = "dominik";
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
system.stateVersion = "23.05";
}

71
hosts/steamdeck.cloonar.com/hardware-configuration.nix
View File

@@ -1,71 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"vfat"
"nls-cp437"
"nls-iso8859-1"
"sdhci"
"sdhci-pci"
"cqhci"
"mmc-block"
];
boot.initrd.kernelModules = [
"usbcore"
"usbhid"
"hid-generic" "hid-lenovo" "hid-apple" "hid-roccat"
"hid-logitech-hidpp" "hid-logitech_dj" "hid-microsoft" "hid-cherry"
"pcips2" "atkbd" "i8042"
"rtc-cmos"
# Touch
"hid-multitouch"
"i2c-designware-core"
"i2c-designware-platform"
"i2c-hid-acpi"
];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ea402301-d29d-4e6c-a72b-f1132051a23e";
fsType = "ext4";
};
boot.initrd.luks = {
yubikeySupport = true;
devices."luks-09c74bcb-f82c-405d-b938-2c4e6c3c8a54" = {
device = "/dev/disk/by-uuid/09c74bcb-f82c-405d-b938-2c4e6c3c8a54";
yubikey = {
slot = 2;
twoFactor = false;
storage = {
device = "/dev/disk/by-uuid/7694-405E";
};
};
};
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7694-405E";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0f3u1u3c2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth.enable = true;
}

1
hosts/steamdeck.cloonar.com/modules/sway
View File

@@ -1 +0,0 @@
../../nb-01.cloonar.com/modules/sway

123
hosts/steamdeck.cloonar.com/modules/wow-addon-manager.nix
View File

@@ -1,123 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.programs.wow-addon-manager;
in
with lib;
{
options.programs.wow-addon-manager = {
enable = mkOption {
default = false;
description = lib.mdDoc ''
Whether to enable wow-addon-manager.
'';
type = types.bool;
};
startAt = mkOption {
type = with types; either str (listOf str);
default = "*-*-* 01:15:00";
example = "*-*-* 01:15:00";
description = lib.mdDoc ''
The time(s) to run wow-addon-manager updates.
Specified in systemd's time format; see
{manpage}`systemd.time(7)`.
'';
};
user = mkOption {
type = types.str;
default = "dominik";
description = lib.mdDoc "User to run wow-addon-manager.";
};
addonList = mkOption {
type = with types; nullOr lines;
default = null;
description = lib.mdDoc ''
WoW Retail addons to load
'';
example = literalExpression ''
https://wowinterface.com/downloads/info15636-tullaRange.html
https://addon.theunderminejournal.com/TheUndermineJournal.zip
https://github.com/TekNoLogic/VendorBait.git
https://github.com/ColbyWanShinobi/gsReloadUI.git
https://github.com/ColbyWanShinobi/gsNoGryphons.git
https://github.com/ColbyWanShinobi/gsQuestSounds.git
http://wowinterface.com/downloads/info12995-NPCScan.html
https://wowinterface.com/downloads/info5108-Clique.html
https://wowinterface.com/downloads/info20804-Grail.html
https://wowinterface.com/downloads/info7032-TomTom.html
https://wowinterface.com/downloads/info24910-WeakAuras2.html
https://wowinterface.com/downloads/info7296-Pawn.html
https://wowinterface.com/downloads/info20805-Wholly.html
https://wowinterface.com/downloads/info24802-ChampionCommander.html
https://www.wowinterface.com/downloads/info25313-Dejunk.html
https://www.wowinterface.com/downloads/info10089-ItemID.html
https://www.wowinterface.com/downloads/info24508-ImprovedNameplates.html
'';
};
classicAddonList = mkOption {
type = with types; nullOr lines;
default = null;
description = lib.mdDoc ''
WoW Retail addons to load
'';
example = literalExpression ''
https://github.com/RagedUnicorn/wow-vanilla-gearmenu.git
https://wowinterface.com/downloads/info15636-tullaRange.html
https://www.curseforge.com/wow/addons/bagsync/download
https://www.curseforge.com/wow/addons/quest_completist/download
http://www.curseforge.com/wow/addons/mmz/download
http://www.curseforge.com/wow/addons/clique/download
http://www.curseforge.com/wow/addons/grail/download
http://www.curseforge.com/wow/addons/tomtom/download
https://github.com/TekNoLogic/VendorBait.git
https://github.com/ColbyWanShinobi/gsReloadUI.git
https://github.com/ColbyWanShinobi/gsNoGryphons.git
https://github.com/ColbyWanShinobi/gsQuestSounds.git
https://www.curseforge.com/wow/addons/tradeskill-master/download
https://www.curseforge.com/wow/addons/monkey-speed/download
https://www.curseforge.com/wow/addons/cursortrail/download
http://wowinterface.com/downloads/info12995-NPCScan.html
https://www.curseforge.com/wow/addons/advancedinterfaceoptions/download
https://www.curseforge.com/wow/addons/weaponswingtimer/download
https://www.curseforge.com/wow/addons/azeroth-auto-pilot-classic/download
https://www.curseforge.com/wow/addons/details/download
https://www.curseforge.com/wow/addons/big-wigs/download
https://www.curseforge.com/wow/addons/bartender4/download
https://www.curseforge.com/wow/addons/little-wigs/download
https://www.curseforge.com/wow/addons/omni-cc/download
https://www.curseforge.com/wow/addons/questie/download
https://www.curseforge.com/wow/addons/atlaslootclassic/download
https://www.curseforge.com/wow/addons/mapster/download
https://www.curseforge.com/wow/addons/vendor-price/download
https://www.curseforge.com/wow/addons/leatrix-plus-classic/download
https://www.curseforge.com/wow/addons/inventorian/download
https://www.curseforge.com/wow/addons/bagnon/download
https://www.wowinterface.com/downloads/info25006-ClassicAuraDurations.html
https://www.wowinterface.com/downloads/info24958-AuctionatorClassicquickfix.html
https://www.wowinterface.com/downloads/info25036-DruidBarClassic.html
https://www.curseforge.com/wow/addons/outfitter/download
https://wowinterface.com/downloads/info24944-WeakAuras2Classic.html
'';
};
};
config = {
systemd.services."wow-addon-manager" = {
startAt = cfg.startAt;
script = ''
set -eu
${pkgs.wow-addon-manager}/bin/wow-addon-manager
${pkgs.wow-addon-manager}/bin/wow-addon-manager classic
'';
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Environment = "PATH=${pkgs.wget}/bin:${pkgs.unzip}/bin:${pkgs.gnused}/bin:${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.git}/bin:${pkgs.curl}/bin:${pkgs.rsync}/bin";
};
};
environment.etc = {
"wow-addon-manager/addon.list".text = cfg.addonList;
"wow-addon-manager/addon.classic.list".text = cfg.classicAddonList;
};
};
}

26
hosts/steamdeck.cloonar.com/modules/wow.nix
View File

@@ -1,26 +0,0 @@
{ ... }:
{
programs.wow-addon-manager = {
enable = true;
user = "dominik";
addonList = ''
https://www.wowinterface.com/downloads/info23536-ConsolePort.html
https://www.wowinterface.com/downloads/info24714-Immersion.html
https://www.wowinterface.com/downloads/info25570-DynamicCam.html
https://www.wowinterface.com/downloads/info15749-ThreatPlates.html
https://github.com/AdiAddons/AdiBags.git
https://www.wowinterface.com/downloads/info26470-AdiBags-Dragonflight.html
https://github.com/darroshi/AdiBags_ConsolePortSupport.git
'';
classicAddonList = ''
https://www.wowinterface.com/downloads/info23536-ConsolePort.html
https://www.wowinterface.com/downloads/info24714-Immersion.html
https://www.wowinterface.com/downloads/info25570-DynamicCam.html
https://github.com/AdiAddons/AdiBags.git
https://www.wowinterface.com/downloads/info26598-AdiBags-Classic.html
https://github.com/max-ri/Guidelime.git
https://sage-guide.netlify.app/Sage.zip
https://www.wowinterface.com/downloads/info15749-ThreatPlates.html
'';
};
}

1
hosts/steamdeck.cloonar.com/utils
View File

@@ -1 +0,0 @@
../../utils