diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index ad42652..75c142b 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -26,7 +26,10 @@ # git ./modules/gitea.nix + # ./modules/drone/server.nix + # ./modules/drone/runner.nix # ./modules/fwmetrics.nix + # ./modules/podman.nix # home assistant ./modules/home-assistant @@ -34,6 +37,7 @@ # ./modules/mopidy.nix # ./modules/mosquitto.nix ./modules/snapserver.nix + # ./modules/deconz # gaming ./modules/palworld.nix diff --git a/hosts/fw.cloonar.com/modules/deconz/default.nix b/hosts/fw.cloonar.com/modules/deconz/default.nix new file mode 100644 index 0000000..c659563 --- /dev/null +++ b/hosts/fw.cloonar.com/modules/deconz/default.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, stdenv, ... }: +let + deconz-full = pkgs.callPackage ./pkg/default.nix { }; + deconz = deconz-full.deCONZ; +in +{ + environment.systemPackages = with pkgs; [ + deconz + ]; + + + users.users."deconz" = { + createHome = true; + isSystemUser = true; + group = "dialout"; + home = "/home/deconz"; + }; + + systemd.services.deconz = { + enable = true; + description = "deconz"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + stopIfChanged = false; + serviceConfig = { + ExecStart = "${deconz}/bin/deCONZ -platform minimal --http-port=8080 --ws-port=8081 --http-listen=127.0.0.1 --dev=/dev/ttyACM0"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Restart = "always"; + RestartSec = "10s"; + # StartLimitInterval = "1min"; + # StateDirectory = "/var/lib/deconz"; + User = "deconz"; + # DeviceAllow = "char-ttyUSB rwm"; + # DeviceAllow = "char-usb_device rwm"; + # AmbientCapabilities="CAP_NET_BIND_SERVICE CAP_KILL CAP_SYS_BOOT CAP_SYS_TIME"; + }; + }; + + services.nginx.virtualHosts."deconz.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + extraConfig = '' + proxy_buffering off; + ''; + locations."/".extraConfig = '' + set $p 8080; + if ($http_upgrade = "websocket") { + set $p 8081; + } + proxy_pass http://127.0.0.1:$p; + proxy_set_header Host $host; + proxy_redirect http:// https://; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; +} diff --git a/hosts/fw.cloonar.com/modules/deconz/pkg/default.nix b/hosts/fw.cloonar.com/modules/deconz/pkg/default.nix new file mode 100644 index 0000000..932c0ef --- /dev/null +++ b/hosts/fw.cloonar.com/modules/deconz/pkg/default.nix @@ -0,0 +1,50 @@ +{ config, pkgs, stdenv, buildFHSUserEnv, fetchurl, dpkg, qt5, sqlite, hicolor-icon-theme, libcap, libpng, libxcrypt-legacy, ... }: +#ith import {}; +let +version = "2.21.02"; +name = "deconz-${version}"; +in +rec { + deCONZ-deb = stdenv.mkDerivation { + #builder = ./builder.sh; + inherit name; + dpkg = dpkg; + src = fetchurl { + url = "https://deconz.dresden-elektronik.de/ubuntu/stable/${name}-qt5.deb"; + sha256 = "2d5ab8af471ffa82fb0fd0c8a2f0bb09e7c0bd9a03ef887abe49c616c63042f0"; + }; + + dontConfigure = true; + dontBuild = true; + dontStrip = true; + + buildInputs = [ dpkg sqlite hicolor-icon-theme libcap libpng qt5.qtbase qt5.qtserialport qt5.qtwebsockets qt5.wrapQtAppsHook libxcrypt-legacy ]; # qt5.qtserialport qt5.qtwebsockets ]; + + unpackPhase = "dpkg-deb -x $src ."; + installPhase = '' + cp -r usr/* . + cp -r ${libxcrypt-legacy}/lib/* share/deCONZ/plugins/ + cp -r share/deCONZ/plugins/* lib/ + cp -r . $out + ''; + + }; + deCONZ = buildFHSUserEnv { + name = "deCONZ"; + targetPkgs = pkgs: [ + deCONZ-deb + ]; + multiPkgs = pkgs: [ + dpkg + qt5.qtbase + qt5.qtserialport + qt5.qtwebsockets + qt5.wrapQtAppsHook + sqlite + hicolor-icon-theme + libcap + libpng + ]; + runScript = "deCONZ"; + }; +} diff --git a/hosts/fw.cloonar.com/modules/drone/runner.nix b/hosts/fw.cloonar.com/modules/drone/runner.nix new file mode 100644 index 0000000..27b5979 --- /dev/null +++ b/hosts/fw.cloonar.com/modules/drone/runner.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }: + +{ + users.users.drone-runner = { + isSystemUser = true; + group = "drone-runner"; + home = "/var/lib/drone-runner"; + createHome = true; + }; + users.groups.drone-runner = { }; + users.groups.docker.members = [ "drone-runner" ]; + + systemd.services.drone-runner = { + description = "Drone Runner (CI CD Service)"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman ]; + + serviceConfig = { + Name = "drone-runner"; + User = "drone-runner"; + Group = "drone-runner"; + Restart = "always"; + ExecStartPre= '' + -${pkgs.podman}/bin/podman stop %n \ + ${pkgs.podman}/bin/podman rm %n + ''; + ExecStart= '' + ${pkgs.podman}/bin/podman run --rm --name %n \ + --volume=/var/run/podman.sock:/var/run/podman.sock \ + --env-file=/run/secrets/drone-runner \ + --env=DRONE_RPC_PROTO=https \ + --env=DRONE_RPC_HOST=drone.cloonar.com \ + --env=DRONE_RUNNER_CAPACITY=2 \ + drone/drone-runner-docker:1.8.3 + ''; + }; + }; + + sops.secrets.drone-runner = { + owner = config.systemd.services.drone-runner.serviceConfig.User; + key = "drone"; + }; +} diff --git a/hosts/fw.cloonar.com/modules/drone/secrets.yaml b/hosts/fw.cloonar.com/modules/drone/secrets.yaml new file mode 100644 index 0000000..cd972be --- /dev/null +++ b/hosts/fw.cloonar.com/modules/drone/secrets.yaml @@ -0,0 +1,30 @@ +drone: ENC[AES256_GCM,data:Z1Rjso+5XYfvp2xJDXCQkI88GXl83v2oEkMLmOV/rb0DwRmhxCYzYX6fcdidk271Drf1YaPstVvm2LQB38jlBnJtg98aAGegj2fWfT44IbPIi8qDe93M2gFxFDgosoA2eOS2MjEwyBDp9GEUnKyi2gHR8khnTCvegVIntsusWOW/1tbzymKXavZAJUlX+82d/+6NWUEcnbislxhyph8P1Lgw546q,iv:SllCBHlq8ZCBqOHwMaCUcX6D/VDWsbN7uICZKb/R35w=,tag:mEb4E02VUaYGVjyI30FcXA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age16veg3fmvpfm7a89a9fc8dvvsxmsthlm70nfxqspr6t8vnf9wkcwsvdq38d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OW1JN0hjYjh4cDlmLyt6 + dHRlSjN6Y1JWUFdzNWlZZ3c0Z2F4bXBCa1NFCjM3b3pPZVhtbDdob3lsR2xlMmJI + bjRRMHFjQ2kwWWJKT1p5VW5NVGJuZ3MKLS0tICtRcTFoSmxyeUhaaVlxQUxRWkJl + SXR2M293UFBxNFovRnlTQ1o4SzloaEEK+onGdd/7aEF71ibLoLXE5/SbJQWsKigh + h8BhfT1z9P5UYNoGHVv8Ry6LndyrBLEv+PUBuT0XJpEVPjKLm99KbQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age106n5n3rrrss45eqqzz8pq90la3kqdtnw63uw0sfa2mahk5xpe30sxs5x58 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyL3dDczRNMjNQUWVjelR5 + TG93QUFjVGtMNFplaTErOTJjT2dHbWtWUVNzCjNTV0tUY2hpcnp1SDZ4UTB2aFNI + M2JwSkdNS0RFQVlPRUNzRG41aW5aS3cKLS0tIEJtaTRXdTI3NGJxZENJTk9jT1hi + N3RLRjdkMmZkSmZWZGlYbXRRUTJOZFEK2bJo7iyE3A5ds7tW5bAHgyfGqgH4cRjY + hLzYp083QYbXKAqP1w8a3JFXofv1RWd7tUb61I6R4Rd6hXZUv1a5Qw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-10T12:35:53Z" + mac: ENC[AES256_GCM,data:44J9abLbHkvjAtIUqXVZlcEAnizgg5yxKwyaZhnqIzzebWEpzqcKP6b72blaD7/jSdAiUo7bk/m4BxKVGHf9XKGxyLastbgYoFtz40rsKg9LOKpEfO2kl3JV5dj7C1f8IgsHWZ8L3Vb6KFKcrK2bzjZ5K5p22hCze4lQbK7CZTE=,iv:TE+6juCOTjTrx5nQhi8W5gaZkMFYrEDtoPrGdSTJSNE=,tag:AVsCIkzPjtfk3uSlsv6Dlg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/fw.cloonar.com/modules/drone/server.nix b/hosts/fw.cloonar.com/modules/drone/server.nix new file mode 100644 index 0000000..87c8b52 --- /dev/null +++ b/hosts/fw.cloonar.com/modules/drone/server.nix @@ -0,0 +1,59 @@ +{ config, pkgs, ... }: + +{ + users.users.drone-server = { + isSystemUser = true; + group = "drone-server"; + home = "/var/lib/drone-server"; + createHome = true; + }; + users.groups.drone-server = { }; + users.groups.docker.members = [ "drone-server" ]; + + systemd.services.drone-server = { + description = "Drone Server (CI CD Service)"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.podman ]; + + serviceConfig = { + Name = "drone-server"; + User = "drone-server"; + Group = "drone-server"; + Restart = "always"; + ExecStartPre= '' + -${pkgs.podman}/bin/podman stop %n \ + ${pkgs.podman}/bin/podman rm %n + ''; + ExecStart= '' + ${pkgs.podman}/bin/podman run --rm --name %n \ + --env-file=/run/secrets/drone-server \ + --env=DRONE_AGENTS_ENABLED=true \ + --env=DRONE_GITEA_SERVER=https://git.cloonar.com \ + --env=DRONE_GITEA_CLIENT_ID=6a7b8c57-bd71-49c8-b67d-c2de68fda649 \ + --env=DRONE_GIT_ALWAYS_AUTH=true \ + --env=DRONE_SERVER_HOST=drone.cloonar.com \ + --env=DRONE_SERVER_PROTO=https \ + --env=DRONE_USER_CREATE=username:dominik.polakovics,admin:true \ + -v /var/lib/drone:/data \ + --publish=8080:80 \ + drone/drone:2.20.0 + ''; + }; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts."drone.cloonar.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://localhost:8080"; + }; + }; + + sops.secrets.drone-server = { + owner = config.systemd.services.drone-server.serviceConfig.User; + key = "drone"; + }; +} diff --git a/hosts/fw.cloonar.com/modules/home-assistant/light.nix b/hosts/fw.cloonar.com/modules/home-assistant/light.nix index 85bae9d..7e06157 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/light.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/light.nix @@ -128,21 +128,6 @@ } ]; } - { - conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.bedroom_lights' }}" ]; - sequence = [ - { - service = "light.turn_on"; - target = { - entity_id = "light.bedroom_lights"; - }; - data = { - brightness_pct = 5; - color_temp = 450; - }; - } - ]; - } { conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and trigger.entity_id == 'light.kitchen_lights' }}" ]; sequence = [ @@ -158,6 +143,21 @@ } ]; } + { + conditions = [ "{{ state_attr('sun.sun', 'elevation') < 5 and state_attr(trigger.entity_id, 'is_deconz_group') != None }}" ]; + sequence = [ + { + service = "light.turn_on"; + target = { + entity_id = "{{ trigger.entity_id }}"; + }; + data = { + brightness_pct = 30; + color_temp = 450; + }; + } + ]; + } { conditions = [ "{{ state_attr('sun.sun', 'elevation') > 4 }}" ]; sequence = [ diff --git a/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix b/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix index 76f1c4a..70d6898 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/multimedia.nix @@ -1,8 +1,4 @@ { - services.home-assistant.extraComponents = [ - "broadlink" - "androidtv" - ]; services.home-assistant.config = { # binary_sensor = [ # { @@ -236,51 +232,13 @@ delay = 5; } { - choose = [ - { - conditions = [ - { - condition = "state"; - entity_id = "media_player.android_tv_metz_cloonar_com"; - state = "off"; - } - ]; - sequence = [ - { - service = "androidtv.adb_command"; - target = { - device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931"; - }; - data = { - command = "adb shell am start -a android.intent.action.VIEW -d content://android.media.tv/passthrough/com.mediatek.tvinput%2F.hdmi.HDMIInputService%2FHDMI100004"; - }; - } - ]; - } - { - conditions = [ - { - condition = "state"; - entity_id = "media_player.android_tv_metz_cloonar_com"; - state = "unavailable"; - } - ]; - sequence = [ - { - service = "remote.send_command"; - target = { - device_id = "46988d2d424728f7355fe12b09e88e0e"; - }; - data = { - num_repeats = 1; - delay_secs = 0.4; - hold_secs = 0; - command = "b64:JgBOAJaSFREVNRU2FTUVERURFRAVERURFTUVNhU1FREVERUQFREVERUQFTYVNRURFREVEBURFTYVNRURFRAVNhU1FTYVNRUABfmWkhURFQANBQAAAAAAAAAAAAA="; - }; - } - ]; - } - ]; + service = "androidtv.adb_command"; + target = { + device_id = "a5e50f268f3a2dbd0741fb8e9ff7f931"; + }; + data = { + command = "adb shell am start -a android.intent.action.VIEW -d content://android.media.tv/passthrough/com.mediatek.tvinput%2F.hdmi.HDMIInputService%2FHDMI100004"; + }; } ]; };