WIP RPI hotspot fallback gateway

common/binary-cache.nix

@@ -1,17 +1,29 @@
 { config, lib, ... }:
 
+let
+
+in
 {
-  nix = {
+  options.enableExtraSubstituters = lib.mkEnableOption "Enable extra substituters";
-    settings = {
+
-      substituters = [
+  config = lib.mkMerge [
-        "https://cache.nixos.org/"
+    {
-        "https://nix-community.cachix.org"
+      enableExtraSubstituters = lib.mkDefault true;
-        "http://s0.koi-bebop.ts.net:5000"
+    }
-      ];
+    (lib.mkIf config.enableExtraSubstituters {
-      trusted-public-keys = [
+      nix = {
-        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        settings = {
-        "s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU="
+          substituters = [
-      ];
+            "https://cache.nixos.org/"
-    };
+            "https://nix-community.cachix.org"
-  };
+            "http://s0.koi-bebop.ts.net:5000"
+          ];
+          trusted-public-keys = [
+            "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+            "s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU="
+          ];
+        };
+      };
+    })
+  ];
 }

common/server/nextcloud.nix

@@ -8,12 +8,23 @@ in
   config = lib.mkIf cfg.enable {
     services.nextcloud = {
       https = true;
-      package = pkgs.nextcloud29;
+      package = pkgs.nextcloud30;
       hostName = "neet.cloud";
       config.dbtype = "sqlite";
       config.adminuser = "jeremy";
       config.adminpassFile = "/run/agenix/nextcloud-pw";
       autoUpdateApps.enable = true;
+      extraApps = with config.services.nextcloud.package.packages.apps; {
+        # Want
+        inherit end_to_end_encryption mail spreed;
+
+        # Might use
+        inherit bookmarks calendar cookbook deck memories onlyoffice qownnotesapi;
+
+        # Try out
+        # inherit maps music news notes phonetrack polls forms;
+      };
+      extraAppsEnable = true;
     };
     age.secrets.nextcloud-pw = {
       file = ../../secrets/nextcloud-pw.age;

machines/hotspot/default.nix

@@ -0,0 +1,69 @@
+{ config, pkgs, lib, ... }:
+
+let
+  internal = "end0";
+  wireless = "wlan0";
+  internal-gateway-ip = "192.168.0.1";
+  internal-ip-lower = "192.168.0.10";
+  internal-ip-upper = "192.168.0.100";
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  enableExtraSubstituters = false;
+
+  # networking.interfaces.${internal}.ipv4.addresses = [{
+  #   address = internal-gateway-ip;
+  #   prefixLength = 24;
+  # }];
+
+  # DHCP on all interfaces except for the internal interface
+  networking.useDHCP = true;
+  networking.interfaces.${internal}.useDHCP = true;
+  networking.interfaces.${wireless}.useDHCP = true;
+
+  # Enable NAT
+  networking.ip_forward = true;
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ internal ];
+    externalInterface = wireless;
+  };
+
+  networking.wireless = {
+    enable = true;
+    networks = {
+      "Pixel_6054".psk = "@PSK_Pixel_6054@";
+    };
+    interfaces = [ wireless ];
+    environmentFile = "/run/agenix/hostspot-passwords";
+  };
+  age.secrets.hostspot-passwords.file = ../../secrets/hostspot-passwords.age;
+
+  # dnsmasq for internal interface
+  services.dnsmasq = {
+    enable = true;
+    settings = {
+      server = [ "1.1.1.1" "8.8.8.8" ];
+      dhcp-range = "${internal-ip-lower},${internal-ip-upper},24h";
+      dhcp-option = [
+        "option:router,${internal-gateway-ip}"
+        "option:broadcast,10.0.0.255"
+        "option:ntp-server,0.0.0.0"
+      ];
+    };
+  };
+
+  networking.firewall.interfaces.${internal}.allowedTCPPorts = [
+    53 # dnsmasq
+  ];
+
+  # Make it appear we are not using phone tethering to the ISP
+  networking.firewall = {
+    extraCommands = ''
+      iptables -t mangle -A POSTROUTING -o ${wireless} -j TTL --ttl-set 65
+    '';
+  };
+}

machines/hotspot/hardware-configuration.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

machines/hotspot/properties.nix

@@ -0,0 +1,13 @@
+{
+  hostNames = [
+    "hotspot"
+  ];
+
+  arch = "aarch64-linux";
+
+  systemRoles = [
+    "hotspot"
+  ];
+
+  hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAION4IUAef687RIzWrP4HEZnpdSJswt06QmrdRMDPHHGY";
+}

overlays/actualbudget/default.nix

@@ -7,16 +7,16 @@
 }:
 buildNpmPackage rec {
   pname = "actual-server";
-  version = "24.3.0";
+  version = "24.10.1";
 
   src = fetchFromGitHub {
     owner = "actualbudget";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-y51Dhdn84AWR/gM4LnAzvBIBpvKwUiclnPnwzkRoJ0I=";
+    hash = "sha256-VJAD+lNamwuYmiPJLXkum6piGi5zLOHBp8cUeZagb4s=";
   };
 
-  npmDepsHash = "sha256-/UM2Tz8t4hi621HtXSu0LTDIzZ9SWMqKXqKfPwkdpE8=";
+  npmDepsHash = "sha256-Z2e4+JMhI/keLerT0F4WYdLnXHRQCqL7NjNyA9SFEF8=";
 
   patches = [
     ./migrations-should-use-pkg-path.patch

overlays/actualbudget/migrations-should-use-pkg-path.patch

@@ -1,5 +1,5 @@
 diff --git a/src/load-config.js b/src/load-config.js
-index d3cc5dd..cfcad8a 100644
+index d99ce42..42d1351 100644
 --- a/src/load-config.js
 +++ b/src/load-config.js
 @@ -3,7 +3,8 @@ import path from 'node:path';
@@ -12,7 +12,7 @@ index d3cc5dd..cfcad8a 100644
  const debugSensitive = createDebug('actual-sensitive:config');
  
  const projectRoot = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
-@@ -90,6 +91,7 @@ const finalConfig = {
+@@ -108,6 +109,7 @@ const finalConfig = {
    serverFiles: process.env.ACTUAL_SERVER_FILES || config.serverFiles,
    userFiles: process.env.ACTUAL_USER_FILES || config.userFiles,
    webRoot: process.env.ACTUAL_WEB_ROOT || config.webRoot,
@@ -21,7 +21,7 @@ index d3cc5dd..cfcad8a 100644
      process.env.ACTUAL_HTTPS_KEY && process.env.ACTUAL_HTTPS_CERT
        ? {
 diff --git a/src/migrations.js b/src/migrations.js
-index 964e1f2..3a341d7 100644
+index cba7db0..9983471 100644
 --- a/src/migrations.js
 +++ b/src/migrations.js
 @@ -1,6 +1,12 @@
@@ -37,11 +37,12 @@ index 964e1f2..3a341d7 100644
  
  export default function run(direction = 'up') {
    console.log(
-@@ -13,6 +19,7 @@ export default function run(direction = 'up') {
+@@ -13,7 +19,7 @@ export default function run(direction = 'up') {
          stateStore: `${path.join(config.dataDir, '.migrate')}${
            config.mode === 'test' ? '-test' : ''
          }`,
-+        migrationsDirectory,
+-        migrationsDirectory: `${path.join(config.projectRoot, 'migrations')}`,
++        migrationsDirectory
        },
        (err, set) => {
-         if (err) {
+         if (err) {

secrets/hostspot-passwords.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cObvAg l/suU/M4AATK7lQuZv/qnjG/xqNGoVqhS7b3xirmNUM
+Ao2tP6BBSZdlL7jZJPmLyJQWfqdU89M9hCjkkuqtxlw
+-> ssh-ed25519 w3nu8g szQugiuFfzkzVndyIdP1agun4nmCsZzFG/6EEB2V1Gk
+5+DEUJ5tkVFUpm+w/tptUCByRpMxRigwfrVglTYc8XI
+--- pjviyhRustHHMipIpkKsQ4cpu+YA66JwvWXjceXopi4
+)˜Ö®Äý8³È6Y"@?Ý9”®@¡Ÿžè|ÂÄž+©Z*4ö2å“R<qef…êªG¹ïV+{©%CmÞd^™b

secrets/secrets.nix

@@ -57,4 +57,7 @@ with roles;
 
   # Frigate (DVR)
   "frigate-credentials.age".publicKeys = frigate;
+
+  # Phone hotspot passwords
+  "hostspot-passwords.age".publicKeys = hotspot;
 }