zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:rpi-hotspot
Branches Tags
zuckerberg:master zuckerberg:stage zuckerberg:rpi-hotspot zuckerberg:attic zuckerberg:kexec_luks2 zuckerberg:pia-client
...
compare: zuckerberg:8ff552818b729267b3c9c8388910dd07f07127a9
Branches Tags
zuckerberg:master zuckerberg:stage zuckerberg:rpi-hotspot zuckerberg:attic zuckerberg:kexec_luks2 zuckerberg:pia-client

4 Commits
rpi-hotspo ... 8ff552818b

Author SHA1 Message Date
Zuckerberg
8ff552818b Rollover digital ocean auth token
All checks were successful
Check Flake / check-flake (push) Successful in 1m13s
Details
2024-10-27 16:41:02 -07:00
Zuckerberg
020689d987 Fix zigbee2mqtt auth 2024-10-27 16:40:47 -07:00
Zuckerberg
9109e356bd Backup vikunja
All checks were successful
Check Flake / check-flake (push) Successful in 2m6s
Details
2024-10-27 16:26:32 -07:00
Zuckerberg
c7d9e84f73 Lock down access to mqtt
All checks were successful
Check Flake / check-flake (push) Successful in 1m6s
Details
2024-10-27 16:15:23 -07:00
6 changed files with 36 additions and 15 deletions
Expand all files Collapse all files

4
machines/storage/s0/default.nix
View File

@@ -262,6 +262,7 @@
openMinimalFirewall = true; openMinimalFirewall = true;
}; };
# TODO: setup backup
services.vikunja = { services.vikunja = {
enable = true; enable = true;
port = 61473; port = 61473;
@@ -271,6 +272,9 @@
service.enableregistration = false; service.enableregistration = false;
}; };
}; };
backup.group."vikunja".paths = [
"/var/lib/vikunja"
];
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
} }

15
machines/storage/s0/home-automation.nix
View File

@@ -3,14 +3,14 @@
{ {
services.esphome.enable = true; services.esphome.enable = true;
# TODO lock down
services.mosquitto = { services.mosquitto = {
enable = true; enable = true;
listeners = [ listeners = [
{ {
acl = [ "pattern readwrite #" ]; users.root = {
omitPasswordAuth = true; acl = [ "readwrite #" ];
settings.allow_anonymous = true; hashedPassword = "$7$101$8+QnkTzCdGizaKqq$lpU4o84n6D/1uwfA9pZDVExr1NDm1D/8tNla2tE9J9HdUqkvu192yYfiySY1MFqVNgUKgWEFu5P1bUKqRnzbUw==";
};
} }
]; ];
}; };
@@ -28,7 +28,8 @@
}; };
mqtt = { mqtt = {
server = "mqtt://localhost:1883"; server = "mqtt://localhost:1883";
# base_topic = "zigbee2mqtt"; user = "root";
password = "'!/run/agenix/zigbee2mqtt.yaml mqtt_password'";
}; };
frontend = { frontend = {
host = "localhost"; host = "localhost";
@@ -36,6 +37,10 @@
}; };
}; };
}; };
age.secrets."zigbee2mqtt.yaml" = {
file = ../../../secrets/zigbee2mqtt.yaml.age;
owner = "zigbee2mqtt";
};
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;

1
machines/storage/s0/properties.nix
View File

@@ -12,6 +12,7 @@
"binary-cache" "binary-cache"
"gitea-actions-runner" "gitea-actions-runner"
"frigate" "frigate"
"zigbee"
]; ];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

20
secrets/digitalocean-dns-credentials.age
View File

@@ -1,11 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 WBT1Hw wjZGPvilRXGZsC2+7dWm/Nbau8Allv29WwQCr0XSAWU -> ssh-ed25519 WBT1Hw TGdD8Nw+GPITDOXGhevSu+880DWET7WYN3nIyJ0xy2o
uTOf/sokutOGDyc8fbTbBWXqCVQCFhGdHxwA6SXqhdA 69xepRTnmaFwa4IsGJjDdwZqTSf5fz6EZK0/q3oz/ZA
-> ssh-ed25519 6AT2/g NU068qwqOWiKk0QwqP9vU4xJaND2OR4bo8xkmdWATgY -> ssh-ed25519 6AT2/g EmqXrXXsRxSS6AsH+7VMgoJTYo9eGj8ebLiLT4IWNxg
uGd0sb5PH+rREn9pgLOFwk29CX66aPBQMvr4rBazylc eKs5/3tQMdg5bGJKNz8PFh9C7HiV+IlOU9dzpYcGIjo
-> ssh-ed25519 hPp1nw r2JRiZ7fsHPYDlte6Oh2Gx1KkugekFeeg3xSjziI+hQ -> ssh-ed25519 hPp1nw wsIF676is8FquF6oANNauPrumsMnfVUZpPeVKEtBOzQ
xnO0gscMdR25mj5uAX7D42FCbCQhqbU0wkiLX4OmVqk qZR8LSF+TQ2K3K0An69NHfk53ZqNEWev0IVcb71SR40
-> ssh-ed25519 w3nu8g F03mPU63WwEs1SLUFErLOVCkARoggGIvvz9TFZfMOBY -> ssh-ed25519 w3nu8g TKHY/5JuzFMhbW9CQAOI3woX8M9b1H/XXUpIMT0Mylk
HOdVA3xW9pqUPhclO6VueSfXg3ux06Ch3fucF6Vr4hM byJV0/BJ3ftG5eYv5BeyIYBi0VoWG31HRiENUxSeYE8
--- niyo231HPT/+2dzflP+zhYjL9XiWsk7svesCYdkU1jA --- fwHXHtE/sMLqCLSD8tR0oCPgNuif9Y/ncHU97hbf/Bw
ØQî¬5-ô@<40>¢¿—ßÐN5<4E> Ãÿ$Ø‚™’Çž…êÐ<C3AA>X=ŒHŽDÁ`P×5ZA´÷¼YóäÓ?¡é^[³1”6ÕK*mP݈ª­æ1æç÷ß›ƒ:$^ÑfDœ†ÿ“š-zi´"·Tàuÿüò f"+ÉŒqc<71>H†Ñjï!JSšË¡Ì|yMìðX¼þMl<4D>ýçCy™îUXn»Égk¨ë)¤óOY§uº„¦²¶g%è Håvœ5ô!$Jœ¤Š…¶$<24>#Dö;±¥àÖ }ÏŸcçKšˆ{R/

3
secrets/secrets.nix
View File

@@ -57,4 +57,7 @@ with roles;
# Frigate (DVR) # Frigate (DVR)
"frigate-credentials.age".publicKeys = frigate; "frigate-credentials.age".publicKeys = frigate;
# zigbee2mqtt secrets
"zigbee2mqtt.yaml.age".publicKeys = zigbee;
} }

8
secrets/zigbee2mqtt.yaml.age Normal file
View File

@@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 hPp1nw TSDuPaFp/Qcz4r819X4QmU/4J2TGpoX7jCCJCdFDog0
SwQUqEp45xMOeTkvBG6uX28kB8YWG66laYqakSgl9w4
-> ssh-ed25519 w3nu8g tLZDNE0iBgOpUB3djpNu3CgimsRc0zcds+AgctzxyQ4
Oyz6XORsApM4vFxWyaD3bR/ApIUFPY3q4yGvtbosUIY
--- vuXlQmuOFbJhBTACN5ciH2GlOCbRCMPZdlogG2O+KOk
Áëÿ!}UIì p0@Xž|°þ#晆0HÙõò#BÇRR<52>Ù
òùø5¾Iÿ?vX?pÝ<70><>fqÍ[lž¸˜­G7ü; UäÀOUä¶