diff --git a/flake.lock b/flake.lock index 9ced5556..40aee6c2 100644 --- a/flake.lock +++ b/flake.lock @@ -201,6 +201,22 @@ "type": "github" } }, + "fl-config": { + "locked": { + "lastModified": 1653159448, + "narHash": "sha256-PvB9ha0r4w6p412MBPP71kS/ZTBnOjxL0brlmyucPBA=", + "owner": "flakelib", + "repo": "fl", + "rev": "fcefb9738d5995308a24cda018a083ccb6b0f460", + "type": "github" + }, + "original": { + "owner": "flakelib", + "ref": "config", + "repo": "fl", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -248,6 +264,25 @@ "type": "github" } }, + "flakelib": { + "inputs": { + "fl-config": "fl-config", + "std": "std" + }, + "locked": { + "lastModified": 1669759641, + "narHash": "sha256-Zc6rZC0gTLZ9AzGG6vlImkYZGRf0bdMNk1fwS06ZqnU=", + "owner": "flakelib", + "repo": "fl", + "rev": "ac03e98777f3f03e694f1bcf0c6a6a304734a263", + "type": "github" + }, + "original": { + "owner": "flakelib", + "repo": "fl", + "type": "github" + } + }, "format-all": { "flake": false, "locked": { @@ -357,6 +392,22 @@ "type": "github" } }, + "nix-std": { + "locked": { + "lastModified": 1652644856, + "narHash": "sha256-tRRx4bBFwctWrUhnCNrcRee8Wiol1M7ypQTOPrLLtkc=", + "owner": "flakelib", + "repo": "std", + "rev": "194230d45e99ce84cf25ea8b3ae4774601fc097c", + "type": "github" + }, + "original": { + "owner": "flakelib", + "ref": "master", + "repo": "std", + "type": "github" + } + }, "nix-straight": { "flake": false, "locked": { @@ -546,6 +597,7 @@ "nixpkgs": "nixpkgs", "nur": "nur", "sops-nix": "sops-nix", + "systemd2mqtt": "systemd2mqtt", "tf-nix": "tf-nix", "trusted": "trusted" } @@ -566,6 +618,27 @@ "type": "github" } }, + "rust": { + "inputs": { + "nixpkgs": [ + "systemd2mqtt", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1670892108, + "narHash": "sha256-CmfMxBxQNV4j56EgbCRIu++Npwl1xtwoYWoZPnhsSTo=", + "owner": "arcnmx", + "repo": "nixexprs-rust", + "rev": "e7caa9e978907aa7d4a6c244eb69bff1fc987d10", + "type": "github" + }, + "original": { + "owner": "arcnmx", + "repo": "nixexprs-rust", + "type": "github" + } + }, "sln-mode": { "flake": false, "locked": { @@ -603,6 +676,46 @@ "type": "github" } }, + "std": { + "inputs": { + "nix-std": "nix-std" + }, + "locked": { + "lastModified": 1669759267, + "narHash": "sha256-jBAtT8Hb9XwiW5cBDl2SmOMbRivGoi9H6t78fJUO53g=", + "owner": "flakelib", + "repo": "std", + "rev": "628acb137d798d59d638999da4e1715572f18edb", + "type": "github" + }, + "original": { + "owner": "flakelib", + "repo": "std", + "type": "github" + } + }, + "systemd2mqtt": { + "inputs": { + "flakelib": "flakelib", + "nixpkgs": [ + "nixpkgs" + ], + "rust": "rust" + }, + "locked": { + "lastModified": 1671408660, + "narHash": "sha256-q14YY7ByTVIDCE4sX5tJ2Eo4m+jDK+rOs41mD+rpA+c=", + "owner": "arcnmx", + "repo": "systemd2mqtt", + "rev": "a32c3e1ed052cdf35f79640f1a224518acb69fb5", + "type": "github" + }, + "original": { + "owner": "arcnmx", + "repo": "systemd2mqtt", + "type": "github" + } + }, "tf-nix": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index 3cd84d1b..b1621985 100644 --- a/flake.nix +++ b/flake.nix @@ -47,6 +47,12 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + systemd2mqtt = { + url = "github:arcnmx/systemd2mqtt"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; }; outputs = { self, nixpkgs, flake-utils, ... }@inputs: let diff --git a/nixos/systems/tewi/nixos.nix b/nixos/systems/tewi/nixos.nix index 96e0c679..a5db0791 100644 --- a/nixos/systems/tewi/nixos.nix +++ b/nixos/systems/tewi/nixos.nix @@ -29,6 +29,7 @@ in { services.access nixos.arc nixos.sops + inputs.systemd2mqtt.nixosModules.default ./kanidm.nix ./vouch.nix ./home-assistant.nix @@ -89,6 +90,19 @@ in { name = ""; }; + services.systemd2mqtt = { + enable = true; + user = "root"; + mqtt = { + url = "tcp://localhost:1883"; + username = "systemd"; + }; + units = { + "mnt-shadow.mount" = { }; + "mediatomb.service" = lib.mkIf config.services.mediatomb.enable { }; + }; + }; + environment.etc = { "iscsi/initiatorname.iscsi" = lib.mkForce { source = config.sops.secrets.openscsi-config.path; @@ -101,7 +115,10 @@ in { ) md.shadow.cryptDisks); }; - sops.secrets.openscsi-config = { }; + sops.secrets = { + openscsi-config = { }; + systemd2mqtt-env = { }; + }; fileSystems = { "/" = { @@ -152,6 +169,13 @@ in { wantedBy = cryptServices; before = wantedBy; }; + systemd2mqtt = lib.mkIf config.services.systemd2mqtt.enable rec { + requires = lib.mkIf config.services.mosquitto.enable [ "mosquitto.service" ]; + after = requires; + serviceConfig.EnvironmentFile = [ + config.sops.secrets.systemd2mqtt-env.path + ]; + }; }; }; diff --git a/nixos/systems/tewi/secrets.yaml b/nixos/systems/tewi/secrets.yaml index 28099c44..acbc7554 100644 --- a/nixos/systems/tewi/secrets.yaml +++ b/nixos/systems/tewi/secrets.yaml @@ -6,6 +6,7 @@ tailscale-key: ENC[AES256_GCM,data:dGqnKoCFSF6ZmeptOP7bGy4HYDdUCC1oTdXpiUURDgXl/ vouch-client-secret: ENC[AES256_GCM,data:4MZL99JM4AeUcUfZ8a335utxgqvdH5PCc1R3KAvuOGpaWFGmU7CaD3vV5eLJ62gJ,iv:n1xbPBHi2TcZ12lm7LqItv2aOo7dkgzRh10uxFsy3yM=,tag:+fmJzYMhbiUae/kSyWbT5Q==,type:str] vouch-jwt: ENC[AES256_GCM,data:XDalZtedsBNnDYApmWpdYR9yHBvNXA2DlMmKyCPmcMlqTlbAIVL702/HzTaWLvwpgVXpn3pgG8hNXm9rUE764Q==,iv:qyvGCsildhYgzQiYQ4M0H6eFYrKp8aTkwEeZywpQqHM=,tag:ogtAgvpYE43VPhLhD4NuNA==,type:str] openscsi-config: ENC[AES256_GCM,data:pLfiDNSx3ghibiWgfV8vXqgXHJaA7dYwl7Tlqs11+XOGQ7gZPFavmhQfak6/LrD0boyM/vj6oXgp,iv:wuG4BIZeyxT3RXmXpvItByf3NDiKpCpMWWhsmmsG4l0=,tag:brFZh8mLv2WHQHPtK70bxQ==,type:str] +systemd2mqtt-env: ENC[AES256_GCM,data:Zo3+acCcMWgai2ERKbmOlI0hvdkOlNviBqeLb1ALuA==,iv:NxXBDCEevBRqMDY9/3z/Uq2+vENswkYTgTa82wKc32U=,tag:01WUphYRJrwmHv9HE4ac8w==,type:str] z2m-secret: ENC[AES256_GCM,data:SCxz8nbB/QhfPcAzSEDHMpiQnjv+j0xLtg/20qf5ZEe3P5YRaiKXMSqdw6MX7uQtGh8T44raEgS8PFuGKXY423GV/MNPSzMl16DLBwU5P7TL6lYT97uVYRIqWMKqtPy/1f155743wH8HsJvslmg=,iv:Yw9dvH1dBq+vxHvKm0eeHlqVHRdUuzL71mDTbIF7DDg=,tag:bCiDNSwq7P21TwblvVGq6A==,type:str] deluge-auth: ENC[AES256_GCM,data:qJP/CztnN7RV4Z3pP+jbH1B0zzBm8oa3n3X0pecEVe7UI3+NOSwFaQCBD7Q7JDxzh+qTNdQ/wWi7w0XJDG+aRIikgDG28S9RjdPL/w==,iv:GUEwmuk3JWMgsXsDgDrObW657WcN6wcYAsgXhK4Dvx0=,tag:vZMQ67j5kWBWOa6ZqCaQHw==,type:str] ha-secrets: ENC[AES256_GCM,data:sw+sxrDyNIOAkHSA2fPLqtHR32iKIaZDdgJ1ZcQTeOqlgdZDhK5XzXiBkpZBTwKswUc2UPDOANsn+YRusX2tUvLYjdxZz4jIBKJuaW3aEtOcxjmG55KYxHmTzSbR4IhpuZ+1wDhvp4UiUqyD273Lt6LTFDmohZAVqwxJc2k4YTZJXiofVf8ywcXPMcS+zIMxb5nBX9EJqgJ80pnBI8vZeCg4pFv/Ux2OoS+PTnkYHnsywf57NA23YcKqnsbJoZwi3e4ooM2erygv0DuoP7QBnBdEf5RKSziECDTDPUFQVNYIOEAgJIYOD/GtZmWMx4SadsmrgTB1RqtAdPnvuuD3jLYW20zci8CxmI4F/h/+8lxUH/TGiG2bUmPYvwTE1eW1cLK91XhxXp6ORyWMGYcR98ryGL00ctD/BaZLdk7FYbQMTF2y2vx5vWAABTnYLsv6H9csmD4O7OeNkd9k+YQB/atENAXRgIiGDvkkbNoRkRU5SzIIHGcjjU7GC6hT+LDportPuhUW+g6KJj0ENOCI0yXNkIfa6LXAJcCmdovJCIbdw1HCGHuu+dc5rSWueiOWo+2rr8loytZTTMwevTaldfrNyu42K+bZI2BkPdXzkPQDeV8y5PmfnXfdXthmmnZbYRyVYUd1OH9L,iv:zxpazCPJTWmuw7/BNj90G89aGyk3fCqBB+RCyKW6QwY=,tag:5zSnrZOxo8G2Wg4LNtEsaQ==,type:str] @@ -36,8 +37,8 @@ sops: VndVTG0zQWhsUHcwTkFjK2ZPdzRPUUEKJ3flgZ6/s+TjlFgzsANYaOFiEPQuE4zR 7npNUDFLe26Q32G3j/lLSBzZZfKoOC5SOSp9TB8eWMYSxfNnXEIu0g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-22T20:04:27Z" - mac: ENC[AES256_GCM,data:iZb07wv1PFwgB/yC1eklLPvmivSB2g6UPdzvO55CycBHvdnIX+Wdlp0Hp9k+KGw4IeCTPhvj2EqXLbgkUqgkM4x9GKYA1460kSXTqsK8+9FfAx8nfO/Q34fLy+x8mB0pNBCpLc3gCqMm7PTyx31sM6YYBToq0AC8T/lIDJTtNfk=,iv:/7ZNN6D6HGjXN/mfpxw203ynpfsKGAsOqyvLaabojYA=,tag:onP5JAhYPvcri38GL2Q2fA==,type:str] + lastmodified: "2023-03-25T21:52:55Z" + mac: ENC[AES256_GCM,data:vDdOOYfVqbNXoO9AI4u8qaB/51lJS3yB2y0isrlKk4ANbJXb511LRjjCLiEsbLauqQH9y2b+bGfFBL/+2psyji8IuADJg/bMBdgXpCi407QP4Bn36weaPR55tqNtg6XHHL7LqBeinhrVslRo9H8T3Dl5jKwD2wAwwkAsthmgVyI=,iv:HbUVA5F3xAGJCfVwdAbQqYyiQQTdzk6M5HHKkJkLo5k=,tag:BoDWnEBMRa93coRJwe4tbg==,type:str] pgp: - created_at: "2023-03-10T17:06:53Z" enc: |