gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor(mosquitto): move to utsuho

Browse source
This commit is contained in:
arcnmx 2024-03-25 11:15:56 -07:00
parent 5658105812
commit d6b8883c24
15 changed files with 218 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib.nix
View file

@ -41,11 +41,13 @@
overrideOptionDefault = 1500;
overrideAlmostOptionDefault = 1400;
overrideDefault = 1000;
overrideAlmostDefault = 900;
overrideNone = defaultOverridePriority; # 100
overrideAlmostForce = 75;
overrideForce = 50;
overrideVM = 10;
mkAlmostOptionDefault = mkOverride overrideAlmostOptionDefault;
mkAlmostDefault = mkOverride overrideAlmostDefault;
mkAlmostForce = mkOverride overrideAlmostForce;
orderBefore = 500;
orderNone = 1000;
@ -78,8 +80,8 @@ in {
eui64 mkWinPath mkBaseDn
toHexStringLower hexCharToInt
mapListToAttrs
mkAlmostOptionDefault mkAlmostForce mapOverride mapOptionDefaults mapAlmostOptionDefaults mapDefaults
overrideOptionDefault overrideAlmostOptionDefault overrideDefault overrideNone overrideAlmostForce overrideForce overrideVM
mkAlmostOptionDefault mkAlmostDefault mkAlmostForce mapOverride mapOptionDefaults mapAlmostOptionDefaults mapDefaults
overrideOptionDefault overrideAlmostOptionDefault overrideDefault overrideAlmostDefault overrideNone overrideAlmostForce overrideForce overrideVM
orderBefore orderNone orderAfter orderAlmostAfter
mkAlmostAfter;
inherit (inputs.arcexprs.lib) unmerged json;

5
modules/nixos/home-assistant.nix
View file

@ -76,7 +76,10 @@ in {
in
mkIf cfg.enable {
interfaces.local = {
allowedTCPPorts = mkIf (!cfg.homekit.openFirewall) homekitTcp;
allowedTCPPorts = mkMerge [
(mkIf (!cfg.homekit.openFirewall) homekitTcp)
(mkIf (!cfg.openFirewall) [ cfg.config.http.server_port ])
];
allowedUDPPortRanges = mkIf (!cfg.cast.openFirewall) castUdpRanges;
};
allowedTCPPorts = mkIf cfg.homekit.openFirewall homekitTcp;

98
modules/nixos/shared.nix Normal file
View file

@ -0,0 +1,98 @@
{ config, lib, utils, ... }: let
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault;
inherit (lib.attrsets) mapAttrsToList;
inherit (lib.lists) head;
inherit (lib.strings) splitString;
inherit (utils) escapeSystemdPath;
mountModule = { config, name, ... }: {
options = with lib.types; {
source = mkOption {
type = path;
default = "${config.rootDir}/${config.subpath}";
};
path = mkOption {
type = path;
};
subpath = mkOption {
type = str;
default = name;
};
root = mkOption {
type = path;
default = "${config.rootDir}/${head (splitString "/" config.subpath)}";
};
mountUnit = mkOption {
type = nullOr str;
default = "${escapeSystemdPath config.root}.mount";
};
rootDir = mkOption {
type = path;
internal = true;
};
};
};
mkMountType' = { rootDir, specialArgs, modules ? [ ] }: let
rootDirModule = { ... }: {
config.rootDir = mkOptionDefault rootDir;
};
in lib.types.submoduleWith {
modules = [ mountModule rootDirModule ] ++ modules;
inherit specialArgs;
};
mkMountType = args: with lib.types; coercedTo path (path: { path = mkOptionDefault path; }) (mkMountType' args);
serviceModule = { config, nixosConfig, ... }: let
cfg = config.gensokyo-zone;
mapSharedMounts = f: mapAttrsToList (_: target:
f target
) cfg.sharedMounts;
mapCacheMounts = f: mapAttrsToList (_: target:
f target
) cfg.cacheMounts;
mkRequire = mount: mount.mountUnit;
mkBindPath = mount: "${mount.source}:${mount.path}";
specialArgs = {
service = config;
inherit nixosConfig;
};
mountUnits = mkMerge [
(mkIf (cfg.sharedMounts != { }) (mapSharedMounts mkRequire))
(mkIf (cfg.cacheMounts != { }) (mapCacheMounts mkRequire))
];
in {
options.gensokyo-zone = with lib.types; {
sharedMounts = mkOption {
type = attrsOf (mkMountType { rootDir = "/mnt/shared"; inherit specialArgs; });
default = { };
};
cacheMounts = mkOption {
type = attrsOf (mkMountType { rootDir = "/mnt/caches"; inherit specialArgs; });
default = { };
};
};
config = {
requires = mountUnits;
after = mountUnits;
serviceConfig = mkMerge [
(mkIf (cfg.sharedMounts != { }) {
BindPaths = mapSharedMounts mkBindPath;
})
(mkIf (cfg.cacheMounts != { }) {
BindPaths = mapCacheMounts mkBindPath;
})
];
};
};
in {
options = with lib.types; {
systemd.services = mkOption {
type = attrsOf (submoduleWith {
modules = [ serviceModule ];
shorthandOnlyDefinesConfig = true;
specialArgs = {
nixosConfig = config;
};
});
};
};
}

2
nixos/access/mosquitto.nix
View file

@ -64,7 +64,7 @@ in {
};
networking.firewall = {
allowedTCPPorts = [
interfaces.local.allowedTCPPorts = [
access.bind.port
(mkIf nginx.stream.servers.mosquitto.listen.mqtts.enable access.bind.sslPort)
];

12
nixos/barcodebuddy.nix
View file

@ -37,19 +37,13 @@ in {
uid = 912;
};
config.systemd.services = let
BindPaths = [
"/mnt/shared/barcodebuddy:${cfg.dataDir}"
];
gensokyo-zone.sharedMounts.barcodebuddy.path = mkDefault cfg.dataDir;
in mkIf cfg.enable {
phpfpm-barcodebuddy = {
serviceConfig = {
inherit BindPaths;
};
inherit gensokyo-zone;
};
bbuddy-websocket = mkIf cfg.screen.enable {
serviceConfig = {
inherit BindPaths;
};
inherit gensokyo-zone;
};
};
config.sops.secrets.barcodebuddy-fastcgi-params = mkIf cfg.enable {

12
nixos/grocy.nix
View file

@ -68,19 +68,13 @@ in {
uid = 911;
};
systemd.services = let
BindPaths = [
"/mnt/shared/grocy:${cfg.dataDir}"
];
gensokyo-zone.sharedMounts.grocy.path = mkDefault cfg.dataDir;
in mkIf cfg.enable {
grocy-setup = {
serviceConfig = {
inherit BindPaths;
};
inherit gensokyo-zone;
};
phpfpm-grocy = {
serviceConfig = {
inherit BindPaths;
};
inherit gensokyo-zone;
};
};
};

7
nixos/mosquitto.nix
View file

@ -70,8 +70,9 @@ in {
};
};
systemd.services.mosquitto = mkIf cfg.enable {
serviceConfig.BindPaths = [
"/mnt/shared/mosquitto:${cfg.dataDir}"
];
gensokyo-zone.sharedMounts.mosquitto.path = mkDefault cfg.dataDir;
};
networking.firewall = mkIf cfg.enable {
interfaces.local.allowedTCPPorts = map (listener: listener.port) cfg.listeners;
};
}

125
nixos/secrets/mosquitto.yaml
View file

@ -12,66 +12,111 @@ sops:
- recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSlhaOWxDY0E4RzExaGR4
U3o3bFFMejNxMlYyZ1VnUjk0ZERSK2hTOWhRCkVxd0lJL2YvZXY5ZjRaL0xUUVNE
dFMzRU52Tm9LY0swbnpoaE5OUjJJeDAKLS0tIHlUVWZtTE5acXRONURiaHFPaWpV
Qzh5SUVWcmx1ejNqVGMyTVc3UGovVnMK5tfxFOpzlAbhiYpcwWI26MJ6a+esucPE
KfYUQ9fVv96Crzl7vNPWXcI3TpmrIsRl2Jf1HA3bwfJzknQzucZfTw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMm56STg2N2N2STZXTVlY
M0IwWUhwOU16UU9heDdKM0NFVWtFVWtsV1RJClNYb2VEMnl4MWFXalZXV3U3ODRy
Ukp1ZXhvZ25OT0tDWVlWdndlTFlWNTAKLS0tIEkzWlQ2cHlaY0hibUxiNmpMQUI4
LzB2WHQ0cFA2azMya3UrUlJrQnNROEUK/JZJi5crzpCEQ/fF2vpz5tnmdVSIiidk
zi1UuuNTW3QHfjZb6dSc7vDVa5UC9Zp2XUWSL1D7RrBwN9S+qPlPbg==
-----END AGE ENCRYPTED FILE-----
- recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTcnRDcXpSOTdZeGg4V3dq
Y1JkR0M3WEZuQzZsdzdwNjBxS3p2eXRJTFJvClZ2V29QTFFZVVVIVWRLYWgzbFd3
NmpNZFNsK1Rxc1BkaWMrMUZXakpUVUkKLS0tIEkyQzRUcG9nRkpGVXZyQ2V5czFQ
clVHU0FZMXBvNmFROEN4ODZDb3Znbk0KXDHc6gZTlVnMOqK3CSrk5aLNDfIUvKbw
7EKB1kwx1OWihGce42JBVfGCPJmjW7IPfNeeXxZ10hmJPKpwKw7jkQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age15hmlkd9p5rladsjzpmvrh6u34xvggu9mzdsdxdj3ms43tltxeuhq4g7g9k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdFN1NFo4ZXpBOGxja0xE
YjhYTVUrUDZ0c0RWamlJekVMeUEyeGJhVzBBCk0ySmhHQ3B5MXFnMjNPOXgzdWda
bTd0NkhDMDhaMmd6MUZZdWpKZVd6bUkKLS0tIDBKRktQeUgxb2RIV1NLWnFlYzIw
dW9GUXdSdnlGZE9DR2l0ckliOXR6YlEK5Gu1NnZQWlyJbha6M2tiJ5BEOf5Jt6Cb
uxY8u/jMwyMlziSkEMW+1JqNJf5xbnaKxmlvTyb2REOo2TQExBcrTQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQjZGLzNqTWovR29WVFRm
NSttQ2RodkhmNyt5cGY0OG5nd2FtSndhTFFNCmpBSXBQeTJBZW5FUnJCb1U5NmtR
cWRGbFpBSmczMTdYRGJBVktBRTFZRGMKLS0tIHN1NEVzVFIxN2x1SFRHcVpzMzlw
MEg0bUN3a2hTTEIvS1R4QXpDc2VYOGMKsZ4nR0xr3BDQOOUAEpz34ti5hGykBGWQ
ghXLTIKcbvjVgPzgFIycbC3Q91EuYI4NN6nv4sZIPc3VUeNqUXLhAw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaTRCc1BidjlYRURrbFR3
WDF1c2puK1pLZ0JVQkNKNUlVTUFtWnZkZUF3CndEcEg3UlgycDlXdWliVXM2dmJQ
SkFPRTJCWTFpVlNRTWZRVzFMYmJzTzgKLS0tIGJJcmFEZklRYkJUN25McnAyWVNm
L0VoSDZzTjVIWFN6aFVhQXE1bXlMdDQK2hAlcgBcb4jvVTRwXk0AQPI0P5Gt0Ooy
SO90HyKwpck32jr6X6faA+bAyBVSh/Vf/9zSgIIsv7M4Pw9qPrBBDA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SWlYN3dYV1JrYVFWd0lD
bmxQUFpIZDJPTmhwaVBGbUVBcHVEcWQ0bFdVCjNmOFBQOVlkei9nSGJ0RThHRlRU
ck5nMmVHU1BWcFdlajBocDJWanhVOE0KLS0tIGVqcWtDeWNCa25hRU42amdITm5P
RGlTUjIyQ2Nrbk1IUEJyRXJFMHVFQ1UKYxxgEsc2wsRazllgLlXolsT8xXVuNc9a
nd3o2Y34thuA0CJJR6UXQv1gdyP5BiykXp5pw00b8R3/OwOsN3b1IA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZUGtrK0Z2M0hyTVdGdVNZ
KzdzaEhpTDYvRFR5WTFmOWZFNVZMWmQ2Z0hFCjkwTlhrM2hIdEt5dXFnNldXWHp0
eEMwL3Y2a1B2RDQ3dTBndmpxSGR5QTgKLS0tIDlpdFNRNEtQN0FGTFlzQkFxb0I3
VE0vNVZzZHk4WFhmV2gzMjJ0UkR6MDAKQk2nlRz9+vQpmZX+qG/IUOeHkRJ0ogAP
UQ5+lcUQ6XVIx2/qoFb4GJ5Rb2CLnaeY9Xltb/PoXuluS39Kwx5/YQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnMjhXU3NhOXlnR3UwemZD
YStBaWlwVWFheEFXMUVUbkJvanVBeCtmZ2ljCk16N0tLeTh5N3ROS2ZteUFESHEr
bkFxcFgydDVUcVJJRWRhdGxPVXU5YVEKLS0tIGNSWFNEaFFoUGRZbk5KaVZ0N2po
Vll1N2U1SHQ5azdoNlVwK3JOSE5zUzQKEaWYLLdT3BBFicohYogJHBjBYfFaS+99
x0bq7GcS7wBK/LiIl4W/Yie5z9cwJ3KRtQI4Un/mjTdoSJqg/6LQ4A==
-----END AGE ENCRYPTED FILE-----
- recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiMEtDbHYrWUZoTHQwNldi
UCszOFVQbHVuNXExRVJsR2V3VVNpZkRwWGdnCk52dlFRMmVINTc0eENya3ZDQXNK
VnBReTNFMU9FWDBxbVJLNmFCMWhLencKLS0tIGtGS05IaG8xcXNhTFp5cEF2MlZn
TkNCYzVTYjc2TlNjQ2lWWVo3SGlFU3MK5btRhdZSjyQn8ge9Ea4+FTNApNVemMNE
NZmSpgTTYJM5ah4T+4YpfZt0GZdCVJ7S5MjufMwB1RoVShbWztgsdg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRkhrTW5NY0dKNUNGQ2Vo
UzQrVWNKd1ptMnZOWi9NRlJCMjFlSGJzK0JNCm9STy9OeEZseHFyR01pQVJkU25R
OHNsT0pTR2l1ZG96aDRrcmVMRVQ3dEkKLS0tIEJBWGxUNlllSEY5UjdqSXBYNlV2
SGdXQkRkMTlhbEwxRjQwdGR0SVhNOHMK+YrQd2cTOq4uW3fIxLFzW1GJIynhr7Tf
Y7SRe+5NO/3LL6ruLDjsHH4nv2fNVN8INsRc+LZJ4TH5XqKDM6WDnw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-16T19:11:37Z"
mac: ENC[AES256_GCM,data:aZl7545lk6KMNGanuyw4tcn5KsJNt2hrsEVn3VHTJdhtoLo6324Mnei2WCcJm6TfqYN5wKowzg9dnivtRvTD8r/ZM8J3dtTwl9091d9TKcEhVf30a3EwKrSYsDpQUL4vagg7rgFUjbZMUSKZTEgA6o46VbR4glnOiVZMpMMtGWw=,iv:OsbhloYhHRzgUKoUjwiRspHrZFxAf2XL0+JIwwEpmeg=,tag:v4pE9dfnySmrRwlZK7Fyyw==,type:str]
pgp:
- created_at: "2024-01-19T19:08:55Z"
- created_at: "2024-03-25T18:15:38Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA82M54yws73UARAAwEU07Rt8Ab+2nopNDiDHSBgU6e22i7N3W0yuXslqVkX/
P/gQDG7aNe6KWFGgjMFB38VLhR/Y7KpunL1JGJZuss7qbYmruhbKIzR3q0OJqJ0Y
81rp4goDnRqtoD6Tmh0X59zDYZr8e6hSMNEdBiGjzyeMAH6nctBt0B0eO6QLkcYa
N+mNcKQ+r40paI6Eg4iLFRXYiKTkYnt6mb2Yik9EyWZGI3dOYOe4S6w+90BH5i6B
ZvK0WGj+mkvGTvbse5C8E0ruyiDTU/opscjIn5I7JUIM2KTkQxskt3Cxl7VzSqz7
mlUcaJ0DhwfoFj7PBUEUwQyoAkKh64UEnkpH74U2dYe0Z72aQCFpq5kbIbbQDbkI
hnfo4YpsC2GClg4u0KjXTXW5Xgi1UxxIb95HhhPwfO1OF9uEJSRlHmkPJGfkHzM8
YZU9ZOZjklBAquh+zBnxPnZAsHlCRJwn/vNFryX9fec174rdiMqlcSJ+4hAO8l0M
XnctDPB033lHL1+nbXsKUQbq1iAi/ijY8hPaYDgdHTXZS1OdS74CE+xGsnVp2J1k
niqI2rBTDJ4DPeZm51QATmeoyOtbDVzieX5x6KK9tKdviHcm98p9KqY3dXFC5qi1
L26G3jPTkoYaPlEzra8RKyU/XulLhf5q7JfyTGys8jczmgbld1/sPf2hHxoFKcfS
XgGfFziQ+uwiLMs4U/949dVJ3HsQdvMGilbbbLkK/HCM+sxHaHw7axBu4TH1Q6N5
CWP6x2+Z9YS59cXwHiuav60TzzQ/wwGyJDdN3+cBjeOjNCw5WF74xoLR1JJcb6o=
=KB2c
hQIMA82M54yws73UARAAgJH6DsIl1/bwjX6EYxDtX0QDl8PTVc+8rV3nv3b2VrXA
ETAzKV864m7Q5tWfXwVzqt+T+WS1tRk1VLrWNDzTHtyGGN41TYGqq27emn+ppqTj
caEiCh8B74ljPmHzDMG68satffp06TaxSKi5zJZe9I/Qn9a+TDtWc789W3856urT
ImfwLDbuOjjmKd/X8GUjmAeESbztvBDvxSZKLE6pNbgonDK5qAmBaXD0b/bCQz3a
1xXcriMI5b6OYCpXhwcpS6qjmj1WnsaLrkhW5uK36/QbTI4NP10QhrXz7VFU8ShF
gHzldB0uBtqV3HbuSKYgkoGYcxTvaA5vGHhjO7fNGPTHVo9XxQ08PgH7l+7RpSx9
gDlb+N2UxXjwmNsExkSljTGQzakoBaoEJVGvEBz13Ubq+0dJETHIddjE+kKiGy+B
zLtN/W0bK06hHN5BBKqlHLJ9CzR0EWcVLUCiOTevONcxUgJ9Ng0w3LKTvbm7OTEO
8lTvGc44oh3IXxfh4qK70azzPO2fLtEqVNRn7w3OmS1rr9lA5eC5YACgS4B8Nqpt
fo9zBqkWiJx+Ye6lVf1JmapVKfwMeWLID26YFh6sssoZ780iIH1cF41CHhpA++JQ
KyfdTckKiceSUGcvMfuxhWUrLBX6ivbIWw7+NnZp9aRgsVltiM+YCU/M8aGfJ83S
XgFAom0ZegLeLOjwmghaSM4fohqFdNoB0NTCP1NCvmoiCyz6JVB06E/HdOAnHKiv
3+T+wZaz+7blpMeDNtBjiCaFlXMgTxrtMRFtbwCkEZQjSSe05ux4gcfs+13Ax4M=
=kVWV
-----END PGP MESSAGE-----
fp: CD8CE78CB0B3BDD4
- created_at: "2024-01-19T19:08:55Z"
- created_at: "2024-03-25T18:15:38Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMA2W9MER3HLb7AQgAxTKY2cLyZI2Geztn09LIWYelHoc3H1YpWnpchQ9zclBP
5xFFYIfuWby1chHAoOHlAz+0FEr7oIQFHrBRtX5FWHdfTU5M3t49L7mX2FiX79/q
z9J90fQSHl2m1rvCI6SoYkh1m9PdGT5pHEM+ebCYggQnDNxbhW545yDDzsd4rNEY
jkIFNwHGIJ+BY+NaBCHwGhXli68+OcAJJDBjmIew+xggg/SWQZvvAj2EGqpCFyHx
c5NRqhg3MTUa2D+BuvLRNzN+KDsGFNn6Rj+W/6Ud+5Ohw+Xbj0l33Zj/i+9Ferap
4pKrkqf943CSIAkINvxXCZpqnxhUe8Xh0tWSMm2XldJeAWXo5BUf0mpymT+VdACe
Swks8aSFxl4a9fHirTqovD9CwkCzLHfgEDnpxUjRJR8TF21lGoXD3OelMqxqGqVI
xHeyIKZBO3VETzDF3VWPgacKvRb+xV3JM4eW2LPqrw==
=razo
hQEMA2W9MER3HLb7AQf+I2sqlf5hbHw6z8jh6D6RcrU/U7WVGSWVVKezrRT+KE1k
e76UgsQKYcTvFcRAeUOwsCFJ61v3MCzfenCDpH+kY0KW0nR9LlJSA+ctPYetTVlz
75fucquTukhMQpMpe4FmimDY4sw1qbLlzf89wl230ppOkXESEFKliJE4AAUkRfPj
NEp0BGNrI8JjHeOUKrKnIILswu1hCDdh/8b30pLerhv9ecaA3mE0SoxO1srHEDEM
8UTsNa91h08xHN2DdyAsMy82Znuvmvr5fYNYbrj1ZEXyph5uin36jSZw8FieaAaV
7mlI8+9ooUPo+fS1oGTCyeNhYNxqfBBbtW4Eqt1cDdJeAcvAe/QkriZsmcYwV4ti
KfEnCaWeHPq9v99wuPvevqt3k/6A9gt5n1oDdKoSyYTxUp7NWf/P/6+UFrkItjl1
V9FfUj+jZ0AjLQOIBS8L9RFRpy4IbsFFeQh/UtT8Tw==
=ogEp
-----END PGP MESSAGE-----
fp: 65BD3044771CB6FB
unencrypted_suffix: _unencrypted

4
nixos/unifi.nix
View file

@ -37,8 +37,6 @@ in {
groups.unifi.gid = 990;
};
systemd.services.unifi = mkIf cfg.enable {
serviceConfig.BindPaths = [
"/mnt/shared/unifi:/var/lib/unifi"
];
gensokyo-zone.sharedMounts.unifi.path = mkDefault "/var/lib/unifi";
};
}

12
nixos/zigbee2mqtt.nix
View file

@ -1,10 +1,13 @@
{
config,
lib,
gensokyo-zone,
access,
...
}: let
inherit (gensokyo-zone.lib) mkAlmostDefault;
inherit (lib.modules) mkIf mkDefault;
cfg = config.services.zigbee2mqtt;
inherit (lib) mkIf mkDefault;
in {
sops.secrets.z2m-secret = {
sopsFile = mkDefault ./secrets/zigbee2mqtt.yaml;
@ -23,8 +26,11 @@ in {
mqtt = {
user = "z2m";
password = "!secret z2m_pass";
server = mkIf (!config.services.mosquitto.enable) (
mkDefault "mqtt://mqtt.local.${config.networking.domain}:1883"
server = let
utsuho = access.nixosFor "utsuho";
mqttHost = access.getHostnameFor "utsuho" "lan";
in mkIf (!config.services.mosquitto.enable) (
assert utsuho.services.mosquitto.enable; mkAlmostDefault "mqtt://${mqttHost}:1883"
);
};
homeassistant = true;

6
systems/hakurei/nixos.nix
View file

@ -11,8 +11,8 @@
tei = access.nixosFor "tei";
utsuho = access.nixosFor "utsuho";
inherit (mediabox.services) plex;
inherit (tei.services) home-assistant zigbee2mqtt mosquitto;
inherit (utsuho.services) unifi;
inherit (tei.services) home-assistant zigbee2mqtt;
inherit (utsuho.services) unifi mosquitto;
inherit (config.services) nginx;
inherit (nginx) virtualHosts;
in {
@ -225,7 +225,7 @@ in {
in {
vouch.enableLocal = false;
access.mosquitto = assert mosquitto.enable; {
host = getHostnameFor "tei" "lan";
host = getHostnameFor "utsuho" "lan";
};
access.plex = assert plex.enable; {
url = "http://${getHostnameFor "mediabox" "lan"}:${toString plex.port}";

1
systems/tei/lxc.json
View file

@ -3,7 +3,6 @@
"lxc.mount.entry": [
"/rpool/caches/zigbee2mqtt mnt/caches/zigbee2mqtt none bind,optional,create=dir",
"/rpool/shared/zigbee2mqtt mnt/shared/zigbee2mqtt none bind,optional,create=dir",
"/rpool/shared/mosquitto mnt/shared/mosquitto none bind,optional,create=dir",
"/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir",
"/rpool/shared/grocy mnt/shared/grocy none bind,optional,create=dir",
"/rpool/shared/barcodebuddy mnt/shared/barcodebuddy none bind,optional,create=dir",

20
systems/tei/nixos.nix
View file

@ -1,12 +1,8 @@
{
config,
lib,
meta,
...
}: let
inherit (lib.modules) mkIf mkMerge;
inherit (config.services) mosquitto home-assistant;
in {
}: {
imports = let
inherit (meta) nixos;
in [
@ -19,7 +15,6 @@ in {
nixos.access.zigbee2mqtt
nixos.access.grocy
nixos.access.barcodebuddy
nixos.mosquitto
nixos.home-assistant
nixos.zigbee2mqtt
nixos.syncplay
@ -38,18 +33,5 @@ in {
sops.defaultSopsFile = ./secrets.yaml;
networking.firewall = {
interfaces.local.allowedTCPPorts = mkMerge [
(mkIf home-assistant.enable [
home-assistant.config.http.server_port
])
(mkIf mosquitto.enable (map (
listener:
listener.port
)
mosquitto.listeners))
];
};
system.stateVersion = "23.11";
}

1
systems/utsuho/nixos.nix
View file

@ -14,6 +14,7 @@ in {
nixos.access.unifi
nixos.unifi
nixos.dnsmasq
nixos.mosquitto
];
services.cloudflared = let

2
tf/cloudflare_records.tf
View file

@ -20,6 +20,7 @@ module "hakurei_system_records" {
"unifi",
"pbx",
"smb",
"mqtt",
"kitchen",
"home",
"z2m",
@ -80,7 +81,6 @@ module "tewi_system_records" {
zone_zone = cloudflare_zone.gensokyo-zone_zone.zone
net_data = local.systems.tei.network
local_subdomains = [
"mqtt",
"postgresql",
]
}