diff --git a/agenix/hosts/weather-sdr/config.nix b/agenix/hosts/weather-sdr/config.nix new file mode 100644 index 0000000..9c3e598 --- /dev/null +++ b/agenix/hosts/weather-sdr/config.nix @@ -0,0 +1,13 @@ +{ + age.secrets = { + user-daniel-password = { + file = ./user/danielPassword.age; + }; + + mosquitto-password-weewx-proxy = { + file = ./mosquitto/passwordWeewxProxy.age; + owner = "mosquitto"; + group = "mosquitto"; + }; + }; +} diff --git a/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age b/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age new file mode 100644 index 0000000..6cf6216 --- /dev/null +++ b/agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g WRSqF1tKQCdUJlHLIdzA6W+Eoo+uQsagnwrtpXv3/H8 ++E3l47/j9tzSbypAp9+xvr4Vh9mgT542QWJ1pVtzjY0 +-> ssh-ed25519 8p8j7w VYVm4fkclMDq7sz3OHlt3A7itVjsQYJ/1yJPZQFVVBc +q+NPC3W+evfRkY3UInK3+48pq14JmSJgZeixy+Q6E+g +-> .8!-grease HI mxy0[ KQrv@ +51b57TzuFS57aikb3+k +--- SIBUVUW3p9fWRo97kQF+P80PY2BFw23AORw2Hu42RtY +S]L:SZj攎'28Mt6x:zQXӑj 8)G5$YP)1yj+ +,04~aBё0r6 +!2a HHFZvl: \ No newline at end of file diff --git a/agenix/hosts/weather-sdr/user/danielPassword.age b/agenix/hosts/weather-sdr/user/danielPassword.age new file mode 100644 index 0000000..321cdd5 Binary files /dev/null and b/agenix/hosts/weather-sdr/user/danielPassword.age differ diff --git a/flake.nix b/flake.nix index bbcc3b5..e188fa4 100644 --- a/flake.nix +++ b/flake.nix @@ -64,6 +64,11 @@ inherit inputs; }; + weather-sdr = import ./system/flakes/weather-sdr.nix { + inherit (inputs) nixpkgs deploy-rs home-manager agenix; + inherit inputs; + }; + adsb-antenna = import ./system/flakes/adsb-antenna.nix { inherit (inputs) nixpkgs deploy-rs home-manager; inherit inputs; @@ -79,6 +84,7 @@ attic = attic.system; mediaserver = mediaserver.system; argon = argon.system; + weather-sdr = weather-sdr.system; adsb-antenna = adsb-antenna.system; }; @@ -87,6 +93,7 @@ attic = attic.deployment; mediaserver = mediaserver.deployment; argon = argon.deployment; + weather-sdr = weather-sdr.deployment; adsb-antenna = adsb-antenna.deployment; }; }; diff --git a/hardware/hosts/weather-sdr.nix b/hardware/hosts/weather-sdr.nix new file mode 100644 index 0000000..f71f793 --- /dev/null +++ b/hardware/hosts/weather-sdr.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ "usbhid" ]; + kernelModules = [ ]; + }; + + #kernelPackages = pkgs.linuxKernel.packages.linux_rpi3; + kernelModules = [ "tcp_bbr" ]; + + extraModulePackages = [ ]; + blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ]; + + kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + "net.ipv4.tcp_syncookies" = 0; + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_window_scaling" = 1; + }; + }; + + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 4096; + } + ]; + + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/home/hosts/adsb-antenna.nix b/home/hosts/adsb-antenna.nix index 8b35312..08d8998 100644 --- a/home/hosts/adsb-antenna.nix +++ b/home/hosts/adsb-antenna.nix @@ -1,8 +1,5 @@ args@{ pkgs, ... }: -let - secret = import ../../secret/hosts/adsb-antenna.nix; -in { imports = [ ../programs/fish.nix diff --git a/home/hosts/weather-sdr.nix b/home/hosts/weather-sdr.nix new file mode 100644 index 0000000..08d8998 --- /dev/null +++ b/home/hosts/weather-sdr.nix @@ -0,0 +1,26 @@ +args@{ pkgs, ... }: + +{ + imports = [ + ../programs/fish.nix + ../programs/starship.nix + + ../programs/git.nix + + ../programs/bat.nix + + ../programs/fzf.nix + + ../programs/jq.nix + + ../programs/scripts.nix + ]; + + home = { + stateVersion = "22.11"; + + packages = with pkgs; [ + ripgrep + ]; + }; +} diff --git a/home/programs/ssh/shared/private.nix b/home/programs/ssh/shared/private.nix index 4e941bd..0192327 100644 --- a/home/programs/ssh/shared/private.nix +++ b/home/programs/ssh/shared/private.nix @@ -33,15 +33,17 @@ identitiesOnly = true; }; - "piboat.lan" = { + "adsb-antenna" = { + hostname = "adsb-antenna.laniot"; port = 22; - user = "pi"; + user = "daniel"; + forwardAgent = true; identityFile = "~/.ssh/LAN.pub"; identitiesOnly = true; }; - "adsb-antenna" = { - hostname = "adsb-antenna.laniot"; + "weather-sdr" = { + hostname = "weather-sdr.laniot"; port = 22; user = "daniel"; forwardAgent = true; diff --git a/secrets.nix b/secrets.nix index 95c17a8..1d2df53 100644 --- a/secrets.nix +++ b/secrets.nix @@ -5,11 +5,13 @@ let system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr"; system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX"; system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU"; + system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk"; sail = [ user-daniel system-sail ]; attic = [ user-daniel system-attic ]; mediaserver = [ user-daniel system-mediaserver ]; argon = [ user-daniel system-argon ]; + weather-sdr = [ user-daniel system-weather-sdr ]; in { # sail @@ -84,4 +86,9 @@ in "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon; "agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon; + + # weather-sdr + "agenix/hosts/weather-sdr/user/danielPassword.age".publicKeys = weather-sdr; + + "agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age".publicKeys = weather-sdr; } diff --git a/system/flakes/weather-sdr.nix b/system/flakes/weather-sdr.nix new file mode 100644 index 0000000..9c2b959 --- /dev/null +++ b/system/flakes/weather-sdr.nix @@ -0,0 +1,59 @@ +{ nixpkgs, deploy-rs, home-manager, agenix, inputs, ... }: + +let + default-system = "aarch64-linux"; + + overlay-attic = inputs.attic.overlays.default; + overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; }; + overlay-nifoc = inputs.nifoc-overlay.overlay; + + nixpkgsConfig = { + overlays = [ + overlay-attic + overlay-deploy-rs + overlay-nifoc + ]; + + config = { + allowUnfree = true; + allowBroken = true; + + permittedInsecurePackages = [ + "openssl-1.1.1t" + ]; + }; + }; +in +rec { + system = nixpkgs.lib.nixosSystem { + system = default-system; + modules = [ + ../hosts/weather-sdr.nix + + home-manager.nixosModules.home-manager + + agenix.nixosModules.default + + { + nixpkgs = nixpkgsConfig; + nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; + nix.registry.nixpkgs.flake = nixpkgs; + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.daniel = import ../../home/hosts/weather-sdr.nix; + } + ]; + }; + + deployment = { + hostname = "weather-sdr"; + sshUser = "root"; + remoteBuild = true; + autoRollback = false; + magicRollback = false; + + profiles.system = { + path = deploy-rs.lib.${default-system}.activate.nixos system; + }; + }; +} diff --git a/system/hosts/adsb-antenna.nix b/system/hosts/adsb-antenna.nix index cd2c234..f19b169 100644 --- a/system/hosts/adsb-antenna.nix +++ b/system/hosts/adsb-antenna.nix @@ -43,7 +43,7 @@ in gc = { automatic = true; dates = "weekly"; - options = "--delete-older-than 14d"; + options = "--delete-older-than 7d"; }; extraOptions = '' diff --git a/system/hosts/weather-sdr.nix b/system/hosts/weather-sdr.nix new file mode 100644 index 0000000..40b7b8a --- /dev/null +++ b/system/hosts/weather-sdr.nix @@ -0,0 +1,124 @@ +args@{ pkgs, config, lib, ... }: + +let + ssh-keys = import ../shared/ssh-keys.nix; +in +{ + imports = [ + ../../hardware/hosts/weather-sdr.nix + ../../agenix/hosts/weather-sdr/config.nix + ../shared/show-update-changelog.nix + ../nixos/raspberry.nix + ../nixos/ssh.nix + + ../nixos/git.nix + + ../nixos/mosquitto.nix + + ../nixos/rtl_433.nix + ]; + + system.stateVersion = "22.11"; + + nix = { + package = pkgs.nixVersions.stable; + + settings = { + auto-optimise-store = true; + + substituters = [ + "https://attic.cache.daniel.sx/nifoc-systems" + "https://nifoc.cachix.org" + "https://nix-community.cachix.org" + ]; + + trusted-public-keys = [ + "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU=" + "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + + extraOptions = '' + experimental-features = nix-command flakes + keep-derivations = true + keep-outputs = true + post-build-hook = ${../../home/programs/scripts/attic-system-cache} + ''; + }; + + environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc; + + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + + tmp.cleanOnBoot = true; + }; + + networking = { + hostName = "weather-sdr"; + useNetworkd = true; + }; + + systemd.network = { + enable = true; + + networks = { + "10-iot" = { + matchConfig.Name = "enu1u1u1"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = false; + }; + linkConfig.RequiredForOnline = "routable"; + + ntp = [ + "ptbtime1.ptb.de" + "ptbtime2.ptb.de" + "ptbtime3.ptb.de" + ]; + }; + }; + + wait-online.extraArgs = [ + "--interface=enu1u1u1" + ]; + }; + + services.journald.extraConfig = '' + SystemMaxUse=512M + ''; + + documentation = { + nixos.enable = false; + doc.enable = false; + }; + + services.hardware.argonone.enable = true; + programs.fish.enable = true; + + users.users = { + root = { + openssh.authorizedKeys.keys = [ ssh-keys.LAN ]; + }; + + daniel = { + passwordFile = config.age.secrets.user-daniel-password.path; + isNormalUser = true; + home = "/home/daniel"; + description = "Daniel"; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ ssh-keys.LAN ]; + }; + }; +} diff --git a/system/nixos/rtl_433.nix b/system/nixos/rtl_433.nix new file mode 100644 index 0000000..3569ca0 --- /dev/null +++ b/system/nixos/rtl_433.nix @@ -0,0 +1,53 @@ +{ pkgs, config, ... }: + +{ + systemd.services.rtl_433 = { + description = "rtl_433 service"; + after = [ "mosquitto.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "exec"; + ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433"; + }; + }; + + services.mosquitto.listeners = [ + { + address = "0.0.0.0"; + port = 1883; + + settings = { + protocol = "mqtt"; + }; + + users = { + rtl = { + password = "didYouFindThis"; + acl = [ "write rtl433" ]; + }; + + weewx-proxy = { + hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path; + acl = [ "read rtl433" ]; + }; + }; + } + ]; + + networking.firewall.interfaces = + let + mosquittoPorts = [ 1883 ]; + in + { + "enu1u1u1".allowedTCPPorts = mosquittoPorts; + }; + + services.udev.extraRules = '' + # original RTL2832U vid/pid (hama nano, for example) + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev" + + # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc. + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev" + ''; +}