weather-sdr: add system

agenix/hosts/weather-sdr/config.nix

@@ -0,0 +1,13 @@
+{
+  age.secrets = {
+    user-daniel-password = {
+      file = ./user/danielPassword.age;
+    };
+
+    mosquitto-password-weewx-proxy = {
+      file = ./mosquitto/passwordWeewxProxy.age;
+      owner = "mosquitto";
+      group = "mosquitto";
+    };
+  };
+}

agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age

@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g WRSqF1tKQCdUJlHLIdzA6W+Eoo+uQsagnwrtpXv3/H8
++E3l47/j9tzSbypAp9+xvr4Vh9mgT542QWJ1pVtzjY0
+-> ssh-ed25519 8p8j7w VYVm4fkclMDq7sz3OHlt3A7itVjsQYJ/1yJPZQFVVBc
+q+NPC3W+evfRkY3UInK3+48pq14JmSJgZeixy+Q6E+g
+-> .8!-grease HI mxy0[ KQrv@
+51b57TzuFS57aikb3+k
+--- SIBUVUW3p9fWRo97kQF+P80PY2BFw23AORw2Hu42RtY
+ƒæS]‘Lù:ÚSZ±š’j<E28099>攎à'¨28Mt¢Û6xèí:zQXÓ‘ðjû·ù®8<C2AE>)G²5$YP¼)1ŠÖyj—«¯Á+ñžû¤÷â
+,0ê4~¸°a–BàÑ‘Á·0ðráìÃÆ6±
+‚!¼½Œ2ó¢aHüð€þ©H¸›FZòvl½¨ä«:

flake.nix

@@ -64,6 +64,11 @@
         inherit inputs;
       };
 
+      weather-sdr = import ./system/flakes/weather-sdr.nix {
+        inherit (inputs) nixpkgs deploy-rs home-manager agenix;
+        inherit inputs;
+      };
+
       adsb-antenna = import ./system/flakes/adsb-antenna.nix {
         inherit (inputs) nixpkgs deploy-rs home-manager;
         inherit inputs;
@@ -79,6 +84,7 @@
         attic = attic.system;
         mediaserver = mediaserver.system;
         argon = argon.system;
+        weather-sdr = weather-sdr.system;
         adsb-antenna = adsb-antenna.system;
       };
 
@@ -87,6 +93,7 @@
         attic = attic.deployment;
         mediaserver = mediaserver.deployment;
         argon = argon.deployment;
+        weather-sdr = weather-sdr.deployment;
         adsb-antenna = adsb-antenna.deployment;
       };
     };

hardware/hosts/weather-sdr.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = [ "usbhid" ];
+      kernelModules = [ ];
+    };
+
+    #kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
+    kernelModules = [ "tcp_bbr" ];
+
+    extraModulePackages = [ ];
+    blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ];
+
+    kernel.sysctl = {
+      "net.core.default_qdisc" = "fq";
+      "net.ipv4.tcp_congestion_control" = "bbr";
+      "net.ipv4.tcp_syncookies" = 0;
+      "net.ipv4.tcp_timestamps" = 1;
+      "net.ipv4.tcp_window_scaling" = 1;
+    };
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXOS_SD";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 4096;
+    }
+  ];
+
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+}

home/hosts/adsb-antenna.nix

@@ -1,8 +1,5 @@
 args@{ pkgs, ... }:
 
-let
-  secret = import ../../secret/hosts/adsb-antenna.nix;
-in
 {
   imports = [
     ../programs/fish.nix

home/hosts/weather-sdr.nix

@@ -0,0 +1,26 @@
+args@{ pkgs, ... }:
+
+{
+  imports = [
+    ../programs/fish.nix
+    ../programs/starship.nix
+
+    ../programs/git.nix
+
+    ../programs/bat.nix
+
+    ../programs/fzf.nix
+
+    ../programs/jq.nix
+
+    ../programs/scripts.nix
+  ];
+
+  home = {
+    stateVersion = "22.11";
+
+    packages = with pkgs; [
+      ripgrep
+    ];
+  };
+}

home/programs/ssh/shared/private.nix

@@ -33,15 +33,17 @@
       identitiesOnly = true;
     };
 
-    "piboat.lan" = {
+    "adsb-antenna" = {
+      hostname = "adsb-antenna.laniot";
       port = 22;
-      user = "pi";
+      user = "daniel";
+      forwardAgent = true;
       identityFile = "~/.ssh/LAN.pub";
       identitiesOnly = true;
     };
 
-    "adsb-antenna" = {
+    "weather-sdr" = {
-      hostname = "adsb-antenna.laniot";
+      hostname = "weather-sdr.laniot";
       port = 22;
       user = "daniel";
       forwardAgent = true;

secrets.nix

@@ -5,11 +5,13 @@ let
   system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
   system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX";
   system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU";
+  system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk";
 
   sail = [ user-daniel system-sail ];
   attic = [ user-daniel system-attic ];
   mediaserver = [ user-daniel system-mediaserver ];
   argon = [ user-daniel system-argon ];
+  weather-sdr = [ user-daniel system-weather-sdr ];
 in
 {
   # sail
@@ -84,4 +86,9 @@ in
   "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
 
   "agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon;
+
+  # weather-sdr
+  "agenix/hosts/weather-sdr/user/danielPassword.age".publicKeys = weather-sdr;
+
+  "agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age".publicKeys = weather-sdr;
 }

system/flakes/weather-sdr.nix

@@ -0,0 +1,59 @@
+{ nixpkgs, deploy-rs, home-manager, agenix, inputs, ... }:
+
+let
+  default-system = "aarch64-linux";
+
+  overlay-attic = inputs.attic.overlays.default;
+  overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; };
+  overlay-nifoc = inputs.nifoc-overlay.overlay;
+
+  nixpkgsConfig = {
+    overlays = [
+      overlay-attic
+      overlay-deploy-rs
+      overlay-nifoc
+    ];
+
+    config = {
+      allowUnfree = true;
+      allowBroken = true;
+
+      permittedInsecurePackages = [
+        "openssl-1.1.1t"
+      ];
+    };
+  };
+in
+rec {
+  system = nixpkgs.lib.nixosSystem {
+    system = default-system;
+    modules = [
+      ../hosts/weather-sdr.nix
+
+      home-manager.nixosModules.home-manager
+
+      agenix.nixosModules.default
+
+      {
+        nixpkgs = nixpkgsConfig;
+        nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
+        nix.registry.nixpkgs.flake = nixpkgs;
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.users.daniel = import ../../home/hosts/weather-sdr.nix;
+      }
+    ];
+  };
+
+  deployment = {
+    hostname = "weather-sdr";
+    sshUser = "root";
+    remoteBuild = true;
+    autoRollback = false;
+    magicRollback = false;
+
+    profiles.system = {
+      path = deploy-rs.lib.${default-system}.activate.nixos system;
+    };
+  };
+}

system/hosts/adsb-antenna.nix

@@ -43,7 +43,7 @@ in
     gc = {
       automatic = true;
       dates = "weekly";
-      options = "--delete-older-than 14d";
+      options = "--delete-older-than 7d";
     };
 
     extraOptions = ''

system/hosts/weather-sdr.nix

@@ -0,0 +1,124 @@
+args@{ pkgs, config, lib, ... }:
+
+let
+  ssh-keys = import ../shared/ssh-keys.nix;
+in
+{
+  imports = [
+    ../../hardware/hosts/weather-sdr.nix
+    ../../agenix/hosts/weather-sdr/config.nix
+    ../shared/show-update-changelog.nix
+    ../nixos/raspberry.nix
+    ../nixos/ssh.nix
+
+    ../nixos/git.nix
+
+    ../nixos/mosquitto.nix
+
+    ../nixos/rtl_433.nix
+  ];
+
+  system.stateVersion = "22.11";
+
+  nix = {
+    package = pkgs.nixVersions.stable;
+
+    settings = {
+      auto-optimise-store = true;
+
+      substituters = [
+        "https://attic.cache.daniel.sx/nifoc-systems"
+        "https://nifoc.cachix.org"
+        "https://nix-community.cachix.org"
+      ];
+
+      trusted-public-keys = [
+        "nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
+        "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+
+    extraOptions = ''
+      experimental-features = nix-command flakes
+      keep-derivations = true
+      keep-outputs = true
+      post-build-hook = ${../../home/programs/scripts/attic-system-cache}
+    '';
+  };
+
+  environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
+
+  boot = {
+    loader = {
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+
+    tmp.cleanOnBoot = true;
+  };
+
+  networking = {
+    hostName = "weather-sdr";
+    useNetworkd = true;
+  };
+
+  systemd.network = {
+    enable = true;
+
+    networks = {
+      "10-iot" = {
+        matchConfig.Name = "enu1u1u1";
+        networkConfig = {
+          DHCP = "yes";
+          IPv6AcceptRA = false;
+        };
+        linkConfig.RequiredForOnline = "routable";
+
+        ntp = [
+          "ptbtime1.ptb.de"
+          "ptbtime2.ptb.de"
+          "ptbtime3.ptb.de"
+        ];
+      };
+    };
+
+    wait-online.extraArgs = [
+      "--interface=enu1u1u1"
+    ];
+  };
+
+  services.journald.extraConfig = ''
+    SystemMaxUse=512M
+  '';
+
+  documentation = {
+    nixos.enable = false;
+    doc.enable = false;
+  };
+
+  services.hardware.argonone.enable = true;
+  programs.fish.enable = true;
+
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
+    };
+
+    daniel = {
+      passwordFile = config.age.secrets.user-daniel-password.path;
+      isNormalUser = true;
+      home = "/home/daniel";
+      description = "Daniel";
+      extraGroups = [ "wheel" ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
+    };
+  };
+}

system/nixos/rtl_433.nix

@@ -0,0 +1,53 @@
+{ pkgs, config, ... }:
+
+{
+  systemd.services.rtl_433 = {
+    description = "rtl_433 service";
+    after = [ "mosquitto.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "exec";
+      ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
+    };
+  };
+
+  services.mosquitto.listeners = [
+    {
+      address = "0.0.0.0";
+      port = 1883;
+
+      settings = {
+        protocol = "mqtt";
+      };
+
+      users = {
+        rtl = {
+          password = "didYouFindThis";
+          acl = [ "write rtl433" ];
+        };
+
+        weewx-proxy = {
+          hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
+          acl = [ "read rtl433" ];
+        };
+      };
+    }
+  ];
+
+  networking.firewall.interfaces =
+    let
+      mosquittoPorts = [ 1883 ];
+    in
+    {
+      "enu1u1u1".allowedTCPPorts = mosquittoPorts;
+    };
+
+  services.udev.extraRules = ''
+    # original RTL2832U vid/pid (hama nano, for example)
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
+
+    # RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
+  '';
+}