daniel/dotfiles
1
0
Fork 0
Code Activity Actions

weather-sdr: add system

Browse source
This commit is contained in:
Daniel Kempkens 2023-06-14 21:55:35 +02:00
parent c10fff2e9c
commit d30b827284
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
13 changed files with 351 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
agenix/hosts/weather-sdr/config.nix Normal file
View file

@ -0,0 +1,13 @@
{
age.secrets = {
user-daniel-password = {
file = ./user/danielPassword.age;
};
mosquitto-password-weewx-proxy = {
file = ./mosquitto/passwordWeewxProxy.age;
owner = "mosquitto";
group = "mosquitto";
};
};
}

11
agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g WRSqF1tKQCdUJlHLIdzA6W+Eoo+uQsagnwrtpXv3/H8
+E3l47/j9tzSbypAp9+xvr4Vh9mgT542QWJ1pVtzjY0
-> ssh-ed25519 8p8j7w VYVm4fkclMDq7sz3OHlt3A7itVjsQYJ/1yJPZQFVVBc
q+NPC3W+evfRkY3UInK3+48pq14JmSJgZeixy+Q6E+g
-> .8!-grease HI mxy0[ KQrv@
51b57TzuFS57aikb3+k
--- SIBUVUW3p9fWRo97kQF+P80PY2BFw23AORw2Hu42RtY
ƒæS]Lù:ÚSZ±šj<E28099>攎à'¨28Mt¢Û6xèí:zQXÓðjû·ù ®8<C2AE>)G²5$YP¼)1ŠÖyj—«¯Á+ñžû¤÷â
,0ê4~¸°aBàÑÁ·0ðráìÃÆ6±
!¼½Œ2ó¢a Hüð€þ©H¸FZòvl½¨ä«:

BIN
agenix/hosts/weather-sdr/user/danielPassword.age Normal file
View file

Binary file not shown.

7
flake.nix
View file

@ -64,6 +64,11 @@
inherit inputs;
};
weather-sdr = import ./system/flakes/weather-sdr.nix {
inherit (inputs) nixpkgs deploy-rs home-manager agenix;
inherit inputs;
};
adsb-antenna = import ./system/flakes/adsb-antenna.nix {
inherit (inputs) nixpkgs deploy-rs home-manager;
inherit inputs;
@ -79,6 +84,7 @@
attic = attic.system;
mediaserver = mediaserver.system;
argon = argon.system;
weather-sdr = weather-sdr.system;
adsb-antenna = adsb-antenna.system;
};
@ -87,6 +93,7 @@
attic = attic.deployment;
mediaserver = mediaserver.deployment;
argon = argon.deployment;
weather-sdr = weather-sdr.deployment;
adsb-antenna = adsb-antenna.deployment;
};
};

44
hardware/hosts/weather-sdr.nix Normal file
View file

@ -0,0 +1,44 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
initrd = {
availableKernelModules = [ "usbhid" ];
kernelModules = [ ];
};
#kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
kernelModules = [ "tcp_bbr" ];
extraModulePackages = [ ];
blacklistedKernelModules = [ "rtl2832" "dvb_usb_rtl28xxu" "rtl2832_sdr" ];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_syncookies" = 0;
"net.ipv4.tcp_timestamps" = 1;
"net.ipv4.tcp_window_scaling" = 1;
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 4096;
}
];
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

3
home/hosts/adsb-antenna.nix
View file

@ -1,8 +1,5 @@
args@{ pkgs, ... }:
let
secret = import ../../secret/hosts/adsb-antenna.nix;
in
{
imports = [
../programs/fish.nix

26
home/hosts/weather-sdr.nix Normal file
View file

@ -0,0 +1,26 @@
args@{ pkgs, ... }:
{
imports = [
../programs/fish.nix
../programs/starship.nix
../programs/git.nix
../programs/bat.nix
../programs/fzf.nix
../programs/jq.nix
../programs/scripts.nix
];
home = {
stateVersion = "22.11";
packages = with pkgs; [
ripgrep
];
};
}

10
home/programs/ssh/shared/private.nix
View file

@ -33,15 +33,17 @@
identitiesOnly = true;
};
"piboat.lan" = {
"adsb-antenna" = {
hostname = "adsb-antenna.laniot";
port = 22;
user = "pi";
user = "daniel";
forwardAgent = true;
identityFile = "~/.ssh/LAN.pub";
identitiesOnly = true;
};
"adsb-antenna" = {
hostname = "adsb-antenna.laniot";
"weather-sdr" = {
hostname = "weather-sdr.laniot";
port = 22;
user = "daniel";
forwardAgent = true;

7
secrets.nix
View file

@ -5,11 +5,13 @@ let
system-attic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHe6N3LfPxu7KNsyuI8YE3R0OHLTxNw5+WhuQjKL6PUr";
system-mediaserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlB0cL5CtTOyARWSE2yUsNU4JHUPmr71710mZHzsmbX";
system-argon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP9ygczyi6g8abvj1I0eAj7N2Rli9UMlkC8VT6SnWLU";
system-weather-sdr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHuAdx5u9R2DyK065DUxdwhEOi0at1WNkY5f4JtrOzk";
sail = [ user-daniel system-sail ];
attic = [ user-daniel system-attic ];
mediaserver = [ user-daniel system-mediaserver ];
argon = [ user-daniel system-argon ];
weather-sdr = [ user-daniel system-weather-sdr ];
in
{
# sail
@ -84,4 +86,9 @@ in
"agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon;
"agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon;
# weather-sdr
"agenix/hosts/weather-sdr/user/danielPassword.age".publicKeys = weather-sdr;
"agenix/hosts/weather-sdr/mosquitto/passwordWeewxProxy.age".publicKeys = weather-sdr;
}

59
system/flakes/weather-sdr.nix Normal file
View file

@ -0,0 +1,59 @@
{ nixpkgs, deploy-rs, home-manager, agenix, inputs, ... }:
let
default-system = "aarch64-linux";
overlay-attic = inputs.attic.overlays.default;
overlay-deploy-rs = _: _: { inherit (inputs.deploy-rs.packages.${default-system}) deploy-rs; };
overlay-nifoc = inputs.nifoc-overlay.overlay;
nixpkgsConfig = {
overlays = [
overlay-attic
overlay-deploy-rs
overlay-nifoc
];
config = {
allowUnfree = true;
allowBroken = true;
permittedInsecurePackages = [
"openssl-1.1.1t"
];
};
};
in
rec {
system = nixpkgs.lib.nixosSystem {
system = default-system;
modules = [
../hosts/weather-sdr.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
nix.registry.nixpkgs.flake = nixpkgs;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ../../home/hosts/weather-sdr.nix;
}
];
};
deployment = {
hostname = "weather-sdr";
sshUser = "root";
remoteBuild = true;
autoRollback = false;
magicRollback = false;
profiles.system = {
path = deploy-rs.lib.${default-system}.activate.nixos system;
};
};
}

2
system/hosts/adsb-antenna.nix
View file

@ -43,7 +43,7 @@ in
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
options = "--delete-older-than 7d";
};
extraOptions = ''

124
system/hosts/weather-sdr.nix Normal file
View file

@ -0,0 +1,124 @@
args@{ pkgs, config, lib, ... }:
let
ssh-keys = import ../shared/ssh-keys.nix;
in
{
imports = [
../../hardware/hosts/weather-sdr.nix
../../agenix/hosts/weather-sdr/config.nix
../shared/show-update-changelog.nix
../nixos/raspberry.nix
../nixos/ssh.nix
../nixos/git.nix
../nixos/mosquitto.nix
../nixos/rtl_433.nix
];
system.stateVersion = "22.11";
nix = {
package = pkgs.nixVersions.stable;
settings = {
auto-optimise-store = true;
substituters = [
"https://attic.cache.daniel.sx/nifoc-systems"
"https://nifoc.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
"nifoc-systems:eDDqVP5BFR6/1KvXbF9oUL8JahDdmbrsYtxlQ57LOTU="
"nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
extraOptions = ''
experimental-features = nix-command flakes
keep-derivations = true
keep-outputs = true
post-build-hook = ${../../home/programs/scripts/attic-system-cache}
'';
};
environment.etc."nix/netrc".source = ../../secret/shared/nix-netrc;
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
tmp.cleanOnBoot = true;
};
networking = {
hostName = "weather-sdr";
useNetworkd = true;
};
systemd.network = {
enable = true;
networks = {
"10-iot" = {
matchConfig.Name = "enu1u1u1";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = false;
};
linkConfig.RequiredForOnline = "routable";
ntp = [
"ptbtime1.ptb.de"
"ptbtime2.ptb.de"
"ptbtime3.ptb.de"
];
};
};
wait-online.extraArgs = [
"--interface=enu1u1u1"
];
};
services.journald.extraConfig = ''
SystemMaxUse=512M
'';
documentation = {
nixos.enable = false;
doc.enable = false;
};
services.hardware.argonone.enable = true;
programs.fish.enable = true;
users.users = {
root = {
openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
};
daniel = {
passwordFile = config.age.secrets.user-daniel-password.path;
isNormalUser = true;
home = "/home/daniel";
description = "Daniel";
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [ ssh-keys.LAN ];
};
};
}

53
system/nixos/rtl_433.nix Normal file
View file

@ -0,0 +1,53 @@
{ pkgs, config, ... }:
{
systemd.services.rtl_433 = {
description = "rtl_433 service";
after = [ "mosquitto.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "exec";
ExecStart = "${pkgs.rtl_433}/bin/rtl_433 -f868.3M -Yclassic -Mtime:utc -R78 -Fmqtt://127.0.0.1:1883,user=rtl,pass=didYouFindThis,retain=0,events=rtl433";
};
};
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
rtl = {
password = "didYouFindThis";
acl = [ "write rtl433" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read rtl433" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"enu1u1u1".allowedTCPPorts = mosquittoPorts;
};
services.udev.extraRules = ''
# original RTL2832U vid/pid (hama nano, for example)
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2832", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
# RTL2832U OEM vid/pid, e.g. ezcap EzTV668 (E4000), Newsky TV28T (E4000/R820T) etc.
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", ENV{ID_SOFTWARE_RADIO}="1", MODE="0660", GROUP="plugdev"
'';
}