various: updates

agenix/hosts/neon/config.nix

@@ -17,5 +17,9 @@
       owner = "mosquitto";
       group = "mosquitto";
     };
+
+    deye-mqtt-config = {
+      file = ./deye-mqtt/config.age;
+    };
   };
 }

agenix/hosts/neon/deye-mqtt/config.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 MtGp6g cZPvs/kgiradW7jsmxS/QX5jjd5bCJ3bfxq1Cr3S3wI
+O1Y7ZM/MDBy0PY6TX4DhxyicpU4sNFhWQ3aRUhr+S2U
+-> ssh-ed25519 60lgJw 47L8kMg2MEVfHnUIfGO+NG4IZdAC8OrSBSkMPssTp0s
+JcTum0bADZ93GYoqJ2DtaCnzRTmPDewV1Lx6RTnPD/k
+--- LCCp4Jbd94KZoQHMGycN+xOYlJuj+/snbCOXlfaovjk
+¬b踊öqžç…°Êrà7¡ÚÞµ¥rFv'6¥ÊzSÙîýߘC¯ÇÊG·’&)?=ØùÑ­ø~À4¢L=ЖhŸ¿”åŒÛ¸íá©~xLG<sÆÈ”ÕïY7»|ö%Óá§pÝ<70>~¬Ž#BÃç–¿,Ö¸ëÊâ ÷×C9–/µŸòOÑÀ——nò`R¹á/¦¬kÌê>®™4ž}¿Úäâ<C3A4><C3A2>$ĸNÏß#ô§YaþæéaÀYÇX‘w¡OÉÚ öd¨O
.1àò𯈒?„‰ÊU<C38A>à\ç¨ì›dQa@Ue´;ã_+0úZ/H]VD]¯¯Qó3¢½cñßæëä%1ßKRVkßâ"Èš­ôùìowÁû×A†ä„Pä[.Úe2ŽJjf¬6g]ØžÎ?îý߀ÅÿˆÊÛXRÁs9¤²F)¹Ü¾©ÿÜΩ¢’³3棾(=
<01>Æ;Eï•DÉ<44>l3ðvãŽÖR<C396>¿ScVG`ëFÄŠè¡è`ò™õ_‡´ï;ÓÆ{ßs,Ò²¹£Ó¢™ËF<<3C>øÞÃ\¬lA¼R¡ãÊ£"3><0B>‡<04>¿ã] ÚÙ)‰ã¢o²ÍncE`«xB÷ Ê¶|8e`܇N‘ð&ÛAŸ93W™ÎºÈ™»Oˆîs4ƒ[îÉë;¿Ï
I£x&“¥nt3ŸÁYÄV÷}
+Ò—ÏT>Ô­"0tÔƒjOþØ¢z
+¯“'Þ³fÜ°10<31>ý²LL0ì*=„õ

container/deye/default.nix

@@ -0,0 +1,44 @@
+{ config, ... }:
+
+{
+  virtualisation.oci-containers.containers.deye-mqtt = {
+    image = "ghcr.io/kbialek/deye-inverter-mqtt:2024.07.1";
+    environmentFiles = [ config.age.secrets.deye-mqtt-config.path ];
+  };
+
+  systemd.services.podman-deye-mqtt.restartTriggers = [
+    "${config.age.secrets.deye-mqtt-config.file}"
+  ];
+
+  services.mosquitto.listeners = [
+    {
+      address = "0.0.0.0";
+      port = 1884;
+
+      settings = {
+        protocol = "mqtt";
+      };
+
+      users = {
+        deye = {
+          password = "didYouFindThis";
+          acl = [ "write deye/#" ];
+        };
+
+        weewx-proxy = {
+          hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
+          acl = [ "read deye/#" ];
+        };
+      };
+    }
+  ];
+
+  networking.firewall.interfaces =
+    let
+      mosquittoPorts = [ 1884 ];
+    in
+    {
+      "end0".allowedTCPPorts = mosquittoPorts;
+      "podman+".allowedTCPPorts = mosquittoPorts;
+    };
+}

container/weewx/default.nix

@@ -1,117 +0,0 @@
-{ config, ... }:
-
-let
-  secret = import ../../secret/container/weewx;
-  data-dir = "/var/lib/weewx";
-in
-{
-  # virtualisation.oci-containers.containers.weewx = {
-  #   image = "git.kempkens.io/daniel/weewx-docker:latest";
-  #   ports = [ "127.0.0.1:8000:8000" ];
-  #   environment = {
-  #     "TZ" = "Europe/Berlin";
-  #   };
-  #   volumes = [
-  #     "${data-dir}:/data"
-  #   ];
-  #   extraOptions = [
-  #     "--label=com.centurylinklabs.watchtower.enable=true"
-  #     "--label=io.containers.autoupdate=registry"
-  #   ];
-  # };
-
-  # systemd.services.podman-weewx.restartTriggers = [
-  #   "${config.age.secrets.weewx-config.file}"
-  #   "${config.age.secrets.weewx-skin.file}"
-  # ];
-
-  systemd.tmpfiles.rules = [
-    "d ${data-dir} 0755 421 421"
-    "d ${data-dir}/html 0755 421 421"
-    "d ${data-dir}/skin-wdc 0755 421 421"
-  ];
-
-  services.mosquitto.listeners = [
-    {
-      address = "0.0.0.0";
-      port = 1883;
-
-      settings = {
-        protocol = "mqtt";
-      };
-
-      users = {
-        weewx-proxy = {
-          hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
-          acl = [ "write weewx/+" ];
-        };
-
-        weewx = {
-          hashedPasswordFile = config.age.secrets.mosquitto-password-weewx.path;
-          acl = [ "read weewx/+" "write weather/+" ];
-        };
-      };
-    }
-    {
-      address = "127.0.0.1";
-      port = 9883;
-
-      settings = {
-        protocol = "websockets";
-        allow_anonymous = true;
-      };
-
-      acl = [ "topic read weather/+" ];
-    }
-  ];
-
-
-  networking.firewall.interfaces =
-    let
-      mosquittoPorts = [ 1883 ];
-    in
-    {
-      "tailscale0".allowedTCPPorts = mosquittoPorts;
-      "podman+".allowedTCPPorts = mosquittoPorts;
-    };
-
-  services.nginx.virtualHosts."${secret.container.weewx.hostname}" = {
-    quic = true;
-    http3 = true;
-    kTLS = true;
-
-    root = "${data-dir}/html/wdc";
-    forceSSL = true;
-    useACMEHost = "kempkens.io";
-
-    extraConfig = ''
-      index index.html;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    '';
-
-    locations."~* \.html$".extraConfig = ''
-      expires modified 120s;
-    '';
-
-    locations."~* \.(js|css)$".extraConfig = ''
-      expires 1h;
-    '';
-
-    locations."~ ^/dwd/(icons|warn_icons)/" = {
-      root = "${data-dir}/static_html";
-      extraConfig = ''
-        expires 7d;
-      '';
-    };
-
-    locations."~ ^/dwd/[\w]+\.(gif|png)".extraConfig = ''
-      expires modified 1h;
-    '';
-
-    locations."/mqtt" = {
-      recommendedProxySettings = true;
-      proxyPass = "http://127.0.0.1:9883";
-      proxyWebsockets = true;
-    };
-  };
-}

home/programs/firefox.nix

@@ -46,6 +46,7 @@ in
           "browser.ping-centre.telemetry" = false;
           "browser.newtabpage.activity-stream.feeds.telemetry" = false;
           "browser.newtabpage.activity-stream.telemetry" = false;
+          "dom.private-attribution.submission.enabled" = false;
 
           "app.shield.optoutstudies.enabled" = false;
           "app.normandy.enabled" = false;

secrets.nix

@@ -111,6 +111,8 @@ in
 
   "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
 
+  "agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
+
   # Styx
   "agenix/hosts/Styx/git/maintenance.age".publicKeys = [ user-daniel ];
 }