From e5c2b52a252c21df0f4197100ff37f71e8d043b4 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Sun, 14 Jul 2024 16:02:19 +0200 Subject: [PATCH] various: updates --- agenix/hosts/neon/config.nix | 4 + agenix/hosts/neon/deye-mqtt/config.age | 9 ++ container/deye/default.nix | 44 ++++++++++ container/weewx/default.nix | 117 ------------------------- home/programs/firefox.nix | 1 + secrets.nix | 2 + 6 files changed, 60 insertions(+), 117 deletions(-) create mode 100644 agenix/hosts/neon/deye-mqtt/config.age create mode 100644 container/deye/default.nix delete mode 100644 container/weewx/default.nix diff --git a/agenix/hosts/neon/config.nix b/agenix/hosts/neon/config.nix index 58f600e..5d188c4 100644 --- a/agenix/hosts/neon/config.nix +++ b/agenix/hosts/neon/config.nix @@ -17,5 +17,9 @@ owner = "mosquitto"; group = "mosquitto"; }; + + deye-mqtt-config = { + file = ./deye-mqtt/config.age; + }; }; } diff --git a/agenix/hosts/neon/deye-mqtt/config.age b/agenix/hosts/neon/deye-mqtt/config.age new file mode 100644 index 0000000..16c574e --- /dev/null +++ b/agenix/hosts/neon/deye-mqtt/config.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 MtGp6g cZPvs/kgiradW7jsmxS/QX5jjd5bCJ3bfxq1Cr3S3wI +O1Y7ZM/MDBy0PY6TX4DhxyicpU4sNFhWQ3aRUhr+S2U +-> ssh-ed25519 60lgJw 47L8kMg2MEVfHnUIfGO+NG4IZdAC8OrSBSkMPssTp0s +JcTum0bADZ93GYoqJ2DtaCnzRTmPDewV1Lx6RTnPD/k +--- LCCp4Jbd94KZoQHMGycN+xOYlJuj+/snbCOXlfaovjk +b踊q r7޵rFv'6zSߘCG&)?=ѭ~4L=Жh۸~xLG4}❝$ĸN#YaaYXwO dO .1?U\dQa@Ue;_+0Z/H]VD]Q3c%1KRVk"Ț owAP[.e2Jjf6g]? ߀XRs9F)ܾΩ3棾(=;EDɝl3vRScVG`FĊ`_;{s,ҲӢF<\lARʣ"3> ] )oncE`xBʶ|8e`܇N&A93WκșOs4[;Ix&nt3YV} +җT>ԭ"0tԃjOآz +'޳fܰ10LL0*= \ No newline at end of file diff --git a/container/deye/default.nix b/container/deye/default.nix new file mode 100644 index 0000000..89e5033 --- /dev/null +++ b/container/deye/default.nix @@ -0,0 +1,44 @@ +{ config, ... }: + +{ + virtualisation.oci-containers.containers.deye-mqtt = { + image = "ghcr.io/kbialek/deye-inverter-mqtt:2024.07.1"; + environmentFiles = [ config.age.secrets.deye-mqtt-config.path ]; + }; + + systemd.services.podman-deye-mqtt.restartTriggers = [ + "${config.age.secrets.deye-mqtt-config.file}" + ]; + + services.mosquitto.listeners = [ + { + address = "0.0.0.0"; + port = 1884; + + settings = { + protocol = "mqtt"; + }; + + users = { + deye = { + password = "didYouFindThis"; + acl = [ "write deye/#" ]; + }; + + weewx-proxy = { + hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path; + acl = [ "read deye/#" ]; + }; + }; + } + ]; + + networking.firewall.interfaces = + let + mosquittoPorts = [ 1884 ]; + in + { + "end0".allowedTCPPorts = mosquittoPorts; + "podman+".allowedTCPPorts = mosquittoPorts; + }; +} diff --git a/container/weewx/default.nix b/container/weewx/default.nix deleted file mode 100644 index a676e46..0000000 --- a/container/weewx/default.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ config, ... }: - -let - secret = import ../../secret/container/weewx; - data-dir = "/var/lib/weewx"; -in -{ - # virtualisation.oci-containers.containers.weewx = { - # image = "git.kempkens.io/daniel/weewx-docker:latest"; - # ports = [ "127.0.0.1:8000:8000" ]; - # environment = { - # "TZ" = "Europe/Berlin"; - # }; - # volumes = [ - # "${data-dir}:/data" - # ]; - # extraOptions = [ - # "--label=com.centurylinklabs.watchtower.enable=true" - # "--label=io.containers.autoupdate=registry" - # ]; - # }; - - # systemd.services.podman-weewx.restartTriggers = [ - # "${config.age.secrets.weewx-config.file}" - # "${config.age.secrets.weewx-skin.file}" - # ]; - - systemd.tmpfiles.rules = [ - "d ${data-dir} 0755 421 421" - "d ${data-dir}/html 0755 421 421" - "d ${data-dir}/skin-wdc 0755 421 421" - ]; - - services.mosquitto.listeners = [ - { - address = "0.0.0.0"; - port = 1883; - - settings = { - protocol = "mqtt"; - }; - - users = { - weewx-proxy = { - hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path; - acl = [ "write weewx/+" ]; - }; - - weewx = { - hashedPasswordFile = config.age.secrets.mosquitto-password-weewx.path; - acl = [ "read weewx/+" "write weather/+" ]; - }; - }; - } - { - address = "127.0.0.1"; - port = 9883; - - settings = { - protocol = "websockets"; - allow_anonymous = true; - }; - - acl = [ "topic read weather/+" ]; - } - ]; - - - networking.firewall.interfaces = - let - mosquittoPorts = [ 1883 ]; - in - { - "tailscale0".allowedTCPPorts = mosquittoPorts; - "podman+".allowedTCPPorts = mosquittoPorts; - }; - - services.nginx.virtualHosts."${secret.container.weewx.hostname}" = { - quic = true; - http3 = true; - kTLS = true; - - root = "${data-dir}/html/wdc"; - forceSSL = true; - useACMEHost = "kempkens.io"; - - extraConfig = '' - index index.html; - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - ''; - - locations."~* \.html$".extraConfig = '' - expires modified 120s; - ''; - - locations."~* \.(js|css)$".extraConfig = '' - expires 1h; - ''; - - locations."~ ^/dwd/(icons|warn_icons)/" = { - root = "${data-dir}/static_html"; - extraConfig = '' - expires 7d; - ''; - }; - - locations."~ ^/dwd/[\w]+\.(gif|png)".extraConfig = '' - expires modified 1h; - ''; - - locations."/mqtt" = { - recommendedProxySettings = true; - proxyPass = "http://127.0.0.1:9883"; - proxyWebsockets = true; - }; - }; -} diff --git a/home/programs/firefox.nix b/home/programs/firefox.nix index 8d51b3a..c805eee 100644 --- a/home/programs/firefox.nix +++ b/home/programs/firefox.nix @@ -46,6 +46,7 @@ in "browser.ping-centre.telemetry" = false; "browser.newtabpage.activity-stream.feeds.telemetry" = false; "browser.newtabpage.activity-stream.telemetry" = false; + "dom.private-attribution.submission.enabled" = false; "app.shield.optoutstudies.enabled" = false; "app.normandy.enabled" = false; diff --git a/secrets.nix b/secrets.nix index 277ef82..c32e0d6 100644 --- a/secrets.nix +++ b/secrets.nix @@ -111,6 +111,8 @@ in "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon; + "agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon; + # Styx "agenix/hosts/Styx/git/maintenance.age".publicKeys = [ user-daniel ]; }