various: updates
This commit is contained in:
parent
811d7d47ca
commit
e5c2b52a25
6 changed files with 60 additions and 117 deletions
|
@ -17,5 +17,9 @@
|
||||||
owner = "mosquitto";
|
owner = "mosquitto";
|
||||||
group = "mosquitto";
|
group = "mosquitto";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
deye-mqtt-config = {
|
||||||
|
file = ./deye-mqtt/config.age;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
9
agenix/hosts/neon/deye-mqtt/config.age
Normal file
9
agenix/hosts/neon/deye-mqtt/config.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 MtGp6g cZPvs/kgiradW7jsmxS/QX5jjd5bCJ3bfxq1Cr3S3wI
|
||||||
|
O1Y7ZM/MDBy0PY6TX4DhxyicpU4sNFhWQ3aRUhr+S2U
|
||||||
|
-> ssh-ed25519 60lgJw 47L8kMg2MEVfHnUIfGO+NG4IZdAC8OrSBSkMPssTp0s
|
||||||
|
JcTum0bADZ93GYoqJ2DtaCnzRTmPDewV1Lx6RTnPD/k
|
||||||
|
--- LCCp4Jbd94KZoQHMGycN+xOYlJuj+/snbCOXlfaovjk
|
||||||
|
¬b踊öqžç…°Êrà7¡ÚÞµ¥rFv'6¥ÊzSÙîýߘC¯ÇÊG·’&)?=ØùÑø~À4¢L=ЖhŸ¿”åŒÛ¸íá©~xLG<sÆÈ”ÕïY7»|ö%Óá§pÝ<70>~¬Ž#BÃç–¿,Ö¸ëÊâ ÷×C9–/µŸòOÑÀ——nò`R¹á/¦¬kÌê>®™4ž}¿Úäâ<C3A4><C3A2>$ĸNÏß#ô§YaþæéaÀYÇX‘w¡OÉÚ öd¨O
.1àò𯈒?„‰ÊU<C38A>à\ç¨ì›dQa@Ue´;ã_+0úZ/H]VD]¯¯Qó3¢½cñßæëä%1ßKRVkßâ"ÈšôùìowÁû×A†ä„Pä[.Úe2ŽJjf¬6g]ØžÎ?îý߀ÅÿˆÊÛXRÁs9¤²F)¹Ü¾©ÿÜΩ¢’³3棾(=<01>Æ;Eï•DÉ<44>l3ðvãŽÖR<C396>¿ScVG`ëFÄŠè¡è`ò™õ_‡´ï;ÓÆ{ßs,Ò²¹£Ó¢™ËF<<3C>øÞÃ\¬lA¼R¡ãÊ£"3><0B>‡<04>¿ã] ÚÙ)‰ã¢o²ÍncE`«xB÷ ʶ|8e`܇N‘ð&ÛAŸ93W™ÎºÈ™»Oˆîs4ƒ[îÉë;¿ÏI£x&“¥nt3ŸÁYÄV÷}
|
||||||
|
Ò—ÏT>Ô"0tÔƒjOþØ¢z
|
||||||
|
¯“'Þ³fÜ°10<31>ý²LL0ì*=„õ
|
44
container/deye/default.nix
Normal file
44
container/deye/default.nix
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
virtualisation.oci-containers.containers.deye-mqtt = {
|
||||||
|
image = "ghcr.io/kbialek/deye-inverter-mqtt:2024.07.1";
|
||||||
|
environmentFiles = [ config.age.secrets.deye-mqtt-config.path ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.podman-deye-mqtt.restartTriggers = [
|
||||||
|
"${config.age.secrets.deye-mqtt-config.file}"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.mosquitto.listeners = [
|
||||||
|
{
|
||||||
|
address = "0.0.0.0";
|
||||||
|
port = 1884;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
protocol = "mqtt";
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
deye = {
|
||||||
|
password = "didYouFindThis";
|
||||||
|
acl = [ "write deye/#" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
weewx-proxy = {
|
||||||
|
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
||||||
|
acl = [ "read deye/#" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall.interfaces =
|
||||||
|
let
|
||||||
|
mosquittoPorts = [ 1884 ];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"end0".allowedTCPPorts = mosquittoPorts;
|
||||||
|
"podman+".allowedTCPPorts = mosquittoPorts;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,117 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
secret = import ../../secret/container/weewx;
|
|
||||||
data-dir = "/var/lib/weewx";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# virtualisation.oci-containers.containers.weewx = {
|
|
||||||
# image = "git.kempkens.io/daniel/weewx-docker:latest";
|
|
||||||
# ports = [ "127.0.0.1:8000:8000" ];
|
|
||||||
# environment = {
|
|
||||||
# "TZ" = "Europe/Berlin";
|
|
||||||
# };
|
|
||||||
# volumes = [
|
|
||||||
# "${data-dir}:/data"
|
|
||||||
# ];
|
|
||||||
# extraOptions = [
|
|
||||||
# "--label=com.centurylinklabs.watchtower.enable=true"
|
|
||||||
# "--label=io.containers.autoupdate=registry"
|
|
||||||
# ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
# systemd.services.podman-weewx.restartTriggers = [
|
|
||||||
# "${config.age.secrets.weewx-config.file}"
|
|
||||||
# "${config.age.secrets.weewx-skin.file}"
|
|
||||||
# ];
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${data-dir} 0755 421 421"
|
|
||||||
"d ${data-dir}/html 0755 421 421"
|
|
||||||
"d ${data-dir}/skin-wdc 0755 421 421"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.mosquitto.listeners = [
|
|
||||||
{
|
|
||||||
address = "0.0.0.0";
|
|
||||||
port = 1883;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
protocol = "mqtt";
|
|
||||||
};
|
|
||||||
|
|
||||||
users = {
|
|
||||||
weewx-proxy = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
|
||||||
acl = [ "write weewx/+" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
weewx = {
|
|
||||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx.path;
|
|
||||||
acl = [ "read weewx/+" "write weather/+" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
address = "127.0.0.1";
|
|
||||||
port = 9883;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
protocol = "websockets";
|
|
||||||
allow_anonymous = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
acl = [ "topic read weather/+" ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.interfaces =
|
|
||||||
let
|
|
||||||
mosquittoPorts = [ 1883 ];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"tailscale0".allowedTCPPorts = mosquittoPorts;
|
|
||||||
"podman+".allowedTCPPorts = mosquittoPorts;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."${secret.container.weewx.hostname}" = {
|
|
||||||
quic = true;
|
|
||||||
http3 = true;
|
|
||||||
kTLS = true;
|
|
||||||
|
|
||||||
root = "${data-dir}/html/wdc";
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "kempkens.io";
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
index index.html;
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."~* \.html$".extraConfig = ''
|
|
||||||
expires modified 120s;
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."~* \.(js|css)$".extraConfig = ''
|
|
||||||
expires 1h;
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."~ ^/dwd/(icons|warn_icons)/" = {
|
|
||||||
root = "${data-dir}/static_html";
|
|
||||||
extraConfig = ''
|
|
||||||
expires 7d;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
locations."~ ^/dwd/[\w]+\.(gif|png)".extraConfig = ''
|
|
||||||
expires modified 1h;
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."/mqtt" = {
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
proxyPass = "http://127.0.0.1:9883";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -46,6 +46,7 @@ in
|
||||||
"browser.ping-centre.telemetry" = false;
|
"browser.ping-centre.telemetry" = false;
|
||||||
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
|
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
|
||||||
"browser.newtabpage.activity-stream.telemetry" = false;
|
"browser.newtabpage.activity-stream.telemetry" = false;
|
||||||
|
"dom.private-attribution.submission.enabled" = false;
|
||||||
|
|
||||||
"app.shield.optoutstudies.enabled" = false;
|
"app.shield.optoutstudies.enabled" = false;
|
||||||
"app.normandy.enabled" = false;
|
"app.normandy.enabled" = false;
|
||||||
|
|
|
@ -111,6 +111,8 @@ in
|
||||||
|
|
||||||
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
|
||||||
|
|
||||||
|
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
|
||||||
|
|
||||||
# Styx
|
# Styx
|
||||||
"agenix/hosts/Styx/git/maintenance.age".publicKeys = [ user-daniel ];
|
"agenix/hosts/Styx/git/maintenance.age".publicKeys = [ user-daniel ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue