1
0
Fork 0

various: updates

This commit is contained in:
Daniel Kempkens 2024-07-14 16:02:19 +02:00
parent 811d7d47ca
commit e5c2b52a25
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
6 changed files with 60 additions and 117 deletions

View file

@ -17,5 +17,9 @@
owner = "mosquitto"; owner = "mosquitto";
group = "mosquitto"; group = "mosquitto";
}; };
deye-mqtt-config = {
file = ./deye-mqtt/config.age;
};
}; };
} }

View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 MtGp6g cZPvs/kgiradW7jsmxS/QX5jjd5bCJ3bfxq1Cr3S3wI
O1Y7ZM/MDBy0PY6TX4DhxyicpU4sNFhWQ3aRUhr+S2U
-> ssh-ed25519 60lgJw 47L8kMg2MEVfHnUIfGO+NG4IZdAC8OrSBSkMPssTp0s
JcTum0bADZ93GYoqJ2DtaCnzRTmPDewV1Lx6RTnPD/k
--- LCCp4Jbd94KZoQHMGycN+xOYlJuj+/snbCOXlfaovjk
¬¸Šöqžç …°Êrà7¡ÚÞµ¥rFv'6¥ÊzSÙîýߘC¯ÇÊG·&)?=ØùÑ­ø~À4¢L=ÐhŸ¿”åŒÛ¸íá©~xLG<sÆÈ”Õï Y7»|ö%Óá§pÝ<70>~¬Ž#BÃç¿,Ö¸ëÊâ ÷×C9/µŸòOÑÀ——nò`R ¹á/¦¬kÌê >®™4ž}¿Úäâ<C3A4><C3A2>¸NÏß#ô§YaþæéaÀYÇXw¡OÉÚ öd¨O .1àòð¯ˆ?„‰ÊU<C38A>à\ç¨ìdQa@Ue´;ã_+0úZ/H]VD]¯¯Qó3¢½cñßæëä%1ßKRVkßâ"Èš­ ôùìowÁû×A†ä„Pä[.Úe2ŽJjf¬6g]ØžÎ? îý߀ÅÿˆÊÛXRÁs9¤²F)¹Ü¾©ÿÜΩ¢³3棾(=<01>Æ;Eï•DÉ<44>lvãŽÖR<C396>¿ScVG`ëFÄŠè¡è`ò™õ_‡´ï;ÓÆ{ßs,Ò²¹£Ó¢™ËF<<3C>øÞÃ\¬lA¼R¡ãÊ£"3> <0B><04>¿ã] ÚÙ)‰ã¢o²ÍncE`«xB÷ Ê¶|8e`܇Nð&ÛAŸ93W™ÎºÈ™»Oˆîs4ƒ[îÉë;¿ÏI£x&“¥nt3ŸÁYÄV÷}
Ò—ÏT>Ô­"0tÔƒjOþØ¢z
¯“'Þ³fÜ°10<31>ý²LL0ì*=„õ

View file

@ -0,0 +1,44 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.deye-mqtt = {
image = "ghcr.io/kbialek/deye-inverter-mqtt:2024.07.1";
environmentFiles = [ config.age.secrets.deye-mqtt-config.path ];
};
systemd.services.podman-deye-mqtt.restartTriggers = [
"${config.age.secrets.deye-mqtt-config.file}"
];
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1884;
settings = {
protocol = "mqtt";
};
users = {
deye = {
password = "didYouFindThis";
acl = [ "write deye/#" ];
};
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "read deye/#" ];
};
};
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1884 ];
in
{
"end0".allowedTCPPorts = mosquittoPorts;
"podman+".allowedTCPPorts = mosquittoPorts;
};
}

View file

@ -1,117 +0,0 @@
{ config, ... }:
let
secret = import ../../secret/container/weewx;
data-dir = "/var/lib/weewx";
in
{
# virtualisation.oci-containers.containers.weewx = {
# image = "git.kempkens.io/daniel/weewx-docker:latest";
# ports = [ "127.0.0.1:8000:8000" ];
# environment = {
# "TZ" = "Europe/Berlin";
# };
# volumes = [
# "${data-dir}:/data"
# ];
# extraOptions = [
# "--label=com.centurylinklabs.watchtower.enable=true"
# "--label=io.containers.autoupdate=registry"
# ];
# };
# systemd.services.podman-weewx.restartTriggers = [
# "${config.age.secrets.weewx-config.file}"
# "${config.age.secrets.weewx-skin.file}"
# ];
systemd.tmpfiles.rules = [
"d ${data-dir} 0755 421 421"
"d ${data-dir}/html 0755 421 421"
"d ${data-dir}/skin-wdc 0755 421 421"
];
services.mosquitto.listeners = [
{
address = "0.0.0.0";
port = 1883;
settings = {
protocol = "mqtt";
};
users = {
weewx-proxy = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
acl = [ "write weewx/+" ];
};
weewx = {
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx.path;
acl = [ "read weewx/+" "write weather/+" ];
};
};
}
{
address = "127.0.0.1";
port = 9883;
settings = {
protocol = "websockets";
allow_anonymous = true;
};
acl = [ "topic read weather/+" ];
}
];
networking.firewall.interfaces =
let
mosquittoPorts = [ 1883 ];
in
{
"tailscale0".allowedTCPPorts = mosquittoPorts;
"podman+".allowedTCPPorts = mosquittoPorts;
};
services.nginx.virtualHosts."${secret.container.weewx.hostname}" = {
quic = true;
http3 = true;
kTLS = true;
root = "${data-dir}/html/wdc";
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
index index.html;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."~* \.html$".extraConfig = ''
expires modified 120s;
'';
locations."~* \.(js|css)$".extraConfig = ''
expires 1h;
'';
locations."~ ^/dwd/(icons|warn_icons)/" = {
root = "${data-dir}/static_html";
extraConfig = ''
expires 7d;
'';
};
locations."~ ^/dwd/[\w]+\.(gif|png)".extraConfig = ''
expires modified 1h;
'';
locations."/mqtt" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:9883";
proxyWebsockets = true;
};
};
}

View file

@ -46,6 +46,7 @@ in
"browser.ping-centre.telemetry" = false; "browser.ping-centre.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false; "browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false; "browser.newtabpage.activity-stream.telemetry" = false;
"dom.private-attribution.submission.enabled" = false;
"app.shield.optoutstudies.enabled" = false; "app.shield.optoutstudies.enabled" = false;
"app.normandy.enabled" = false; "app.normandy.enabled" = false;

View file

@ -111,6 +111,8 @@ in
"agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon; "agenix/hosts/neon/mosquitto/passwordWeewxProxy.age".publicKeys = neon;
"agenix/hosts/neon/deye-mqtt/config.age".publicKeys = neon;
# Styx # Styx
"agenix/hosts/Styx/git/maintenance.age".publicKeys = [ user-daniel ]; "agenix/hosts/Styx/git/maintenance.age".publicKeys = [ user-daniel ];
} }