From 9cbce7b82f0bad8efb4a2d47e5921f93ea9dc004 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 8 Jul 2023 16:20:51 +0200 Subject: l: add monitoring config --- lass/2configs/monitoring/alert-rules.nix | 208 +++++++++++++++++++++++++++++++ lass/2configs/monitoring/prometheus.nix | 110 ++++++++++++++++ lass/2configs/monitoring/telegraf.nix | 72 +++++++++++ 3 files changed, 390 insertions(+) create mode 100644 lass/2configs/monitoring/alert-rules.nix create mode 100644 lass/2configs/monitoring/prometheus.nix create mode 100644 lass/2configs/monitoring/telegraf.nix (limited to 'lass/2configs') diff --git a/lass/2configs/monitoring/alert-rules.nix b/lass/2configs/monitoring/alert-rules.nix new file mode 100644 index 000000000..eae2569fb --- /dev/null +++ b/lass/2configs/monitoring/alert-rules.nix @@ -0,0 +1,208 @@ +# inspiration from https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix +{ lib }: + +lib.mapAttrsToList + (name: opts: { + alert = name; + expr = opts.condition; + for = opts.time or "2m"; + labels = { }; + annotations.description = opts.description; + }) + ({ + prometheus_too_many_restarts = { + condition = ''changes(process_start_time_seconds{job=~"prometheus|pushgateway|alertmanager|telegraf"}[15m]) > 2''; + description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping."; + }; + + alert_manager_config_not_synced = { + condition = ''count(count_values("config_hash", alertmanager_config_hash)) > 1''; + description = "Configurations of AlertManager cluster instances are out of sync."; + }; + + prometheus_not_connected_to_alertmanager = { + condition = "prometheus_notifications_alertmanagers_discovered < 1"; + description = "Prometheus cannot connect the alertmanager\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"; + }; + + prometheus_rule_evaluation_failures = { + condition = "increase(prometheus_rule_evaluation_failures_total[3m]) > 0"; + description = "Prometheus encountered {{ $value }} rule evaluation failures, leading to potentially ignored alerts.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"; + }; + + prometheus_template_expansion_failures = { + condition = "increase(prometheus_template_text_expansion_failures_total[3m]) > 0"; + time = "0m"; + description = "Prometheus encountered {{ $value }} template text expansion failures\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"; + }; + + promtail_request_errors = { + condition = ''100 * sum(rate(promtail_request_duration_seconds_count{status_code=~"5..|failed"}[1m])) by (namespace, job, route, instance) / sum(rate(promtail_request_duration_seconds_count[1m])) by (namespace, job, route, instance) > 10''; + time = "15m"; + description = ''{{ $labels.job }} {{ $labels.route }} is experiencing {{ printf "%.2f" $value }}% errors.''; + }; + + promtail_file_lagging = { + condition = ''abs(promtail_file_bytes_total - promtail_read_bytes_total) > 1e6''; + time = "15m"; + description = ''{{ $labels.instance }} {{ $labels.job }} {{ $labels.path }} has been lagging by more than 1MB for more than 15m.''; + }; + + filesystem_full_80percent = { + condition = ''disk_used_percent{mode!="ro"} >= 95''; + time = "10m"; + description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 20% space left on its filesystem."; + }; + + filesystem_full_krebs = { + condition = ''disk_used_percent{mode!="ro", org="krebs"} >= 95''; + time = "10m"; + description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 5% space left on its filesystem."; + }; + + filesystem_inodes_full = { + condition = ''disk_inodes_free / disk_inodes_total < 0.10''; + time = "10m"; + description = "{{$labels.instance}} device {{$labels.device}} on {{$labels.path}} got less than 10% inodes left on its filesystem."; + }; + + daily_task_not_run = { + # give 6 hours grace period + condition = ''time() - task_last_run{state="ok",frequency="daily"} > (24 + 6) * 60 * 60''; + description = "{{$labels.host}}: {{$labels.name}} was not run in the last 24h"; + }; + + daily_task_failed = { + condition = ''task_last_run{state="fail"}''; + description = "{{$labels.host}}: {{$labels.name}} failed to run"; + }; + + swap_using_30percent = { + condition = "mem_swap_total - (mem_swap_cached + mem_swap_free) > mem_swap_total * 0.3"; + time = "30m"; + description = "{{$labels.host}} is using 30% of its swap space for at least 30 minutes."; + }; + + systemd_service_failed = { + condition = ''systemd_units_active_code{name!~"nixpkgs-update-.*.service"} == 3''; + description = "{{$labels.host}} failed to (re)start service {{$labels.name}}."; + }; + + service_not_running = { + condition = ''systemd_units_active_code{name=~"teamspeak3-server.service|tt-rss.service", sub!="running"}''; + description = "{{$labels.host}} should have a running {{$labels.name}}."; + }; + + nfs_export_not_present = { + condition = "nfs_export_present == 0"; + time = "1h"; + description = "{{$labels.host}} cannot reach nfs export [{{$labels.server}}]:{{$labels.path}}"; + }; + + ram_using_90percent = { + condition = "mem_buffered + mem_free + mem_cached < mem_total * 0.1"; + time = "1h"; + description = "{{$labels.host}} is using at least 90% of its RAM for at least 1 hour."; + }; + load15 = { + condition = ''system_load15 / system_n_cpus{org!="nix-community"} >= 2.0''; + time = "10m"; + description = "{{$labels.host}} is running with load15 > 1 for at least 5 minutes: {{$value}}"; + }; + reboot = { + condition = "system_uptime < 300"; + description = "{{$labels.host}} just rebooted."; + }; + uptime = { + # too scared to upgrade matchbox + condition = ''system_uptime {host!~"^(matchbox|grandalf)$"} > 2592000''; + description = "Uptime monster: {{$labels.host}} has been up for more than 30 days."; + }; + telegraf_down = { + condition = ''min(up{job=~"telegraf",type!='mobile'}) by (source, job, instance, org) == 0''; + time = "3m"; + description = "{{$labels.instance}}: {{$labels.job}} telegraf exporter from {{$labels.source}} is down."; + }; + ping = { + condition = "ping_result_code{type!='mobile'} != 0"; + description = "{{$labels.url}}: ping from {{$labels.instance}} has failed!"; + }; + ping_high_latency = { + condition = "ping_average_response_ms{type!='mobile'} > 5000"; + description = "{{$labels.instance}}: ping probe from {{$labels.source}} is encountering high latency!"; + }; + http = { + condition = "http_response_result_code != 0"; + description = "{{$labels.server}} : http request failed from {{$labels.instance}}: {{$labels.result}}!"; + }; + http_match_failed = { + condition = "http_response_response_string_match == 0"; + description = "{{$labels.server}} : http body not as expected; status code: {{$labels.status_code}}!"; + }; + dns_query = { + condition = "dns_query_result_code != 0"; + description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}}!"; + }; + secure_dns_query = { + condition = "secure_dns_state != 0"; + description = "{{$labels.domain}} : could retrieve A record {{$labels.instance}} from server {{$labels.server}}: {{$labels.result}} for protocol {{$labels.protocol}}!"; + }; + connection_failed = { + condition = "net_response_result_code != 0"; + description = "{{$labels.server}}: connection to {{$labels.port}}({{$labels.protocol}}) failed from {{$labels.instance}}"; + }; + healthchecks = { + condition = "hc_check_up == 0"; + description = "{{$labels.instance}}: healtcheck {{$labels.job}} fails!"; + }; + cert_expiry = { + condition = "x509_cert_expiry < 7*24*3600"; + description = "{{$labels.instance}}: The TLS certificate from {{$labels.source}} will expire in less than 7 days: {{$value}}s"; + }; + + postfix_queue_length = { + condition = "avg_over_time(postfix_queue_length[1h]) > 10"; + description = "{{$labels.instance}}: postfix mail queue has undelivered {{$value}} items"; + }; + + zfs_errors = { + condition = "zfs_arcstats_l2_io_error + zfs_dmu_tx_error + zfs_arcstats_l2_writes_error > 0"; + description = "{{$labels.instance}} reports: {{$value}} ZFS IO errors."; + }; + + # ignore devices that disabled S.M.A.R.T (example if attached via USB) + smart_errors = { + condition = ''smart_device_health_ok{enabled!="Disabled"} != 1''; + description = "{{$labels.instance}}: S.M.A.R.T reports: {{$labels.device}} ({{$labels.model}}) has errors."; + }; + + oom_kills = { + condition = "increase(kernel_vmstat_oom_kill[5m]) > 0"; + description = "{{$labels.instance}}: OOM kill detected"; + }; + + unusual_disk_read_latency = { + condition = "rate(diskio_read_time[1m]) / rate(diskio_reads[1m]) > 0.1 and rate(diskio_reads[1m]) > 0"; + description = "{{$labels.instance}}: Disk latency is growing (read operations > 100ms)\n"; + }; + + unusual_disk_write_latency = { + condition = "rate(diskio_write_time[1m]) / rate(diskio_write[1m]) > 0.1 and rate(diskio_write[1m]) > 0"; + description = "{{$labels.instance}}: Disk latency is growing (write operations > 100ms)\n"; + }; + + host_memory_under_memory_pressure = { + condition = "rate(node_vmstat_pgmajfault[1m]) > 1000"; + description = "{{$labels.instance}}: The node is under heavy memory pressure. High rate of major page faults: {{$value}}"; + }; + + ext4_errors = { + condition = "ext4_errors_value > 0"; + description = "{{$labels.instance}}: ext4 has reported {{$value}} I/O errors: check /sys/fs/ext4/*/errors_count"; + }; + + alerts_silences_changed = { + condition = ''abs(delta(alertmanager_silences{state="active"}[1h])) >= 1''; + description = "alertmanager: number of active silences has changed: {{$value}}"; + }; + }) diff --git a/lass/2configs/monitoring/prometheus.nix b/lass/2configs/monitoring/prometheus.nix new file mode 100644 index 000000000..ba32c62a7 --- /dev/null +++ b/lass/2configs/monitoring/prometheus.nix @@ -0,0 +1,110 @@ +{ config, lib, pkgs, ... }: +{ + #prometheus + krebs.iptables = { + enable = true; + tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 80"; target = "ACCEPT"; } # nginx + # { predicate = "-i retiolum -p tcp --dport 3012"; target = "ACCEPT"; } # grafana + # { predicate = "-i retiolum -p tcp --dport 9093"; target = "ACCEPT"; } # alertmanager + # { predicate = "-i retiolum -p tcp --dport 9223"; target = "ACCEPT"; } # alertmanager + ]; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "prometheus.lass.r" = { + locations."/".proxyPass = "http://localhost:9090"; + }; + "alert.lass.r" = { + locations."/".proxyPass = "http://localhost:9093"; + }; + "grafana.lass.r" = { + locations."/".proxyPass = "http://localhost:3012"; + }; + }; + }; + + services.grafana = { + enable = true; + addr = "0.0.0.0"; + port = 3012; + auth.anonymous = { + enable = true; + org_role = "Admin"; + }; + }; + services.prometheus = { + enable = true; + ruleFiles = [ + (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { + groups = [{ + name = "alerting-rules"; + rules = import ./alert-rules.nix { inherit lib; }; + }]; + })) + ]; + scrapeConfigs = [ + { + job_name = "telegraf"; + scrape_interval = "60s"; + metrics_path = "/metrics"; + static_configs = [ + { + targets = [ + "prism.r:9273" + "dishfire.r:9273" + "yellow.r:9273" + ]; + } + ]; + } + ]; + alertmanagers = [ + { scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; + alertmanager = { + enable = true; + webExternalUrl = "https://alert.lass.r"; + listenAddress = "[::1]"; + configuration = { + global = { + # The smarthost and SMTP sender used for mail notifications. + smtp_smarthost = "localhost:587"; + smtp_from = "alertmanager@alert.lass.r"; + # smtp_auth_username = "alertmanager@thalheim.io"; + # smtp_auth_password = "$SMTP_PASSWORD"; + }; + route = { + receiver = "default"; + routes = [ + { + group_by = [ "host" ]; + group_wait = "30s"; + group_interval = "2m"; + repeat_interval = "2h"; + receiver = "all"; + } + ]; + }; + receivers = [ + { + name = "all"; + webhook_configs = [{ + url = "http://127.0.0.1:9223/"; + max_alerts = 5; + }]; + } + { + name = "default"; + } + ]; + }; + }; + }; + +} diff --git a/lass/2configs/monitoring/telegraf.nix b/lass/2configs/monitoring/telegraf.nix new file mode 100644 index 000000000..5258b87ed --- /dev/null +++ b/lass/2configs/monitoring/telegraf.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, ... }: +let + isVM = lib.any (mod: mod == "xen-blkfront" || mod == "virtio_console") config.boot.initrd.kernelModules; +in { + + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-i retiolum -p tcp --dport 9273"; target = "ACCEPT"; } + ]; + + systemd.services.telegraf.path = [ pkgs.nvme-cli ]; + + services.telegraf = { + enable = true; + extraConfig = { + agent.interval = "60s"; + inputs = { + http_response = [ + { urls = [ + "http://localhost:8080/about/health/" + ]; } + ]; + prometheus.metric_version = 2; + kernel_vmstat = { }; + # smart = lib.mkIf (!isVM) { + # path = pkgs.writeShellScript "smartctl" '' + # exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@" + # ''; + # }; + system = { }; + mem = { }; + file = [{ + data_format = "influx"; + file_tag = "name"; + files = [ "/var/log/telegraf/*" ]; + }] ++ lib.optional (lib.any (fs: fs == "ext4") config.boot.supportedFilesystems) { + name_override = "ext4_errors"; + files = [ "/sys/fs/ext4/*/errors_count" ]; + data_format = "value"; + }; + exec = lib.optionalAttrs (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems) { + ## Commands array + commands = [ + (pkgs.writeScript "zpool-health" '' + #!${pkgs.gawk}/bin/awk -f + BEGIN { + while ("${pkgs.zfs}/bin/zpool status" | getline) { + if ($1 ~ /pool:/) { printf "zpool_status,name=%s ", $2 } + if ($1 ~ /state:/) { printf " state=\"%s\",", $2 } + if ($1 ~ /errors:/) { + if (index($2, "No")) printf "errors=0i\n"; else printf "errors=%di\n", $2 + } + } + } + '') + ]; + data_format = "influx"; + }; + systemd_units = { }; + swap = { }; + disk.tagdrop = { + fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ]; + device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ]; + }; + diskio = { }; + }; + outputs.prometheus_client = { + listen = ":9273"; + metric_version = 2; + }; + }; + }; +} -- cgit v1.2.3 From bf94b004efb08fa375a4115578a35f6fe7d38d98 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sat, 8 Jul 2023 16:40:32 +0200 Subject: l boot: add uniersal boot method --- lass/2configs/boot/universal.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 lass/2configs/boot/universal.nix (limited to 'lass/2configs') diff --git a/lass/2configs/boot/universal.nix b/lass/2configs/boot/universal.nix new file mode 100644 index 000000000..33f4323cc --- /dev/null +++ b/lass/2configs/boot/universal.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + boot = { + loader.grub.enable = true; + loader.grub.version = 2; + loader.grub.device = "/dev/sda"; + loader.grub.efiSupport = true; + loader.grub.efiInstallAsRemovable = true; + }; +} -- cgit v1.2.3 From b22541175baa2a4372afaac71419e6854470175a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 9 Jul 2023 12:20:02 +0200 Subject: l: add missing mail/internet-gateway file --- lass/2configs/mail/internet-gateway.nix | 48 +++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 lass/2configs/mail/internet-gateway.nix (limited to 'lass/2configs') diff --git a/lass/2configs/mail/internet-gateway.nix b/lass/2configs/mail/internet-gateway.nix new file mode 100644 index 000000000..134e408a4 --- /dev/null +++ b/lass/2configs/mail/internet-gateway.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: +{ + security.acme.certs."mail.lassul.us" = { + group = "lasscert"; + webroot = "/var/lib/acme/acme-challenge"; + }; + users.groups.lasscert.members = [ + "exim" + "nginx" + ]; + + krebs.exim-smarthost = { + enable = true; + primary_hostname = "lassul.us"; + dkim = [ + { domain = "lassul.us"; } + ]; + ssl_cert = "/var/lib/acme/mail.lassul.us/fullchain.pem"; + ssl_key = "/var/lib/acme/mail.lassul.us/key.pem"; + local_domains = [ + "localhost" + "lassul.us" + "ubikmedia.eu" + "ubikmedia.de" + "apanowicz.de" + "alewis.de" + "jarugadesign.de" + "beesmooth.ch" + "event-extra.de" + "jla-trading.com" + ]; + extraRouters = '' + forward_lassul_us: + driver = manualroute + domains = lassul.us + transport = remote_smtp + route_list = * orange.r + no_more + + forward_ubik: + driver = manualroute + domains = ubikmedia.eu:ubikmedia.de:apanowicz.de:alewis.de:jarugadesign.de:beesmooth.ch:event-extra.de:jla-trading.com + transport = remote_smtp + route_list = * ubik.r + no_more + ''; + }; +} -- cgit v1.2.3 From 3ecc50fb63c6d460d3693ec8fb24cf9a15ed2fa7 Mon Sep 17 00:00:00 2001 From: lassulus Date: Fri, 14 Jul 2023 21:55:25 +0200 Subject: l: use networkd everywhere --- lass/2configs/default.nix | 1 + lass/2configs/networkd.nix | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 lass/2configs/networkd.nix (limited to 'lass/2configs') diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 3d7188dc6..72dbfc480 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -12,6 +12,7 @@ with import ; ./wiregrill.nix ./tmux.nix ./tor-ssh.nix + ./networkd.nix { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) diff --git a/lass/2configs/networkd.nix b/lass/2configs/networkd.nix new file mode 100644 index 000000000..12ffe0bd7 --- /dev/null +++ b/lass/2configs/networkd.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: +{ + systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false; + systemd.services.systemd-networkd.stopIfChanged = false; + # Services that are only restarted might be not able to resolve when resolved is stopped before + systemd.services.systemd-resolved.stopIfChanged = false; + + networking.useNetworkd = true; + systemd.network = { + enable = true; + networks.wl0 = { + matchConfig.Name = "wl0"; + DHCP = "yes"; + networkConfig = { + IgnoreCarrierLoss = "3s"; + }; + dhcpV4Config.UseDNS = true; + }; + }; +} -- cgit v1.2.3 From f59af7891eae767805a5ccf04799fe2f5929fb4d Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:06:52 +0200 Subject: l antimicrox: fix with newer versions --- lass/2configs/antimicrox/default.nix | 12 +- lass/2configs/antimicrox/empty.amgp | 20 -- lass/2configs/antimicrox/empty.gamecontroller.amgp | 20 ++ lass/2configs/antimicrox/mouse.amgp | 272 -------------------- lass/2configs/antimicrox/mouse.gamecontroller.amgp | 281 +++++++++++++++++++++ 5 files changed, 310 insertions(+), 295 deletions(-) delete mode 100644 lass/2configs/antimicrox/empty.amgp create mode 100644 lass/2configs/antimicrox/empty.gamecontroller.amgp delete mode 100644 lass/2configs/antimicrox/mouse.amgp create mode 100644 lass/2configs/antimicrox/mouse.gamecontroller.amgp (limited to 'lass/2configs') diff --git a/lass/2configs/antimicrox/default.nix b/lass/2configs/antimicrox/default.nix index 16f546ce6..2b683b8bc 100644 --- a/lass/2configs/antimicrox/default.nix +++ b/lass/2configs/antimicrox/default.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { systemd.services.antimicrox = { + after = [ "display-manager.service" ]; wantedBy = [ "multi-user.target" ]; environment = { DISPLAY = ":0"; @@ -8,18 +9,23 @@ serviceConfig = { User = config.users.users.mainUser.name; ExecStartPre = lib.singleton (pkgs.writeDash "init_state" "echo 0 > /tmp/gamepad.state"); - ExecStart = "${pkgs.antimicrox}/bin/antimicrox --no-tray --hidden --profile ${./mouse.amgp}"; + ExecStart = "${pkgs.antimicrox}/bin/antimicrox --hidden --profile ${./mouse.gamecontroller.amgp}"; }; }; + services.udev.extraRules = '' + KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_node=uinput" + ''; + environment.systemPackages = [ + pkgs.antimicrox (pkgs.writers.writeDashBin "gamepad_mouse_disable" '' echo 1 > /tmp/gamepad.state - ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.amgp} + ${pkgs.antimicrox}/bin/antimicrox --profile ${./empty.gamecontroller.amgp} '') (pkgs.writers.writeDashBin "gamepad_mouse_enable" '' echo 0 > /tmp/gamepad.state - ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.amgp} + ${pkgs.antimicrox}/bin/antimicrox --profile ${./mouse.gamecontroller.amgp} '') (pkgs.writers.writeDashBin "gamepad_mouse_toggle" '' state=$(${pkgs.coreutils}/bin/cat /tmp/gamepad.state) diff --git a/lass/2configs/antimicrox/empty.amgp b/lass/2configs/antimicrox/empty.amgp deleted file mode 100644 index 0257bfe71..000000000 --- a/lass/2configs/antimicrox/empty.amgp +++ /dev/null @@ -1,20 +0,0 @@ - - - - XInput Controller - - 030000005e0400008e020000010100001118654 - - - - - - - - - - R Stick - L Stick - - - diff --git a/lass/2configs/antimicrox/empty.gamecontroller.amgp b/lass/2configs/antimicrox/empty.gamecontroller.amgp new file mode 100644 index 000000000..0257bfe71 --- /dev/null +++ b/lass/2configs/antimicrox/empty.gamecontroller.amgp @@ -0,0 +1,20 @@ + + + + XInput Controller + + 030000005e0400008e020000010100001118654 + + + + + + + + + + R Stick + L Stick + + + diff --git a/lass/2configs/antimicrox/mouse.amgp b/lass/2configs/antimicrox/mouse.amgp deleted file mode 100644 index 313e598de..000000000 --- a/lass/2configs/antimicrox/mouse.amgp +++ /dev/null @@ -1,272 +0,0 @@ - - - - XInput Controller - - 030000005e0400008e020000010100001118654 - - - - - - - - - - Stick 2 - Stick 1 - - - - - 1 - 29501 - 1412 - 90 - - 74 - 74 - 4 - 20 - 3 - easeoutquad - - - 3 - mousemovement - - - - - 74 - 74 - - - 74 - 74 - 4 - 20 - 3 - easeoutquad - - - 2 - mousemovement - - - - - 74 - 74 - - - 74 - 74 - 4 - 20 - 3 - easeoutquad - - - 4 - mousemovement - - - - - 74 - 74 - - - 74 - 74 - 4 - 20 - 3 - easeoutquad - - - 1 - mousemovement - - - - - 74 - 74 - - - - 2578 - 30799 - - linear - - - 6 - mousebutton - - - - - linear - - - linear - - - 5 - mousebutton - - - - - linear - - - linear - - - 7 - mousebutton - - - - - linear - - - linear - - - 4 - mousebutton - - - - - linear - - - - - 2 - 10 - - - 2 - 10 - - - 0x1000017 - keyboard - - - - - 2 - 10 - - - 2 - 10 - - - 0x1000011 - keyboard - - - - - 10 - 10 - - - 0x1000016 - keyboard - - - - - 2 - 10 - - - 2 - 10 - - - 2 - 10 - - - 0x1000010 - keyboard - - - - - - 2000 - positivehalf - - 100 - 100 - - - 100 - 100 - - - 250 - mousespeedmod - - - - - - positivehalf - - - - - - - - - diff --git a/lass/2configs/antimicrox/mouse.gamecontroller.amgp b/lass/2configs/antimicrox/mouse.gamecontroller.amgp new file mode 100644 index 000000000..743618f54 --- /dev/null +++ b/lass/2configs/antimicrox/mouse.gamecontroller.amgp @@ -0,0 +1,281 @@ + + + + XInput Controller + + 030000005e0400008e020000010100001118654 + + + + + + + + + + Stick 2 + Stick 1 + + + + + 1 + 29501 + 1412 + 90 + 100 + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 1 + mousemovement + + + + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 4 + mousemovement + + + + + 74 + 74 + + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 2 + mousemovement + + + + + 74 + 74 + + + 74 + 74 + 4 + 20 + 3 + easeoutquad + + + 3 + mousemovement + + + + + 74 + 74 + + + 74 + 74 + + + + 2578 + 30799 + + linear + + + 4 + mousebutton + + + + + linear + + + 7 + mousebutton + + + + + linear + + + linear + + + 5 + mousebutton + + + + + linear + + + linear + + + 6 + mousebutton + + + + + linear + + + linear + + + + + 2 + 10 + + + 10 + 10 + + + 0x1000013 + keyboard + + + + + 2 + 10 + + + 2 + 10 + + + 0x1000014 + keyboard + + + + + 2 + 10 + + + 0x1000015 + keyboard + + + + + 2 + 10 + + + 2 + 10 + + + 2 + 10 + + + 0x1000012 + keyboard + + + + + + 2000 + positivehalf + + 100 + 100 + + + 100 + 100 + + + 250 + mousespeedmod + + + + + + positivehalf + + + + + + + + + + -- cgit v1.2.3 From 2384a74a74e19adcd2307bd33db0cef6c0f0ec71 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:07:46 +0200 Subject: l hass: fix wifi switches & mqtt --- lass/2configs/hass/default.nix | 52 +++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index cc8189f51..8a5f88a54 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -41,8 +41,7 @@ in { configWritable = true; lovelaceConfigWritable = true; config = let - tasmota_s20 = name: topic: { - platform = "mqtt"; + tasmota = name: topic: { inherit name; state_topic = "stat/${topic}/POWER"; command_topic = "cmnd/${topic}/POWER"; @@ -57,7 +56,7 @@ in { longitude = "13.41489"; elevation = 90; unit_system = "metric"; - customize = friendly_names; + # customize = friendly_names; }; config = {}; sun.elevation = 66; @@ -65,36 +64,37 @@ in { discovery = {}; frontend = {}; http = {}; - mqtt = { - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - username = "gg23"; - password = "gg23-mqtt"; - keepalive = 60; - protocol = 3.1; + # mqtt = { + # broker = "localhost"; + # port = 1883; + # client_id = "home-assistant"; + # username = "gg23"; + # password = "gg23-mqtt"; + # keepalive = 60; + # protocol = 3.1; - discovery = true; - birth_message = { - topic = "/hass/status"; - payload = "online"; - }; - will_message = { - topic = "/hass/status"; - payload = "offline"; - }; - }; + # discovery = true; + # birth_message = { + # topic = "/hass/status"; + # payload = "online"; + # }; + # will_message = { + # topic = "/hass/status"; + # payload = "offline"; + # }; + # }; sensor = [ { platform = "dwd_weather_warnings"; region_name = "Berlin"; } ]; - switch = [ - (tasmota_s20 "TV" "tv") - (tasmota_s20 "Drucker Strom" "drucker") - (tasmota_s20 "Waschmaschine" "wasch") - (tasmota_s20 "Stereo Anlage" "stereo") + mqtt.switch = [ + (tasmota "TV" "tv") + (tasmota "Drucker Strom" "drucker") + (tasmota "Waschmaschine" "wasch") + (tasmota "Stereo Anlage" "stereo") + (tasmota "Wohnzimmer Lampe" "wohn_lampe") ]; mobile_app = {}; weather = [ -- cgit v1.2.3 From b0311b40d63b7bc5769941a6552f151b3c50f23a Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:07:55 +0200 Subject: l styx.r: integrate snapcast --- lass/2configs/hass/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/hass/default.nix b/lass/2configs/hass/default.nix index 8a5f88a54..1745bbfe5 100644 --- a/lass/2configs/hass/default.nix +++ b/lass/2configs/hass/default.nix @@ -106,6 +106,10 @@ in { system_health = {}; history = {}; shopping_list = {}; + media_player = { + platform = "snapcast"; + host = "127.0.0.1"; + }; }; }; -- cgit v1.2.3 From 210ef5ac52c49eede09e557721b235b54cd3532c Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:08:27 +0200 Subject: l hass: use zigbee2mqtt aliases for addressing --- lass/2configs/hass/lib.nix | 18 +++--- lass/2configs/hass/zigbee.nix | 141 ++++++++++-------------------------------- 2 files changed, 42 insertions(+), 117 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/hass/lib.nix b/lass/2configs/hass/lib.nix index 1f9f9945d..72ff2966f 100644 --- a/lass/2configs/hass/lib.nix +++ b/lass/2configs/hass/lib.nix @@ -1,24 +1,24 @@ { lib, ... }: rec { lights = { - bett = "0x0017880106ed3bd8"; - essen = "0x0017880108327622"; - arbeit = "0x0017880106ee2865"; - nass = "0x00178801082e9f2f"; + bett = "l_bett"; + essen = "l_essen"; + arbeit = "l_arbeit"; + nass = "l_nass"; }; switches = { dimmer = { - bett = "0x00178801086ac38c"; - essen = "0x00178801086ad1fb"; - nass = "0x00178801086ac373"; + bett = "i_bett"; + essen = "i_essen"; + nass = "i_nass"; }; }; sensors = { movement = { - essen = "0x0017880106f772f2"; - nass = "0x0017880106f77f30"; + essen = "s_essen"; + nass = "s_nass"; }; }; diff --git a/lass/2configs/hass/zigbee.nix b/lass/2configs/hass/zigbee.nix index 8fc02263b..210c761b5 100644 --- a/lass/2configs/hass/zigbee.nix +++ b/lass/2configs/hass/zigbee.nix @@ -34,117 +34,42 @@ in { advanced = { pan_id = 4222; }; - }; - }; + devices = let + set_device = id: name: + lib.nameValuePair id { + }; + in { + # lights https://www.zigbee2mqtt.io/devices/9290022166.html#philips-9290022166 + "0x0017880106ed3bd8".friendly_name = "l_bett"; + "0x0017880108327622".friendly_name = "l_essen"; + "0x0017880106ee2865".friendly_name = "l_arbeit"; + "0x00178801082e9f2f".friendly_name = "l_nass"; - services.home-assistant.config = { - sensor = [ - # Sensor for monitoring the bridge state - { - platform = "mqtt"; - name = "Zigbee2mqtt Bridge state"; - state_topic = "/zigbee2mqtt/bridge/state"; - icon = "mdi:router-wireless"; - } - # Sensor for Showing the Zigbee2mqtt Version - { - platform = "mqtt"; - name = "Zigbee2mqtt Version"; - state_topic = "/zigbee2mqtt/bridge/config"; - value_template = "{{ value_json.version }}"; - icon = "mdi:zigbee"; - } - # Sensor for Showing the Coordinator Version - { - platform = "mqtt"; - name = "Coordinator Version"; - state_topic = "/zigbee2mqtt/bridge/config"; - value_template = "{{ value_json.coordinator }}"; - icon = "mdi:chip"; - } - ]; - switch = [ - { - platform = "mqtt"; - name = "zigbee2mqtt_join"; - state_topic = "/zigbee2mqtt/bridge/config/permit_join"; - command_topic = "/zigbee2mqtt/bridge/config/permit_join"; - payload_on = "true"; - payload_off = "false"; - } - ]; - automation = [ - #{ - # alias = "Zigbee2mqtt Log Level"; - # initial_state = "on"; - # trigger = { - # platform = "state"; - # entity_id = "input_select.zigbee2mqtt_log_level"; - # }; - # action = [ - # { - # service = "mqtt.publish"; - # data = { - # payload_template = "{{ states('input_select.zigbee2mqtt_log_level') }}"; - # topic = "/zigbee2mqtt/bridge/config/log_level"; - # }; - # } - # ]; - #} - # Automation to start timer when enable join is turned on - { - id = "zigbee_join_enabled"; - alias = ""; - trigger = { - platform = "state"; - entity_id = "switch.zigbee2mqtt_join"; - to = "on"; - }; - action = { - service = "timer.start"; - entity_id = "timer.zigbee_permit_join"; + # switches https://www.zigbee2mqtt.io/devices/324131092621.html#philips-324131092621 + "0x00178801086ac38c".friendly_name = "i_bett"; + "0x00178801086ad1fb".friendly_name = "i_essen"; + "0x00178801086ac373".friendly_name = "i_nass"; + + # sensors https://www.zigbee2mqtt.io/devices/9290012607.html#philips-9290012607 + "0x0017880106f772f2".friendly_name = "s_essen"; + "0x0017880106f77f30".friendly_name = "s_nass"; + + # heat https://www.zigbee2mqtt.io/devices/701721.html#popp-701721 + "0x842e14fffe27109a".friendly_name = "t_bett"; + "0x842e14fffe269a73".friendly_name = "t_nass"; + "0x842e14fffe269a56".friendly_name = "t_arbeit"; + + # rotation https://www.zigbee2mqtt.io/devices/E1744.html + "0x8cf681fffe065493" = { + friendly_name = "r_test"; + device_id = "r_test"; + simulated_brightness = { + delta = 2; + interval = 100; + }; }; - } - # Automation to stop timer when switch turned off and turn off switch when timer finished - { - id = "zigbee_join_disabled"; - trigger = [ - { - platform = "event"; - event_type = "timer.finished"; - event_data.entity_id = "timer.zigbee_permit_join"; - } - { - platform = "state"; - entity_id = "switch.zigbee2mqtt_join"; - to = "off"; - } - ]; - action = [ - { service = "timer.cancel"; - data.entity_id = "timer.zigbee_permit_join"; - } - { service = "switch.turn_off"; - entity_id = "switch.zigbee2mqtt_join"; - } - ]; - } - ]; - #input_select.zigbee2mqtt_log_level = { - # name = "Zigbee2mqtt Log Level"; - # options = [ - # "debug" - # "info" - # "warn" - # "error" - # ]; - # initial = "info"; - # icon = "mdi:format-list-bulleted"; - #}; - timer.zigbee_permit_join = { - name = "Zigbee Time remaining"; - duration = 120; + }; }; }; } -- cgit v1.2.3 From 9c35e8da105f19690d832453c40984865c0ff110 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:09:54 +0200 Subject: l git: allow bigger payload in proxy_pass --- lass/2configs/services/git/default.nix | 10 ++++++++++ lass/2configs/services/git/proxy.nix | 10 ++++++++++ 2 files changed, 20 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/services/git/default.nix b/lass/2configs/services/git/default.nix index 096f73c03..2b68905ed 100644 --- a/lass/2configs/services/git/default.nix +++ b/lass/2configs/services/git/default.nix @@ -7,5 +7,15 @@ enableACME = true; addSSL = true; locations = config.services.nginx.virtualHosts.cgit.locations; + extraConfig = '' + client_max_body_size 300M; + client_body_timeout 2024; + client_header_timeout 2024; + + fastcgi_buffers 16 512k; + fastcgi_buffer_size 512k; + fastcgi_read_timeout 500; + fastcgi_send_timeout 500; + ''; }; } diff --git a/lass/2configs/services/git/proxy.nix b/lass/2configs/services/git/proxy.nix index cb05c3f6c..9875898ea 100644 --- a/lass/2configs/services/git/proxy.nix +++ b/lass/2configs/services/git/proxy.nix @@ -9,5 +9,15 @@ proxyWebsockets = true; recommendedProxySettings = true; }; + extraConfig = '' + client_max_body_size 300M; + client_body_timeout 2024; + client_header_timeout 2024; + + fastcgi_buffers 16 512k; + fastcgi_buffer_size 512k; + fastcgi_read_timeout 500; + fastcgi_send_timeout 500; + ''; }; } -- cgit v1.2.3 From b8f7bebf77f817ba0bac870be7b44a6a8aeb4f89 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:10:54 +0200 Subject: l sync: sort & add massulus --- lass/2configs/sync/decsync.nix | 2 +- lass/2configs/sync/sync.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/sync/decsync.nix b/lass/2configs/sync/decsync.nix index 5fded10a2..98479c7f5 100644 --- a/lass/2configs/sync/decsync.nix +++ b/lass/2configs/sync/decsync.nix @@ -1,7 +1,7 @@ { services.syncthing.folders.decsync = { path = "/home/lass/decsync"; - devices = [ "mors" "blue" "green" "phone" ]; + devices = [ "mors" "blue" "green" "phone" "massulus" ]; }; krebs.acl."/home/lass/decsync"."u:syncthing:X".parents = true; diff --git a/lass/2configs/sync/sync.nix b/lass/2configs/sync/sync.nix index 2714fa83e..09f94378b 100644 --- a/lass/2configs/sync/sync.nix +++ b/lass/2configs/sync/sync.nix @@ -1,6 +1,13 @@ { services.syncthing.folders."/home/lass/sync" = { - devices = [ "mors" "icarus" "xerxes" "shodan" "green" "blue" "coaxmetal" ]; + devices = [ + "mors" + "xerxes" + "green" + "blue" + "coaxmetal" + "aergia" + ]; }; krebs.acl."/home/lass/sync"."u:syncthing:X".parents = true; krebs.acl."/home/lass/sync"."u:syncthing:rwX" = {}; -- cgit v1.2.3 From fe89b7544e8601e485e8d3c4fadaef3bbe62b0aa Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:11:54 +0200 Subject: l nginx: enable by default --- lass/2configs/websites/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/default.nix b/lass/2configs/websites/default.nix index bfd86ad7e..ebf4d8345 100644 --- a/lass/2configs/websites/default.nix +++ b/lass/2configs/websites/default.nix @@ -4,6 +4,7 @@ with import ; { services.nginx = { + enable = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; -- cgit v1.2.3 From 794590866b8c556f21b08de70cc31e4ab68680dc Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 2023 23:12:17 +0200 Subject: l domsen: fixes & domains --- lass/2configs/websites/domsen.nix | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index c57fb5907..9d28bedc6 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -96,6 +96,7 @@ in { file_uploads = on ''; + systemd.services.nextcloud-setup.after = [ "secret-nextcloud_pw.service" ]; krebs.secret.files.nextcloud_pw = { path = "/run/nextcloud.pw"; owner.name = "nextcloud"; @@ -121,18 +122,17 @@ in { # MAIL STUFF # TODO: make into its own module - # workaround for android 7 - security.acme.certs."lassul.us".keyType = "rsa4096"; - services.roundcube = { enable = true; hostName = "mail.lassul.us"; extraConfig = '' - $config['smtp_port'] = 25; + $config['smtp_debug'] = true; + $config['smtp_host'] = "localhost:25"; ''; }; services.dovecot2 = { enable = true; + showPAMFailure = true; mailLocation = "maildir:~/Mail"; sslServerCert = "/var/lib/acme/lassul.us/fullchain.pem"; sslServerKey = "/var/lib/acme/lassul.us/key.pem"; @@ -142,6 +142,17 @@ in { { predicate = "-p tcp --dport imaps"; target = "ACCEPT"; } ]; + environment.systemPackages = [ + (pkgs.writers.writeDashBin "debug_exim" '' + set -ef + export PATH="${lib.makeBinPath [ pkgs.coreutils ]}" + echo "$@" >> /tmp/xxx + /run/wrappers/bin/shadow_verify_arg "${config.lass.usershadow.pattern}" "$2" "$3" 2>>/tmp/xxx1 + echo "ok" >> /tmp/yyy + exit 23 + '') + ]; + krebs.exim-smarthost = { authenticators.PLAIN = '' driver = plaintext @@ -153,6 +164,7 @@ in { public_name = LOGIN server_prompts = "Username:: : Password::" server_condition = ''${run{/run/wrappers/bin/shadow_verify_arg ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} + # server_condition = ''${run{/run/current-system/sw/bin/debug_exim ${config.lass.usershadow.pattern} $auth1 $auth2}{yes}{no}} ''; internet-aliases = [ { from = "dma@ubikmedia.de"; to = "domsen"; } @@ -180,14 +192,13 @@ in { "alewis.de" "jarugadesign.de" "beesmooth.ch" + "event-extra.de" ]; dkim = [ { domain = "ubikmedia.eu"; } { domain = "apanowicz.de"; } { domain = "beesmooth.ch"; } ]; - ssl_cert = "/var/lib/acme/lassul.us/fullchain.pem"; - ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; users.users.UBIK-SFTP = { -- cgit v1.2.3 From ea5e8bc757a7920dc5d23be7890fca7de059a0ba Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 23 Jul 202