diff --git a/flake.lock b/flake.lock index 8437b1b..2c77c95 100644 --- a/flake.lock +++ b/flake.lock @@ -1012,11 +1012,11 @@ "pre-commit-hooks": "pre-commit-hooks_3" }, "locked": { - "lastModified": 1712231666, - "narHash": "sha256-SlgbQyccioWkep10dwtJ4WBZT3FpgwC0LnCBbm3rz7Y=", + "lastModified": 1712238990, + "narHash": "sha256-I+pn/hg6T0EQoJOZbgDy0VGxUAPvSONWQyLSDa1LS9Y=", "owner": "oddlama", "repo": "nix-topology", - "rev": "a2e2a95a1b10ad93600351a6595c35ff1826ac8f", + "rev": "da89590e6c94fba7bcd895d910ee363db37ed538", "type": "github" }, "original": { diff --git a/hosts.toml b/hosts.toml index cc5239c..d575643 100644 --- a/hosts.toml +++ b/hosts.toml @@ -18,6 +18,6 @@ system = "x86_64-linux" type = "nixos" system = "x86_64-linux" -#[zackbiene] -#type = "nixos" -#system = "aarch64-linux" +[zackbiene] +type = "nixos" +system = "aarch64-linux" diff --git a/hosts/sire/guests/influxdb.nix b/hosts/sire/guests/influxdb.nix index fd7d478..360dc6f 100644 --- a/hosts/sire/guests/influxdb.nix +++ b/hosts/sire/guests/influxdb.nix @@ -80,6 +80,7 @@ in { } ]; + topology.self.services.influxdb2.info = "https://${influxdbDomain}"; services.influxdb2 = { enable = true; settings = { diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 0d53421..5e51d7d 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -22,7 +22,7 @@ ]; topology.self.hardware.image = ../../topology/images/odroid-h3.png; - topology.self.hardware.info = "ODROID H3, 64GB RAM"; + topology.self.hardware.info = "O-Droid H3, 64GB RAM"; boot.mode = "efi"; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"]; diff --git a/hosts/zackbiene/default.nix b/hosts/zackbiene/default.nix index 6399a9d..95aebe8 100644 --- a/hosts/zackbiene/default.nix +++ b/hosts/zackbiene/default.nix @@ -14,16 +14,20 @@ in { ../../modules/optional/initrd-ssh.nix ../../modules/optional/zfs.nix - #./esphome.nix + ./esphome.nix ./fs.nix ./home-assistant.nix ./hostapd.nix - #./mosquitto.nix + ./mosquitto.nix ./kea.nix ./net.nix - #./zigbee2mqtt.nix + ./zigbee2mqtt.nix ]; + topology.self.name = "🥔  zackbiene"; # yes this is 2x U+2009, don't ask (satori 🤬). + topology.self.hardware.image = ../../topology/images/odroid-n2plus.png; + topology.self.hardware.info = "O-Droid N2+"; + boot.mode = "efi"; users.groups.acme.members = ["nginx"]; services.nginx.enable = true; diff --git a/hosts/zackbiene/esphome.nix b/hosts/zackbiene/esphome.nix index b42696a..267abf0 100644 --- a/hosts/zackbiene/esphome.nix +++ b/hosts/zackbiene/esphome.nix @@ -1,4 +1,11 @@ -{config, ...}: { +{ + config, + nodes, + ... +}: let + sentinelCfg = nodes.sentinel.config; + esphomeDomain = "esphome.${sentinelCfg.repo.secrets.global.domains.personal}"; +in { environment.persistence."/persist".directories = [ { directory = "/var/lib/private/esphome"; @@ -6,6 +13,7 @@ } ]; + topology.self.services.esphome.info = "https://${esphomeDomain}"; services.esphome = { enable = true; enableUnixSocket = true; @@ -29,7 +37,7 @@ keepalive 2; ''; }; - virtualHosts."${config.repo.secrets.local.esphome.domain}" = { + virtualHosts."${esphomeDomain}" = { forceSSL = true; #enableACME = true; sslCertificate = config.age.secrets."selfcert.crt".path; diff --git a/hosts/zackbiene/home-assistant.nix b/hosts/zackbiene/home-assistant.nix index b0474b3..6c65582 100644 --- a/hosts/zackbiene/home-assistant.nix +++ b/hosts/zackbiene/home-assistant.nix @@ -16,6 +16,7 @@ in { } ]; + topology.self.services.home-assistant.info = "https://${homeDomain}"; services.home-assistant = { enable = true; extraComponents = [ diff --git a/hosts/zackbiene/net.nix b/hosts/zackbiene/net.nix index ccb810d..6bf8cc7 100644 --- a/hosts/zackbiene/net.nix +++ b/hosts/zackbiene/net.nix @@ -8,6 +8,10 @@ in { networking.hostId = config.repo.secrets.local.networking.hostId; + wireguard.proxy-sentinel = { + client.via = "sentinel"; + }; + boot.initrd.systemd.network = { enable = true; networks = {inherit (config.systemd.network.networks) "10-lan1";}; diff --git a/hosts/zackbiene/zigbee2mqtt.nix b/hosts/zackbiene/zigbee2mqtt.nix index 469ebf6..a146a1d 100644 --- a/hosts/zackbiene/zigbee2mqtt.nix +++ b/hosts/zackbiene/zigbee2mqtt.nix @@ -1,4 +1,11 @@ -{config, ...}: { +{ + config, + nodes, + ... +}: let + sentinelCfg = nodes.sentinel.config; + zigbeeDomain = "zigbee.${sentinelCfg.repo.secrets.global.domains.personal}"; +in { age.secrets."mosquitto-pw-zigbee2mqtt.yaml" = { rekeyFile = ./secrets/mosquitto-pw-zigbee2mqtt.yaml.age; mode = "440"; @@ -9,6 +16,7 @@ #security.acme.certs."home.${personalDomain}".extraDomainNames = [ # "zigbee.home.${personalDomain}" #]; + topology.self.services.zigbee2mqtt.info = "https://${zigbeeDomain}"; services.zigbee2mqtt = { enable = true; settings = { @@ -37,7 +45,7 @@ keepalive 2; ''; }; - virtualHosts."${config.repo.secrets.local.zigbee2mqtt.domain}" = { + virtualHosts."${zigbeeDomain}" = { forceSSL = true; #enableACME = true; sslCertificate = config.age.secrets."selfcert.crt".path; diff --git a/topology/default.nix b/topology/default.nix index b59561b..ab184be 100644 --- a/topology/default.nix +++ b/topology/default.nix @@ -9,6 +9,7 @@ ; in { networks.ward-kea.name = "Home LAN"; + networks.zackbiene-kea.name = "Isolated IoT Network"; networks.home-fritzbox = { name = "Home Fritzbox"; cidrv4 = "192.168.178.0/24"; @@ -38,9 +39,10 @@ in { nodes.switch-attic = mkSwitch "Switch Attic" { info = "D-Link DGS-1016D"; image = ./images/dlink-dgs1016d.png; - interfaceGroups = [["eth1" "eth2" "eth3" "eth4" "eth5" "eth6"]]; + interfaceGroups = [["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"]]; connections.eth1 = mkConnection "ward" "lan-self"; connections.eth2 = mkConnection "sire" "lan-self"; + connections.eth7 = mkConnection "zackbiene" "lan1"; }; nodes.switch-bedroom-1 = mkSwitch "Switch Bedroom 1" { diff --git a/topology/images/odroid-n2plus.png b/topology/images/odroid-n2plus.png new file mode 100644 index 0000000..6b4d8ac Binary files /dev/null and b/topology/images/odroid-n2plus.png differ