feat: reenable zackbiene and add it to topology

2025-10-10 23:00:39 +02:00 · 2024-04-04 15:59:00 +02:00 · 2024-04-04 15:59:00 +02:00 · f171d1e83a
commit f171d1e83a
parent 5604cdd4cc
11 changed files with 43 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1012,11 +1012,11 @@
        "pre-commit-hooks": "pre-commit-hooks_3"
      },
      "locked": {
-        "lastModified": 1712231666,
-        "narHash": "sha256-SlgbQyccioWkep10dwtJ4WBZT3FpgwC0LnCBbm3rz7Y=",
+        "lastModified": 1712238990,
+        "narHash": "sha256-I+pn/hg6T0EQoJOZbgDy0VGxUAPvSONWQyLSDa1LS9Y=",
        "owner": "oddlama",
        "repo": "nix-topology",
-        "rev": "a2e2a95a1b10ad93600351a6595c35ff1826ac8f",
+        "rev": "da89590e6c94fba7bcd895d910ee363db37ed538",
        "type": "github"
      },
      "original": {
--- a/hosts.toml
+++ b/hosts.toml
@ -18,6 +18,6 @@ system = "x86_64-linux"
 type = "nixos"
 system = "x86_64-linux"

-#[zackbiene]
-#type = "nixos"
-#system = "aarch64-linux"
+[zackbiene]
+type = "nixos"
+system = "aarch64-linux"
--- a/hosts/sire/guests/influxdb.nix
+++ b/hosts/sire/guests/influxdb.nix
@ -80,6 +80,7 @@ in {
    }
  ];

+  topology.self.services.influxdb2.info = "https://${influxdbDomain}";
  services.influxdb2 = {
    enable = true;
    settings = {
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -22,7 +22,7 @@
  ];

  topology.self.hardware.image = ../../topology/images/odroid-h3.png;
-  topology.self.hardware.info = "ODROID H3, 64GB RAM";
+  topology.self.hardware.info = "O-Droid H3, 64GB RAM";

  boot.mode = "efi";
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];
--- a/hosts/zackbiene/default.nix
+++ b/hosts/zackbiene/default.nix
@ -14,16 +14,20 @@ in {
    ../../modules/optional/initrd-ssh.nix
    ../../modules/optional/zfs.nix

-    #./esphome.nix
+    ./esphome.nix
    ./fs.nix
    ./home-assistant.nix
    ./hostapd.nix
-    #./mosquitto.nix
+    ./mosquitto.nix
    ./kea.nix
    ./net.nix
-    #./zigbee2mqtt.nix
+    ./zigbee2mqtt.nix
  ];

+  topology.self.name = "🥔  zackbiene"; # yes this is 2x U+2009, don't ask (satori 🤬).
+  topology.self.hardware.image = ../../topology/images/odroid-n2plus.png;
+  topology.self.hardware.info = "O-Droid N2+";
+
  boot.mode = "efi";
  users.groups.acme.members = ["nginx"];
  services.nginx.enable = true;
--- a/hosts/zackbiene/esphome.nix
+++ b/hosts/zackbiene/esphome.nix
@ -1,4 +1,11 @@
-{config, ...}: {
+{
+  config,
+  nodes,
+  ...
+}: let
+  sentinelCfg = nodes.sentinel.config;
+  esphomeDomain = "esphome.${sentinelCfg.repo.secrets.global.domains.personal}";
+in {
  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/private/esphome";
@ -6,6 +13,7 @@
    }
  ];

+  topology.self.services.esphome.info = "https://${esphomeDomain}";
  services.esphome = {
    enable = true;
    enableUnixSocket = true;
@ -29,7 +37,7 @@
        keepalive 2;
      '';
    };
-    virtualHosts."${config.repo.secrets.local.esphome.domain}" = {
+    virtualHosts."${esphomeDomain}" = {
      forceSSL = true;
      #enableACME = true;
      sslCertificate = config.age.secrets."selfcert.crt".path;
--- a/hosts/zackbiene/home-assistant.nix
+++ b/hosts/zackbiene/home-assistant.nix
@ -16,6 +16,7 @@ in {
    }
  ];

+  topology.self.services.home-assistant.info = "https://${homeDomain}";
  services.home-assistant = {
    enable = true;
    extraComponents = [
--- a/hosts/zackbiene/net.nix
+++ b/hosts/zackbiene/net.nix
@ -8,6 +8,10 @@
 in {
  networking.hostId = config.repo.secrets.local.networking.hostId;

+  wireguard.proxy-sentinel = {
+    client.via = "sentinel";
+  };
+
  boot.initrd.systemd.network = {
    enable = true;
    networks = {inherit (config.systemd.network.networks) "10-lan1";};
--- a/hosts/zackbiene/zigbee2mqtt.nix
+++ b/hosts/zackbiene/zigbee2mqtt.nix
@ -1,4 +1,11 @@
-{config, ...}: {
+{
+  config,
+  nodes,
+  ...
+}: let
+  sentinelCfg = nodes.sentinel.config;
+  zigbeeDomain = "zigbee.${sentinelCfg.repo.secrets.global.domains.personal}";
+in {
  age.secrets."mosquitto-pw-zigbee2mqtt.yaml" = {
    rekeyFile = ./secrets/mosquitto-pw-zigbee2mqtt.yaml.age;
    mode = "440";
@ -9,6 +16,7 @@
  #security.acme.certs."home.${personalDomain}".extraDomainNames = [
  #  "zigbee.home.${personalDomain}"
  #];
+  topology.self.services.zigbee2mqtt.info = "https://${zigbeeDomain}";
  services.zigbee2mqtt = {
    enable = true;
    settings = {
@ -37,7 +45,7 @@
        keepalive 2;
      '';
    };
-    virtualHosts."${config.repo.secrets.local.zigbee2mqtt.domain}" = {
+    virtualHosts."${zigbeeDomain}" = {
      forceSSL = true;
      #enableACME = true;
      sslCertificate = config.age.secrets."selfcert.crt".path;
--- a/topology/default.nix
+++ b/topology/default.nix
@ -9,6 +9,7 @@
    ;
 in {
  networks.ward-kea.name = "Home LAN";
+  networks.zackbiene-kea.name = "Isolated IoT Network";
  networks.home-fritzbox = {
    name = "Home Fritzbox";
    cidrv4 = "192.168.178.0/24";
@ -38,9 +39,10 @@ in {
  nodes.switch-attic = mkSwitch "Switch Attic" {
    info = "D-Link DGS-1016D";
    image = ./images/dlink-dgs1016d.png;
-    interfaceGroups = [["eth1" "eth2" "eth3" "eth4" "eth5" "eth6"]];
+    interfaceGroups = [["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"]];
    connections.eth1 = mkConnection "ward" "lan-self";
    connections.eth2 = mkConnection "sire" "lan-self";
+    connections.eth7 = mkConnection "zackbiene" "lan1";
  };

  nodes.switch-bedroom-1 = mkSwitch "Switch Bedroom 1" {
--- a/topology/images/odroid-n2plus.png
+++ b/topology/images/odroid-n2plus.png