aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Fix wol

Browse source
This commit is contained in:
Andrea Ciceri 2024-02-11 14:10:04 +01:00
parent cb0a071ee6
commit 7f3441fc76
Signed by: aciceri
SSH key fingerprint: SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
4 changed files with 54 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/picard/default.nix
View file

@ -2,6 +2,7 @@
fleetModules, fleetModules,
lib, lib,
config, config,
pkgs,
... ...
}: { }: {
imports = imports =
@ -32,6 +33,7 @@
"binfmt" "binfmt"
"greetd" "greetd"
"syncthing" "syncthing"
"hass-poweroff"
] ]
++ [ ++ [
./disko.nix ./disko.nix

16
modules/hass-poweroff/default.nix Normal file
View file

@ -0,0 +1,16 @@
{pkgs, ...}: {
# Creates an user that home assistant can log in as to power off the system
users.users.hass = {
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM"];
isNormalUser = true;
isSystemUser = false;
group = "hass";
createHome = false;
};
users.groups.hass = {};
security.sudo.extraConfig = ''
hass ALL=NOPASSWD:${pkgs.systemd}/bin/systemctl
'';
}

27
modules/home-assistant/default.nix
View file

@ -21,12 +21,6 @@
rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9"; rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9";
hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw="; hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw=";
}; };
localtuya = pkgs.fetchFromGitHub {
owner = "rospogrigio";
repo = "localtuya";
rev = "f06e4848e67997edfa696aa9a89372fb17077bd0";
hash = "sha256-hA/1FxH0wfM0jz9VqGCT95rXlrWjxV5oIkSiBf0G0ac=";
};
in { in {
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
@ -58,6 +52,7 @@ in {
"webostv" "webostv"
"media_player" "media_player"
"wyoming" "wyoming"
"wake_on_lan"
]; ];
extraPackages = python3Packages: extraPackages = python3Packages:
with python3Packages; [ with python3Packages; [
@ -99,6 +94,18 @@ in {
# data.mac = "20:28:bc:74:14:c2"; # data.mac = "20:28:bc:74:14:c2";
# }; # };
# }]; # }];
wake_on_lan = {};
switch = [
{
name = "Picard";
platform = "wake_on_lan";
mac = "74:56:3c:37:17:bd"; # this shouldn't be public
host = "picard.fleet";
turn_off.service = "shell_command.turn_off_picard";
}
];
shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"'';
# shell_command.turn_off_picard = ''whoami'';
}; };
}; };
@ -114,10 +121,12 @@ in {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${config.services.home-assistant.configDir}/custom_components 770 hass hass" "d ${config.services.home-assistant.configDir}/custom_components 770 hass hass"
"L+ ${config.services.home-assistant.configDir}/custom_components/pun_sensor - - - - ${pun_sensor}/custom_components/pun_sensor" "L+ ${config.services.home-assistant.configDir}/custom_components/pun_sensor - - - - ${pun_sensor}/custom_components/pun_sensor"
"L+ ${config.services.home-assistant.configDir}/custom_components/cozy_life - - - - ${cozy_life}/custom_components/cozylife"
"L+ ${config.services.home-assistant.configDir}/custom_components/localtuya - - - - ${localtuya}/custom_components/localtuya" "d ${config.services.home-assistant.configDir}/.ssh 770 hass hass"
"C ${config.services.home-assistant.configDir}/.ssh/id_ed25519 700 hass hass - ${config.age.secrets.hass-ssh-key.path}"
"d ${config.services.home-assistant.configDir}/www 770 hass hass" "d ${config.services.home-assistant.configDir}/www 770 hass hass"
"C ${config.services.home-assistant.configDir}/www/home.png - - - - ${config.age.secrets.home-planimetry.path}" "C ${config.services.home-assistant.configDir}/www/home.png 770 hass hass - - ${config.age.secrets.home-planimetry.path}"
]; ];
networking.firewall.interfaces."wg0" = { networking.firewall.interfaces."wg0" = {

22
modules/ssh-initrd/default.nix
View file

@ -1,24 +1,38 @@
{config, ...}: { {
config,
pkgs,
...
}: {
# For unlocking the disk connect using ssh and type # For unlocking the disk connect using ssh and type
# systemctl start initrd-nixos-activation # systemctl start initrd-nixos-activation
boot.initrd = { boot.initrd = {
network = { network = {
enable = true;
ssh = { ssh = {
enable = true; enable = true;
ignoreEmptyHostKeys = true; ignoreEmptyHostKeys = true;
extraConfig = '' extraConfig = ''
HostKey /ssh_initrd_host_ed25519_key HostKey /ssh_initrd_host_ed25519_key
''; '';
authorizedKeys = with (import ../../lib).keys.users; [
ccr-gpg
ccr-ssh
];
}; };
}; };
systemd = { systemd = {
enable = true; enable = true;
storePaths = ["${config.programs.ssh.package}/bin/ssh-keygen"]; network.enable = true;
storePaths = [
"${config.programs.ssh.package}/bin/ssh-keygen"
"${pkgs.bashInteractive}/bin/bash"
];
services.sshd.preStart = '' services.sshd.preStart = ''
${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key [ ! -f /ssh_initrd_host_ed25519_key ] && ${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key
chmod 600 /ssh_initrd_host_ed25519_key chmod 600 /ssh_initrd_host_ed25519_key
''; '';
}; };
}; };
boot.initrd.systemd.additionalUpstreamUnits = ["debug-shell.service"];
boot.kernelParams = ["rd.systemd.debug_shell"];
} }