Fix wol

2024-02-11 14:10:04 +01:00 · 2024-02-11 14:10:04 +01:00 · 7f3441fc76
commit 7f3441fc76
parent cb0a071ee6
4 changed files with 54 additions and 13 deletions
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -2,6 +2,7 @@
  fleetModules,
  lib,
  config,
+  pkgs,
  ...
 }: {
  imports =
@ -32,6 +33,7 @@
      "binfmt"
      "greetd"
      "syncthing"
+      "hass-poweroff"
    ]
    ++ [
      ./disko.nix
--- a/modules/hass-poweroff/default.nix
+++ b/modules/hass-poweroff/default.nix
@ -0,0 +1,16 @@
+{pkgs, ...}: {
+  # Creates an user that home assistant can log in as to power off the system
+  users.users.hass = {
+    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcoVVrMFili8UBjziIu2wyFgcDGTlT1avBh2nLTa9aM"];
+    isNormalUser = true;
+    isSystemUser = false;
+    group = "hass";
+    createHome = false;
+  };
+
+  users.groups.hass = {};
+
+  security.sudo.extraConfig = ''
+    hass ALL=NOPASSWD:${pkgs.systemd}/bin/systemctl
+  '';
+}
--- a/modules/home-assistant/default.nix
+++ b/modules/home-assistant/default.nix
@ -21,12 +21,6 @@
    rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9";
    hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw=";
  };
-  localtuya = pkgs.fetchFromGitHub {
-    owner = "rospogrigio";
-    repo = "localtuya";
-    rev = "f06e4848e67997edfa696aa9a89372fb17077bd0";
-    hash = "sha256-hA/1FxH0wfM0jz9VqGCT95rXlrWjxV5oIkSiBf0G0ac=";
-  };
 in {
  services.home-assistant = {
    enable = true;
@ -58,6 +52,7 @@ in {
      "webostv"
      "media_player"
      "wyoming"
+      "wake_on_lan"
    ];
    extraPackages = python3Packages:
      with python3Packages; [
@ -99,6 +94,18 @@ in {
      #     data.mac = "20:28:bc:74:14:c2";
      #   };
      # }];
+      wake_on_lan = {};
+      switch = [
+        {
+          name = "Picard";
+          platform = "wake_on_lan";
+          mac = "74:56:3c:37:17:bd"; # this shouldn't be public
+          host = "picard.fleet";
+          turn_off.service = "shell_command.turn_off_picard";
+        }
+      ];
+      shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"'';
+      # shell_command.turn_off_picard = ''whoami'';
    };
  };

@ -114,10 +121,12 @@ in {
  systemd.tmpfiles.rules = [
    "d ${config.services.home-assistant.configDir}/custom_components 770 hass hass"
    "L+ ${config.services.home-assistant.configDir}/custom_components/pun_sensor - - - - ${pun_sensor}/custom_components/pun_sensor"
-    "L+ ${config.services.home-assistant.configDir}/custom_components/cozy_life - - - - ${cozy_life}/custom_components/cozylife"
-    "L+ ${config.services.home-assistant.configDir}/custom_components/localtuya - - - - ${localtuya}/custom_components/localtuya"
+
+    "d ${config.services.home-assistant.configDir}/.ssh 770 hass hass"
+    "C ${config.services.home-assistant.configDir}/.ssh/id_ed25519 700 hass hass - ${config.age.secrets.hass-ssh-key.path}"
+
    "d ${config.services.home-assistant.configDir}/www 770 hass hass"
-    "C ${config.services.home-assistant.configDir}/www/home.png - - - - ${config.age.secrets.home-planimetry.path}"
+    "C ${config.services.home-assistant.configDir}/www/home.png 770 hass hass - - ${config.age.secrets.home-planimetry.path}"
  ];

  networking.firewall.interfaces."wg0" = {
--- a/modules/ssh-initrd/default.nix
+++ b/modules/ssh-initrd/default.nix
@ -1,24 +1,38 @@
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
  # For unlocking the disk connect using ssh and type
  # systemctl start initrd-nixos-activation
  boot.initrd = {
    network = {
-      enable = true;
      ssh = {
        enable = true;
        ignoreEmptyHostKeys = true;
        extraConfig = ''
          HostKey /ssh_initrd_host_ed25519_key
        '';
+        authorizedKeys = with (import ../../lib).keys.users; [
+          ccr-gpg
+          ccr-ssh
+        ];
      };
    };
    systemd = {
      enable = true;
-      storePaths = ["${config.programs.ssh.package}/bin/ssh-keygen"];
+      network.enable = true;
+      storePaths = [
+        "${config.programs.ssh.package}/bin/ssh-keygen"
+        "${pkgs.bashInteractive}/bin/bash"
+      ];
      services.sshd.preStart = ''
-               ${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key
+        [ ! -f /ssh_initrd_host_ed25519_key ] && ${config.programs.ssh.package}/bin/ssh-keygen -t ed25519 -N "" -f /ssh_initrd_host_ed25519_key
        chmod 600 /ssh_initrd_host_ed25519_key
      '';
    };
  };
+
+  boot.initrd.systemd.additionalUpstreamUnits = ["debug-shell.service"];
+  boot.kernelParams = ["rd.systemd.debug_shell"];
 }