ctucx.git: nixfiles

machines/lollo/solar-nrw -> machines/briefkasten/solar-nrw

diff --git a/machines/briefkasten/configuration.nix b/machines/briefkasten/configuration.nix
@@ -21,6 +21,7 @@
     ./gotosocial.nix
 
     ./smarthome
+    ./solar-nrw
 
     ./scanner-sftp.nix
 

diff --git a/machines/lollo/solar-nrw/default.nix b/machines/briefkasten/solar-nrw/default.nix

diff --git a/machines/lollo/solar-nrw/mqtt-webui/config.nix b/machines/briefkasten/solar-nrw/mqtt-webui/config.nix

diff --git a/machines/lollo/solar-nrw/mqtt-webui/default.nix b/machines/briefkasten/solar-nrw/mqtt-webui/default.nix

diff --git a/machines/lollo/solar-nrw/mqtt-webui/extra-files/manifest.json b/machines/briefkasten/solar-nrw/mqtt-webui/extra-files/manifest.json

diff --git a/machines/briefkasten/solar-nrw/solax2mqtt.nix b/machines/briefkasten/solar-nrw/solax2mqtt.nix
@@ -0,0 +1,54 @@
+{ inputs, config, pkgs, ... }:
+
+{
+
+  imports = [
+    ./vpn.nix
+  ];
+
+  age.secrets = {
+    solax2mqtt-config.file = ./. + "/../../../secrets/${config.networking.hostName}/solar-nrw/solax2mqtt.age";
+  };
+
+  systemd.services.solax2mqtt = {
+    wantedBy  = [ "multi-user.target" ];
+    requires  = [ "network-online.target" "strongswan.service" "mosquitto.service" ];
+    after     = [ "network-online.target" "strongswan.service" "mosquitto.service" ];
+    onFailure = [ "email-notify@%i.service" ];
+
+    environment.CONFIG_PATH = "%d/config.json";
+
+    serviceConfig = {
+      ExecStart    = "${pkgs.solax2mqtt}/bin/solax2mqtt";
+
+      Restart      = "on-failure";
+      RestartSec   = "5";
+
+      LoadCredential = "config.json:${config.age.secrets.solax2mqtt-config.path}";
+
+      DynamicUser = true;
+
+      NoNewPrivileges         = true;
+      PrivateTmp              = true;
+
+      ProtectSystem           = "strict";
+      ProtectKernelLogs       = true;
+      ProtectKernelModules    = true;
+      ProtectKernelTunables   = true;
+      ProtectControlGroups    = true;
+      ProtectHome             = true;
+
+      IPAddressAllow          = "127.0.0.0/8 192.168.178.75/32";
+
+      RestrictAddressFamilies = "AF_INET";
+      RestrictNamespaces      = true;
+      RestrictRealtime        = true;
+
+      DevicePolicy            = "closed";
+      LockPersonality         = true;
+
+      LimitNPROC              = 1;
+    };
+  };
+
+}

diff --git a/machines/lollo/solar-nrw/telegraf.nix b/machines/briefkasten/solar-nrw/telegraf.nix

diff --git a/machines/briefkasten/solar-nrw/vpn.nix b/machines/briefkasten/solar-nrw/vpn.nix
@@ -0,0 +1,57 @@
+{ pkgs, config, ... }:
+
+{
+
+  age.secrets = {
+    wegberg-vpn-secrets.file = ./. + "/../../../secrets/${config.networking.hostName}/solar-nrw/vpn-secrets.age";
+  };
+
+  services.strongswan = {
+    enable = true;
+
+    setup.uniqueids = "yes";
+
+    connections = {
+      avm_conntype_user = {
+        ikelifetime="60m";
+        keylife="60m";
+        rekeymargin="3m";
+        keyingtries="1";
+        ike="aes256-sha512-modp1024!";
+        esp="aes256-sha512!";
+        keyexchange="ikev1";
+        aggressive="yes";
+        leftauth="psk";
+        leftauth2="xauth";
+        leftsourceip="%config4";
+        dpdtimeout="120s";
+        dpdaction="restart";
+        dpddelay="30s";
+        forceencaps="yes";
+        modeconfig="pull";
+        compress="no";
+        rightauth="psk";
+        xauth="client";
+      };
+
+      wegberg = {
+        also="avm_conntype_user";
+        left = "%any4";
+        leftid="keyid:wegberg";
+        right="%i507mutylxhw1ptw.myfritz.net";
+        rightid="%any";
+        rightsubnet="192.168.178.0/24";
+        xauth_identity="wegberg";
+        esp="aes256-sha1!";
+        auto="start";
+        dpdaction="restart";
+        closeaction="restart";
+        keyingtries="%forever";
+      };
+    };
+
+    secrets = [ config.age.secrets.wegberg-vpn-secrets.path ];
+
+  };
+
+}+
\ No newline at end of file

diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix
@@ -15,7 +15,6 @@
     ../../configurations/linux/services/prometheus-exporters.nix
     ../../configurations/linux/services/restic-server.nix
 
-    ./solar-nrw
     ./websites
   ];
 

diff --git a/machines/lollo/solar-nrw/solax2mqtt.nix b/machines/lollo/solar-nrw/solax2mqtt.nix
@@ -1,56 +0,0 @@
-{ inputs, config, pkgs, ... }:
-
-{
-
-  imports = [
-    ./vpn.nix
-  ];
-
-  age.secrets = {
-    solax2mqtt-config.file = ../../../secrets/lollo/solar-nrw/solax2mqtt.age;
-  };
-
-  services.mosquitto.enable = true;
-
-  systemd.services.solax2mqtt = {
-    wantedBy  = [ "multi-user.target" ];
-    requires  = [ "network-online.target" "strongswan.service" "mosquitto.service" ];
-    after     = [ "network-online.target" "strongswan.service" "mosquitto.service" ];
-    onFailure = [ "email-notify@%i.service" ];
-
-    environment.CONFIG_PATH = "%d/config.json";
-
-    serviceConfig = {
-      ExecStart    = "${pkgs.solax2mqtt}/bin/solax2mqtt";
-
-      Restart      = "on-failure";
-      RestartSec   = "5";
-
-      LoadCredential = "config.json:${config.age.secrets.solax2mqtt-config.path}";
-
-      DynamicUser = true;
-
-      NoNewPrivileges         = true;
-      PrivateTmp              = true;
-
-      ProtectSystem           = "strict";
-      ProtectKernelLogs       = true;
-      ProtectKernelModules    = true;
-      ProtectKernelTunables   = true;
-      ProtectControlGroups    = true;
-      ProtectHome             = true;
-
-      IPAddressAllow          = "127.0.0.0/8 192.168.178.75/32";
-
-      RestrictAddressFamilies = "AF_INET";
-      RestrictNamespaces      = true;
-      RestrictRealtime        = true;
-
-      DevicePolicy            = "closed";
-      LockPersonality         = true;
-
-      LimitNPROC              = 1;
-    };
-  };
-
-}

diff --git a/machines/lollo/solar-nrw/vpn.nix b/machines/lollo/solar-nrw/vpn.nix
@@ -1,57 +0,0 @@
-{ pkgs, config, ... }:
-
-{
-
-  age.secrets = {
-    wegberg-vpn-secrets.file = ../../../secrets/lollo/solar-nrw/vpn-secrets.age;
-  };
-
-  services.strongswan = {
-    enable = true;
-
-    setup.uniqueids = "yes";
-
-    connections = {
-      avm_conntype_user = {
-        ikelifetime="60m";
-        keylife="60m";
-        rekeymargin="3m";
-        keyingtries="1";
-        ike="aes256-sha512-modp1024!";
-        esp="aes256-sha512!";
-        keyexchange="ikev1";
-        aggressive="yes";
-        leftauth="psk";
-        leftauth2="xauth";
-        leftsourceip="%config4";
-        dpdtimeout="120s";
-        dpdaction="restart";
-        dpddelay="30s";
-        forceencaps="yes";
-        modeconfig="pull";
-        compress="no";
-        rightauth="psk";
-        xauth="client";
-      };
-
-      wegberg = {
-        also="avm_conntype_user";
-        left = "%any4";
-        leftid="keyid:wegberg";
-        right="%i507mutylxhw1ptw.myfritz.net";
-        rightid="%any";
-        rightsubnet="192.168.178.0/24";
-        xauth_identity="wegberg";
-        esp="aes256-sha1!";
-        auto="start";
-        dpdaction="restart";
-        closeaction="restart";
-        keyingtries="%forever";
-      };
-    };
-
-    secrets = [ config.age.secrets.wegberg-vpn-secrets.path ];
-
-  };
-
-}-
\ No newline at end of file

diff --git a/secrets/briefkasten/mosquitto/passwd-nrw.age b/secrets/briefkasten/mosquitto/passwd-nrw.age
@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ajhva0lTT3BqMk5DRURR
+RzNsRFB5aVNoN1pPSVRBbHo1b3gzcTV5Q1gwCmVpelhCL2Y2cy85YUY4WVl4WUZW
+c2FHQmo2bmpINkJwWmhtTklXMGd3MW8KLT4gc3NoLWVkMjU1MTkgNGhLQ013IGpi
+WkI4em56L3B0STB3K0R4M2RYbVJxVWI4TEk5NkYrTDVGRjFSSFlYUW8Kb24xd3Rn
+aVo5SmtYVXJZQkllVlVraWIwTkFhRVpNRVp0MFlxVENjbWRRYwotPiAwayhpLWdy
+ZWFzZSBpYXggU1glMnVbIFckXiBYcWIjawpYOGJsemxFMk1Za2FWZ3l0WSsxUHZj
+K0cvdFVmVVM3ZFBMNU5YWmJrSWZHN25KcUFxMlJHRGNqZnVkNjJIY1NSCgotLS0g
+bXViYlFhYW5sczkyMXNWNVhhRi91WXRhcXkvaVlreE8ycUVMeVE0K2RzbwqtFCcX
+HHLh0YZJVWbICVTilSk4zWAKFSJccvisi7VsZlM7bO9HvDQsYmNA5w==
+-----END AGE ENCRYPTED FILE-----

diff --git a/secrets/briefkasten/solar-nrw/solax2mqtt.age b/secrets/briefkasten/solar-nrw/solax2mqtt.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRdGQvVzhReHk2S0lDTWxG
+aTdoU1RxbUEvR3k0SUtYek03SXNSWHhGUWxrCkJuaHVsVjloV25jUXFpYWoxWjZm
+VDUvbmROeFdyU3lqTjR0c2xkSGl0bG8KLT4gc3NoLWVkMjU1MTkgNGhLQ013IDlq
+aWNLb3pMNlhmamllczdoZVJ3Q0pDejVRK0tmRUtNc1J3K1M2eTg5SE0KWnN0RmQz
+bFVZRjkrczZqd2R6ckVEcEtoMUdqVkZHandpeHpBd05lbWJLVQotPiBbOW54KC1n
+cmVhc2UgOzU/K1VdNCBjIGMmPzkpdSp2IGkqCnptbGhiMGxCUEhDSW55SUhvYmQ1
+cllDUWpsdwotLS0gbEdLSUxnVFBMdm1XYTU1Y29nQXBHSklXUWtzODJzLzlqeU0z
+eFZwUDZpZwoBTX1EaZ2thGe3IFrSUpKVr4N7S8qgHF4ucQHkuvBqrPGmOxGmB5AC
+66w1+8pp3WU0GCcsWWghqx+D/+9udbR7DOCZEDinN6GPYAvNCUkEvr1uM+Fo6yB8
+4g/nxx3o+2eTSTXn15Me3MJFK1FIv/2j3kkWd40rz5gizxC0wjQEl4BFEKVS2uWZ
+dnWwyzEitUwOWZnG6z1HbhLMKeFvZmfpvc+fsHJ5T053Y9aeFlCDDviK53v1+oNo
+zbRATQ==
+-----END AGE ENCRYPTED FILE-----

diff --git a/secrets/briefkasten/solar-nrw/vpn-secrets.age b/secrets/briefkasten/solar-nrw/vpn-secrets.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdUZtR2VDcmRuclRrY0ZC
+NTlxa2crQ2JvNWZGN3E5Kzg5cERYNmQyRVNFCjN3LzQzZk50S0xZRllFc2c2Yk1C
+WmxQdGUyYlBDYXhzS3pPYTkxZGVxcWMKLT4gc3NoLWVkMjU1MTkgNGhLQ013IDNw
+YnlTSUlGSjEyajlmQmRmWFIycDZXclBvak9JblNTa25aRGcwRHNpSHcKdjRTRm9s
+WnlqclVjbzFwOWRFU1Fzd21IWHBXZ2lJQWRTb1ZyZlVZVFlNWQotPiA5JCFXRy1n
+cmVhc2Uge19yTSBXQDwzNCB1Y34neF5VdCBnLApXaGxYcmZCK1pRenBRcmYrNXVV
+eDdZMjhDMXR5eVN1ZFUzRGVvajB1eXBsUHdHZVZQWlhZMEN3K2l6cUFVRTNWCmk0
+S3JVcGhhWWg4dDhRSFdMWFpQRWpwY2pLMXk0TVdIeWd1R2dNV1hwYnc4Ci0tLSA4
+bGIrWmI3ZlI3YzhHcFdWMkYrZzJtbDZQcDRDOTc4YjNWUmhOblM1UkYwCu8Okay2
+VOkWHFNX6ukMXDzwqACV4nbnMVPg1/PDkfOoTwlX8YxZtLD5gdmIc1SN2POWdg7N
++b94UoSCFzYyfj8Ogb9C3SaEzTkECUNl71gFn6sMBRhMYWPOJ7r/OWeTpHpx9Cxa
+saUf/nI/
+-----END AGE ENCRYPTED FILE-----

diff --git a/secrets/lollo/mosquitto/passwd-nrw.age b/secrets/lollo/mosquitto/passwd-nrw.age
@@ -1,11 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvR2U0L2tYUkk5K1I3aWhp
-eW9lb1BROUhGZlhJK2ZiKzZnaFp1c2R6TURRCnY0UzA3WklxRTAzWitvUEhaWWJw
-MTE1SzI1QjRKa05qYlJSS08xRHdGc1UKLT4gc3NoLWVkMjU1MTkgMXJjY0t3IG1t
-bmRlNmdVMDlzaG5rd3Jqb3BRbUNQSWJUeXVvYkE3TFZHT1RFM2tZMGsKWEpNYmJX
-NzlhaEZlajhZajU1MTJtU1pZWnZPU3VJV0dkR1hWRFYwdTRWOAotPiBHVTwzLWdy
-ZWFzZSBQZExaYjRGClBUQnZ0TFdQbjkxZy82bG1ueXRlRkFHQjlsL1ROOTBya2VZ
-NXRTTVAySkg4NGRDM29saTJFNXk1UlkySkhyV1MKVzFjQjN1dwotLS0geHVKSEdY
-UkdrMExtOXhFa3Rtc1JrT3ZCbkF3SzhyWW9yWEEzM2NDTDBSawrKP0EE0JY3adGf
-tcDm5fdFfX7mbRJy541NnxywnUzkVoM0/KH17hY8gg0+Rw==
------END AGE ENCRYPTED FILE-----

diff --git a/secrets/lollo/solar-nrw/solax2mqtt.age b/secrets/lollo/solar-nrw/solax2mqtt.age
@@ -1,15 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5M1ppMW1MRnZGZXFSMUJO
-ZnB6Z3gzSmxiQ1JmNUpDdjc1WEVxbGRMd0YwCm81azIrR3RUVW1MZHM1SnZFa2dm
-OXRvUXJPZDdzcE9LWSt6dTlPSW82TG8KLT4gc3NoLWVkMjU1MTkgMXJjY0t3IG84
-UWFaQjNla2FuRjU1NVJFOWhtSFVBenBuWnRmMEgyQXFJRHU0M2FGam8KamdWODlW
-bVZFMzNzaDFENXlzMURXZEhzQk40YTJ3L0dPcUF6N0Vob0tIYwotPiBxSyx6XCJ4
-ay1ncmVhc2UgMCUqbFIKdUtKRVNWOWplVkVYQUY1NHBicUxHZzhBSUFQb0ZXM3hj
-STdwVkZhWUNJWnhKRXo3aStsaFp4RmNYNGRsZ3hWYwpjc1hvd2lEbXhPKzBBckNM
-S2JvaCt1SkFxQ2N4S1EKLS0tIGVVaUdmZ3ppcjVYOGZ6Wmg1VHdacmlpdEtkNy9h
-UjBHSTRoL2kvVHhGYUEK99G3isaZ44k0W0sqtLVw1/PW2xBBnRqmXSEeKl4ElWYc
-LJql1SgVF1koSNjf7bW68tRw6qKld2G5GpPJX3VZ+GwnAmxDSIXdHb7YmjD4DuS0
-JoSic3PML//eFPmiGHW/YFAqviZMJ69S2tmIhKIwf3G/vbvF24IIP5gsJq3933J0
-JBS4m3Sb6CSmCGiOlSPofRp1WtW3eM6naN4iarEw17LiOFoaMwulzjTiPgmeC8n1
-klBOXGmUy/xORvY=
------END AGE ENCRYPTED FILE-----

diff --git a/secrets/lollo/solar-nrw/vpn-secrets.age b/secrets/lollo/solar-nrw/vpn-secrets.age
@@ -1,13 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTXRzYTF3dUJnb2dnT1J2
-ckUzUEZFcm1YSnRIdEU2QnZ0R0JQS2VCd21VCnRiWGpVWGhvWGpZWmxKQ1AvYmlS
-U01jOW4rUk9VUTJ0b1ZreExUQlJlL1kKLT4gc3NoLWVkMjU1MTkgMXJjY0t3IEJH
-NUF0UFl5dXYyRHVQdW1zTUxPT3pYdTZvdkVXMSt1R0dJazd3dDhOMmcKSzJlUWlB
-Z1hiQWM3alc4cWFGRlN1YWJNc3ZMQnZOckEzZGJiRUFTak9ZQQotPiA+akYtZ3Jl
-YXNlIEpxIGtrTClHPVUgNCZvL2xTICxdUUR9JQp0NktHSHJpaGlnU2FoY2tHdXR3
-alJLRHpHRjRMU3F1bGwrNDltNnJNdUpTS0ZtTGR0Q3Q4VThnNHpIK3h4SU13Ckxl
-RkVPVFkKLS0tIFhoRzB2S01rWUNkT0lnMnYvNW1pbDFsbE5TbmplYzhSN2ZhZW1w
-TE1CNFkKNfFrldOr5bCQoX1Ap3hrGtfKpfDa0td8vNAtE1cvoGVzPyVID0eANubc
-VTbwbXAczqR1RGdSGeDwrHQsN35hL9QAQw8WP8btSqWQpJ7T5AzRPfSb00iWCT7v
-TBw/lLPoPapl/1AOsvFTMXI=
------END AGE ENCRYPTED FILE-----

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -36,13 +36,15 @@ in {
   "briefkasten/influx/master_token.age".publicKeys             = [ leah briefkasten ];
   "briefkasten/influx/backup_env.age".publicKeys               = [ leah briefkasten ];
 
-  "lollo/mosquitto/passwd-nrw.age".publicKeys                 = [ leah lollo ];
   "briefkasten/mosquitto/passwd-leah.age".publicKeys          = [ leah briefkasten ];
+  "briefkasten/mosquitto/passwd-nrw.age".publicKeys           = [ leah briefkasten ];
 
   "briefkasten/zigbee2mqtt/secrets.age".publicKeys            = [ leah briefkasten ];
 
   "briefkasten/telegraf/secrets.env.age".publicKeys           = [ leah briefkasten ];
 
+  "briefkasten/solar-nrw/vpn-secrets.age".publicKeys          = [ leah briefkasten ];
+  "briefkasten/solar-nrw/solax2mqtt.age".publicKeys           = [ leah briefkasten ];
 
   "lollo/restic-server-htpasswd.age".publicKeys               = [ leah lollo ];
 

@@ -59,8 +61,6 @@ in {
   "briefkasten/restic/influxdb.age".publicKeys                      = [ leah briefkasten ];
   "briefkasten/restic/ctucx-things.age".publicKeys                  = [ leah briefkasten ];
 
-  "lollo/solar-nrw/vpn-secrets.age".publicKeys                = [ leah lollo ];
-  "lollo/solar-nrw/solax2mqtt.age".publicKeys                 = [ leah lollo ];
   "briefkasten/restic/syncthing-audiobooks-orig.age".publicKeys     = [ leah briefkasten ];
   "briefkasten/restic/syncthing-audiobooks.age".publicKeys          = [ leah briefkasten ];
   "briefkasten/restic/syncthing-documents.age".publicKeys           = [ leah briefkasten ];