diff --git a/flake.lock b/flake.lock index 9e8401eb..3b187f4f 100644 --- a/flake.lock +++ b/flake.lock @@ -327,11 +327,11 @@ ] }, "locked": { - "lastModified": 1640393547, - "narHash": "sha256-UCCzxswpYTBW5Iv56rhtydsgrpvul0cAfxysCWmVgYk=", + "lastModified": 1640802687, + "narHash": "sha256-ITEKxmlg4ectAqSp8mM3M/VCHu973UEcdt8yDb+hzDg=", "ref": "master", - "rev": "9a1eef32664986af8797eab1b14b273d90faf6e6", - "revCount": 114, + "rev": "6ae85faf2f864c6a004915cce7d071e827dda314", + "revCount": 115, "type": "git", "url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git" }, diff --git a/flake.nix b/flake.nix index 528abe71..e4701cf6 100644 --- a/flake.nix +++ b/flake.nix @@ -252,7 +252,11 @@ radiobert = nixosSystem' { modules = [ "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" - { nixpkgs.overlays = [ heliwatch.overlay ]; } + { + nixpkgs.overlays = [ heliwatch.overlay ]; + sops.defaultSopsFile = "${secrets}/hosts/radiobert/secrets.yaml"; + } + sops-nix.nixosModules.sops ./hosts/radiobert ]; system = "aarch64-linux"; diff --git a/hosts/radiobert/base.nix b/hosts/radiobert/base.nix index 79bfc06f..d753bc38 100644 --- a/hosts/radiobert/base.nix +++ b/hosts/radiobert/base.nix @@ -75,6 +75,7 @@ buildCores = 4; maxJobs = 2; }; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; networking = { hostName = "radiobert"; # Define your hostname. diff --git a/hosts/radiobert/readsb.nix b/hosts/radiobert/readsb.nix index fef0f29d..e61f132c 100644 --- a/hosts/radiobert/readsb.nix +++ b/hosts/radiobert/readsb.nix @@ -4,11 +4,30 @@ let lat = "51.081"; lon = "13.728"; altitude = "150"; + + makeMlatClientService = args: { + wantedBy = [ "multi-user.target" ]; + requires = [ "readsb.service" ]; + serviceConfig = { + User = "mlat-client"; + Group = "adsb"; + ProtectHome = true; + Restart = "always"; + RestartSec = "10s"; + }; + path = with pkgs; [ mlat-client ]; + script = '' + mlat-client --input-type beast --input-connect localhost:30005 --lat ${lat} --lon ${lon} --alt ${altitude} ${args} + ''; + }; in { boot.blacklistedKernelModules = [ # no watching TV intended "dvb_usb_rtl28xxu" ]; + sops.secrets = { + "chaos-consulting/user".owner = "mlat-client"; + }; users.users.readsb = { isSystemUser = true; group = "adsb"; @@ -32,19 +51,9 @@ in { group = "adsb"; }; # Feeds adsbexchange.com, test at https://www.adsbexchange.com/myip/ - systemd.services.mlat-client = { - wantedBy = [ "multi-user.target" ]; - requires = [ "mlat-client.service" ]; - serviceConfig = { - ExecStart = "${pkgs.mlat-client}/bin/mlat-client --input-type beast --input-connect radiobert.serv.zentralwerk.org:30005 --lat ${lat} --lon ${lon} --alt ${altitude} --user C3D2"; - User = "mlat-client"; - Group = "adsb"; - ProtectSystem = "full"; - ProtectHome = true; - Restart = "always"; - RestartSec = "10s"; - }; - }; + systemd.services.mlat-client-adsbexchange = makeMlatClientService "--server feed.adsbexchange.com:31090 --user C3D2"; + # Feeds https://adsb.chaos-consulting.de/map/ + systemd.services.mlat-client-chaos-consulting = makeMlatClientService "--server feed.adsbexchange.com:31090 --user \"$(cat ${config.sops.secrets."chaos-consulting/user".path})\""; users.users.sbs2json = { isSystemUser = true; @@ -65,6 +74,33 @@ in { }; }; + systemd.services.feed-chaos-consulting = { + wantedBy = [ "multi-user.target" ]; + requires = [ "sbs2json.service" ]; + serviceConfig = { + User = "mlat-client"; + Group = "adsb"; + ProtectHome = true; + Restart = "always"; + RestartSec = "10s"; + }; + path = with pkgs; [ curl gzip ]; + script = '' + while curl -s http://localhost:8080/data.json \ + | gzip -c \ + | curl -s \ + -u "$(cat ${config.sops.secrets."chaos-consulting/user".path})" \ + -X POST \ + -H "Content-type: application/json" \ + -H "Content-encoding: gzip" \ + --data-binary @- \ + https://adsb.chaos-consulting.de/aircraftin/index.php + do + sleep 1 + done + ''; + }; + users.users.dump1090-influxdb = { isSystemUser = true; group = "adsb";