diff --git a/flake.nix b/flake.nix index 6f96fca..e8d2b86 100644 --- a/flake.nix +++ b/flake.nix @@ -129,6 +129,7 @@ pkgs = nixpkgs.legacyPackages."x86_64-linux"; lib = pkgs.lib; + registry = import ./registry; data-hoarder-modules = [ ./modules/data-hoarder @@ -168,19 +169,16 @@ ]; # function that generates a system with the given number - generate_system = (id: arch: monitoring: + generate_system = (id: + let + myRegistry = registry.traffic-stop-box."${toString id}"; + in { - "traffic-stop-box-${toString id}" = nixpkgs.lib.nixosSystem + "${myRegistry.hostName}" = nixpkgs.lib.nixosSystem { - system = arch; - specialArgs = inputs; + system = myRegistry.arch; + specialArgs = { inherit self inputs; registry = myRegistry; }; modules = - let - monitoring-mod = - if monitoring - then { deployment-TLMS.monitoring.enable = true; } - else { deployment-TLMS.monitoring.enable = false; }; - in [ # box-specific config ./hosts/traffic-stop-box/${toString id} @@ -190,49 +188,18 @@ ./modules/traffic-stop-box ./modules/TLMS { - deployment-TLMS.systemNumber = id; + deployment-TLMS.monitoring.enable = myRegistry.monitoring; } - monitoring-mod ] ++ stop-box-modules; }; } ); - id_list = [ - { - # Barkhausen Bau - id = 0; - arch = "x86_64-linux"; - monitoring = true; - } - { - # Zentralwerk - id = 1; - arch = "x86_64-linux"; - monitoring = true; - } - { - # Wundstr. 9 - id = 4; - arch = "x86_64-linux"; - monitoring = true; - } - { - # Hannover Bredero Hochhaus City - id = 8; - arch = "aarch64-linux"; - monitoring = false; - } - { - # Hannover Bredero Hochhaus Wider Area - id = 9; - arch = "aarch64-linux"; - monitoring = false; - } - ]; + # list of traffic-stop-box-$id that will be built + stop_box_ids = [ 0 1 4 8 9 ]; # attribute set of all traffic stop boxes - stop_boxes = nixpkgs.lib.foldl (x: y: nixpkgs.lib.mergeAttrs x (generate_system y.id y.arch y.monitoring)) { } id_list; + stop_boxes = nixpkgs.lib.foldl (x: id: nixpkgs.lib.mergeAttrs x (generate_system id)) { } stop_box_ids; packages = { staging-microvm = self.nixosConfigurations.staging-data-hoarder.config.microvm.declaredRunner; @@ -240,8 +207,6 @@ } // (import ./pkgs/deployment.nix { inherit self pkgs lib; }) // (lib.foldl (x: y: lib.mergeAttrs x { "${y.config.system.name}-vm" = y.config.system.build.vm; }) { } (lib.attrValues self.nixosConfigurations)); - - registry = import ./registry; in { diff --git a/hosts/traffic-stop-box/0/default.nix b/hosts/traffic-stop-box/0/default.nix index fce9c74..6de7e2b 100644 --- a/hosts/traffic-stop-box/0/default.nix +++ b/hosts/traffic-stop-box/0/default.nix @@ -3,7 +3,5 @@ "${self}/hardware/dell-wyse-3040.nix" ]; - deployment-TLMS.net.wg.publicKey = "qyStvzZdoqcjJJQckw4ZwvsQUa+8TBWtnsRxURqanno="; - TLMS.telegramDecoder.errorCorrection = false; } diff --git a/hosts/traffic-stop-box/1/default.nix b/hosts/traffic-stop-box/1/default.nix index 8f84182..6de7e2b 100644 --- a/hosts/traffic-stop-box/1/default.nix +++ b/hosts/traffic-stop-box/1/default.nix @@ -3,7 +3,5 @@ "${self}/hardware/dell-wyse-3040.nix" ]; - deployment-TLMS.net.wg.publicKey = "dOPobdvfphx0EHmU7dd5ihslFzZi17XgRDQLMIUYa1w="; - TLMS.telegramDecoder.errorCorrection = false; } diff --git a/hosts/traffic-stop-box/10/default.nix b/hosts/traffic-stop-box/10/default.nix index f63c598..bf4f5e2 100644 --- a/hosts/traffic-stop-box/10/default.nix +++ b/hosts/traffic-stop-box/10/default.nix @@ -2,6 +2,4 @@ imports = [ "${self}/hardware/dell-wyse-3040.nix" ]; - - deployment-TLMS.net.wg.publicKey = "dL9JGsBhaTOmXgGEH/N/GCHbQgVHEjBvIMaRtCsHBHw="; } diff --git a/hosts/traffic-stop-box/2/default.nix b/hosts/traffic-stop-box/2/default.nix index 9e54eaa..bf4f5e2 100644 --- a/hosts/traffic-stop-box/2/default.nix +++ b/hosts/traffic-stop-box/2/default.nix @@ -2,6 +2,4 @@ imports = [ "${self}/hardware/dell-wyse-3040.nix" ]; - - deployment-TLMS.net.wg.publicKey = "4TUQCToGNhjsCgV9elYE/91Vd/RvMgvMXtF/1Dzlvxo="; } diff --git a/hosts/traffic-stop-box/3/default.nix b/hosts/traffic-stop-box/3/default.nix index 4ebb3d9..96beeae 100644 --- a/hosts/traffic-stop-box/3/default.nix +++ b/hosts/traffic-stop-box/3/default.nix @@ -2,6 +2,4 @@ imports = [ "${self}/hardware/rpi-3b-4b.nix" ]; - - deployment-TLMS.net.wg.publicKey = "w3AT3EahW1sCK8ZsR7sDTcQj1McXYeWx7fnfQFA7i3o="; } diff --git a/hosts/traffic-stop-box/4/default.nix b/hosts/traffic-stop-box/4/default.nix index 3f5be91..bd19b12 100644 --- a/hosts/traffic-stop-box/4/default.nix +++ b/hosts/traffic-stop-box/4/default.nix @@ -23,7 +23,5 @@ let eth = "enp1s0"; in ]; }; - deployment-TLMS.net.wg.publicKey = "B0wPH0jUxaatRncHMkgDEQ+DzvlbTBrVJY4etxqQgG8="; - TLMS.telegramDecoder.errorCorrection = false; } diff --git a/hosts/traffic-stop-box/6/default.nix b/hosts/traffic-stop-box/6/default.nix index a46dbca..5c4d5c3 100644 --- a/hosts/traffic-stop-box/6/default.nix +++ b/hosts/traffic-stop-box/6/default.nix @@ -10,6 +10,4 @@ "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado=" "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado=" ]; - - deployment-TLMS.net.wg.publicKey = "NuLDNmxuHHzDXJSIOPSoihEhLWjARRtavuQvWirNR2I="; } diff --git a/hosts/traffic-stop-box/7/default.nix b/hosts/traffic-stop-box/7/default.nix index 19fedef..5c4d5c3 100644 --- a/hosts/traffic-stop-box/7/default.nix +++ b/hosts/traffic-stop-box/7/default.nix @@ -10,6 +10,4 @@ "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado=" "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado=" ]; - - deployment-TLMS.net.wg.publicKey = "sMsdY7dSjlYeIFMqjkh4pJ/ftAYXlyRuxDGbdnGLpEQ="; } diff --git a/hosts/traffic-stop-box/8/default.nix b/hosts/traffic-stop-box/8/default.nix index 5529213..3106e78 100644 --- a/hosts/traffic-stop-box/8/default.nix +++ b/hosts/traffic-stop-box/8/default.nix @@ -9,6 +9,4 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJO/8PRzEqW20vnADv5xJrV5AlQ9bS8251AyQACyFMz+ dumbdvb_clarity" ]; - - deployment-TLMS.net.wg.publicKey = "dL9JGsBhaTOmXgGEH/N/GCHbQgVHEjBvIMaRtCsHBHw="; } diff --git a/hosts/traffic-stop-box/9/default.nix b/hosts/traffic-stop-box/9/default.nix index 02cb2b1..3106e78 100644 --- a/hosts/traffic-stop-box/9/default.nix +++ b/hosts/traffic-stop-box/9/default.nix @@ -9,6 +9,4 @@ users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJO/8PRzEqW20vnADv5xJrV5AlQ9bS8251AyQACyFMz+ dumbdvb_clarity" ]; - - deployment-TLMS.net.wg.publicKey = "j2hGr2rVv7T9kJE15c2IFWjmk0dXuJPev2BXiHZUKk8="; } diff --git a/modules/traffic-stop-box/configuration.nix b/modules/traffic-stop-box/configuration.nix index 985972e..5cb55c9 100644 --- a/modules/traffic-stop-box/configuration.nix +++ b/modules/traffic-stop-box/configuration.nix @@ -1,9 +1,9 @@ -{ pkgs, config, self, ... }: +{ pkgs, config, registry, ... }: { boot.tmp.useTmpfs = true; - networking.hostName = "traffic-stop-box-${toString config.deployment-TLMS.systemNumber}"; # Define your hostname. + networking.hostName = registry.hostName; # reboot 60 seconds after kernel panic boot.kernel.sysctl."kernel.panic" = 60; diff --git a/modules/traffic-stop-box/radio-config.nix b/modules/traffic-stop-box/radio-config.nix index c6d5263..44fcccf 100644 --- a/modules/traffic-stop-box/radio-config.nix +++ b/modules/traffic-stop-box/radio-config.nix @@ -1,33 +1,13 @@ -{ config, lib, self, ... }: +{ config, lib, self, registry, ... }: let file = with config.deployment-TLMS; "${self}/hosts/traffic-stop-box/${toString systemNumber}/config_${toString systemNumber}.json"; - receiver_configs = [ - { frequency = 170790000; offset = 20000; device = ""; RF = 0; IF = 0; BB = 32; } # dresden - barkhausen - { frequency = 170790000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # dresden - zentralwerk - { frequency = 153850000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # chemnitz - { frequency = 170795000; offset = 19400; device = ""; RF = 14; IF = 32; BB = 42; } # dresden unused - { frequency = 170790000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # dresden Wundstr. 9 - { frequency = 170790000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # dresden test box - { frequency = 150827500; offset = 19550; device = ""; RF = 14; IF = 32; BB = 42; } # warpzone münster - { frequency = 150827500; offset = 19550; device = ""; RF = 14; IF = 32; BB = 42; } # drehturm aachen - { frequency = 150890000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # Hannover Bredero Hochhaus City - { frequency = 152830000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # Hannover Bredero Hochaus Umland - { frequency = 153850000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; } # CLT - ]; - - receiver_config = lib.elemAt receiver_configs config.deployment-TLMS.systemNumber; in { TLMS.gnuradio = { enable = true; - frequency = receiver_config.frequency; - offset = receiver_config.offset; - device = receiver_config.device; - RF = receiver_config.RF; - IF = receiver_config.IF; - BB = receiver_config.BB; - }; + } // registry.gnuradio; + TLMS.telegramDecoder = { enable = true; server = [ "http://10.13.37.1:8080" "http://10.13.37.5:8080" "http://10.13.37.7:8080" ]; diff --git a/modules/traffic-stop-box/secrets.nix b/modules/traffic-stop-box/secrets.nix index b3af947..130753c 100644 --- a/modules/traffic-stop-box/secrets.nix +++ b/modules/traffic-stop-box/secrets.nix @@ -1,6 +1,6 @@ -{ config, self, ... }: +{ config, self, registry, ... }: { - sops.defaultSopsFile = self + /secrets/traffic-stop-box-${toString config.deployment-TLMS.systemNumber}/secrets.yaml; + sops.defaultSopsFile = self + /secrets/${registry.hostName}/secrets.yaml; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.secrets.telegram-decoder-token.owner = config.users.users.telegram-decoder.name; diff --git a/modules/traffic-stop-box/wireguard-client.nix b/modules/traffic-stop-box/wireguard-client.nix index c2e5ac3..13e5ebe 100644 --- a/modules/traffic-stop-box/wireguard-client.nix +++ b/modules/traffic-stop-box/wireguard-client.nix @@ -1,5 +1,5 @@ -{ config, lib, ... }: -# pubkey of the box goes to hosts/traffic-stop-box/${id}.nix! +{ config, lib, registry, ... }: +# pubkey of the box goes to registry/traffic-stop-box/default.nix! { networking.useNetworkd = lib.mkForce true; @@ -8,7 +8,8 @@ }; deployment-TLMS.net.wg = { - addr4 = lib.mkDefault "10.13.37.${toString (config.deployment-TLMS.systemNumber + 100)}"; + addr4 = registry.wgAddr4; + publicKey = registry.wireguardPublicKey; prefix4 = 24; privateKeyFile = lib.mkDefault config.sops.secrets.wg-seckey.path; }; diff --git a/registry/default.nix b/registry/default.nix index 66911eb..6312180 100644 --- a/registry/default.nix +++ b/registry/default.nix @@ -1 +1,4 @@ -{ data-hoarder = import ./data-hoarder; } +{ + data-hoarder = import ./data-hoarder; + traffic-stop-box = import ./traffic-stop-box; +} diff --git a/registry/traffic-stop-box/default.nix b/registry/traffic-stop-box/default.nix new file mode 100644 index 0000000..f656c0a --- /dev/null +++ b/registry/traffic-stop-box/default.nix @@ -0,0 +1,78 @@ +{ + # Barkhausen Bau + "0" = { + wireguardPublicKey = "qyStvzZdoqcjJJQckw4ZwvsQUa+8TBWtnsRxURqanno="; + hostName = "traffic-stop-box-0"; + gnuradio = { frequency = 170790000; offset = 20000; device = ""; RF = 0; IF = 0; BB = 32; }; # dresden - barkhausen + wgAddr4 = "10.13.37.100"; + arch = "x86_64-linux"; + monitoring = true; + }; + # Zentralwerk + "1" = { + wireguardPublicKey = "dOPobdvfphx0EHmU7dd5ihslFzZi17XgRDQLMIUYa1w="; + hostName = "traffic-stop-box-1"; + gnuradio = { frequency = 170790000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; }; # dresden - zentralwerk + wgAddr4 = "10.13.37.101"; + arch = "x86_64-linux"; + monitoring = true; + }; + "2" = { + wireguardPublicKey = "4TUQCToGNhjsCgV9elYE/91Vd/RvMgvMXtF/1Dzlvxo="; + hostName = "traffic-stop-box-2"; + gnuradio = { frequency = 153850000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; }; # chemnitz + wgAddr4 = "10.13.37.102"; + }; + "3" = { + wireguardPublicKey = "w3AT3EahW1sCK8ZsR7sDTcQj1McXYeWx7fnfQFA7i3o="; + hostName = "traffic-stop-box-3"; + gnuradio = { frequency = 170795000; offset = 19400; device = ""; RF = 14; IF = 32; BB = 42; }; # dresden unused + wgAddr4 = "10.13.37.103"; + }; + # Wundstr. 9 + "4" = { + wireguardPublicKey = "B0wPH0jUxaatRncHMkgDEQ+DzvlbTBrVJY4etxqQgG8="; + hostName = "traffic-stop-box-4"; + gnuradio = { frequency = 170790000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; }; # dresden Wundstr. 9 + wgAddr4 = "10.13.37.104"; + arch = "x86_64-linux"; + monitoring = true; + }; + # number 5 is missing + "6" = { + wireguardPublicKey = "NuLDNmxuHHzDXJSIOPSoihEhLWjARRtavuQvWirNR2I="; + hostName = "traffic-stop-box-6"; + gnuradio = { frequency = 150827500; offset = 19550; device = ""; RF = 14; IF = 32; BB = 42; }; # warpzone münster + wgAddr4 = "10.13.37.106"; + }; + "7" = { + wireguardPublicKey = "sMsdY7dSjlYeIFMqjkh4pJ/ftAYXlyRuxDGbdnGLpEQ="; + hostName = "traffic-stop-box-7"; + gnuradio = { frequency = 150827500; offset = 19550; device = ""; RF = 14; IF = 32; BB = 42; }; # drehturm aachen + wgAddr4 = "10.13.37.107"; + }; + # Hannover Bredero Hochhaus City + "8" = { + wireguardPublicKey = "dL9JGsBhaTOmXgGEH/N/GCHbQgVHEjBvIMaRtCsHBHw="; + hostName = "traffic-stop-box-8"; + gnuradio = { frequency = 150890000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; }; # Hannover Bredero Hochhaus City + wgAddr4 = "10.13.37.108"; + arch = "aarch64-linux"; + monitoring = false; + }; + # Hannover Bredero Hochhaus Wider Area + "9" = { + wireguardPublicKey = "j2hGr2rVv7T9kJE15c2IFWjmk0dXuJPev2BXiHZUKk8="; + hostName = "traffic-stop-box-9"; + gnuradio = { frequency = 152830000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; }; # Hannover Bredero Hochaus Umland + wgAddr4 = "10.13.37.109"; + arch = "aarch64-linux"; + monitoring = false; + }; + "10" = { + wireguardPublicKey = "dL9JGsBhaTOmXgGEH/N/GCHbQgVHEjBvIMaRtCsHBHw="; + hostName = "traffic-stop-box-10"; + gnuradio = { frequency = 153850000; offset = 20000; device = ""; RF = 14; IF = 32; BB = 42; }; # CLT + wgAddr4 = "10.13.37.110"; + }; +}