From 42b649d1db47a7ea33a360d33ae5d52a13e87438 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Tue, 9 Sep 2025 19:02:05 +0200 Subject: [PATCH 01/27] Update backup access ssh key --- machines/ssh_keys.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/ssh_keys.nix b/machines/ssh_keys.nix index 0a45f15..12887f2 100644 --- a/machines/ssh_keys.nix +++ b/machines/ssh_keys.nix @@ -7,6 +7,6 @@ ]; backup = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIGryhnXdmbGObONG88K+c9zeduMrwtoLHwzMDZg3UXB+Cnq2FXWOrlLZxA+95VUgHpyGZiykJmzeWrKhldDlDeGGd8QCCLeuliiOgXADTYjWaVfhd+6arPZrK2VtqqsguvH40gW1xfoGAOmAT4WFnxWxIaEip0V2u6NOoKTiH9I3bz2Qe4lfJvPXig+XwCXcukXd6XUkDFYDpiw8XNV3X7pqTus5d2RYR97bAhIYZZQ6h50ZpTY8N0lFh4RY5yfx8BhxJW3tfoi9uZvVuPx7dGPsZsSniENFPMNz3UwHGitTJMr4088cJrAGgd5lyFuLouiHiM2JMGA0wx9wWTbWJEwTLaTVQK9gSJf857ndV2zCh9vKlfko4w9bQgqxKg4U/mY8dXX1E7D51nD2ci8Ed+ZG+NEneFLyZhLsD82GkBY+YovA+4xm/pcx+hBhlyqGNxI8v+Jh+JhEyD/ZLgJfq3ZMbGIGsTiDwZ2flLLxImHHEoDoT6PHU6hDhPDJu560=" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKl5FWPskhlnzJs1+mMYrVTMNnRG92uFKUgGlteTPhL" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP4s6qNKwtu2l5DRKU/Xo6lMRztqNw/MOVsKx58kUE8 root@silizium" ]; } From d18df59c669bc9df839332ce2c43d7fb7d02defa Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 11 Oct 2025 21:38:09 +0200 Subject: [PATCH 02/27] [nextcloud] change the deck app to allow dragging on text --- machines/nextcloud/configuration.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/machines/nextcloud/configuration.nix b/machines/nextcloud/configuration.nix index 98b9688..3d4d4a0 100644 --- a/machines/nextcloud/configuration.nix +++ b/machines/nextcloud/configuration.nix @@ -47,12 +47,17 @@ with lib; }; extraAppsEnable = true; extraApps = { - inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration collectives forms; + inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms; appointments = pkgs.fetchNextcloudApp { sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78="; url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz"; license = "agpl3Plus"; }; + deck = pkgs.fetchNextcloudApp { + sha256 = "sha256-1sqDmJpM9SffMY2aaxwzqntdjdcUaRySyaUDv9VHuiE="; + url = "https://link.storjshare.io/raw/jw7pf6gct34j3pcqvlq6ddasvdwq/mal/deck.tar.gz"; + license = "agpl3Plus"; + }; }; settings = { trusted_domains = ["10.0.0.13"]; From 0df92ef602bd618b3c3017be87ff7e7ddf600d8c Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 11 Oct 2025 21:38:50 +0200 Subject: [PATCH 03/27] [docs] add dokumentation about updating the modified nextcloud deck app --- doc/src/SUMMARY.md | 1 + doc/src/anleitung/update_nextcloud.md | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 doc/src/anleitung/update_nextcloud.md diff --git a/doc/src/SUMMARY.md b/doc/src/SUMMARY.md index 001e937..1a32f92 100644 --- a/doc/src/SUMMARY.md +++ b/doc/src/SUMMARY.md @@ -21,3 +21,4 @@ - [Updates](./anleitung/updates.md) - [Rollbacks](./anleitung/rollback.md) - [MicroVM](./anleitung/microvm.md) + - [Update Nextcloud](./anleitung/update_nextcloud.md) diff --git a/doc/src/anleitung/update_nextcloud.md b/doc/src/anleitung/update_nextcloud.md new file mode 100644 index 0000000..3a3f5e4 --- /dev/null +++ b/doc/src/anleitung/update_nextcloud.md @@ -0,0 +1,16 @@ +### Updating nextcloud + +## Updating the draggable patch + +The draggable patch is a one line patch found in the deck repo under `src/components/cards/CardItem.vue` +Direct link: https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761 + +The easiest way to apply is +1. Sync the repo with remote https://github.com/nextcloud/deck/tree/main +2. Checkout the stable branch for the nextcloud version you need + - example `git checkout stable31` +3. Apply the patch using `git cherry-pick bac32ace61e7e1e01168f9220cee1d24ce576d5e` +4. Start a nix-shell with `nix-shell -p gnumake krankerl php84Packages.composer php nodejs_24` +5. run `krankerl package` +6. upload the archive at "./build/artifacts/deck.tar.gz" to a file storage (ask Ahtlon for access to the storj s3 or use own) +7. Change url and sha in the nextcloud configuration.nix `deck = pkgs.fetchNextcloudApp {};` From bb2b23faf1f6705aedbf7301d3c6616eaf7744f4 Mon Sep 17 00:00:00 2001 From: kalipso Date: Mon, 20 Oct 2025 19:40:18 +0200 Subject: [PATCH 04/27] [flake] update tasklist --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 2cddcb3..e11678c 100644 --- a/flake.lock +++ b/flake.lock @@ -357,11 +357,11 @@ ] }, "locked": { - "lastModified": 1743458889, - "narHash": "sha256-eVTtsCPio3Wj/g/gvKTsyjh90vrNsmgjzXK9jMfcboM=", + "lastModified": 1760981884, + "narHash": "sha256-ASFWbOhuB6i3AKze5sHCvTM+nqHIuUEZy9MGiTcdZxA=", "ref": "refs/heads/master", - "rev": "b61466549e2687628516aa1f9ba73f251935773a", - "revCount": 30, + "rev": "b67eb2d778a34c0dceb91a236b390fe493aa3465", + "revCount": 32, "type": "git", "url": "https://git.dynamicdiscord.de/kalipso/tasklist" }, From 9eb61b166afa596b1042adc37f8020b07308c611 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 25 Oct 2025 21:51:14 +0200 Subject: [PATCH 05/27] Add printer scraping --- machines/overwatch/configuration.nix | 9 ++ machines/overwatch/printer_module.nix | 33 +++++++ machines/overwatch/pull_info.sh | 129 ++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 machines/overwatch/printer_module.nix create mode 100644 machines/overwatch/pull_info.sh diff --git a/machines/overwatch/configuration.nix b/machines/overwatch/configuration.nix index aa2d89e..d6ece49 100644 --- a/machines/overwatch/configuration.nix +++ b/machines/overwatch/configuration.nix @@ -12,6 +12,7 @@ with lib; self.nixosModules.malobeo.metrics ../modules/malobeo_user.nix ../modules/sshd.nix + ./printer_module.nix ]; networking.firewall.allowedTCPPorts = [ 80 3100 ]; @@ -77,6 +78,8 @@ with lib; }; }; }; + + printer_scraping.enable = true; services.prometheus = { enable = true; @@ -89,6 +92,12 @@ with lib; targets = [ "127.0.0.1:9002" ]; }]; } + { + job_name = "printer"; + static_configs = [{ + targets = [ "127.0.0.1:9091" ]; + }]; + } { job_name = "durruti"; static_configs = [{ diff --git a/machines/overwatch/printer_module.nix b/machines/overwatch/printer_module.nix new file mode 100644 index 0000000..8d457ff --- /dev/null +++ b/machines/overwatch/printer_module.nix @@ -0,0 +1,33 @@ +{config, lib, pkgs, ...}: +{ + options.printer_scraping = { + enable = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enable the script to pull data from the printer" + }; + timer = lib.mkOption { + type = lib.types.string; + default = "1m"; + description = "systemd timer for script execution"; + }; + }; + + config = lib.mkIf config.printer_scraping.enable { + systemd.services."printer-scraping" = { + description = "Pull printer stats and upload to influxdb"; + serviceConfig.Type = "oneshot"; + path = with pkgs; [yq curl]; + script = "exec ${./pull_info.sh}"; + }; + systemd.timers."printer-scraping" = { + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "60s"; + OnUnitActiveSec = config.printer_scraping.timer; + Unit = "printer-scraping.service"; + }; + }; + services.prometheus.pushgateway.enable = true; #Im not dealing with influx + }; +} \ No newline at end of file diff --git a/machines/overwatch/pull_info.sh b/machines/overwatch/pull_info.sh new file mode 100644 index 0000000..37244b3 --- /dev/null +++ b/machines/overwatch/pull_info.sh @@ -0,0 +1,129 @@ +#!/usr/bin/env bash +set -o pipefail + +#Functions--------------- +get_cookie () { + if [[ $1 == "-d" ]]; then + cookie=$(cat request_example_1.txt) + else + cookie=$(curl -D - -X GET http://192.168.1.42/wcd/index.html) + fi + + exitCode="$?" + if [[ $exitCode == "7" ]]; + then + echo "Server offline" + exit 0 + elif [[ $exitCode != "0" ]]; + then + echo "Something went wrong" + exit 1 + fi + + cookie=$(echo "$cookie" | grep Set-Cookie | grep -oP "ID=\K[^.]+" ) + if [[ $cookie == "" ]] + then + echo "No cookie got!" + exit 1 + fi +} +get_values () { + local path="$1" + local -n keys=$2 + local name="$3" + + local_system_counter_data=$(echo "$system_counter_data" | jq "$path | .[]") + for key in "${keys[@]}"; + do + value=$(echo "$local_system_counter_data" | + jq "select(.Type==\"$key\") | .Count" | + sed 's/"//g' + ) + valueStore=$(echo "$valueStore"; echo "$name"_"$key" "$value") + done +} +get_values_DeviceStatus () { + local -n keys=$1 + local name="$2" + + local_system_counter_data=$(echo "$system_counter_data" | jq ".MFP.Common.DeviceStatus") + for key in "${keys[@]}"; + do + value=$(echo "$local_system_counter_data" | + jq ".$key" | + sed 's/"//g' + ) + valueStore=$(echo "$valueStore"; echo "$name"_"$key" "$value") + done + +} +get_values_consumables () { + local -n keys=$1 + local name="$2" + + local_system_consumables_data=$(echo "$system_consumables_data" | jq ".[] |.DeviceInfo.ConsumableList.Consumable | .[]") + for key in "${keys[@]}"; + do + value=$( + echo "$local_system_consumables_data" | + jq "select(.Name==\"$key\") | .CurrentLevel.LevelPer" | + sed 's/"//g' + ) + valueStore=$(echo "$valueStore"; echo "$name"_"${key//[^a-zA-Z_-]/_}" "$value") + done +} +#End Functions---------- + +#Variables----------------------- +system_counter_DeviceStatus_keys=("ScanStatus" "PrintStatus" "Processing" "NetworkErrorStatus" "KmSaasgw" "HddMirroringErrorStatus") +system_counter_TotalCounter_keys=("Total" "DuplexTotal" "Document" "Paper" "TotalLarge" "PrintPageTotal" "PaperSizeA3" "PaperSizeA4" "PaperSizeB4" "PaperSizeB5" "PaperSizeOther" "Nin12in1" "PaperTypeNormal" "PaperTypeOther") +system_counter_FullColorCounter_keys=("PrintPageTotal" "A3" "A4" "B4" "B5" "Other") +system_counter_BlackCounter_keys=("PrintPageTotal" "A3" "A4" "B4" "B5" "Other") +system_counter_DoubleColorCounter_keys=("PrintPageTotal" "A3" "A4" "B4" "B5" "Other") +system_counter_CopyCounter_keys=("BwTotal" "FullColorTotal" "Total" "BwLarge" "FullColorLarge" "BiColorLarge") +system_counter_PrintCounter_keys=("BwTotal" "FullColorTotal" "BiColorTotal" "Total" "BwLarge" "FullColorLarge" "BiColorLarge") +system_counter_ScanFaxCounter_keys=("DocumentReadTotal" "DocumentReadLarge" "FaxReceive" "FaxSend") +system_consumables_base_keys=("Toner (Yellow)" "Toner (Magenta)" "Toner (Cyan)" "Toner (Black)" "Drum Cartridge (Cyan)" "Developer Cartridge (Cyan)" "Drum Cartridge (Magenta)" "Developer Cartridge (Magenta)" "Drum Cartridge (Yellow)" "Developer Cartridge (Yellow)" "Drum Cartridge (Black)" "Developer Cartridge (Black)" "Fusing Unit" "Image Transfer Belt Unit" "Transfer Roller Unit") +#End Variables------------- + +echo "Start getting cookie" +get_cookie "$@" +echo "Cookie got" + +echo "Start extract from system_counter" +if [[ $1 == "-d" ]]; then + system_counter_data=$(cat system_counter.xml |xq) +else + system_counter_data=$(curl -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"" |xq) +fi + +get_values ".MFP.Count.UserCounterInfo.TotalCounterList.TotalCounter" system_counter_TotalCounter_keys TotalCounter + +get_values ".MFP.Count.UserCounterInfo.PaperSheetCounter.FullColorCounterList.FullColorCounter" system_counter_FullColorCounter_keys FullColorCounter + +get_values ".MFP.Count.UserCounterInfo.PaperSheetCounter.BlackCounterList.BlackCounter" system_counter_BlackCounter_keys BlackCounter + +get_values ".MFP.Count.UserCounterInfo.PaperSheetCounter.DoubleColorCounterList.DoubleColorCounter" system_counter_DoubleColorCounter_keys DoubleColorCounter + +get_values ".MFP.Count.UserCounterInfo.CopyCounterList.CopyCounter" system_counter_CopyCounter_keys CopyCounter + +get_values ".MFP.Count.UserCounterInfo.ScanFaxCounterList.ScanFaxCounter" system_counter_ScanFaxCounter_keys ScanFaxCounter + +get_values_DeviceStatus system_counter_DeviceStatus_keys DeviceStatus + +echo "Stop extract from system_counter" +echo +echo "Start extract from system_consumables" +if [[ $1 == "-d" ]]; then + system_consumables_data=$(cat system_consumables.xml |xq) +else + system_consumables_data=$(curl -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"") +fi + +get_values_consumables system_consumables_base_keys Consumables + +echo "Stop extract from system_consumables" + +echo "$valueStore" | curl --data-binary @- http://localhost:9091/metrics/job/printer +echo "Success!" +exit 0 \ No newline at end of file From 360d9b3df7feb338e3eaa8fe10549db192a1f9a1 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 25 Oct 2025 22:16:03 +0200 Subject: [PATCH 06/27] Add command testing --- machines/overwatch/pull_info.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/machines/overwatch/pull_info.sh b/machines/overwatch/pull_info.sh index 37244b3..f1824bc 100644 --- a/machines/overwatch/pull_info.sh +++ b/machines/overwatch/pull_info.sh @@ -1,6 +1,13 @@ #!/usr/bin/env bash set -o pipefail - +for command in "jq" "xq" "grep" "curl" "sed" +do + if ! command -v $command >/dev/null 2>&1 + then + echo "$command could not be found" + exit 1 + fi +done #Functions--------------- get_cookie () { if [[ $1 == "-d" ]]; then From 523005ed9464d8e44e276cff83dab72cd7543b41 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 25 Oct 2025 22:16:38 +0200 Subject: [PATCH 07/27] Fix string warning, script execution --- machines/overwatch/printer_module.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/machines/overwatch/printer_module.nix b/machines/overwatch/printer_module.nix index 8d457ff..0eda1d1 100644 --- a/machines/overwatch/printer_module.nix +++ b/machines/overwatch/printer_module.nix @@ -4,10 +4,10 @@ enable = lib.mkOption { type = lib.types.bool; default = false; - description = "Enable the script to pull data from the printer" + description = "Enable the script to pull data from the printer"; }; timer = lib.mkOption { - type = lib.types.string; + type = lib.types.str; default = "1m"; description = "systemd timer for script execution"; }; @@ -17,13 +17,13 @@ systemd.services."printer-scraping" = { description = "Pull printer stats and upload to influxdb"; serviceConfig.Type = "oneshot"; - path = with pkgs; [yq curl]; - script = "exec ${./pull_info.sh}"; + path = with pkgs; [yq jq curl bash]; + script = "bash ${./pull_info.sh}"; }; systemd.timers."printer-scraping" = { wantedBy = ["timers.target"]; timerConfig = { - OnBootSec = "60s"; + OnBootSec = "5s"; OnUnitActiveSec = config.printer_scraping.timer; Unit = "printer-scraping.service"; }; From ae2ec0d7b287021f7ae8d4650fd758d26bcf1669 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Mon, 27 Oct 2025 12:04:27 +0100 Subject: [PATCH 08/27] [printer-scraping] Save server responses for debugging purposes. I'll remove this later --- machines/overwatch/pull_info.sh | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/machines/overwatch/pull_info.sh b/machines/overwatch/pull_info.sh index f1824bc..b389f42 100644 --- a/machines/overwatch/pull_info.sh +++ b/machines/overwatch/pull_info.sh @@ -13,7 +13,7 @@ get_cookie () { if [[ $1 == "-d" ]]; then cookie=$(cat request_example_1.txt) else - cookie=$(curl -D - -X GET http://192.168.1.42/wcd/index.html) + cookie=$(curl -s -D - -X GET http://192.168.1.42/wcd/index.html) fi exitCode="$?" @@ -26,7 +26,9 @@ get_cookie () { echo "Something went wrong" exit 1 fi - + + #DEBUG; DELETE LATER + echo "$cookie" > /home/malobeo/cookie.txt cookie=$(echo "$cookie" | grep Set-Cookie | grep -oP "ID=\K[^.]+" ) if [[ $cookie == "" ]] then @@ -101,8 +103,10 @@ echo "Start extract from system_counter" if [[ $1 == "-d" ]]; then system_counter_data=$(cat system_counter.xml |xq) else - system_counter_data=$(curl -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"" |xq) + system_counter_data=$(curl -s -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"" |xq) fi +#DEBUG; DELETE LATER +echo "$system_counter_data" > /home/malobeo/system_counter_data.txt get_values ".MFP.Count.UserCounterInfo.TotalCounterList.TotalCounter" system_counter_TotalCounter_keys TotalCounter @@ -124,13 +128,16 @@ echo "Start extract from system_consumables" if [[ $1 == "-d" ]]; then system_consumables_data=$(cat system_consumables.xml |xq) else - system_consumables_data=$(curl -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"") + system_consumables_data=$(curl -s -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"") fi +#DEBUG; DELETE LATER +echo "$system_consumables_data" > /home/malobeo/system_consumables_data.txt + get_values_consumables system_consumables_base_keys Consumables echo "Stop extract from system_consumables" -echo "$valueStore" | curl --data-binary @- http://localhost:9091/metrics/job/printer +echo "$valueStore" | curl -s --data-binary @- http://localhost:9091/metrics/job/printer echo "Success!" exit 0 \ No newline at end of file From 38e4199e94d47ae7ba99fa221a54a0f621825c83 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Wed, 29 Oct 2025 12:16:48 +0100 Subject: [PATCH 09/27] [printer-scraping] This should work now --- machines/overwatch/pull_info.sh | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/machines/overwatch/pull_info.sh b/machines/overwatch/pull_info.sh index b389f42..183ddff 100644 --- a/machines/overwatch/pull_info.sh +++ b/machines/overwatch/pull_info.sh @@ -1,5 +1,5 @@ #!/usr/bin/env bash -set -o pipefail +set -eo pipefail for command in "jq" "xq" "grep" "curl" "sed" do if ! command -v $command >/dev/null 2>&1 @@ -26,9 +26,7 @@ get_cookie () { echo "Something went wrong" exit 1 fi - - #DEBUG; DELETE LATER - echo "$cookie" > /home/malobeo/cookie.txt + cookie=$(echo "$cookie" | grep Set-Cookie | grep -oP "ID=\K[^.]+" ) if [[ $cookie == "" ]] then @@ -95,18 +93,15 @@ system_counter_ScanFaxCounter_keys=("DocumentReadTotal" "DocumentReadLarge" "Fax system_consumables_base_keys=("Toner (Yellow)" "Toner (Magenta)" "Toner (Cyan)" "Toner (Black)" "Drum Cartridge (Cyan)" "Developer Cartridge (Cyan)" "Drum Cartridge (Magenta)" "Developer Cartridge (Magenta)" "Drum Cartridge (Yellow)" "Developer Cartridge (Yellow)" "Drum Cartridge (Black)" "Developer Cartridge (Black)" "Fusing Unit" "Image Transfer Belt Unit" "Transfer Roller Unit") #End Variables------------- -echo "Start getting cookie" +echo "Getting cookie" get_cookie "$@" -echo "Cookie got" -echo "Start extract from system_counter" +echo "Start extracting info from system_counter" if [[ $1 == "-d" ]]; then system_counter_data=$(cat system_counter.xml |xq) else - system_counter_data=$(curl -s -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"" |xq) + system_counter_data=$(curl -s -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=$cookie" |xq) fi -#DEBUG; DELETE LATER -echo "$system_counter_data" > /home/malobeo/system_counter_data.txt get_values ".MFP.Count.UserCounterInfo.TotalCounterList.TotalCounter" system_counter_TotalCounter_keys TotalCounter @@ -122,22 +117,17 @@ get_values ".MFP.Count.UserCounterInfo.ScanFaxCounterList.ScanFaxCounter" system get_values_DeviceStatus system_counter_DeviceStatus_keys DeviceStatus -echo "Stop extract from system_counter" -echo -echo "Start extract from system_consumables" +echo "Start extracting info from system_consumables" if [[ $1 == "-d" ]]; then system_consumables_data=$(cat system_consumables.xml |xq) else - system_consumables_data=$(curl -s -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=\"$cookie\"") + system_consumables_data=$(curl -s -X GET http://192.168.1.42/wcd/system_consumable.xml -H "Cookie: ID=$cookie" |xq) fi -#DEBUG; DELETE LATER -echo "$system_consumables_data" > /home/malobeo/system_consumables_data.txt - get_values_consumables system_consumables_base_keys Consumables -echo "Stop extract from system_consumables" +echo "Sending data to prometheus-pushgateway..." echo "$valueStore" | curl -s --data-binary @- http://localhost:9091/metrics/job/printer echo "Success!" -exit 0 \ No newline at end of file +exit 0 From f8f68df8686f223622ca81d3a5cde93e2474b359 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 13:11:04 +0100 Subject: [PATCH 10/27] [initssh] load all zfs keys --- machines/modules/malobeo/initssh.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 8286084..62d2ceb 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -56,11 +56,11 @@ in path = with pkgs; [ zfs ]; serviceConfig.Type = "oneshot"; script = '' - echo "systemctl default" >> /var/empty/.profile + echo "zfs load-key -a; killall zfs; systemctl default" >> /var/empty/.profile ''; }; }; kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ]; }; }; -} \ No newline at end of file +} From f6bd56d583dd1506f1a60501fd4fbd80023c6bba Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 13:11:32 +0100 Subject: [PATCH 11/27] [fanny] setup initrd wireguard --- machines/fanny/configuration.nix | 28 ++++++++++++++++++++++++++++ machines/modules/malobeo/peers.nix | 8 ++++++++ 2 files changed, 36 insertions(+) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 0a98325..c09cff5 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -1,6 +1,7 @@ { inputs, config, ... }: let sshKeys = import ../ssh_keys.nix; + peers = import ../modules/malobeo/peers.nix; in { sops.defaultSopsFile = ./secrets.yaml; @@ -87,6 +88,33 @@ in ethernetDrivers = ["r8169"]; }; + boot.initrd = { + availableKernelModules = [ "wireguard" ]; + systemd = { + enable = true; + network = { + enable = true; + netdevs."30-wg-initrd" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg-initrd"; + }; + wireguardConfig = { PrivateKeyFile = "/etc/secrets/30-wg-initrd.key"; }; + wireguardPeers = [{ + AllowedIPs = peers.fanny-initrd.allowedIPs; + PublicKey = peers.fanny-initrd.publicKey; + Endpoint = "${peers.vpn.publicIp}:${builtins.toString(peers.vpn.listenPort)}"; + PersistentKeepalive = 25; + }]; + }; + networks."30-wg-initrd" = { + name = "wg-initrd"; + addresses = [{ Address = peers.fanny-initrd.address; }]; + }; + }; + }; + }; + services.malobeo.vpn = { enable = true; name = "fanny"; diff --git a/machines/modules/malobeo/peers.nix b/machines/modules/malobeo/peers.nix index 070e13f..9db619e 100644 --- a/machines/modules/malobeo/peers.nix +++ b/machines/modules/malobeo/peers.nix @@ -44,6 +44,14 @@ publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; }; + "fanny-initrd" = { + role = "client"; + address = "10.100.0.102"; + allowedIPs = [ "10.100.0.102/32" ]; + #TODO: UPDATE + publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; + }; + "backup0" = { role = "client"; address = "10.100.0.20"; From b59f4084c0774b584e3fce8b1b4c911877e80383 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 13:39:55 +0100 Subject: [PATCH 12/27] [fanny] set wg initrd key --- machines/fanny/configuration.nix | 2 ++ machines/modules/malobeo/peers.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index c09cff5..29a7490 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -115,6 +115,8 @@ in }; }; + boot.initrd.secrets."/etc/secrets/30-wg-initrd.key" = "/etc/wireguard/wg.private"; + services.malobeo.vpn = { enable = true; name = "fanny"; diff --git a/machines/modules/malobeo/peers.nix b/machines/modules/malobeo/peers.nix index 9db619e..c30fc04 100644 --- a/machines/modules/malobeo/peers.nix +++ b/machines/modules/malobeo/peers.nix @@ -49,7 +49,7 @@ address = "10.100.0.102"; allowedIPs = [ "10.100.0.102/32" ]; #TODO: UPDATE - publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; + publicKey = "h1A2yt7OQ5EJIilC8tQg203u27o6J6/c+Kd/pZ4UWAY="; }; "backup0" = { From c18724e9a60bb1224039db6ec91b1a5e3692ca13 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 15 Nov 2025 14:02:04 +0100 Subject: [PATCH 13/27] Add wireguard generation to scripts (THIS IS NOT TESTED) --- scripts/add_new_host_keys.sh | 6 ++++++ scripts/remote-install-encrypt.sh | 3 +++ 2 files changed, 9 insertions(+) diff --git a/scripts/add_new_host_keys.sh b/scripts/add_new_host_keys.sh index df94d2f..9c1b0ee 100755 --- a/scripts/add_new_host_keys.sh +++ b/scripts/add_new_host_keys.sh @@ -31,10 +31,13 @@ cd "$pwpath" # Generate SSH keys ssh-keygen -f $hostkey -t ed25519 -N "" -C "root@$host" ssh-keygen -f $initrdkey -t ed25519 -N "" -C "root@$host-initrd" +wg genkey > wg.private +publickey=$(cat wg.private | wg pubkey) #encrypt the private keys sops -e -i ./$hostkey sops -e -i ./$initrdkey +sops -e -i ./wg.private #generate encryption key tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key @@ -45,6 +48,9 @@ echo echo "Hier ist der age public key für sops etc:" echo "$(ssh-to-age -i ./"$hostkey".pub)" echo +echo "Hier ist der wireguard pubkey für das gerät" +echo "$publickey" +echo echo "Hier ist eine reproduzierbare mac-addresse:" echo "$hostname"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' diff --git a/scripts/remote-install-encrypt.sh b/scripts/remote-install-encrypt.sh index 43c36c1..66aae0b 100755 --- a/scripts/remote-install-encrypt.sh +++ b/scripts/remote-install-encrypt.sh @@ -40,7 +40,9 @@ trap cleanup EXIT # Create the directory where sshd expects to find the host keys install -d -m755 "$temp/etc/ssh/" +install -d -m755 "$temp/etc/wireguard/" +##TODO:: wg genkey + pubkey --> /etc/wireguard/wg.private diskKey=$(sops -d $pwpath/disk.key) echo "$diskKey" > /tmp/secret.key @@ -48,6 +50,7 @@ sops -d "$pwpath/$hostkey" > "$temp/etc/ssh/$hostname" sops -d "$pwpath/$initrdkey" > "$temp/etc/ssh/initrd" +sops -d "$pwpath/wg.private" > "$temp/etc/wireguard/wg.private" # # Set the correct permissions so sshd will accept the key chmod 600 "$temp/etc/ssh/$hostname" chmod 600 "$temp/etc/ssh/initrd" From 9588103e6791f347f207dcb04dde64c2b8027d94 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 14:30:24 +0100 Subject: [PATCH 14/27] [fanny] import storage on boot --- machines/fanny/configuration.nix | 1 + machines/modules/malobeo/initssh.nix | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 29a7490..9cf84ff 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -86,6 +86,7 @@ in enable = true; authorizedKeys = sshKeys.admins; ethernetDrivers = ["r8169"]; + zfsExtraPools = [ "storage" ]; }; boot.initrd = { diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 62d2ceb..ff77d40 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -22,6 +22,11 @@ in description = "Ethernet drivers to load: run `lspci -k | grep -iA4 ethernet`"; example = "r8169"; }; + zfsExtraPools = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "Name or GUID of extra ZFS pools that you wish to import during boot."; + }; }; config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) { @@ -32,7 +37,7 @@ in zfs = { forceImportAll = true; requestEncryptionCredentials = true; - + extraPools = cfg.zfsExtraPools; }; initrd = { availableKernelModules = cfg.ethernetDrivers; From 2a5539c2045b3ff1b754b6d8b48e0d2a148b3246 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 14:51:51 +0100 Subject: [PATCH 15/27] [fanny] import storage in systemd script --- machines/modules/malobeo/initssh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index ff77d40..9126749 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -61,6 +61,7 @@ in path = with pkgs; [ zfs ]; serviceConfig.Type = "oneshot"; script = '' + zpool import storage echo "zfs load-key -a; killall zfs; systemctl default" >> /var/empty/.profile ''; }; From f6bbbdec3e623542861ab3120d444eab86aa1cab Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 15:11:47 +0100 Subject: [PATCH 16/27] [initssh] add pkgs.busybox to initrd --- machines/modules/malobeo/initssh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 9126749..9e0b715 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -42,6 +42,7 @@ in initrd = { availableKernelModules = cfg.ethernetDrivers; systemd = { + packages = [ pkgs.busybox ]; enable = true; network.enable = true; }; From 0df32bf47c2bbe8684316d435eeeb301238aea3a Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 15:47:02 +0100 Subject: [PATCH 17/27] [initssh] fix busybox --- machines/modules/malobeo/initssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 9e0b715..e0a4eff 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -42,7 +42,7 @@ in initrd = { availableKernelModules = cfg.ethernetDrivers; systemd = { - packages = [ pkgs.busybox ]; + initrdBin = [ pkgs.busybox ]; enable = true; network.enable = true; }; From beb3839a6b8a43987e402d026f4d463c2936635f Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 15:47:38 +0100 Subject: [PATCH 18/27] [initssh] add wireguard-tools --- machines/modules/malobeo/initssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index e0a4eff..15ce599 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -42,7 +42,7 @@ in initrd = { availableKernelModules = cfg.ethernetDrivers; systemd = { - initrdBin = [ pkgs.busybox ]; + initrdBin = [ pkgs.busybox pkgs.wireguard-tools ]; enable = true; network.enable = true; }; From 4d4e9d980b5ac86b104d84ab504e4864f8442c0d Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 15:48:40 +0100 Subject: [PATCH 19/27] [initssh] add iproute2 --- machines/modules/malobeo/initssh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 15ce599..b72c280 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -42,7 +42,7 @@ in initrd = { availableKernelModules = cfg.ethernetDrivers; systemd = { - initrdBin = [ pkgs.busybox pkgs.wireguard-tools ]; + initrdBin = [ pkgs.busybox pkgs.wireguard-tools pkgs.iproute2 ]; enable = true; network.enable = true; }; From 73c482ece04d5adaa28a5d40a950a6daaffe82d5 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 16:07:17 +0100 Subject: [PATCH 20/27] [fanny] set vpn pubkey --- machines/fanny/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 9cf84ff..a559d09 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -102,8 +102,8 @@ in }; wireguardConfig = { PrivateKeyFile = "/etc/secrets/30-wg-initrd.key"; }; wireguardPeers = [{ - AllowedIPs = peers.fanny-initrd.allowedIPs; - PublicKey = peers.fanny-initrd.publicKey; + AllowedIPs = peers.vpn.allowedIPs; + PublicKey = peers.vpn.publicKey; Endpoint = "${peers.vpn.publicIp}:${builtins.toString(peers.vpn.listenPort)}"; PersistentKeepalive = 25; }]; From a612221e2ab73a85b64eea30b706f225822a6901 Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 15 Nov 2025 15:43:34 +0100 Subject: [PATCH 21/27] change script to first import storage before unlocking root --- scripts/unlock-boot.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/unlock-boot.sh b/scripts/unlock-boot.sh index e9b4279..c6aa0d6 100644 --- a/scripts/unlock-boot.sh +++ b/scripts/unlock-boot.sh @@ -24,14 +24,16 @@ diskkey=$(sops -d machines/$hostname/secrets/disk.key) echo if [ $# = 1 ] then - echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #root + ssh $sshoptions root@$hostname-initrd "zpool import -a" + echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "zfs load-key storage/encrypted" #root echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #data elif [ $# = 2 ] then ip=$2 - echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" #root - echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" #data + ssh $sshoptions root@$ip "zpool import -a" + echo "$diskkey" | ssh $sshoptions root@$ip "zfs load-key storage/encrypted" + echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" else echo From eee561b650f2f16b37b2efa612ba71d08f559338 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 16:21:19 +0100 Subject: [PATCH 22/27] [fanny] set /24 for wg ip --- machines/fanny/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index a559d09..a22b6ca 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -110,7 +110,7 @@ in }; networks."30-wg-initrd" = { name = "wg-initrd"; - addresses = [{ Address = peers.fanny-initrd.address; }]; + addresses = [{ Address = "${peers.fanny-initrd.address}/24"; }]; }; }; }; From d3312c870ae68b0752ae04092de1a903c7eaae56 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 16:37:11 +0100 Subject: [PATCH 23/27] [fanny] remove zfs-remote-unlock --- machines/modules/malobeo/initssh.nix | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index b72c280..84428ff 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -55,17 +55,6 @@ in secrets = { "/etc/ssh/initrd" = "/etc/ssh/initrd"; }; - systemd.services.zfs-remote-unlock = { - description = "Prepare for ZFS remote unlock"; - wantedBy = ["initrd.target"]; - after = ["systemd-networkd.service"]; - path = with pkgs; [ zfs ]; - serviceConfig.Type = "oneshot"; - script = '' - zpool import storage - echo "zfs load-key -a; killall zfs; systemctl default" >> /var/empty/.profile - ''; - }; }; kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ]; }; From e91481c4057d834f751806935d96a5ff85a25bf7 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 16:50:07 +0100 Subject: [PATCH 24/27] [initssh] network.flushBeforeStage2 --- machines/modules/malobeo/initssh.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 84428ff..3733df0 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -46,11 +46,14 @@ in enable = true; network.enable = true; }; - network.ssh = { - enable = true; - port = 222; - authorizedKeys = cfg.authorizedKeys; - hostKeys = [ "/etc/ssh/initrd" ]; + network = { + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 222; + authorizedKeys = cfg.authorizedKeys; + hostKeys = [ "/etc/ssh/initrd" ]; + }; }; secrets = { "/etc/ssh/initrd" = "/etc/ssh/initrd"; From 845379ac86fc620892ba77d384c004f6fe875b02 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 17:17:40 +0100 Subject: [PATCH 25/27] [fanny] flush wg-initd --- machines/fanny/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index a22b6ca..be0a26c 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -91,6 +91,10 @@ in boot.initrd = { availableKernelModules = [ "wireguard" ]; + postMountCommand = '' + ip address flush dev wg-initrd + ip link set dev wg-initrd down + ''; systemd = { enable = true; network = { From a97de389e5ce0cbbe9ef0be6d50d035d3b5df4c7 Mon Sep 17 00:00:00 2001 From: kalipso Date: Sat, 15 Nov 2025 17:21:45 +0100 Subject: [PATCH 26/27] [fanny] fix typo --- machines/fanny/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index be0a26c..0ea6077 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -91,7 +91,7 @@ in boot.initrd = { availableKernelModules = [ "wireguard" ]; - postMountCommand = '' + postMountCommands = '' ip address flush dev wg-initrd ip link set dev wg-initrd down ''; From b94574c640e401120d3ae69ad0701c752228608f Mon Sep 17 00:00:00 2001 From: ahtlon Date: Sat, 15 Nov 2025 17:49:54 +0100 Subject: [PATCH 27/27] [fanny] fix flushing init vpn --- machines/fanny/configuration.nix | 8 ++++---- machines/modules/malobeo/initssh.nix | 14 ++++++++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix index 0ea6077..1cc882c 100644 --- a/machines/fanny/configuration.nix +++ b/machines/fanny/configuration.nix @@ -91,10 +91,10 @@ in boot.initrd = { availableKernelModules = [ "wireguard" ]; - postMountCommands = '' - ip address flush dev wg-initrd - ip link set dev wg-initrd down - ''; + # postMountCommands = '' + # ip address flush dev wg-initrd + # ip link set dev wg-initrd down + # ''; systemd = { enable = true; network = { diff --git a/machines/modules/malobeo/initssh.nix b/machines/modules/malobeo/initssh.nix index 3733df0..8bd01c0 100644 --- a/machines/modules/malobeo/initssh.nix +++ b/machines/modules/malobeo/initssh.nix @@ -45,6 +45,20 @@ in initrdBin = [ pkgs.busybox pkgs.wireguard-tools pkgs.iproute2 ]; enable = true; network.enable = true; + services."stopInitVpn" = { + description = "stop init vpn"; + wantedBy = [ + "initrd.target" + ]; + after = [ + "zfs.target" + ]; + serviceConfig.StandardOutput = "journal+console"; + script = '' + networkctl down wg-initrd + ''; + serviceConfig.Type = "oneshot"; + }; }; network = { flushBeforeStage2 = true;