Compare commits

...

3 Commits

Author SHA1 Message Date
Astro 7cd1def1d6 secrets: update 2020-06-19 18:29:58 +02:00
Astro 611dabf653 server7: move yggaddr.nix out to shared lib/ directory 2020-06-19 18:20:10 +02:00
Astro 03a7ab421e rename pulsebert to glotzbert 2020-06-19 18:12:42 +02:00
12 changed files with 38 additions and 364 deletions

View File

@ -1,13 +1,13 @@
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ../../lib ];
imports = [ <this-host/hardware-configuration.nix> <lib> ];
c3d2 = {
users.k-ot = true;
isInHq = true;
hq.interface = "enp0s10";
enableHail = true;
hq.interface = "eno1";
enableHail = false;
};
nixpkgs.config.allowUnfree = true;
@ -30,8 +30,8 @@
# Select internationalisation properties.
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "de";
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
@ -133,6 +133,25 @@
];
};
fileSystems."/mnt/storage" = {
#device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool";
#device = "storage-ng.hq.c3d2.de:/c3d2/rpool";
device =
"172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool";
fsType = "ceph";
options = [
"rw"
"relatime"
"name=public"
"secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ=="
"acl"
"wsize=16777216"
"_netdev"
];
};
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you

View File

@ -8,26 +8,22 @@
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" "wl" "forcedeth" "b43" ];
boot.kernelParams = [ "irqpoll" "hpet=off" ]; # noapic seems to improve things
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4568bf11-6e40-4514-9bc9-3194a299c45f";
fsType = "btrfs";
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/67E3-17ED";
{ device = "/dev/disk/by-uuid/6490-45A0";
fsType = "vfat";
};
zramSwap = { enable = true; priority = 1000; };
swapDevices = [
{ device = "/dev/disk/by-uuid/f602ea23-99e5-416b-98d2-ef76cbc5c934";
} ];
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 2;
services.xserver.videoDriver = "nouveau";
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -1,272 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
ympdPort = 8080;
mpdVhost = "mpd.hq.c3d2.de";
in {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib
../../lib/admins.nix
../../lib/hq.nix
./mpdConsole.nix
];
c3d2 = {
users = {
emery = true;
k-ot = true;
};
isInHq = true;
mapHqHosts = true;
hq = {
interface = "eno1";
enableMpdProxy = true;
yggdrasi.enableGateway = true;
};
enableHail = true;
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_4_19;
networking.hostName = "pulsebert"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n = {
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# specific printer drivers for our printers
epson-escpr
splix
# utilities
nix-index
usbutils
tmux
vim
git
openssl
# NCurses Music Player Client (Plus Plus)
# a commandline front-end client for mpd
# 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
# ncmpcpp
home-manager
mumble
ncpamixer
ffmpeg
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# X11 Forwarding for mumble...
programs.ssh.forwardX11 = true;
services.openssh.forwardX11 = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
4713 # PulseAudio
631 # cups
80
443 # Web/ympd
5000 # shairport
config.services.mpd.network.port
];
networking.firewall.allowedUDPPorts = [ 631 ];
networking.firewall.extraCommands = ''
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
''; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
services.printing = {
enable = true;
browsing = true;
listenAddresses = [ "*:631" ];
defaultShared = true;
# logLevel = "debug";
drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
extraConf =
''
DefaultAuthType Basic
<Location />
Order allow,deny
Allow ALL
</Location>
<Location /admin>
Order allow,deny
Allow ALL
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow ALL
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
'';
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# PulseAudio as-a-Service
hardware.pulseaudio.systemWide = true;
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
"127.0.0.0/8" "::1/128"
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
];
hardware.pulseaudio.tcp.enable = true;
hardware.pulseaudio.zeroconf.publish.enable = true;
# tell Avahi to publish CUPS and PulseAudio
services.avahi = {
enable = true;
publish.enable = true;
publish.userServices = true;
};
# Enable Audio streaming for Mac clients
services.shairport-sync.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
security.pam.enableSSHAgentAuth = true;
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
users.users.k-ot.extraGroups = [ "wheel" ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
# vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
#### https://nixos.org/nixos/options.html#services.mpd.enable
# See ../../mpd.nix
services.mpd = {
enable = true;
dbFile = null;
musicDirectory = "/mnt/storage/Music";
playlistDirectory = "/home/k-ot/Playlists";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "/proc"
}
'';
};
services.caddy = {
enable = true;
agree = true;
# TODO: add auth?
config = ''
${mpdVhost} {
proxy / localhost:${toString ympdPort}
}
:80 {
redir https://${mpdVhost}{uri}
}
'';
};
fileSystems."/mnt/storage" = {
#device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool";
#device = "storage-ng.hq.c3d2.de:/c3d2/rpool";
device =
"172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool";
fsType = "ceph";
options = [
"rw"
"relatime"
"name=public"
"secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ=="
"acl"
"wsize=16777216"
"_netdev"
];
};
# MPD music playing daemon with webinterface
services.ympd = {
enable = true;
webPort = toString ympdPort;
};
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
ympd = ympd.overrideAttrs (oldAttrs: {
src = fetchFromGitHub {
owner = "c3d2";
repo = "ympd";
rev = "feature/somafm_browser";
sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
};
});
};
programs.bash.shellAliases = {
mpv = "mpv --no-vid";
};
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
}

View File

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6490-45A0";
fsType = "vfat";
};
swapDevices = [ ];
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}

View File

@ -1,17 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
htop
fortune
ddate
mpv
ncmpcpp
schedtool
screen
tmux
pulsemixer
ncpamixer
python35.withPackages(ps: with ps; [ youtube-dl ])
];
}

View File

@ -1,23 +0,0 @@
{ pkgs, ... }:
let tty = "tty1";
in {
boot.extraTTYs = [ tty ];
systemd.services.ncmpcpp = {
description = "Mpd console";
wantedBy = [ "multi-user.target" ];
conflicts = [ "getty@${tty}.service" ];
serviceConfig = {
User = "k-ot";
ExecStart = "${pkgs.ncmpcpp}/bin/ncmpcpp";
StandardInput = "tty";
StandardOutput = "tty";
TTYPath = "/dev/${tty}";
TTYReset = true;
TTYVTDisallocate = true;
Restart = "always";
};
};
}

View File

@ -1,6 +1,6 @@
name:
let yggaddr = import ../yggaddr.nix;
let yggaddr = import ../../../lib/server7-yggaddr.nix;
in {
# These the container defaults from the perspective of the host.

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ./yggaddr.nix;
let yggaddr = import ../../lib/server7-yggaddr.nix;
in {
imports = [
# <nixpkgs/nixos/modules/profiles/minimal.nix>

View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
let yggaddr = import ./yggaddr.nix;
let yggaddr = import ../../lib/server7-yggaddr.nix;
in {
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;

View File

@ -8,7 +8,7 @@ let
hqPrefix64 = "fd23:42:c3d2:523";
# TODO: Is this stable? Is there a better place to specifiy this?
server7Ygg = import ../hosts/server7/yggaddr.nix;
server7Ygg = import ./server7-yggaddr.nix;
# Generate a deterministic IPv6 address for a 64 bit prefix
# and seed string. Prefix must not contain trailing ':'.

@ -1 +1 @@
Subproject commit e5260f30341bdb390fc8d732120b86557afdd30c
Subproject commit 3ae294f84afa3a399a73fedf60418009cc330598