# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: let ympdPort = 8080; mpdVhost = "mpd.hq.c3d2.de"; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../lib ../../lib/admins.nix ../../lib/hq.nix ../../lib/yggdrasil.nix ./mpdConsole.nix ]; c3d2 = { users = { emery = true; k-ot = true; }; isInHq = true; mapHqHosts = true; hq = { interface = "eno1"; enableMpdProxy = true; }; enableHail = true; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = pkgs.linuxPackages_4_19; networking.hostName = "pulsebert"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n = { consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; consoleKeyMap = "us"; defaultLocale = "en_US.UTF-8"; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ # specific printer drivers for our printers epson-escpr splix # utilities nix-index usbutils tmux vim git openssl # NCurses Music Player Client (Plus Plus) # a commandline front-end client for mpd # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben. # ncmpcpp home-manager mumble ncpamixer ffmpeg ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; # X11 Forwarding for mumble... programs.ssh.forwardX11 = true; services.openssh.forwardX11 = true; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 4713 # PulseAudio 631 # cups 80 443 # Web/ympd 5000 # shairport config.services.mpd.network.port ]; networking.firewall.allowedUDPPorts = [ 631 ]; networking.firewall.extraCommands = '' iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf ''; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Enable CUPS to print documents. services.printing = { enable = true; browsing = true; listenAddresses = [ "*:631" ]; defaultShared = true; # logLevel = "debug"; drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ]; extraConf = '' DefaultAuthType Basic Order allow,deny Allow ALL Order allow,deny Allow ALL AuthType Basic Require user @SYSTEM Order allow,deny Allow ALL Require user @OWNER @SYSTEM Order deny,allow AuthType Basic Require user @SYSTEM Order deny,allow Require user @OWNER @SYSTEM Order deny,allow Order deny,allow ''; }; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; # PulseAudio as-a-Service hardware.pulseaudio.systemWide = true; hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::1/128" "172.22.99.0/24" "2a02:8106:208:5201:58::/64" ]; hardware.pulseaudio.tcp.enable = true; hardware.pulseaudio.zeroconf.publish.enable = true; # tell Avahi to publish CUPS and PulseAudio services.avahi = { enable = true; publish.enable = true; publish.userServices = true; }; # Enable Audio streaming for Mac clients services.shairport-sync.enable = true; # Enable the X11 windowing system. # services.xserver.enable = true; # services.xserver.layout = "us"; # services.xserver.xkbOptions = "eurosign:e"; # Enable touchpad support. # services.xserver.libinput.enable = true; # Enable the KDE Desktop Environment. # services.xserver.displayManager.sddm.enable = true; # services.xserver.desktopManager.plasma5.enable = true; security.pam.enableSSHAgentAuth = true; security.sudo = { enable = true; wheelNeedsPassword = false; }; users.users.k-ot.extraGroups = [ "wheel" ]; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "18.09"; # Did you read the comment? # vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden #### https://nixos.org/nixos/options.html#services.mpd.enable # See ../../mpd.nix services.mpd = { enable = true; dbFile = null; musicDirectory = "/mnt/storage/Music"; playlistDirectory = "/home/k-ot/Playlists"; network.listenAddress = "any"; extraConfig = '' audio_output { type "pulse" name "/proc" } ''; }; services.caddy = { enable = true; agree = true; # TODO: add auth? config = '' ${mpdVhost} { proxy / localhost:${toString ympdPort} } :80 { redir https://${mpdVhost}{uri} } ''; }; fileSystems."/mnt/storage" = { #device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool"; #device = "storage-ng.hq.c3d2.de:/c3d2/rpool"; device = "172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool"; fsType = "ceph"; options = [ "rw" "relatime" "name=public" "secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ==" "acl" "wsize=16777216" "_netdev" ]; }; # MPD music playing daemon with webinterface services.ympd = { enable = true; webPort = toString ympdPort; }; nixpkgs.config.packageOverrides = pkgs: with pkgs; { ympd = ympd.overrideAttrs (oldAttrs: { src = fetchFromGitHub { owner = "c3d2"; repo = "ympd"; rev = "feature/somafm_browser"; sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1"; }; }); }; programs.bash.shellAliases = { mpv = "mpv --no-vid"; }; users.users.emery.cryptHomeLuks = "/home/emery.luks.img"; }