nix-config/hosts/pulsebert/configuration.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let
  octoprintPort = 8080;
in
{
  imports = [ # Include the results of the hardware scan.
    <this-host/hardware-configuration.nix>
  ];

  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = false;
  boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
  #boot.kernelPackages = pkgs.linuxPackages_rpi4;
  boot.kernelPackages = pkgs.linuxPackages_latest;

  boot.tmpOnTmpfs = true;
  nix.buildCores = 4;
  nix.maxJobs = 4;

  networking.hostName = "pulsebert"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  # Per-interface useDHCP will be mandatory in the future, so this generated config
  # replicates the default behaviour.
  networking.useDHCP = false;
  networking.interfaces.eth0.useDHCP = true;
  networking.interfaces.wlan0.useDHCP = true;

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  # i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  # };

  # Set your time zone.
  # time.timeZone = "Europe/Amsterdam";

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    wget vim git
    raspberrypi-tools
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  #   pinentryFlavor = "gnome3";
  # };

  # List services that you want to enable:

  # Do not log to flash:
  services.journald.extraConfig = ''
    Storage=volatile
  '';

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  services.openssh.permitRootLogin = "yes";
  security.sudo = {
    enable = true;
    wheelNeedsPassword = false;
  };

  users.users.k-ot = {
    isNormalUser = true;
    extraGroups = [ "wheel" "audio" ];
  };


  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = false;

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  sound.enable = true;
  hardware.bluetooth = {
    enable = true;
    config = {
      Policy.AutoEnable = true;
      General = {
        Enable = "Source,Sink,Media,Socket";
        #DiscoverableTimeout = 0;
        #Discoverable = true;
      };
    };
  };
  hardware.pulseaudio = {
    enable = true;
    systemWide = true;
    tcp.enable = true;
    tcp.anonymousClients.allowedIpRanges = [
      "127.0.0.0/8" "::1/128"
      "172.22.99.0/24" "2a02:8106:208:5201:58::/64"
    ];
    zeroconf.publish.enable = true;
    package = pkgs.pulseaudioFull;
    extraModules = [ pkgs.pulseaudio-modules-bt ];
  };

  # tell Avahi to publish CUPS and PulseAudio
  services.avahi = {
    enable = true;
    publish.enable = true;
    publish.addresses = true;
    publish.userServices = true;
  };

  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
  services.nginx = {
    enable = true;
    #recommendedGzipSettings = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "drkkr.hq.c3d2.de" = {
        default = true;
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString octoprintPort}";
          proxyWebsockets = true;
          extraConfig = ''
            proxy_set_header X-Scheme $scheme;
            proxy_set_header Accept-Encoding identity;
            client_max_body_size 200M;
          '';
        };
      };
    };
  };
  services.octoprint = rec {
    enable = true;
    port = octoprintPort;
    # extraConfig.webcam = {
    #   snapshot = "http://localhost:5050?action=snapshot";
    #   stream = "http://octoprint.local:5050?action=stream";
    # };
    # plugins = let
    #   python = pkgs.octoprint.python;

    #   octoprint-filament-sensor-universal = python.pkgs.buildPythonPackage rec {
    #     pname = "OctoPrint-Filament-Sensor-Universal";
    #     version = "1.0.0";

    #     src = pkgs.fetchFromGitHub {
    #       owner = "lopsided98";
    #       repo = pname;
    #       rev = "8a72696867a9a008c5a79b49a9b029a4fc426720";
    #       sha256 = "1a7lzmjbwx47qhrkjp3hggiwnx172x4axcz0labm9by17zxlsimr";
    #     };

    #     propagatedBuildInputs = [ pkgs.octoprint python.pkgs.libgpiod ];
    #   };
    # #in p: [ octoprint-filament-sensor-universal ];
    # in p: [];
  };

  # Allow access to printer serial port and GPIO
  users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];

  # services.mjpg-streamer = {
  #   enable = true;
  #   inputPlugin = "input_uvc.so -r 1280x720";
  # };

  # Allow gpio group to access GPIO devices
  users.groups.gpio = { };
  services.udev.extraRules = ''
    KERNEL=="gpiochip*", GROUP="gpio", MODE="0660"
  '';

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?

}