configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 7.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, ... }:
  5. let
  6. ympdPort = 8080;
  7. mpdVhost = "mpd.hq.c3d2.de";
  8. in {
  9. imports =
  10. [ # Include the results of the hardware scan.
  11. ./hardware-configuration.nix
  12. ../../lib/admins.nix
  13. ../../common.nix
  14. ../../users.nix
  15. ../../mpd.nix
  16. ];
  17. # Use the systemd-boot EFI boot loader.
  18. boot.loader.systemd-boot.enable = true;
  19. boot.loader.efi.canTouchEfiVariables = true;
  20. boot.kernelPackages = pkgs.linuxPackages_4_19;
  21. networking.hostName = "pulsebert"; # Define your hostname.
  22. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
  23. # Configure network proxy if necessary
  24. # networking.proxy.default = "http://user:password@proxy:port/";
  25. # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  26. # Select internationalisation properties.
  27. i18n = {
  28. consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
  29. consoleKeyMap = "us";
  30. defaultLocale = "en_US.UTF-8";
  31. };
  32. # List packages installed in system profile. To search, run:
  33. # $ nix search wget
  34. environment.systemPackages = with pkgs; [
  35. # specific printer drivers for our printers
  36. epson-escpr
  37. splix
  38. # utilities
  39. nix-index
  40. usbutils
  41. tmux
  42. vim
  43. git
  44. openssl
  45. # NCurses Music Player Client (Plus Plus)
  46. # a commandline front-end client for mpd
  47. # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
  48. # ncmpcpp
  49. home-manager
  50. mumble
  51. ncpamixer
  52. ffmpeg
  53. ];
  54. # Some programs need SUID wrappers, can be configured further or are
  55. # started in user sessions.
  56. # programs.mtr.enable = true;
  57. # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  58. # List services that you want to enable:
  59. # Enable the OpenSSH daemon.
  60. services.openssh.enable = true;
  61. # X11 Forwarding for mumble...
  62. programs.ssh.forwardX11 = true;
  63. services.openssh.forwardX11 = true;
  64. # Open ports in the firewall.
  65. networking.firewall.allowedTCPPorts = [
  66. 4713 # PulseAudio
  67. 631 # cups
  68. 80 443 # Web/ympd
  69. 5000 # shairport
  70. ];
  71. networking.firewall.allowedUDPPorts = [
  72. 631
  73. ];
  74. networking.firewall.extraCommands = ''
  75. iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
  76. iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
  77. ''; # networking.firewall.allowedUDPPorts = [ ... ];
  78. # Or disable the firewall altogether.
  79. # networking.firewall.enable = false;
  80. # Enable CUPS to print documents.
  81. services.printing = {
  82. enable = true;
  83. browsing = true;
  84. listenAddresses = [ "*:631" ];
  85. defaultShared = true;
  86. # logLevel = "debug";
  87. drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
  88. extraConf =
  89. ''
  90. DefaultAuthType Basic
  91. <Location />
  92. Order allow,deny
  93. Allow ALL
  94. </Location>
  95. <Location /admin>
  96. Order allow,deny
  97. Allow ALL
  98. </Location>
  99. <Location /admin/conf>
  100. AuthType Basic
  101. Require user @SYSTEM
  102. Order allow,deny
  103. Allow ALL
  104. </Location>
  105. <Policy default>
  106. <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
  107. Require user @OWNER @SYSTEM
  108. Order deny,allow
  109. </Limit>
  110. <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
  111. AuthType Basic
  112. Require user @SYSTEM
  113. Order deny,allow
  114. </Limit>
  115. <Limit Cancel-Job CUPS-Authenticate-Job>
  116. Require user @OWNER @SYSTEM
  117. Order deny,allow
  118. </Limit>
  119. <Limit All>
  120. Order deny,allow
  121. </Limit>
  122. </Policy>
  123. '';
  124. };
  125. # Enable sound.
  126. sound.enable = true;
  127. hardware.pulseaudio.enable = true;
  128. # PulseAudio as-a-Service
  129. hardware.pulseaudio.systemWide = true;
  130. hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
  131. "127.0.0.0/8" "::1/128"
  132. "172.22.99.0/24" "2a02:8106:208:5201:58::/64"
  133. ];
  134. hardware.pulseaudio.tcp.enable = true;
  135. hardware.pulseaudio.zeroconf.publish.enable = true;
  136. # tell Avahi to publish CUPS and PulseAudio
  137. services.avahi = {
  138. enable = true;
  139. publish.enable = true;
  140. publish.userServices = true;
  141. };
  142. # Enable Audio streaming for Mac clients
  143. services.shairport-sync.enable = true;
  144. # Enable the X11 windowing system.
  145. # services.xserver.enable = true;
  146. # services.xserver.layout = "us";
  147. # services.xserver.xkbOptions = "eurosign:e";
  148. # Enable touchpad support.
  149. # services.xserver.libinput.enable = true;
  150. # Enable the KDE Desktop Environment.
  151. # services.xserver.displayManager.sddm.enable = true;
  152. # services.xserver.desktopManager.plasma5.enable = true;
  153. security.sudo = {
  154. enable = true;
  155. wheelNeedsPassword = false;
  156. };
  157. # This value determines the NixOS release with which your system is to be
  158. # compatible, in order to avoid breaking some software such as database
  159. # servers. You should change this only after NixOS release notes say you
  160. # should.
  161. system.stateVersion = "18.09"; # Did you read the comment?
  162. # vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
  163. #### https://nixos.org/nixos/options.html#services.mpd.enable
  164. # See ../../mpd.nix
  165. services.mpd.extraConfig =
  166. ''
  167. audio_output {
  168. type "pulse"
  169. name "/proc"
  170. }
  171. audio_output {
  172. type "pulse"
  173. name "SDK"
  174. server "dacbert.hq.c3d2.de"
  175. }
  176. '';
  177. services.caddy = {
  178. enable = true;
  179. agree = true;
  180. # TODO: add auth?
  181. config = ''
  182. ${mpdVhost} {
  183. proxy / localhost:${toString ympdPort}
  184. }
  185. :80 {
  186. redir https://${mpdVhost}{uri}
  187. }
  188. '';
  189. };
  190. fileSystems."/mnt/storage" = {
  191. #device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool";
  192. #device = "storage-ng.hq.c3d2.de:/c3d2/rpool";
  193. device = "172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool";
  194. fsType = "ceph";
  195. options = [ "rw" "relatime" "name=public" "secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ==" "acl" "wsize=16777216" "_netdev" ];
  196. };
  197. # MPD music playing daemon with webinterface
  198. services.ympd = {
  199. enable = true;
  200. webPort = toString ympdPort;
  201. };
  202. nixpkgs.config.packageOverrides = pkgs: with pkgs; {
  203. ympd = ympd.overrideAttrs (oldAttrs: {
  204. src = fetchFromGitHub {
  205. owner = "c3d2";
  206. repo = "ympd";
  207. rev = "feature/somafm_browser";
  208. sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
  209. };
  210. });
  211. };
  212. }