configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 8.2KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, ... }:
  5. let
  6. ympdPort = 8080;
  7. mpdVhost = "mpd.hq.c3d2.de";
  8. in {
  9. imports =
  10. [ # Include the results of the hardware scan.
  11. ./hardware-configuration.nix
  12. ../../lib/admins.nix
  13. ];
  14. # Use the systemd-boot EFI boot loader.
  15. boot.loader.systemd-boot.enable = true;
  16. boot.loader.efi.canTouchEfiVariables = true;
  17. boot.kernelPackages = pkgs.linuxPackages_4_19;
  18. networking.hostName = "pulsebert"; # Define your hostname.
  19. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
  20. # Configure network proxy if necessary
  21. # networking.proxy.default = "http://user:password@proxy:port/";
  22. # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  23. # Select internationalisation properties.
  24. i18n = {
  25. consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
  26. consoleKeyMap = "us";
  27. defaultLocale = "en_US.UTF-8";
  28. };
  29. # Set your time zone.
  30. time.timeZone = "Europe/Berlin";
  31. # List packages installed in system profile. To search, run:
  32. # $ nix search wget
  33. environment.systemPackages = with pkgs; [
  34. # specific printer drivers for our printers
  35. epson-escpr
  36. splix
  37. # utilities
  38. nix-index
  39. usbutils
  40. tmux
  41. vim
  42. git
  43. openssl
  44. # NCurses Music Player Client (Plus Plus)
  45. # a commandline front-end client for mpd
  46. # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
  47. # ncmpcpp
  48. home-manager
  49. mumble
  50. ];
  51. # Some programs need SUID wrappers, can be configured further or are
  52. # started in user sessions.
  53. # programs.mtr.enable = true;
  54. # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  55. # List services that you want to enable:
  56. # Enable the OpenSSH daemon.
  57. services.openssh.enable = true;
  58. # X11 Forwarding for mumble...
  59. programs.ssh.forwardX11 = true;
  60. services.openssh.forwardX11 = true;
  61. # Open ports in the firewall.
  62. networking.firewall.allowedTCPPorts = [
  63. 4713 # PulseAudio
  64. 631 # cups
  65. 80 443 # Web/ympd
  66. 6600 # mpd
  67. 5000 # shairport
  68. ];
  69. networking.firewall.allowedUDPPorts = [
  70. 631
  71. ];
  72. networking.firewall.extraCommands = ''
  73. iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
  74. iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
  75. ''; # networking.firewall.allowedUDPPorts = [ ... ];
  76. # Or disable the firewall altogether.
  77. # networking.firewall.enable = false;
  78. # Enable CUPS to print documents.
  79. services.printing = {
  80. enable = true;
  81. browsing = true;
  82. listenAddresses = [ "*:631" ];
  83. defaultShared = true;
  84. # logLevel = "debug";
  85. drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
  86. extraConf =
  87. ''
  88. DefaultAuthType Basic
  89. <Location />
  90. Order allow,deny
  91. Allow ALL
  92. </Location>
  93. <Location /admin>
  94. Order allow,deny
  95. Allow ALL
  96. </Location>
  97. <Location /admin/conf>
  98. AuthType Basic
  99. Require user @SYSTEM
  100. Order allow,deny
  101. Allow ALL
  102. </Location>
  103. <Policy default>
  104. <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
  105. Require user @OWNER @SYSTEM
  106. Order deny,allow
  107. </Limit>
  108. <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
  109. AuthType Basic
  110. Require user @SYSTEM
  111. Order deny,allow
  112. </Limit>
  113. <Limit Cancel-Job CUPS-Authenticate-Job>
  114. Require user @OWNER @SYSTEM
  115. Order deny,allow
  116. </Limit>
  117. <Limit All>
  118. Order deny,allow
  119. </Limit>
  120. </Policy>
  121. '';
  122. };
  123. # Enable sound.
  124. sound.enable = true;
  125. hardware.pulseaudio.enable = true;
  126. # PulseAudio as-a-Service
  127. hardware.pulseaudio.systemWide = true;
  128. hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
  129. "127.0.0.0/8" "::1/128"
  130. "172.22.99.0/24" "2a02:8106:208:5201:58::/64"
  131. ];
  132. hardware.pulseaudio.tcp.enable = true;
  133. hardware.pulseaudio.zeroconf.publish.enable = true;
  134. # tell Avahi to publish CUPS and PulseAudio
  135. services.avahi = {
  136. enable = true;
  137. publish.enable = true;
  138. publish.userServices = true;
  139. };
  140. # Enable Audio streaming for Mac clients
  141. services.shairport-sync.enable = true;
  142. # Enable the X11 windowing system.
  143. # services.xserver.enable = true;
  144. # services.xserver.layout = "us";
  145. # services.xserver.xkbOptions = "eurosign:e";
  146. # Enable touchpad support.
  147. # services.xserver.libinput.enable = true;
  148. # Enable the KDE Desktop Environment.
  149. # services.xserver.displayManager.sddm.enable = true;
  150. # services.xserver.desktopManager.plasma5.enable = true;
  151. security.sudo = {
  152. enable = true;
  153. wheelNeedsPassword = false;
  154. };
  155. # Define a user account. Don't forget to set a password with ‘passwd’.
  156. users.users."k-ot" = {
  157. extraGroups = ["audio" "wheel"]; # allow k-ot to use PulseAudio
  158. isNormalUser = true;
  159. uid = 1000;
  160. };
  161. # This value determines the NixOS release with which your system is to be
  162. # compatible, in order to avoid breaking some software such as database
  163. # servers. You should change this only after NixOS release notes say you
  164. # should.
  165. system.stateVersion = "18.09"; # Did you read the comment?
  166. # vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
  167. #### https://nixos.org/nixos/options.html#services.mpd.enable
  168. services.mpd = {
  169. enable=true;
  170. dbFile = null;
  171. network.listenAddress = "any";
  172. musicDirectory = "/mnt/storage/Music";
  173. #### musicDirectory = "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music";
  174. extraConfig = ''
  175. #### music_directory "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music"
  176. ####
  177. audio_output {
  178. type "pulse"
  179. name "/proc"
  180. }
  181. audio_output {
  182. type "pulse"
  183. name "SDK"
  184. server "dacbert.hq.c3d2.de"
  185. }
  186. #### mpd startet bei der option nicht mehr
  187. database {
  188. plugin "proxy"
  189. #### vater was here!
  190. #### jail (auf storage)
  191. #### externe erstellung der datenbank von mpd in der naehe der ablage der daten
  192. host "172.22.99.98"
  193. }
  194. #### ausschalten der automatischen aktualisierung der datenbank von mpd
  195. #### angeblich gibt es 2019-02-13 probleme, die zum absturz vom dienst mpd fuehren
  196. #### wenn das problem behoben ist, dann kann die option wieder entfernt werden
  197. auto_update "no"
  198. '';
  199. };
  200. # mpd likes to crash a lot while indexing, so...
  201. systemd.services.mpd.serviceConfig.Restart="on-failure";
  202. services.caddy = {
  203. enable = true;
  204. agree = true;
  205. # TODO: add auth?
  206. config = ''
  207. ${mpdVhost} {
  208. proxy / localhost:${toString ympdPort}
  209. }
  210. :80 {
  211. redir https://${mpdVhost}{uri}
  212. }
  213. '';
  214. };
  215. fileSystems."/mnt/storage" = {
  216. device = "storage.hq.c3d2.de:/mnt/zroot/storage/rpool";
  217. fsType = "nfs";
  218. };
  219. #### nur zum spielen mit dem bereitstellen von einer per nfs angebundenen datei als datenbank fuer mpd
  220. fileSystems."/mnt/service-data/mpd_index" = {
  221. device = "storage.hq.c3d2.de:/mnt/zroot/iocage/jails/mpd_index/root/var/mpd/.mpd";
  222. fsType = "nfs";
  223. };
  224. # MPD music playing daemon with webinterface
  225. services.ympd = {
  226. enable = true;
  227. webPort = toString ympdPort;
  228. };
  229. nixpkgs.config.packageOverrides = pkgs: with pkgs; {
  230. ympd = ympd.overrideAttrs (oldAttrs: {
  231. src = fetchFromGitHub {
  232. owner = "c3d2";
  233. repo = "ympd";
  234. rev = "feature/somafm_browser";
  235. sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
  236. };
  237. });
  238. };
  239. }