123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 |
- # Edit this configuration file to define what should be installed on
- # your system. Help is available in the configuration.nix(5) man page
- # and in the NixOS manual (accessible by running ‘nixos-help’).
-
- { config, pkgs, ... }:
-
- let
- ympdPort = 8080;
- mpdVhost = "mpd.hq.c3d2.de";
- in {
- imports =
- [ # Include the results of the hardware scan.
- ./hardware-configuration.nix
- ../../lib/admins.nix
- ../../common.nix
- ../../users.nix
- ];
-
- # Use the systemd-boot EFI boot loader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
- boot.kernelPackages = pkgs.linuxPackages_4_19;
-
- networking.hostName = "pulsebert"; # Define your hostname.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
-
- # Configure network proxy if necessary
- # networking.proxy.default = "http://user:password@proxy:port/";
- # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
- # Select internationalisation properties.
- i18n = {
- consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
- consoleKeyMap = "us";
- defaultLocale = "en_US.UTF-8";
- };
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- # specific printer drivers for our printers
- epson-escpr
- splix
- # utilities
- nix-index
- usbutils
- tmux
- vim
- git
- openssl
- # NCurses Music Player Client (Plus Plus)
- # a commandline front-end client for mpd
- # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
- # ncmpcpp
- home-manager
- mumble
- ncpamixer
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- services.openssh.enable = true;
-
- # X11 Forwarding for mumble...
- programs.ssh.forwardX11 = true;
- services.openssh.forwardX11 = true;
-
- # Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [
- 4713 # PulseAudio
- 631 # cups
- 80 443 # Web/ympd
- 6600 # mpd
- 5000 # shairport
- ];
- networking.firewall.allowedUDPPorts = [
- 631
- ];
- networking.firewall.extraCommands = ''
- iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
- iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
- ''; # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
-
- # Enable CUPS to print documents.
- services.printing = {
- enable = true;
- browsing = true;
- listenAddresses = [ "*:631" ];
- defaultShared = true;
- # logLevel = "debug";
- drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
- extraConf =
- ''
- DefaultAuthType Basic
- <Location />
- Order allow,deny
- Allow ALL
- </Location>
- <Location /admin>
- Order allow,deny
- Allow ALL
- </Location>
- <Location /admin/conf>
- AuthType Basic
- Require user @SYSTEM
- Order allow,deny
- Allow ALL
- </Location>
- <Policy default>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
- Require user @OWNER @SYSTEM
- Order deny,allow
- </Limit>
- <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
- AuthType Basic
- Require user @SYSTEM
- Order deny,allow
- </Limit>
- <Limit Cancel-Job CUPS-Authenticate-Job>
- Require user @OWNER @SYSTEM
- Order deny,allow
- </Limit>
- <Limit All>
- Order deny,allow
- </Limit>
- </Policy>
- '';
-
- };
-
- # Enable sound.
- sound.enable = true;
- hardware.pulseaudio.enable = true;
- # PulseAudio as-a-Service
- hardware.pulseaudio.systemWide = true;
- hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
- "127.0.0.0/8" "::1/128"
- "172.22.99.0/24" "2a02:8106:208:5201:58::/64"
- ];
- hardware.pulseaudio.tcp.enable = true;
- hardware.pulseaudio.zeroconf.publish.enable = true;
-
- # tell Avahi to publish CUPS and PulseAudio
- services.avahi = {
- enable = true;
- publish.enable = true;
- publish.userServices = true;
- };
-
- # Enable Audio streaming for Mac clients
- services.shairport-sync.enable = true;
-
- # Enable the X11 windowing system.
- # services.xserver.enable = true;
- # services.xserver.layout = "us";
- # services.xserver.xkbOptions = "eurosign:e";
-
- # Enable touchpad support.
- # services.xserver.libinput.enable = true;
-
- # Enable the KDE Desktop Environment.
- # services.xserver.displayManager.sddm.enable = true;
- # services.xserver.desktopManager.plasma5.enable = true;
-
- security.sudo = {
- enable = true;
- wheelNeedsPassword = false;
- };
-
- # This value determines the NixOS release with which your system is to be
- # compatible, in order to avoid breaking some software such as database
- # servers. You should change this only after NixOS release notes say you
- # should.
- system.stateVersion = "18.09"; # Did you read the comment?
-
-
- # vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
- #### https://nixos.org/nixos/options.html#services.mpd.enable
- services.mpd = {
- enable=true;
- dbFile = null;
- network.listenAddress = "any";
- musicDirectory = "/mnt/storage/Music";
- #### musicDirectory = "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music";
- extraConfig = ''
- #### music_directory "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music"
- ####
- audio_output {
- type "pulse"
- name "/proc"
- }
-
- audio_output {
- type "pulse"
- name "SDK"
- server "dacbert.hq.c3d2.de"
- }
-
- #### mpd startet bei der option nicht mehr
- database {
- plugin "proxy"
- #### vater was here!
- #### jail (auf storage)
- #### externe erstellung der datenbank von mpd in der naehe der ablage der daten
- host "172.22.99.98"
- }
-
- #### ausschalten der automatischen aktualisierung der datenbank von mpd
- #### angeblich gibt es 2019-02-13 probleme, die zum absturz vom dienst mpd fuehren
- #### wenn das problem behoben ist, dann kann die option wieder entfernt werden
- auto_update "no"
- '';
- };
-
- # mpd likes to crash a lot while indexing, so...
- systemd.services.mpd.serviceConfig.Restart="on-failure";
-
- services.caddy = {
- enable = true;
- agree = true;
- # TODO: add auth?
- config = ''
- ${mpdVhost} {
- proxy / localhost:${toString ympdPort}
- }
-
- :80 {
- redir https://${mpdVhost}{uri}
- }
- '';
- };
-
-
- fileSystems."/mnt/storage" = {
- device = "storage.hq.c3d2.de:/mnt/zroot/storage/rpool";
- fsType = "nfs";
- };
-
- #### nur zum spielen mit dem bereitstellen von einer per nfs angebundenen datei als datenbank fuer mpd
- fileSystems."/mnt/service-data/mpd_index" = {
- device = "storage.hq.c3d2.de:/mnt/zroot/iocage/jails/mpd_index/root/var/mpd/.mpd";
- fsType = "nfs";
- };
-
- # MPD music playing daemon with webinterface
- services.ympd = {
- enable = true;
- webPort = toString ympdPort;
- };
- nixpkgs.config.packageOverrides = pkgs: with pkgs; {
- ympd = ympd.overrideAttrs (oldAttrs: {
- src = fetchFromGitHub {
- owner = "c3d2";
- repo = "ympd";
- rev = "feature/somafm_browser";
- sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
- };
- });
- };
-
- }
|