C3D2
/
nix-config
Watch 14
Star 4
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
78 Commits
4 Branches
Tree: 7e5fa1bdfd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7e5fa1bdfd'
${ noResults }
nix-config/hosts/pulsebert/configuration.nix

configuration.nix 8.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269 
  1. # Edit this configuration file to define what should be installed on

  2. # your system.  Help is available in the configuration.nix(5) man page

  3. # and in the NixOS manual (accessible by running ‘nixos-help’).

  4. 

  5. { config, pkgs, ... }:

  6. 

  7. let

  8.   ympdPort = 8080;

  9.   mpdVhost = "mpd.hq.c3d2.de";

  10. in {

  11.   imports =

  12.     [ # Include the results of the hardware scan.

  13.       ./hardware-configuration.nix

  14.       ../../lib/admins.nix

  15.       ../../common.nix

  16.       ../../users.nix

  17.     ];

  18. 

  19.   # Use the systemd-boot EFI boot loader.

  20.   boot.loader.systemd-boot.enable = true;

  21.   boot.loader.efi.canTouchEfiVariables = true;

  22.   boot.kernelPackages = pkgs.linuxPackages_4_19;

  23. 

  24.   networking.hostName = "pulsebert"; # Define your hostname.

  25.   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.

  26. 

  27.   # Configure network proxy if necessary

  28.   # networking.proxy.default = "http://user:password@proxy:port/";

  29.   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  30. 

  31.   # Select internationalisation properties.

  32.   i18n = {

  33.     consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";

  34.     consoleKeyMap = "us";

  35.     defaultLocale = "en_US.UTF-8";

  36.   };

  37. 

  38.   # List packages installed in system profile. To search, run:

  39.   # $ nix search wget

  40.   environment.systemPackages = with pkgs; [

  41.     # specific printer drivers for our printers

  42.     epson-escpr

  43.     splix

  44.     # utilities

  45.     nix-index

  46.     usbutils

  47.     tmux

  48.     vim

  49.     git

  50.     openssl

  51.     # NCurses Music Player Client (Plus Plus)

  52.     # a commandline front-end client for mpd

  53.     # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.

  54. #    ncmpcpp

  55.     home-manager

  56.     mumble

  57.     ncpamixer

  58.   ];

  59. 

  60.   # Some programs need SUID wrappers, can be configured further or are

  61.   # started in user sessions.

  62.   # programs.mtr.enable = true;

  63.   # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };

  64. 

  65.   # List services that you want to enable:

  66. 

  67.   # Enable the OpenSSH daemon.

  68.   services.openssh.enable = true;

  69. 

  70.   # X11 Forwarding for mumble...

  71.   programs.ssh.forwardX11 = true;

  72.   services.openssh.forwardX11 = true;

  73. 

  74.   # Open ports in the firewall.

  75.   networking.firewall.allowedTCPPorts = [

  76.     4713 # PulseAudio

  77.     631 # cups

  78.     80 443 # Web/ympd

  79.     6600 # mpd

  80.     5000 # shairport

  81.   ];

  82.   networking.firewall.allowedUDPPorts = [

  83.     631

  84.   ];

  85.   networking.firewall.extraCommands = ''

  86.         iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT   # zeroconf

  87.         iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT  # zeroconf

  88.   '';  # networking.firewall.allowedUDPPorts = [ ... ];

  89.   # Or disable the firewall altogether.

  90.   # networking.firewall.enable = false;

  91. 

  92.   # Enable CUPS to print documents.

  93.   services.printing = {

  94.     enable = true;

  95.     browsing = true;

  96.     listenAddresses = [ "*:631" ];

  97.     defaultShared = true;

  98.     # logLevel = "debug";

  99.     drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];

  100.     extraConf =

  101.       ''

  102.         DefaultAuthType Basic

  103.         <Location />

  104.           Order allow,deny

  105.           Allow ALL

  106.         </Location>

  107.         <Location /admin>

  108.           Order allow,deny

  109.           Allow ALL

  110.         </Location>

  111.         <Location /admin/conf>

  112.           AuthType Basic

  113.           Require user @SYSTEM

  114.           Order allow,deny

  115.           Allow ALL

  116.         </Location>

  117.         <Policy default>

  118.           <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>

  119.             Require user @OWNER @SYSTEM

  120.             Order deny,allow

  121.           </Limit>

  122.           <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>

  123.             AuthType Basic

  124.             Require user @SYSTEM

  125.             Order deny,allow

  126.           </Limit>

  127.           <Limit Cancel-Job CUPS-Authenticate-Job>

  128.             Require user @OWNER @SYSTEM

  129.             Order deny,allow

  130.           </Limit>

  131.           <Limit All>

  132.             Order deny,allow

  133.           </Limit>

  134.         </Policy>

  135.       '';

  136. 

  137.   };

  138. 

  139.   # Enable sound.

  140.   sound.enable = true;

  141.   hardware.pulseaudio.enable = true;

  142.   # PulseAudio as-a-Service

  143.   hardware.pulseaudio.systemWide = true;

  144.   hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [

  145.     "127.0.0.0/8" "::1/128"

  146.     "172.22.99.0/24" "2a02:8106:208:5201:58::/64"

  147.   ];

  148.   hardware.pulseaudio.tcp.enable = true;

  149.   hardware.pulseaudio.zeroconf.publish.enable = true;

  150. 

  151.   # tell Avahi to publish CUPS and PulseAudio

  152.   services.avahi = {

  153.     enable = true;

  154.     publish.enable = true;

  155.     publish.userServices = true;

  156.   };

  157. 

  158.   # Enable Audio streaming for Mac clients

  159.   services.shairport-sync.enable = true;

  160. 

  161.   # Enable the X11 windowing system.

  162.   # services.xserver.enable = true;

  163.   # services.xserver.layout = "us";

  164.   # services.xserver.xkbOptions = "eurosign:e";

  165. 

  166.   # Enable touchpad support.

  167.   # services.xserver.libinput.enable = true;

  168. 

  169.   # Enable the KDE Desktop Environment.

  170.   # services.xserver.displayManager.sddm.enable = true;

  171.   # services.xserver.desktopManager.plasma5.enable = true;

  172. 

  173.   security.sudo = {

  174.     enable = true;

  175.     wheelNeedsPassword = false;

  176.   };

  177. 

  178.   # This value determines the NixOS release with which your system is to be

  179.   # compatible, in order to avoid breaking some software such as database

  180.   # servers. You should change this only after NixOS release notes say you

  181.   # should.

  182.   system.stateVersion = "18.09"; # Did you read the comment?

  183. 

  184. 

  185.   # vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden

  186.   ####	https://nixos.org/nixos/options.html#services.mpd.enable

  187.   services.mpd = { 

  188.     enable=true;

  189.     dbFile = null;

  190.     network.listenAddress = "any";

  191.     musicDirectory = "/mnt/storage/Music";

  192. ####    musicDirectory = "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music";

  193.     extraConfig = ''

  194. ####	music_directory "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music"

  195. ####

  196. 	audio_output {

  197. 		type "pulse"

  198. 		name "/proc"

  199. 	}

  200. 

  201. 	audio_output {

  202. 		type "pulse"

  203. 		name "SDK"

  204. 		server "dacbert.hq.c3d2.de"

  205. 	}

  206. 

  207. ####	mpd startet bei der option nicht mehr

  208. 	database {

  209. 		plugin "proxy"

  210.     	####	vater was here!

  211.     	####	jail (auf storage)

  212.     	####	externe erstellung der datenbank von mpd in der naehe der ablage der daten

  213. 		host "172.22.99.98"

  214. 	}

  215. 

  216. ####	ausschalten der automatischen aktualisierung der datenbank von mpd

  217. ####	angeblich gibt es 2019-02-13 probleme, die zum absturz vom dienst mpd fuehren

  218. ####	wenn das problem behoben ist, dann kann die option wieder entfernt werden

  219. 	auto_update "no"

  220. 	'';

  221.   };

  222. 

  223.   # mpd likes to crash a lot while indexing, so...

  224.   systemd.services.mpd.serviceConfig.Restart="on-failure";

  225. 

  226.   services.caddy = {

  227.     enable = true;

  228.     agree = true;

  229.     # TODO: add auth?

  230.     config = ''

  231.         ${mpdVhost} {

  232.           proxy / localhost:${toString ympdPort}

  233.         }

  234. 

  235.         :80 {

  236.           redir https://${mpdVhost}{uri}

  237.         }

  238.     '';

  239.   };

  240. 

  241. 

  242.   fileSystems."/mnt/storage" = {

  243.     device = "storage.hq.c3d2.de:/mnt/zroot/storage/rpool";

  244.     fsType = "nfs";

  245.   };

  246. 

  247. ####	nur zum spielen mit dem bereitstellen von einer per nfs angebundenen datei als datenbank fuer mpd

  248.   fileSystems."/mnt/service-data/mpd_index" = {

  249.     device = "storage.hq.c3d2.de:/mnt/zroot/iocage/jails/mpd_index/root/var/mpd/.mpd";

  250.     fsType = "nfs";

  251.   };

  252. 

  253.   # MPD music playing daemon with webinterface

  254.   services.ympd = {

  255.     enable = true;

  256.     webPort = toString ympdPort;

  257.   };

  258.   nixpkgs.config.packageOverrides = pkgs: with pkgs; {

  259.     ympd = ympd.overrideAttrs (oldAttrs: {

  260.       src = fetchFromGitHub {

  261.         owner = "c3d2";

  262.         repo = "ympd";

  263.         rev = "feature/somafm_browser";

  264.         sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";

  265.       };

  266.     });

  267.   };

  268.   

  269. }