configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 8.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269
  1. # Edit this configuration file to define what should be installed on
  2. # your system. Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4. { config, pkgs, ... }:
  5. let
  6. ympdPort = 8080;
  7. mpdVhost = "mpd.hq.c3d2.de";
  8. in {
  9. imports =
  10. [ # Include the results of the hardware scan.
  11. ./hardware-configuration.nix
  12. ../../lib/admins.nix
  13. ../../common.nix
  14. ../../users.nix
  15. ];
  16. # Use the systemd-boot EFI boot loader.
  17. boot.loader.systemd-boot.enable = true;
  18. boot.loader.efi.canTouchEfiVariables = true;
  19. boot.kernelPackages = pkgs.linuxPackages_4_19;
  20. networking.hostName = "pulsebert"; # Define your hostname.
  21. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
  22. # Configure network proxy if necessary
  23. # networking.proxy.default = "http://user:password@proxy:port/";
  24. # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
  25. # Select internationalisation properties.
  26. i18n = {
  27. consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
  28. consoleKeyMap = "us";
  29. defaultLocale = "en_US.UTF-8";
  30. };
  31. # List packages installed in system profile. To search, run:
  32. # $ nix search wget
  33. environment.systemPackages = with pkgs; [
  34. # specific printer drivers for our printers
  35. epson-escpr
  36. splix
  37. # utilities
  38. nix-index
  39. usbutils
  40. tmux
  41. vim
  42. git
  43. openssl
  44. # NCurses Music Player Client (Plus Plus)
  45. # a commandline front-end client for mpd
  46. # 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
  47. # ncmpcpp
  48. home-manager
  49. mumble
  50. ncpamixer
  51. ];
  52. # Some programs need SUID wrappers, can be configured further or are
  53. # started in user sessions.
  54. # programs.mtr.enable = true;
  55. # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  56. # List services that you want to enable:
  57. # Enable the OpenSSH daemon.
  58. services.openssh.enable = true;
  59. # X11 Forwarding for mumble...
  60. programs.ssh.forwardX11 = true;
  61. services.openssh.forwardX11 = true;
  62. # Open ports in the firewall.
  63. networking.firewall.allowedTCPPorts = [
  64. 4713 # PulseAudio
  65. 631 # cups
  66. 80 443 # Web/ympd
  67. 6600 # mpd
  68. 5000 # shairport
  69. ];
  70. networking.firewall.allowedUDPPorts = [
  71. 631
  72. ];
  73. networking.firewall.extraCommands = ''
  74. iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
  75. iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
  76. ''; # networking.firewall.allowedUDPPorts = [ ... ];
  77. # Or disable the firewall altogether.
  78. # networking.firewall.enable = false;
  79. # Enable CUPS to print documents.
  80. services.printing = {
  81. enable = true;
  82. browsing = true;
  83. listenAddresses = [ "*:631" ];
  84. defaultShared = true;
  85. # logLevel = "debug";
  86. drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
  87. extraConf =
  88. ''
  89. DefaultAuthType Basic
  90. <Location />
  91. Order allow,deny
  92. Allow ALL
  93. </Location>
  94. <Location /admin>
  95. Order allow,deny
  96. Allow ALL
  97. </Location>
  98. <Location /admin/conf>
  99. AuthType Basic
  100. Require user @SYSTEM
  101. Order allow,deny
  102. Allow ALL
  103. </Location>
  104. <Policy default>
  105. <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
  106. Require user @OWNER @SYSTEM
  107. Order deny,allow
  108. </Limit>
  109. <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
  110. AuthType Basic
  111. Require user @SYSTEM
  112. Order deny,allow
  113. </Limit>
  114. <Limit Cancel-Job CUPS-Authenticate-Job>
  115. Require user @OWNER @SYSTEM
  116. Order deny,allow
  117. </Limit>
  118. <Limit All>
  119. Order deny,allow
  120. </Limit>
  121. </Policy>
  122. '';
  123. };
  124. # Enable sound.
  125. sound.enable = true;
  126. hardware.pulseaudio.enable = true;
  127. # PulseAudio as-a-Service
  128. hardware.pulseaudio.systemWide = true;
  129. hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
  130. "127.0.0.0/8" "::1/128"
  131. "172.22.99.0/24" "2a02:8106:208:5201:58::/64"
  132. ];
  133. hardware.pulseaudio.tcp.enable = true;
  134. hardware.pulseaudio.zeroconf.publish.enable = true;
  135. # tell Avahi to publish CUPS and PulseAudio
  136. services.avahi = {
  137. enable = true;
  138. publish.enable = true;
  139. publish.userServices = true;
  140. };
  141. # Enable Audio streaming for Mac clients
  142. services.shairport-sync.enable = true;
  143. # Enable the X11 windowing system.
  144. # services.xserver.enable = true;
  145. # services.xserver.layout = "us";
  146. # services.xserver.xkbOptions = "eurosign:e";
  147. # Enable touchpad support.
  148. # services.xserver.libinput.enable = true;
  149. # Enable the KDE Desktop Environment.
  150. # services.xserver.displayManager.sddm.enable = true;
  151. # services.xserver.desktopManager.plasma5.enable = true;
  152. security.sudo = {
  153. enable = true;
  154. wheelNeedsPassword = false;
  155. };
  156. # This value determines the NixOS release with which your system is to be
  157. # compatible, in order to avoid breaking some software such as database
  158. # servers. You should change this only after NixOS release notes say you
  159. # should.
  160. system.stateVersion = "18.09"; # Did you read the comment?
  161. # vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
  162. #### https://nixos.org/nixos/options.html#services.mpd.enable
  163. services.mpd = {
  164. enable=true;
  165. dbFile = null;
  166. network.listenAddress = "any";
  167. musicDirectory = "/mnt/storage/Music";
  168. #### musicDirectory = "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music";
  169. extraConfig = ''
  170. #### music_directory "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music"
  171. ####
  172. audio_output {
  173. type "pulse"
  174. name "/proc"
  175. }
  176. audio_output {
  177. type "pulse"
  178. name "SDK"
  179. server "dacbert.hq.c3d2.de"
  180. }
  181. #### mpd startet bei der option nicht mehr
  182. database {
  183. plugin "proxy"
  184. #### vater was here!
  185. #### jail (auf storage)
  186. #### externe erstellung der datenbank von mpd in der naehe der ablage der daten
  187. host "172.22.99.98"
  188. }
  189. #### ausschalten der automatischen aktualisierung der datenbank von mpd
  190. #### angeblich gibt es 2019-02-13 probleme, die zum absturz vom dienst mpd fuehren
  191. #### wenn das problem behoben ist, dann kann die option wieder entfernt werden
  192. auto_update "no"
  193. '';
  194. };
  195. # mpd likes to crash a lot while indexing, so...
  196. systemd.services.mpd.serviceConfig.Restart="on-failure";
  197. services.caddy = {
  198. enable = true;
  199. agree = true;
  200. # TODO: add auth?
  201. config = ''
  202. ${mpdVhost} {
  203. proxy / localhost:${toString ympdPort}
  204. }
  205. :80 {
  206. redir https://${mpdVhost}{uri}
  207. }
  208. '';
  209. };
  210. fileSystems."/mnt/storage" = {
  211. device = "storage.hq.c3d2.de:/mnt/zroot/storage/rpool";
  212. fsType = "nfs";
  213. };
  214. #### nur zum spielen mit dem bereitstellen von einer per nfs angebundenen datei als datenbank fuer mpd
  215. fileSystems."/mnt/service-data/mpd_index" = {
  216. device = "storage.hq.c3d2.de:/mnt/zroot/iocage/jails/mpd_index/root/var/mpd/.mpd";
  217. fsType = "nfs";
  218. };
  219. # MPD music playing daemon with webinterface
  220. services.ympd = {
  221. enable = true;
  222. webPort = toString ympdPort;
  223. };
  224. nixpkgs.config.packageOverrides = pkgs: with pkgs; {
  225. ympd = ympd.overrideAttrs (oldAttrs: {
  226. src = fetchFromGitHub {
  227. owner = "c3d2";
  228. repo = "ympd";
  229. rev = "feature/somafm_browser";
  230. sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
  231. };
  232. });
  233. };
  234. }