2019-01-06 16:11:23 +01:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
|
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
2019-02-13 19:13:22 +01:00
|
|
|
|
let
|
|
|
|
|
ympdPort = 8080;
|
|
|
|
|
mpdVhost = "mpd.hq.c3d2.de";
|
|
|
|
|
in {
|
2020-01-20 14:24:31 +01:00
|
|
|
|
imports = [ # Include the results of the hardware scan.
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
../../lib
|
|
|
|
|
../../lib/admins.nix
|
|
|
|
|
../../lib/hq.nix
|
2020-01-18 18:00:19 +01:00
|
|
|
|
./mpdConsole.nix
|
2020-01-20 14:24:31 +01:00
|
|
|
|
];
|
2019-01-06 16:11:23 +01:00
|
|
|
|
|
2019-12-03 17:03:48 +01:00
|
|
|
|
c3d2 = {
|
2020-01-26 15:43:20 +01:00
|
|
|
|
users = {
|
|
|
|
|
emery = true;
|
|
|
|
|
k-ot = true;
|
|
|
|
|
};
|
2019-12-03 17:03:48 +01:00
|
|
|
|
isInHq = true;
|
|
|
|
|
mapHqHosts = true;
|
2020-01-26 13:49:39 +01:00
|
|
|
|
hq = {
|
|
|
|
|
interface = "eno1";
|
|
|
|
|
enableMpdProxy = true;
|
2020-04-21 13:44:42 +02:00
|
|
|
|
yggdrasi.enableGateway = true;
|
2020-01-26 13:49:39 +01:00
|
|
|
|
};
|
2020-01-20 14:24:31 +01:00
|
|
|
|
enableHail = true;
|
2019-12-03 17:03:48 +01:00
|
|
|
|
};
|
|
|
|
|
|
2019-01-06 16:11:23 +01:00
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
2019-04-07 21:27:49 +02:00
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_4_19;
|
2019-01-06 16:11:23 +01:00
|
|
|
|
|
|
|
|
|
networking.hostName = "pulsebert"; # Define your hostname.
|
|
|
|
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
|
|
|
|
|
|
|
|
|
# Configure network proxy if necessary
|
|
|
|
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
|
|
|
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n = {
|
|
|
|
|
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
|
|
|
|
consoleKeyMap = "us";
|
|
|
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
# specific printer drivers for our printers
|
|
|
|
|
epson-escpr
|
|
|
|
|
splix
|
|
|
|
|
# utilities
|
|
|
|
|
nix-index
|
2019-01-06 16:45:43 +01:00
|
|
|
|
usbutils
|
2019-01-06 16:11:23 +01:00
|
|
|
|
tmux
|
|
|
|
|
vim
|
2019-02-09 17:12:27 +01:00
|
|
|
|
git
|
2019-02-17 17:13:22 +01:00
|
|
|
|
openssl
|
2019-02-09 17:12:27 +01:00
|
|
|
|
# NCurses Music Player Client (Plus Plus)
|
|
|
|
|
# a commandline front-end client for mpd
|
|
|
|
|
# 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
|
|
|
|
|
# ncmpcpp
|
|
|
|
|
home-manager
|
|
|
|
|
mumble
|
2019-06-22 15:55:17 +02:00
|
|
|
|
ncpamixer
|
2019-07-02 21:41:35 +02:00
|
|
|
|
ffmpeg
|
2019-01-06 16:11:23 +01:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are
|
|
|
|
|
# started in user sessions.
|
|
|
|
|
# programs.mtr.enable = true;
|
|
|
|
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
|
|
|
|
|
|
|
|
|
# List services that you want to enable:
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
2019-02-09 17:12:27 +01:00
|
|
|
|
# X11 Forwarding for mumble...
|
|
|
|
|
programs.ssh.forwardX11 = true;
|
|
|
|
|
services.openssh.forwardX11 = true;
|
|
|
|
|
|
2019-01-06 16:11:23 +01:00
|
|
|
|
# Open ports in the firewall.
|
2019-01-06 16:45:43 +01:00
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
4713 # PulseAudio
|
2019-02-09 17:12:27 +01:00
|
|
|
|
631 # cups
|
2020-02-28 21:24:38 +01:00
|
|
|
|
80
|
|
|
|
|
443 # Web/ympd
|
2019-04-07 21:27:32 +02:00
|
|
|
|
5000 # shairport
|
2020-02-28 21:24:38 +01:00
|
|
|
|
config.services.mpd.network.port
|
2019-01-06 16:45:43 +01:00
|
|
|
|
];
|
2020-02-28 21:24:38 +01:00
|
|
|
|
networking.firewall.allowedUDPPorts = [ 631 ];
|
2019-02-17 17:13:22 +01:00
|
|
|
|
networking.firewall.extraCommands = ''
|
2020-02-28 21:24:38 +01:00
|
|
|
|
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
|
|
|
|
|
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
|
|
|
|
|
''; # networking.firewall.allowedUDPPorts = [ ... ];
|
2019-01-06 16:11:23 +01:00
|
|
|
|
# Or disable the firewall altogether.
|
|
|
|
|
# networking.firewall.enable = false;
|
|
|
|
|
|
|
|
|
|
# Enable CUPS to print documents.
|
2019-02-17 17:13:22 +01:00
|
|
|
|
services.printing = {
|
|
|
|
|
enable = true;
|
|
|
|
|
browsing = true;
|
|
|
|
|
listenAddresses = [ "*:631" ];
|
|
|
|
|
defaultShared = true;
|
|
|
|
|
# logLevel = "debug";
|
|
|
|
|
drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
|
|
|
|
|
extraConf =
|
|
|
|
|
''
|
|
|
|
|
DefaultAuthType Basic
|
|
|
|
|
<Location />
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow ALL
|
|
|
|
|
</Location>
|
|
|
|
|
<Location /admin>
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow ALL
|
|
|
|
|
</Location>
|
|
|
|
|
<Location /admin/conf>
|
|
|
|
|
AuthType Basic
|
|
|
|
|
Require user @SYSTEM
|
|
|
|
|
Order allow,deny
|
|
|
|
|
Allow ALL
|
|
|
|
|
</Location>
|
|
|
|
|
<Policy default>
|
|
|
|
|
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
|
|
|
|
|
Require user @OWNER @SYSTEM
|
|
|
|
|
Order deny,allow
|
|
|
|
|
</Limit>
|
|
|
|
|
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
|
|
|
|
|
AuthType Basic
|
|
|
|
|
Require user @SYSTEM
|
|
|
|
|
Order deny,allow
|
|
|
|
|
</Limit>
|
|
|
|
|
<Limit Cancel-Job CUPS-Authenticate-Job>
|
|
|
|
|
Require user @OWNER @SYSTEM
|
|
|
|
|
Order deny,allow
|
|
|
|
|
</Limit>
|
|
|
|
|
<Limit All>
|
|
|
|
|
Order deny,allow
|
|
|
|
|
</Limit>
|
|
|
|
|
</Policy>
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
};
|
2019-01-06 16:11:23 +01:00
|
|
|
|
|
|
|
|
|
# Enable sound.
|
|
|
|
|
sound.enable = true;
|
|
|
|
|
hardware.pulseaudio.enable = true;
|
2019-01-06 16:45:43 +01:00
|
|
|
|
# PulseAudio as-a-Service
|
|
|
|
|
hardware.pulseaudio.systemWide = true;
|
2019-02-09 17:12:27 +01:00
|
|
|
|
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
|
|
|
|
|
"127.0.0.0/8" "::1/128"
|
|
|
|
|
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
|
|
|
|
|
];
|
2019-01-06 16:45:43 +01:00
|
|
|
|
hardware.pulseaudio.tcp.enable = true;
|
|
|
|
|
hardware.pulseaudio.zeroconf.publish.enable = true;
|
|
|
|
|
|
|
|
|
|
# tell Avahi to publish CUPS and PulseAudio
|
|
|
|
|
services.avahi = {
|
|
|
|
|
enable = true;
|
|
|
|
|
publish.enable = true;
|
|
|
|
|
publish.userServices = true;
|
|
|
|
|
};
|
2019-01-06 16:11:23 +01:00
|
|
|
|
|
2019-04-07 21:27:32 +02:00
|
|
|
|
# Enable Audio streaming for Mac clients
|
|
|
|
|
services.shairport-sync.enable = true;
|
|
|
|
|
|
2019-01-06 16:11:23 +01:00
|
|
|
|
# Enable the X11 windowing system.
|
|
|
|
|
# services.xserver.enable = true;
|
|
|
|
|
# services.xserver.layout = "us";
|
|
|
|
|
# services.xserver.xkbOptions = "eurosign:e";
|
|
|
|
|
|
|
|
|
|
# Enable touchpad support.
|
|
|
|
|
# services.xserver.libinput.enable = true;
|
|
|
|
|
|
|
|
|
|
# Enable the KDE Desktop Environment.
|
|
|
|
|
# services.xserver.displayManager.sddm.enable = true;
|
|
|
|
|
# services.xserver.desktopManager.plasma5.enable = true;
|
|
|
|
|
|
2020-03-25 18:59:48 +01:00
|
|
|
|
security.pam.enableSSHAgentAuth = true;
|
2019-02-09 17:12:27 +01:00
|
|
|
|
security.sudo = {
|
|
|
|
|
enable = true;
|
|
|
|
|
wheelNeedsPassword = false;
|
|
|
|
|
};
|
|
|
|
|
|
2020-03-25 18:59:48 +01:00
|
|
|
|
users.users.k-ot.extraGroups = [ "wheel" ];
|
|
|
|
|
|
2019-01-06 16:11:23 +01:00
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
|
# should.
|
|
|
|
|
system.stateVersion = "18.09"; # Did you read the comment?
|
|
|
|
|
|
2019-02-10 00:25:12 +01:00
|
|
|
|
# vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
|
|
|
|
|
#### https://nixos.org/nixos/options.html#services.mpd.enable
|
2019-07-02 21:41:35 +02:00
|
|
|
|
# See ../../mpd.nix
|
2020-02-28 21:24:38 +01:00
|
|
|
|
services.mpd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
dbFile = null;
|
|
|
|
|
musicDirectory = "/mnt/storage/Music";
|
|
|
|
|
playlistDirectory = "/home/k-ot/Playlists";
|
|
|
|
|
network.listenAddress = "any";
|
|
|
|
|
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
audio_output {
|
|
|
|
|
type "pulse"
|
|
|
|
|
name "/proc"
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
2019-02-13 19:12:07 +01:00
|
|
|
|
|
2019-02-11 00:55:37 +01:00
|
|
|
|
services.caddy = {
|
|
|
|
|
enable = true;
|
|
|
|
|
agree = true;
|
|
|
|
|
# TODO: add auth?
|
|
|
|
|
config = ''
|
2020-01-26 13:49:39 +01:00
|
|
|
|
${mpdVhost} {
|
|
|
|
|
proxy / localhost:${toString ympdPort}
|
|
|
|
|
}
|
2019-02-13 19:13:22 +01:00
|
|
|
|
|
2020-01-26 13:49:39 +01:00
|
|
|
|
:80 {
|
|
|
|
|
redir https://${mpdVhost}{uri}
|
|
|
|
|
}
|
2019-02-11 00:55:37 +01:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2019-02-13 19:12:07 +01:00
|
|
|
|
fileSystems."/mnt/storage" = {
|
2019-07-02 21:41:35 +02:00
|
|
|
|
#device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool";
|
|
|
|
|
#device = "storage-ng.hq.c3d2.de:/c3d2/rpool";
|
2020-01-26 13:49:39 +01:00
|
|
|
|
device =
|
|
|
|
|
"172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool";
|
2019-07-02 21:41:35 +02:00
|
|
|
|
fsType = "ceph";
|
2020-01-26 13:49:39 +01:00
|
|
|
|
options = [
|
|
|
|
|
"rw"
|
|
|
|
|
"relatime"
|
|
|
|
|
"name=public"
|
|
|
|
|
"secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ=="
|
|
|
|
|
"acl"
|
|
|
|
|
"wsize=16777216"
|
|
|
|
|
"_netdev"
|
|
|
|
|
];
|
2019-02-13 19:12:07 +01:00
|
|
|
|
};
|
|
|
|
|
|
2019-02-10 00:25:12 +01:00
|
|
|
|
# MPD music playing daemon with webinterface
|
|
|
|
|
services.ympd = {
|
|
|
|
|
enable = true;
|
2019-02-13 19:13:22 +01:00
|
|
|
|
webPort = toString ympdPort;
|
2019-02-10 00:25:12 +01:00
|
|
|
|
};
|
2019-02-19 23:47:54 +01:00
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
|
|
|
|
ympd = ympd.overrideAttrs (oldAttrs: {
|
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
|
owner = "c3d2";
|
|
|
|
|
repo = "ympd";
|
|
|
|
|
rev = "feature/somafm_browser";
|
2019-04-07 21:07:39 +02:00
|
|
|
|
sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
|
2019-02-19 23:47:54 +01:00
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
};
|
2019-09-16 23:50:52 +02:00
|
|
|
|
programs.bash.shellAliases = {
|
|
|
|
|
mpv = "mpv --no-vid";
|
|
|
|
|
};
|
2020-01-18 16:25:26 +01:00
|
|
|
|
|
|
|
|
|
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
2019-01-06 16:11:23 +01:00
|
|
|
|
}
|