nix-config/hosts/pulsebert/default.nix

{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
  ];

  c3d2 = {
    isInHq = true;
    mergeHostsFile = true;
    hq.interface = "eth0";
    hq.statistics.enable = true;
    k-ot.enable = true;
    audioServer.enable = true;
  };

  boot = {
    growPartition = true;
    # kernelPackages = pkgs.linuxKernel.packages.linux_5_15;
    kernelParams = [ "console=tty0" ];
    loader.grub.enable = false;
    loader.efi.canTouchEfiVariables = true;
    supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
    tmpOnTmpfs = true;
  };

  hardware = {
    bluetooth.enable = true;
    deviceTree = {
      enable = true;
      kernelPackage = config.boot.kernelPackages.kernel;
    };
    enableRedistributableFirmware = true;
  };

  nix = {
    settings = {
      cores = 2;
      max-jobs = 1;
    };
  };

  nixpkgs.config.packageOverrides = pkgs: {
    makeModulesClosure = x:
      # prevent kernel install fail due to missing modules
      pkgs.makeModulesClosure (x // { allowMissing = true; });
  };

  networking = {
    firewall = {
      allowedTCPPorts = [
        # nginx
        80 443
        # pulseaudio/pipewire network sync
        4713
        # llmnr
        5355
      ];
      allowedUDPPorts = [
        # mdns
        5353
        # llmnr
        5355
      ];
    };
    hostName = "pulsebert";
    useDHCP = false;
    interfaces = {
      eth0.useDHCP = true;
    };
  };

  environment.systemPackages = with pkgs; [
    mpd
    mpv
    ncmpcpp
    ncpamixer
    pulseaudio # required for pactl
  ];

  programs.tmux.enable = true;

  # https://github.com/dump-dvb/nix-config/blob/310ceedca5ab2d5c22070bd73c603926b6100a74/hardware/configuration-rpi-3b.nix#L16
  sdImage = lib.mkForce {
    populateFirmwareCommands = let
      configTxt = pkgs.writeText "config.txt" ''
        [pi3]
        kernel=u-boot-rpi3.bin
        hdmi_force_hotplug=1
        [pi02]
        kernel=u-boot-rpi3.bin
        [pi4]
        kernel=u-boot-rpi4.bin
        enable_gic=1
        armstub=armstub8-gic.bin
        # Otherwise the resolution will be weird in most cases, compared to
        # what the pi3 firmware does by default.
        disable_overscan=1
        # Supported in newer board revisions
        arm_boost=1
        [cm4]
        # Enable host mode on the 2711 built-in XHCI USB controller.
        # This line should be removed if the legacy DWC2 controller is required
        # (e.g. for USB device mode) or if USB support is not required.
        otg_mode=1
        [all]
        # Boot in 64-bit mode.
        arm_64bit=1
        # U-Boot needs this to work, regardless of whether UART is actually used or not.
        # Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still
        # a requirement in the future.
        enable_uart=1
        # Prevent the firmware from smashing the framebuffer setup done by the mainline kernel
        # when attempting to show low-voltage or overtemperature warnings.
        avoid_warnings=1
      '';
      in ''
        (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/)
        # Add the config
        cp ${configTxt} firmware/config.txt
        # Add pi3 specific files
        cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin
        # Add pi4 specific files
        cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin
        cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin
        cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/
        cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/
        cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/
        cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/
      '';
    populateRootCommands = ''
      mkdir -p ./files/boot
      ${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot
    '';
  };

  security = {
    rtkit.enable = true;
    sudo = {
      enable = true;
      wheelNeedsPassword = false;
    };
  };

  users.users = lib.mkMerge [
    (lib.optionalAttrs config.services.octoprint.enable {
      # Allow access to printer serial port and GPIO
      "${config.services.octoprint.user}".extraGroups = [ "dialout" ];
    })
    { }
  ];

  services = {
    # Do not log to flash but also breaks journalctl --user
    # journald.extraConfig = ''
    #   Storage=volatile
    # '';

    openssh = {
      enable = true;
    };

    nginx = {
      enable = true;
      virtualHosts = {
        "drkkr.hq.c3d2.de" = {
          default = true;
          enableACME = true;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_set_header X-Scheme $scheme;
              proxy_set_header Accept-Encoding identity;
              client_max_body_size 2000M;
            '';
          };
          locations."/cam/stream" = {
            proxyPass = "http://localhost:3020/?action=stream";
            extraConfig = "proxy_pass_request_headers off;";
          };
          locations."/cam/capture" = {
            proxyPass = "http://localhost:3020/?action=snapshot";
            extraConfig = "proxy_pass_request_headers off;";
          };
        };
      };
    };

    octoprint = rec {
      enable = true;
      port = 8080;
      extraConfig.webcam = {
        snapshot = "http://localhost:3020?action=snapshot";
        stream = "https://drkkr.hq.c3d2.de/cam/stream";
      };
      # plugins = let
      #   python = pkgs.octoprint.python;

      #   octoprint-filament-sensor-universal = python.pkgs.buildPythonPackage rec {
      #     pname = "OctoPrint-Filament-Sensor-Universal";
      #     version = "1.0.0";

      #     src = pkgs.fetchFromGitHub {
      #       owner = "lopsided98";
      #       repo = pname;
      #       rev = "8a72696867a9a008c5a79b49a9b029a4fc426720";
      #       sha256 = "1a7lzmjbwx47qhrkjp3hggiwnx172x4axcz0labm9by17zxlsimr";
      #     };

      #     propagatedBuildInputs = [ pkgs.octoprint python.pkgs.libgpiod ];
      #   };
      # #in p: [ octoprint-filament-sensor-universal ];
      # in p: [];
    };
  };

  system.stateVersion = "22.11";
}
Switch to pipewire 2021-09-20 22:26:37 +02:00			`{ config, lib, pkgs, ... }:`
add new pulsebert 2020-06-19 19:05:46 +02:00
Revert to pulseaudio until pipewire works systemwide 2021-09-22 22:24:05 +02:00			`{`
			`imports = [`
Flakify pulsebert 2021-02-22 13:21:31 +01:00			`./hardware-configuration.nix`
Use modulesPath where appropriate 2020-08-04 17:15:07 +02:00			`];`
add new pulsebert 2020-06-19 19:05:46 +02:00
The big format and cleanup 2022-06-12 17:26:32 +02:00			`c3d2 = {`
Pulsebert: install mpd but not as a service 2021-02-23 20:13:13 +01:00			`isInHq = true;`
Replace mapHqHosts and mapPublicHosts with mergeHostsFile 2022-01-18 23:07:39 +01:00			`mergeHostsFile = true;`
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`hq.interface = "eth0";`
pulsebert: enable statistics 2021-09-28 00:28:51 +02:00			`hq.statistics.enable = true;`
Refactor k-ot user 2022-01-16 12:25:04 +01:00			`k-ot.enable = true;`
pulsebert: add bluetooth workarounds 2022-03-29 22:53:12 +02:00			`audioServer.enable = true;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`

Format 2021-09-07 21:13:41 +02:00			`boot = {`
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`growPartition = true;`
			`# kernelPackages = pkgs.linuxKernel.packages.linux_5_15;`
			`kernelParams = [ "console=tty0" ];`
Cleanup dell tests leftovers 2022-09-12 22:24:11 +02:00			`loader.grub.enable = false;`
Switch pulsebert to dell mini 2022-08-24 00:32:00 +02:00			`loader.efi.canTouchEfiVariables = true;`
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];`
Format 2021-09-07 21:13:41 +02:00			`tmpOnTmpfs = true;`
			`};`
The big format and cleanup 2022-06-12 17:26:32 +02:00
pulsebert: disable bluetooth there is no wireless hardware on the new hardware 2022-08-24 01:17:52 +02:00			`hardware = {`
Cleanup dell tests leftovers 2022-09-12 22:24:11 +02:00			`bluetooth.enable = true;`
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`deviceTree = {`
			`enable = true;`
			`kernelPackage = config.boot.kernelPackages.kernel;`
			`};`
pulsebert: disable bluetooth there is no wireless hardware on the new hardware 2022-08-24 01:17:52 +02:00			`enableRedistributableFirmware = true;`
			`};`
Pulsebert: install mpd but not as a service 2021-02-23 20:13:13 +01:00
Format 2021-09-07 21:13:41 +02:00			`nix = {`
Switch pulsebert to pipewire 🎉 2022-09-25 19:47:58 +02:00			`settings = {`
			`cores = 2;`
			`max-jobs = 1;`
			`};`
Format 2021-09-07 21:13:41 +02:00			`};`
add new pulsebert 2020-06-19 19:05:46 +02:00
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`nixpkgs.config.packageOverrides = pkgs: {`
			`makeModulesClosure = x:`
			`# prevent kernel install fail due to missing modules`
			`pkgs.makeModulesClosure (x // { allowMissing = true; });`
			`};`

Format 2021-09-07 21:13:41 +02:00			`networking = {`
Try getting firewall to work somehow allowing ports does not have any effect. Probably related to the Pi not being reboot save. 2022-08-21 22:28:26 +02:00			`firewall = {`
			`allowedTCPPorts = [`
Format 2022-12-18 23:47:42 +01:00			`# nginx`
			`80 443`
			`# pulseaudio/pipewire network sync`
			`4713`
			`# llmnr`
			`5355`
Try getting firewall to work somehow allowing ports does not have any effect. Probably related to the Pi not being reboot save. 2022-08-21 22:28:26 +02:00			`];`
			`allowedUDPPorts = [`
Format 2022-12-18 23:47:42 +01:00			`# mdns`
			`5353`
			`# llmnr`
			`5355`
Try getting firewall to work somehow allowing ports does not have any effect. Probably related to the Pi not being reboot save. 2022-08-21 22:28:26 +02:00			`];`
			`};`
			`hostName = "pulsebert";`
Format 2021-09-07 21:13:41 +02:00			`useDHCP = false;`
Try getting firewall to work somehow allowing ports does not have any effect. Probably related to the Pi not being reboot save. 2022-08-21 22:28:26 +02:00			`interfaces = {`
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`eth0.useDHCP = true;`
Try getting firewall to work somehow allowing ports does not have any effect. Probably related to the Pi not being reboot save. 2022-08-21 22:28:26 +02:00			`};`
Format 2021-09-07 21:13:41 +02:00			`};`
add new pulsebert 2020-06-19 19:05:46 +02:00
Put a non-authoritative DHCP server on Pulsebert DHCP is an essential service and Pulsebert is more reliable than anything in proxmox. 2021-02-24 14:16:42 +01:00			`environment.systemPackages = with pkgs; [`
			`mpd`
add mpv 2021-09-07 21:13:51 +02:00			`mpv`
Put a non-authoritative DHCP server on Pulsebert DHCP is an essential service and Pulsebert is more reliable than anything in proxmox. 2021-02-24 14:16:42 +01:00			`ncmpcpp`
pulsebert: add ncpamixer 2021-09-06 20:50:09 +02:00			`ncpamixer`
Switch to pipewire 2021-09-20 22:26:37 +02:00			`pulseaudio # required for pactl`
Put a non-authoritative DHCP server on Pulsebert DHCP is an essential service and Pulsebert is more reliable than anything in proxmox. 2021-02-24 14:16:42 +01:00			`];`
add new pulsebert 2020-06-19 19:05:46 +02:00
enable tmux 2021-09-07 21:14:00 +02:00			`programs.tmux.enable = true;`
add new pulsebert 2020-06-19 19:05:46 +02:00
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`# https://github.com/dump-dvb/nix-config/blob/310ceedca5ab2d5c22070bd73c603926b6100a74/hardware/configuration-rpi-3b.nix#L16`
			`sdImage = lib.mkForce {`
			`populateFirmwareCommands = let`
			`configTxt = pkgs.writeText "config.txt" ''`
			`[pi3]`
			`kernel=u-boot-rpi3.bin`
			`hdmi_force_hotplug=1`
			`[pi02]`
			`kernel=u-boot-rpi3.bin`
			`[pi4]`
			`kernel=u-boot-rpi4.bin`
			`enable_gic=1`
			`armstub=armstub8-gic.bin`
			`# Otherwise the resolution will be weird in most cases, compared to`
			`# what the pi3 firmware does by default.`
			`disable_overscan=1`
			`# Supported in newer board revisions`
			`arm_boost=1`
			`[cm4]`
			`# Enable host mode on the 2711 built-in XHCI USB controller.`
			`# This line should be removed if the legacy DWC2 controller is required`
			`# (e.g. for USB device mode) or if USB support is not required.`
			`otg_mode=1`
			`[all]`
			`# Boot in 64-bit mode.`
			`arm_64bit=1`
			`# U-Boot needs this to work, regardless of whether UART is actually used or not.`
			`# Look in arch/arm/mach-bcm283x/Kconfig in the U-Boot tree to see if this is still`
			`# a requirement in the future.`
			`enable_uart=1`
			`# Prevent the firmware from smashing the framebuffer setup done by the mainline kernel`
			`# when attempting to show low-voltage or overtemperature warnings.`
			`avoid_warnings=1`
			`'';`
			`in ''`
			`(cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup.dat start.elf $NIX_BUILD_TOP/firmware/)`
			`# Add the config`
			`cp ${configTxt} firmware/config.txt`
			`# Add pi3 specific files`
			`cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin`
			`# Add pi4 specific files`
			`cp ${pkgs.ubootRaspberryPi4_64bit}/u-boot.bin firmware/u-boot-rpi4.bin`
			`cp ${pkgs.raspberrypi-armstubs}/armstub8-gic.bin firmware/armstub8-gic.bin`
			`cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-4-b.dtb firmware/`
			`cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-400.dtb firmware/`
			`cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4.dtb firmware/`
			`cp ${pkgs.raspberrypifw}/share/raspberrypi/boot/bcm2711-rpi-cm4s.dtb firmware/`
			`'';`
			`populateRootCommands = ''`
			`mkdir -p ./files/boot`
			`${config.boot.loader.generic-extlinux-compatible.populateCmd} -c ${config.system.build.toplevel} -d ./files/boot`
			`'';`
			`};`

pulsebert: enable rtkit 2022-07-08 22:03:31 +02:00			`security = {`
			`rtkit.enable = true;`
			`sudo = {`
			`enable = true;`
			`wheelNeedsPassword = false;`
			`};`
add new pulsebert 2020-06-19 19:05:46 +02:00			`};`

Don't error if octoprint is disabled for testing 2022-08-21 22:10:01 +02:00			`users.users = lib.mkMerge [`
			`(lib.optionalAttrs config.services.octoprint.enable {`
			`# Allow access to printer serial port and GPIO`
			`"${config.services.octoprint.user}".extraGroups = [ "dialout" ];`
			`})`
pulsebert: back to pi 2022-09-04 13:13:59 +02:00			`{ }`
Don't error if octoprint is disabled for testing 2022-08-21 22:10:01 +02:00			`];`
The big format and cleanup 2022-06-12 17:26:32 +02:00
pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`services = {`
pulsebert: fix journalctl --user 2022-09-25 19:24:41 +02:00			`# Do not log to flash but also breaks journalctl --user`
			`# journald.extraConfig = ''`
			`# Storage=volatile`
			`# '';`
The big format and cleanup 2022-06-12 17:26:32 +02:00
Format 2021-09-07 21:13:41 +02:00			`openssh = {`
pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`enable = true;`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`

pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`nginx = {`
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`enable = true;`
pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`virtualHosts = {`
			`"drkkr.hq.c3d2.de" = {`
			`default = true;`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
Dedupe octoprint port 2022-08-21 22:09:39 +02:00			`proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";`
pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`proxyWebsockets = true;`
			`extraConfig = ''`
			`proxy_set_header X-Scheme $scheme;`
			`proxy_set_header Accept-Encoding identity;`
increase body size on pulsebert 2021-04-09 17:37:27 +02:00			`client_max_body_size 2000M;`
pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`'';`
			`};`
pulsebert: double-proxy the espCam 2021-01-28 01:04:49 +01:00			`locations."/cam/stream" = {`
pulsebert: remove mjpeg-proxy 2021-02-25 17:50:15 +01:00			`proxyPass = "http://localhost:3020/?action=stream";`
pulsebert: double-proxy the espCam 2021-01-28 01:04:49 +01:00			`extraConfig = "proxy_pass_request_headers off;";`
			`};`
			`locations."/cam/capture" = {`
pulsebert: remove mjpeg-proxy 2021-02-25 17:50:15 +01:00			`proxyPass = "http://localhost:3020/?action=snapshot";`
pulsebert: double-proxy the espCam 2021-01-28 01:04:49 +01:00			`extraConfig = "proxy_pass_request_headers off;";`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
pulsebert: double-proxy the espCam 2021-01-28 01:04:49 +01:00			`};`
pulsebert: serve drkkr.hq.c3d2.de 2020-12-10 17:26:47 +01:00			`};`
			`};`
add new pulsebert 2020-06-19 19:05:46 +02:00
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`octoprint = rec {`
			`enable = true;`
Dedupe octoprint port 2022-08-21 22:09:39 +02:00			`port = 8080;`
pulsebert: remove mjpeg-proxy 2021-02-25 17:50:15 +01:00			`extraConfig.webcam = {`
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`snapshot = "http://localhost:3020?action=snapshot";`
pulsebert: remove mjpeg-proxy 2021-02-25 17:50:15 +01:00			`stream = "https://drkkr.hq.c3d2.de/cam/stream";`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`# plugins = let`
			`# python = pkgs.octoprint.python;`
The big format and cleanup 2022-06-12 17:26:32 +02:00
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`# octoprint-filament-sensor-universal = python.pkgs.buildPythonPackage rec {`
Run statix fix 2021-10-31 19:00:03 +01:00			`# pname = "OctoPrint-Filament-Sensor-Universal";`
			`# version = "1.0.0";`
The big format and cleanup 2022-06-12 17:26:32 +02:00
Run statix fix 2021-10-31 19:00:03 +01:00			`# src = pkgs.fetchFromGitHub {`
			`# owner = "lopsided98";`
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`# repo = pname;`
			`# rev = "8a72696867a9a008c5a79b49a9b029a4fc426720";`
			`# sha256 = "1a7lzmjbwx47qhrkjp3hggiwnx172x4axcz0labm9by17zxlsimr";`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`# };`

Run statix fix 2021-10-31 19:00:03 +01:00			`# propagatedBuildInputs = [ pkgs.octoprint python.pkgs.libgpiod ];`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`# };`
Run statix fix 2021-10-31 19:00:03 +01:00			`# #in p: [ octoprint-filament-sensor-universal ];`
pulsebert: update to nixos-20.09 + working octoprint 2020-12-10 15:24:45 +01:00			`# in p: [];`
The big format and cleanup 2022-06-12 17:26:32 +02:00			`};`
pulsebert: replace espCam with usb cam 2021-02-25 17:32:24 +01:00			`};`

Switch pulsebert to dell mini 2022-08-24 00:32:00 +02:00			`system.stateVersion = "22.11";`
add new pulsebert 2020-06-19 19:05:46 +02:00			`}`