Merge branch 'master' of ssh://gitea.c3d2.de:2222/C3D2/nix-config
This commit is contained in:
commit
60f270224b
65
flake.lock
65
flake.lock
|
@ -1,39 +1,33 @@
|
|||
{
|
||||
"nodes": {
|
||||
"hydra": {
|
||||
"info": {
|
||||
"lastModified": 1587883324,
|
||||
"narHash": "sha256-WQxv9rrG2HX8j2UfXjifeBkMjgea3uIAEB3Swv+IIus="
|
||||
},
|
||||
"inputs": {
|
||||
"nix": "nix",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"owner": "ehmry",
|
||||
"lastModified": 1593509723,
|
||||
"narHash": "sha256-ESv86LNnQQy5cYqeC1S4otpvkA8ABgs/zbge8xp35aE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "hydra",
|
||||
"rev": "e93c36aab1bf96cf392ab0e40157b0620638b599",
|
||||
"rev": "d0deebc4fc95dbeb0249f7b774b03d366596fbed",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ehmry",
|
||||
"ref": "sotest",
|
||||
"repo": "hydra",
|
||||
"type": "github"
|
||||
"id": "hydra",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nix": {
|
||||
"info": {
|
||||
"lastModified": 1586440843,
|
||||
"narHash": "sha256-7YxrpRPmAOoCSl6KtepKCXcae5MUm1Pl+lwDunBFGoo="
|
||||
},
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1592818267,
|
||||
"narHash": "sha256-t66Ny6NDA9sQa0U79iqo4w7tEBitUGgio9U/H6z3QpE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nix",
|
||||
"rev": "3aaceeb7e2d3fb8a07a1aa5a21df1dca6bbaa0ef",
|
||||
"rev": "334e26bfc2ce82912602e8a0f9f9c7e0fb5c3221",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -42,14 +36,12 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"info": {
|
||||
"lastModified": 1585405475,
|
||||
"narHash": "sha256-bESW0n4KgPmZ0luxvwJ+UyATrC6iIltVCsGdLiphVeE="
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1591633336,
|
||||
"narHash": "sha256-oVXv4xAnDJB03LvZGbC72vSVlIbbJr8tpjEW5o/Fdek=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b88ff468e9850410070d4e0ccd68c7011f15b2be",
|
||||
"rev": "70717a337f7ae4e486ba71a500367cad697e5f09",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -59,14 +51,12 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"info": {
|
||||
"lastModified": 1586219474,
|
||||
"narHash": "sha256-fvfrMnEA2lDnXvH/eInGV5i0sO/EGLVHa4pOek8VG78="
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1592263354,
|
||||
"narHash": "sha256-1wHPn5qKfzfG06dZhpXDEg5Zt6HwvfyPPgW1tkYFejg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "29eddfc36d720dcc4822581175217543b387b1e8",
|
||||
"rev": "a84b797b28eb104db758b5cb2b61ba8face6744b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -75,31 +65,16 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"info": {
|
||||
"lastModified": 1586724123,
|
||||
"narHash": "sha256-VQ7zZy2xpz6dULpjar4jxNaQ0N/2q68l+EYO2nXaXDo="
|
||||
},
|
||||
"locked": {
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs-channels",
|
||||
"rev": "708cb6b307b04ad862cc50de792e57e7a4a8bb5a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-20.03",
|
||||
"repo": "nixpkgs-channels",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"hydra": "hydra",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
"nixpkgs": [
|
||||
"hydra",
|
||||
"nixpkgs"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 5
|
||||
"version": 7
|
||||
}
|
||||
|
|
23
flake.nix
23
flake.nix
|
@ -1,17 +1,18 @@
|
|||
{
|
||||
description = "C3D2 NixOS configurations";
|
||||
|
||||
edition = 201909;
|
||||
|
||||
inputs.nixpkgs.url = "github:nixos/nixpkgs-channels/nixos-20.03";
|
||||
inputs.hydra.url = "github:ehmry/hydra/sotest";
|
||||
inputs = {
|
||||
nixpkgs.follows = "hydra/nixpkgs";
|
||||
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
# secrets.url = "git+file:///etc/nixos/secrets";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, hydra }: {
|
||||
|
||||
nixosConfigurations = {
|
||||
|
||||
server7 = nixpkgs.lib.nixosSystem {
|
||||
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
|
||||
glotzbert = nixpkgs.lib.nixosSystem {
|
||||
modules = [ ./hosts/glotzbert/configuration.nix ];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
|
@ -20,8 +21,18 @@
|
|||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
kibana = nixpkgs.lib.nixosSystem {
|
||||
modules = [ ./hosts/containers/kibana/configuration.nix ];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
pulsebert = nixpkgs.lib.nixosSystem {
|
||||
modules = [ ./hosts/pulsebert/configuration.nix ];
|
||||
system = "aarch64-linux";
|
||||
};
|
||||
|
||||
server7 = nixpkgs.lib.nixosSystem {
|
||||
modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ rec {
|
|||
ledstripes = {};
|
||||
|
||||
glotzbert.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHPrkD07abpTU/66fEjmiMYsUfJCSF62MVFe8BED7wu4";
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
|
||||
|
||||
hydra.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
|
||||
|
|
|
@ -25,6 +25,9 @@
|
|||
htop
|
||||
];
|
||||
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.16"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
networking = {
|
||||
hostName = "deployer";
|
||||
# usePredictableInterfacenames = false;
|
||||
|
|
|
@ -31,7 +31,10 @@
|
|||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
interfaces = [ "eth0" ];
|
||||
extraConfig = builtins.readFile ../../../secrets/hosts/dhcp/config;
|
||||
extraConfig = ''
|
||||
authoritative;
|
||||
|
||||
'' + builtins.readFile ../../../secrets/hosts/dhcp/config;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
|
|
|
@ -30,8 +30,6 @@ in {
|
|||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
# for `vtysh`
|
||||
quagga
|
||||
];
|
||||
|
||||
# SSH for nixops
|
||||
|
@ -41,6 +39,12 @@ in {
|
|||
# No Firewalling!
|
||||
networking.firewall.enable = false;
|
||||
|
||||
boot.postBootCommands = ''
|
||||
if [ ! -c /dev/net/tun ]; then
|
||||
mkdir -p /dev/net
|
||||
mknod -m 666 /dev/net/tun c 10 200
|
||||
fi
|
||||
'';
|
||||
services.openvpn =
|
||||
let
|
||||
openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
|
||||
|
@ -63,7 +67,9 @@ in {
|
|||
secret ${keyfile name}
|
||||
'';
|
||||
up = ''
|
||||
${pkgs.iproute}/bin/ip a a fe80::deca:fbad/64 dev $1
|
||||
${pkgs.iproute}/bin/ip addr flush dev $1
|
||||
${pkgs.iproute}/bin/ip addr add ${address4} dev ${name} peer ${conf.address4}/32
|
||||
${pkgs.iproute}/bin/ip addr add ${address6}/64 dev $1
|
||||
'';
|
||||
};
|
||||
in {
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.8"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
services.resolved.enable = false;
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
@ -73,6 +74,7 @@
|
|||
"::1/128"
|
||||
"172.20.72.0/21"
|
||||
"10.0.0.0/24"
|
||||
"10.200.0.0/15"
|
||||
"172.22.99.0/24"
|
||||
"127.0.0.0/8"
|
||||
];
|
||||
|
@ -217,7 +219,7 @@
|
|||
Exec "collectd" "${pkgs.ruby}/bin/ruby" "${unboundScript}"
|
||||
'';
|
||||
network = ''
|
||||
Server "grafana.hq.c3d2.de" "25826"
|
||||
Server "grafana.serv.zentralwerk.dn42" "25826"
|
||||
'';
|
||||
};
|
||||
extraConfig = ''
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
|
||||
networking = {
|
||||
hostName = "elastic1";
|
||||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.15"; prefixLength = 26; } ];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
|
|
|
@ -56,7 +56,7 @@ stdenv.mkDerivation {
|
|||
--replace awk ${gawk}/bin/awk
|
||||
'' +
|
||||
lib.strings.concatStrings (lib.attrsets.mapAttrsToList (
|
||||
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(nvram get ${var})"} '${value}'\n"
|
||||
var: value: "substituteInPlace sysinfo-json.cgi --replace ${lib.strings.escapeShellArg "$(uci -qX get ffdd.sys.${var})"} '${value}'\n"
|
||||
) nvram);
|
||||
installPhase = ''
|
||||
pwd
|
||||
|
|
|
@ -1,24 +1,22 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
isInHq = true;
|
||||
hq.interface = "eth0";
|
||||
enableHail = true;
|
||||
};
|
||||
c3d2.isInHq = false;
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
networking.hostName = "grafana";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.43"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
# http https influxdb
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 8086 ];
|
||||
|
@ -39,7 +37,7 @@
|
|||
enable = true;
|
||||
org_name = "Chaos";
|
||||
};
|
||||
users.allowSignUp = true;
|
||||
users.allowSignUp = false;
|
||||
};
|
||||
services.influxdb = let
|
||||
collectdTypes = pkgs.stdenv.mkDerivation {
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
];
|
||||
|
||||
networking.hostName = "kibana";
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.44"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
# Required for krops
|
||||
services.openssh.enable = true;
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
package = pkgs.elasticsearch7;
|
||||
};
|
||||
services.kibana = {
|
||||
enable = true;
|
||||
package = pkgs.kibana7;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "mail@c3d2.de";
|
||||
};
|
||||
services.nginx =
|
||||
let
|
||||
authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
|
||||
vhost = url: {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = url;
|
||||
extraConfig = ''
|
||||
auth_basic "Chaos";
|
||||
auth_basic_user_file ${authFile};
|
||||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"kibana.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.kibana.port}";
|
||||
"kibana-es.hq.c3d2.de" =
|
||||
vhost "http://127.0.0.1:${toString config.services.elasticsearch.port}";
|
||||
};
|
||||
};
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "20.03"; # Did you read the comment?
|
||||
}
|
|
@ -1,11 +1,11 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
<lib>
|
||||
<lib/lxc-container.nix>
|
||||
<lib/shared.nix>
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
|
@ -22,8 +22,7 @@
|
|||
environment.systemPackages = [ pkgs.git ];
|
||||
|
||||
systemd.services.ledball =
|
||||
let
|
||||
pile = import (toString <lib/pkgs/pile.nix>) { inherit pkgs; };
|
||||
let pile = import ../../../lib/pkgs/pile.nix { inherit pkgs; };
|
||||
in {
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
|
|
@ -17,6 +17,8 @@
|
|||
|
||||
networking = {
|
||||
hostName = "logging";
|
||||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.13"; prefixLength = 26; } ];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
|
|
|
@ -2,15 +2,15 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ ../../lib/lxc-container.nix
|
||||
../../lib/shared.nix
|
||||
../../lib/admins.nix
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
];
|
||||
imports = [
|
||||
../../lib/lxc-container.nix
|
||||
../../lib/shared.nix
|
||||
../../lib/admins.nix
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
];
|
||||
|
||||
networking.hostName = "nixbert"; # Define your hostname.
|
||||
networking.useNetworkd = false;
|
||||
|
|
|
@ -18,6 +18,8 @@
|
|||
|
||||
networking = {
|
||||
hostName = "mongo";
|
||||
interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.21"; prefixLength = 26; } ];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
22
|
||||
|
|
|
@ -12,11 +12,9 @@ in
|
|||
];
|
||||
|
||||
networking.hostName = "mucbot";
|
||||
networking.useNetworkd = true;
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.27"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.nameservers = [ "172.20.73.8" "172.20.72.6" "172.20.72.10" "9.9.9.9" ];
|
||||
services.resolved.enable = false;
|
||||
|
||||
users.users.tigger = {
|
||||
createHome = true;
|
||||
|
|
|
@ -9,13 +9,15 @@
|
|||
[ ../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
../../../lib/default-gateway.nix
|
||||
./proxy.nix
|
||||
];
|
||||
|
||||
networking.hostName = "public-access-proxy";
|
||||
networking.useNetworkd = true;
|
||||
networking.dhcpcd.enable = lib.mkForce true;
|
||||
networking.interfaces.eth0 = {
|
||||
ipv4.addresses = [ { address = "172.20.73.45"; prefixLength = 26; } ];
|
||||
};
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
my.services.proxy = {
|
||||
enable = true;
|
||||
|
@ -24,6 +26,14 @@
|
|||
hostNames = [ "cloud.bombenverleih.de" "unifi.arkom.men" ];
|
||||
proxyTo = { host = "172.22.99.192"; httpPort = 80; httpsPort = 443; };
|
||||
}
|
||||
{
|
||||
hostNames = [ "grafana.hq.c3d2.de" ];
|
||||
proxyTo = { host = "grafana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||
}
|
||||
{
|
||||
hostNames = [ "kibana.hq.c3d2.de" "kibana-es.hq.c3d2.de" ];
|
||||
proxyTo = { host = "kibana.serv.zentralwerk.dn42"; httpPort = 80; httpsPort = 443; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,11 +1,21 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
let
|
||||
freifunkNodes = {
|
||||
"1139" = "10.200.4.120";
|
||||
"1487" = "10.200.5.213";
|
||||
"1884" = "10.200.7.100";
|
||||
"1891" = "10.200.7.107";
|
||||
"1768" = "10.200.6.239";
|
||||
"1176" = "10.200.7.80";
|
||||
"1099" = "10.200.4.80";
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/profiles/minimal.nix>
|
||||
<lib>
|
||||
<lib/lxc-container.nix>
|
||||
<lib/shared.nix>
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
../../../lib
|
||||
../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
|
@ -16,7 +26,8 @@
|
|||
|
||||
|
||||
networking.hostName = "scrape";
|
||||
networking.useNetworkd = true;
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.32"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
|
||||
# Required for krops
|
||||
services.openssh.enable = true;
|
||||
|
@ -35,6 +46,13 @@
|
|||
xeriLogin = import <secrets/hosts/scrape/xeri.nix>;
|
||||
fhemLogin = import <secrets/hosts/scrape/fhem.nix>;
|
||||
matematLogin = import <secrets/hosts/scrape/matemat.nix>;
|
||||
makeNodeScraper = nodeId: {
|
||||
name = "scrape-node${nodeId}";
|
||||
value = makeService {
|
||||
script = "freifunk_node";
|
||||
host = freifunkNodes.${nodeId};
|
||||
};
|
||||
};
|
||||
in {
|
||||
scrape-xeri = makeService {
|
||||
script = "xerox";
|
||||
|
@ -55,81 +73,28 @@
|
|||
host = "matemat.hq.c3d2.de";
|
||||
inherit (matematLogin) user password;
|
||||
};
|
||||
scrape-node1139 = makeService {
|
||||
script = "freifunk_node";
|
||||
host = "10.200.4.120";
|
||||
} // builtins.listToAttrs (map makeNodeScraper (builtins.attrNames freifunkNodes));
|
||||
|
||||
systemd.timers =
|
||||
let
|
||||
makeTimer = service: interval: {
|
||||
partOf = [ "${service}.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = interval;
|
||||
};
|
||||
scrape-node1487 = makeService {
|
||||
script = "freifunk_node";
|
||||
host = "10.200.5.213";
|
||||
};
|
||||
scrape-node1884 = makeService {
|
||||
script = "freifunk_node";
|
||||
host = "10.200.7.100";
|
||||
};
|
||||
scrape-node1891 = makeService {
|
||||
script = "freifunk_node";
|
||||
host = "10.200.7.107";
|
||||
};
|
||||
scrape-node1768 = makeService {
|
||||
script = "freifunk_node";
|
||||
host = "10.200.6.239";
|
||||
};
|
||||
scrape-node1176 = makeService {
|
||||
script = "freifunk_node";
|
||||
host = "10.200.7.80";
|
||||
};
|
||||
};
|
||||
systemd.timers.scrape-xeri = {
|
||||
partOf = [ "scrape-xeri.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-roxi = {
|
||||
partOf = [ "scrape-roxi.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-fhem = {
|
||||
partOf = [ "scrape-fhem.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-matemat = {
|
||||
partOf = [ "scrape-matemat.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-node1139 = {
|
||||
partOf = [ "scrape-node1139.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-node1487 = {
|
||||
partOf = [ "scrape-node1487.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-node1884 = {
|
||||
partOf = [ "scrape-node1884.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-node1891 = {
|
||||
partOf = [ "scrape-node1894.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-node1768 = {
|
||||
partOf = [ "scrape-node1768.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
systemd.timers.scrape-node1176 = {
|
||||
partOf = [ "scrape-node1176.service" ];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig.OnCalendar = "minutely";
|
||||
};
|
||||
makeNodeScraperTimer = nodeId:
|
||||
let
|
||||
name = "scrape-node${nodeId}";
|
||||
in {
|
||||
inherit name;
|
||||
value = makeTimer name "minutely";
|
||||
};
|
||||
in {
|
||||
scrape-xeri = makeTimer "scrape-xeri.service" "minutely";
|
||||
scrape-roxi = makeTimer "scrape-roxi.service" "minutely";
|
||||
scrape-fhem = makeTimer "scrape-fhem.service" "minutely";
|
||||
scrape-matemat = makeTimer "scrape-matemat.service" "minutely";
|
||||
} // builtins.listToAttrs (map makeNodeScraperTimer (builtins.attrNames freifunkNodes));
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
|
|
|
@ -8,14 +8,13 @@ in
|
|||
[ ../../../lib/lxc-container.nix
|
||||
../../../lib/shared.nix
|
||||
../../../lib/admins.nix
|
||||
../../../lib/default-gateway.nix
|
||||
"${spacemsgGit}/spaceapi/module.nix"
|
||||
];
|
||||
|
||||
networking.hostName = "spaceapi";
|
||||
networking.useNetworkd = true;
|
||||
networking.useDHCP = lib.mkForce true;
|
||||
networking.firewall.allowedTCPPorts = [ 3000 3001 ];
|
||||
networking.interfaces.eth0.ipv4.addresses = [ { address = "172.20.73.25"; prefixLength = 26; } ];
|
||||
networking.defaultGateway = "172.20.73.1";
|
||||
networking.firewall.enable = false;
|
||||
|
||||
services.spaceapi = {
|
||||
enable = true;
|
||||
|
|
|
@ -6,41 +6,48 @@
|
|||
c3d2 = {
|
||||
users.k-ot = true;
|
||||
isInHq = true;
|
||||
hq.interface = "enp0s10";
|
||||
enableHail = true;
|
||||
hq.interface = "eno1";
|
||||
hq.enableBinaryCache = false;
|
||||
enableHail = false;
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nix = {
|
||||
useSandbox = true;
|
||||
buildCores = 2;
|
||||
buildCores = 4;
|
||||
maxJobs = 4;
|
||||
};
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_4_19;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
networking.hostName = "glotzbert"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
networking.interfaces.eno1.useDHCP = true;
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
consoleFont = "Lat2-Terminus16";
|
||||
consoleKeyMap = "de";
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||||
keyMap = "de";
|
||||
};
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [ wget vim x11vnc ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget vim git tmux screen
|
||||
chromium firefox
|
||||
mpv kodi
|
||||
];
|
||||
|
||||
systemd.user.services.x11vnc = {
|
||||
description = "X11 VNC server";
|
||||
|
@ -108,11 +115,11 @@
|
|||
user = "k-ot";
|
||||
};
|
||||
};
|
||||
defaultSession = "gnome-xorg";
|
||||
};
|
||||
services.xserver.desktopManager = {
|
||||
gnome3.enable = true;
|
||||
kodi.enable = true;
|
||||
default = "kodi";
|
||||
};
|
||||
|
||||
security.sudo = {
|
||||
|
@ -123,7 +130,6 @@
|
|||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.groups."k-ot" = { gid = 1000; };
|
||||
users.users."k-ot" = {
|
||||
password = "k-ot";
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
group = "k-ot";
|
||||
|
@ -133,6 +139,8 @@
|
|||
];
|
||||
};
|
||||
|
||||
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
|
|
|
@ -1,33 +1,27 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" "wl" "forcedeth" "b43" ];
|
||||
boot.kernelParams = [ "irqpoll" "hpet=off" ]; # noapic seems to improve things
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/4568bf11-6e40-4514-9bc9-3194a299c45f";
|
||||
fsType = "btrfs";
|
||||
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/67E3-17ED";
|
||||
{ device = "/dev/disk/by-uuid/6490-45A0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
zramSwap = { enable = true; priority = 1000; };
|
||||
swapDevices = [
|
||||
{ device = "/dev/disk/by-uuid/f602ea23-99e5-416b-98d2-ef76cbc5c934";
|
||||
} ];
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 2;
|
||||
|
||||
services.xserver.videoDriver = "nouveau";
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
||||
|
|
|
@ -4,164 +4,116 @@
|
|||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
let
|
||||
ympdPort = 8080;
|
||||
mpdVhost = "mpd.hq.c3d2.de";
|
||||
in {
|
||||
{
|
||||
imports = [ # Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../../lib
|
||||
../../lib/admins.nix
|
||||
../../lib/hq.nix
|
||||
./mpdConsole.nix
|
||||
];
|
||||
|
||||
c3d2 = {
|
||||
users = {
|
||||
emery = true;
|
||||
k-ot = true;
|
||||
};
|
||||
isInHq = true;
|
||||
mapHqHosts = true;
|
||||
hq = {
|
||||
interface = "eno1";
|
||||
enableMpdProxy = true;
|
||||
yggdrasi.enableGateway = true;
|
||||
};
|
||||
enableHail = true;
|
||||
};
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = false;
|
||||
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; };
|
||||
#boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_4_19;
|
||||
boot.tmpOnTmpfs = true;
|
||||
nix.buildCores = 4;
|
||||
nix.maxJobs = 4;
|
||||
|
||||
networking.hostName = "pulsebert"; # Define your hostname.
|
||||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||
# replicates the default behaviour.
|
||||
networking.useDHCP = false;
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
networking.interfaces.wlan0.useDHCP = true;
|
||||
|
||||
# Configure network proxy if necessary
|
||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n = {
|
||||
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||||
consoleKeyMap = "us";
|
||||
defaultLocale = "en_US.UTF-8";
|
||||
};
|
||||
# i18n.defaultLocale = "en_US.UTF-8";
|
||||
# console = {
|
||||
# font = "Lat2-Terminus16";
|
||||
# keyMap = "us";
|
||||
# };
|
||||
|
||||
# Set your time zone.
|
||||
# time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
# specific printer drivers for our printers
|
||||
epson-escpr
|
||||
splix
|
||||
# utilities
|
||||
nix-index
|
||||
usbutils
|
||||
tmux
|
||||
vim
|
||||
git
|
||||
openssl
|
||||
# NCurses Music Player Client (Plus Plus)
|
||||
# a commandline front-end client for mpd
|
||||
# 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
|
||||
# ncmpcpp
|
||||
home-manager
|
||||
mumble
|
||||
ncpamixer
|
||||
ffmpeg
|
||||
wget vim git
|
||||
raspberrypi-tools
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
# programs.mtr.enable = true;
|
||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
# programs.gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# pinentryFlavor = "gnome3";
|
||||
# };
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# Do not log to flash:
|
||||
services.journald.extraConfig = ''
|
||||
Storage=volatile
|
||||
'';
|
||||
|
||||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
services.openssh.permitRootLogin = "yes";
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
users.users.k-ot = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "audio" ];
|
||||
};
|
||||
|
||||
# X11 Forwarding for mumble...
|
||||
programs.ssh.forwardX11 = true;
|
||||
services.openssh.forwardX11 = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
4713 # PulseAudio
|
||||
631 # cups
|
||||
80
|
||||
443 # Web/ympd
|
||||
5000 # shairport
|
||||
config.services.mpd.network.port
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [ 631 ];
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
|
||||
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
|
||||
''; # networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
networking.firewall.enable = false;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing = {
|
||||
enable = true;
|
||||
browsing = true;
|
||||
listenAddresses = [ "*:631" ];
|
||||
defaultShared = true;
|
||||
# logLevel = "debug";
|
||||
drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
|
||||
extraConf =
|
||||
''
|
||||
DefaultAuthType Basic
|
||||
<Location />
|
||||
Order allow,deny
|
||||
Allow ALL
|
||||
</Location>
|
||||
<Location /admin>
|
||||
Order allow,deny
|
||||
Allow ALL
|
||||
</Location>
|
||||
<Location /admin/conf>
|
||||
AuthType Basic
|
||||
Require user @SYSTEM
|
||||
Order allow,deny
|
||||
Allow ALL
|
||||
</Location>
|
||||
<Policy default>
|
||||
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
|
||||
Require user @OWNER @SYSTEM
|
||||
Order deny,allow
|
||||
</Limit>
|
||||
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
|
||||
AuthType Basic
|
||||
Require user @SYSTEM
|
||||
Order deny,allow
|
||||
</Limit>
|
||||
<Limit Cancel-Job CUPS-Authenticate-Job>
|
||||
Require user @OWNER @SYSTEM
|
||||
Order deny,allow
|
||||
</Limit>
|
||||
<Limit All>
|
||||
Order deny,allow
|
||||
</Limit>
|
||||
</Policy>
|
||||
'';
|
||||
|
||||
};
|
||||
# services.printing.enable = true;
|
||||
|
||||
# Enable sound.
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
# PulseAudio as-a-Service
|
||||
hardware.pulseaudio.systemWide = true;
|
||||
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
|
||||
"127.0.0.0/8" "::1/128"
|
||||
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
|
||||
];
|
||||
hardware.pulseaudio.tcp.enable = true;
|
||||
hardware.pulseaudio.zeroconf.publish.enable = true;
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
config = {
|
||||
Policy.AutoEnable = true;
|
||||
General = {
|
||||
Enable = "Source,Sink,Media,Socket";
|
||||
#DiscoverableTimeout = 0;
|
||||
#Discoverable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
hardware.pulseaudio = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
tcp.enable = true;
|
||||
tcp.anonymousClients.allowedIpRanges = [
|
||||
"127.0.0.0/8" "::1/128"
|
||||
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
|
||||
];
|
||||
zeroconf.publish.enable = true;
|
||||
package = pkgs.pulseaudioFull;
|
||||
extraModules = [ pkgs.pulseaudio-modules-bt ];
|
||||
};
|
||||
|
||||
# tell Avahi to publish CUPS and PulseAudio
|
||||
services.avahi = {
|
||||
|
@ -170,9 +122,6 @@ in {
|
|||
publish.userServices = true;
|
||||
};
|
||||
|
||||
# Enable Audio streaming for Mac clients
|
||||
services.shairport-sync.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
# services.xserver.enable = true;
|
||||
# services.xserver.layout = "us";
|
||||
|
@ -185,88 +134,19 @@ in {
|
|||
# services.xserver.displayManager.sddm.enable = true;
|
||||
# services.xserver.desktopManager.plasma5.enable = true;
|
||||
|
||||
security.pam.enableSSHAgentAuth = true;
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
# users.users.jane = {
|
||||
# isNormalUser = true;
|
||||
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
# };
|
||||
|
||||
users.users.k-ot.extraGroups = [ "wheel" ];
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "20.09"; # Did you read the comment?
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "18.09"; # Did you read the comment?
|
||||
|
||||
# vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
|
||||
#### https://nixos.org/nixos/options.html#services.mpd.enable
|
||||
# See ../../mpd.nix
|
||||
services.mpd = {
|
||||
enable = true;
|
||||
dbFile = null;
|
||||
musicDirectory = "/mnt/storage/Music";
|
||||
playlistDirectory = "/home/k-ot/Playlists";
|
||||
network.listenAddress = "any";
|
||||
|
||||
extraConfig = ''
|
||||
audio_output {
|
||||
type "pulse"
|
||||
name "/proc"
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
agree = true;
|
||||
# TODO: add auth?
|
||||
config = ''
|
||||
${mpdVhost} {
|
||||
proxy / localhost:${toString ympdPort}
|
||||
}
|
||||
|
||||
:80 {
|
||||
redir https://${mpdVhost}{uri}
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
fileSystems."/mnt/storage" = {
|
||||
#device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool";
|
||||
#device = "storage-ng.hq.c3d2.de:/c3d2/rpool";
|
||||
device =
|
||||
"172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool";
|
||||
fsType = "ceph";
|
||||
options = [
|
||||
"rw"
|
||||
"relatime"
|
||||
"name=public"
|
||||
"secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ=="
|
||||
"acl"
|
||||
"wsize=16777216"
|
||||
"_netdev"
|
||||
];
|
||||
};
|
||||
|
||||
# MPD music playing daemon with webinterface
|
||||
services.ympd = {
|
||||
enable = true;
|
||||
webPort = toString ympdPort;
|
||||
};
|
||||
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
|
||||
ympd = ympd.overrideAttrs (oldAttrs: {
|
||||
src = fetchFromGitHub {
|
||||
owner = "c3d2";
|
||||
repo = "ympd";
|
||||
rev = "feature/somafm_browser";
|
||||
sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
|
||||
};
|
||||
});
|
||||
};
|
||||
programs.bash.shellAliases = {
|
||||
mpv = "mpv --no-vid";
|
||||
};
|
||||
|
||||
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
||||
}
|
||||
|
||||
|
|
|
@ -1,29 +1,39 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
];
|
||||
#imports =
|
||||
# [ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
# ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.initrd.availableKernelModules = [ "usbhid" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.kernelParams = [
|
||||
"snd_bcm2835.enable_headphones=1"
|
||||
];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/3a8ddd25-0c5d-4fec-b957-bdcea1c52db4";
|
||||
{ device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/6490-45A0";
|
||||
{ device = "/dev/disk/by-label/FIRMWARE";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nix.maxJobs = lib.mkDefault 4;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
#networking.wireless.enable = true;
|
||||
boot.loader.raspberryPi.firmwareConfig = ''
|
||||
gpu_mem=192
|
||||
dtparam=audio=on
|
||||
'';
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||
}
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
home.packages = with pkgs; [
|
||||
htop
|
||||
fortune
|
||||
ddate
|
||||
mpv
|
||||
ncmpcpp
|
||||
schedtool
|
||||
screen
|
||||
tmux
|
||||
pulsemixer
|
||||
ncpamixer
|
||||
python35.withPackages(ps: with ps; [ youtube-dl ])
|
||||
];
|
||||
}
|