|
|
|
@ -4,164 +4,116 @@
|
|
|
|
|
|
|
|
|
|
{ config, pkgs, ... }: |
|
|
|
|
|
|
|
|
|
let |
|
|
|
|
ympdPort = 8080; |
|
|
|
|
mpdVhost = "mpd.hq.c3d2.de"; |
|
|
|
|
in { |
|
|
|
|
{ |
|
|
|
|
imports = [ # Include the results of the hardware scan. |
|
|
|
|
./hardware-configuration.nix |
|
|
|
|
../../lib |
|
|
|
|
../../lib/admins.nix |
|
|
|
|
../../lib/hq.nix |
|
|
|
|
./mpdConsole.nix |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
c3d2 = { |
|
|
|
|
users = { |
|
|
|
|
emery = true; |
|
|
|
|
k-ot = true; |
|
|
|
|
}; |
|
|
|
|
isInHq = true; |
|
|
|
|
mapHqHosts = true; |
|
|
|
|
hq = { |
|
|
|
|
interface = "eno1"; |
|
|
|
|
enableMpdProxy = true; |
|
|
|
|
yggdrasi.enableGateway = true; |
|
|
|
|
}; |
|
|
|
|
enableHail = true; |
|
|
|
|
}; |
|
|
|
|
boot.loader.grub.enable = false; |
|
|
|
|
boot.loader.generic-extlinux-compatible.enable = false; |
|
|
|
|
boot.loader.raspberryPi = { enable = true; version = 4; uboot.enable = false; }; |
|
|
|
|
#boot.kernelPackages = pkgs.linuxPackages_rpi4; |
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_latest; |
|
|
|
|
|
|
|
|
|
# Use the systemd-boot EFI boot loader. |
|
|
|
|
boot.loader.systemd-boot.enable = true; |
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true; |
|
|
|
|
boot.kernelPackages = pkgs.linuxPackages_4_19; |
|
|
|
|
boot.tmpOnTmpfs = true; |
|
|
|
|
nix.buildCores = 4; |
|
|
|
|
nix.maxJobs = 4; |
|
|
|
|
|
|
|
|
|
networking.hostName = "pulsebert"; # Define your hostname. |
|
|
|
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. |
|
|
|
|
|
|
|
|
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here. |
|
|
|
|
# Per-interface useDHCP will be mandatory in the future, so this generated config |
|
|
|
|
# replicates the default behaviour. |
|
|
|
|
networking.useDHCP = false; |
|
|
|
|
networking.interfaces.eth0.useDHCP = true; |
|
|
|
|
networking.interfaces.wlan0.useDHCP = true; |
|
|
|
|
|
|
|
|
|
# Configure network proxy if necessary |
|
|
|
|
# networking.proxy.default = "http://user:password@proxy:port/"; |
|
|
|
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; |
|
|
|
|
|
|
|
|
|
# Select internationalisation properties. |
|
|
|
|
i18n = { |
|
|
|
|
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; |
|
|
|
|
consoleKeyMap = "us"; |
|
|
|
|
defaultLocale = "en_US.UTF-8"; |
|
|
|
|
}; |
|
|
|
|
# i18n.defaultLocale = "en_US.UTF-8"; |
|
|
|
|
# console = { |
|
|
|
|
# font = "Lat2-Terminus16"; |
|
|
|
|
# keyMap = "us"; |
|
|
|
|
# }; |
|
|
|
|
|
|
|
|
|
# Set your time zone. |
|
|
|
|
# time.timeZone = "Europe/Amsterdam"; |
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run: |
|
|
|
|
# $ nix search wget |
|
|
|
|
environment.systemPackages = with pkgs; [ |
|
|
|
|
# specific printer drivers for our printers |
|
|
|
|
epson-escpr |
|
|
|
|
splix |
|
|
|
|
# utilities |
|
|
|
|
nix-index |
|
|
|
|
usbutils |
|
|
|
|
tmux |
|
|
|
|
vim |
|
|
|
|
git |
|
|
|
|
openssl |
|
|
|
|
# NCurses Music Player Client (Plus Plus) |
|
|
|
|
# a commandline front-end client for mpd |
|
|
|
|
# 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben. |
|
|
|
|
# ncmpcpp |
|
|
|
|
home-manager |
|
|
|
|
mumble |
|
|
|
|
ncpamixer |
|
|
|
|
ffmpeg |
|
|
|
|
wget vim git |
|
|
|
|
raspberrypi-tools |
|
|
|
|
]; |
|
|
|
|
|
|
|
|
|
# Some programs need SUID wrappers, can be configured further or are |
|
|
|
|
# started in user sessions. |
|
|
|
|
# programs.mtr.enable = true; |
|
|
|
|
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; |
|
|
|
|
# programs.gnupg.agent = { |
|
|
|
|
# enable = true; |
|
|
|
|
# enableSSHSupport = true; |
|
|
|
|
# pinentryFlavor = "gnome3"; |
|
|
|
|
# }; |
|
|
|
|
|
|
|
|
|
# List services that you want to enable: |
|
|
|
|
|
|
|
|
|
# Do not log to flash: |
|
|
|
|
services.journald.extraConfig = '' |
|
|
|
|
Storage=volatile |
|
|
|
|
''; |
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon. |
|
|
|
|
services.openssh.enable = true; |
|
|
|
|
services.openssh.permitRootLogin = "yes"; |
|
|
|
|
security.sudo = { |
|
|
|
|
enable = true; |
|
|
|
|
wheelNeedsPassword = false; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
users.users.k-ot = { |
|
|
|
|
isNormalUser = true; |
|
|
|
|
extraGroups = [ "wheel" "audio" ]; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
# X11 Forwarding for mumble... |
|
|
|
|
programs.ssh.forwardX11 = true; |
|
|
|
|
services.openssh.forwardX11 = true; |
|
|
|
|
|
|
|
|
|
# Open ports in the firewall. |
|
|
|
|
networking.firewall.allowedTCPPorts = [ |
|
|
|
|
4713 # PulseAudio |
|
|
|
|
631 # cups |
|
|
|
|
80 |
|
|
|
|
443 # Web/ympd |
|
|
|
|
5000 # shairport |
|
|
|
|
config.services.mpd.network.port |
|
|
|
|
]; |
|
|
|
|
networking.firewall.allowedUDPPorts = [ 631 ]; |
|
|
|
|
networking.firewall.extraCommands = '' |
|
|
|
|
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf |
|
|
|
|
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf |
|
|
|
|
''; # networking.firewall.allowedUDPPorts = [ ... ]; |
|
|
|
|
# networking.firewall.allowedTCPPorts = [ ... ]; |
|
|
|
|
# networking.firewall.allowedUDPPorts = [ ... ]; |
|
|
|
|
# Or disable the firewall altogether. |
|
|
|
|
# networking.firewall.enable = false; |
|
|
|
|
networking.firewall.enable = false; |
|
|
|
|
|
|
|
|
|
# Enable CUPS to print documents. |
|
|
|
|
services.printing = { |
|
|
|
|
enable = true; |
|
|
|
|
browsing = true; |
|
|
|
|
listenAddresses = [ "*:631" ]; |
|
|
|
|
defaultShared = true; |
|
|
|
|
# logLevel = "debug"; |
|
|
|
|
drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ]; |
|
|
|
|
extraConf = |
|
|
|
|
'' |
|
|
|
|
DefaultAuthType Basic |
|
|
|
|
<Location /> |
|
|
|
|
Order allow,deny |
|
|
|
|
Allow ALL |
|
|
|
|
</Location> |
|
|
|
|
<Location /admin> |
|
|
|
|
Order allow,deny |
|
|
|
|
Allow ALL |
|
|
|
|
</Location> |
|
|
|
|
<Location /admin/conf> |
|
|
|
|
AuthType Basic |
|
|
|
|
Require user @SYSTEM |
|
|
|
|
Order allow,deny |
|
|
|
|
Allow ALL |
|
|
|
|
</Location> |
|
|
|
|
<Policy default> |
|
|
|
|
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> |
|
|
|
|
Require user @OWNER @SYSTEM |
|
|
|
|
Order deny,allow |
|
|
|
|
</Limit> |
|
|
|
|
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default> |
|
|
|
|
AuthType Basic |
|
|
|
|
Require user @SYSTEM |
|
|
|
|
Order deny,allow |
|
|
|
|
</Limit> |
|
|
|
|
<Limit Cancel-Job CUPS-Authenticate-Job> |
|
|
|
|
Require user @OWNER @SYSTEM |
|
|
|
|
Order deny,allow |
|
|
|
|
</Limit> |
|
|
|
|
<Limit All> |
|
|
|
|
Order deny,allow |
|
|
|
|
</Limit> |
|
|
|
|
</Policy> |
|
|
|
|
''; |
|
|
|
|
|
|
|
|
|
}; |
|
|
|
|
# services.printing.enable = true; |
|
|
|
|
|
|
|
|
|
# Enable sound. |
|
|
|
|
sound.enable = true; |
|
|
|
|
hardware.pulseaudio.enable = true; |
|
|
|
|
# PulseAudio as-a-Service |
|
|
|
|
hardware.pulseaudio.systemWide = true; |
|
|
|
|
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ |
|
|
|
|
"127.0.0.0/8" "::1/128" |
|
|
|
|
"172.22.99.0/24" "2a02:8106:208:5201:58::/64" |
|
|
|
|
]; |
|
|
|
|
hardware.pulseaudio.tcp.enable = true; |
|
|
|
|
hardware.pulseaudio.zeroconf.publish.enable = true; |
|
|
|
|
hardware.bluetooth = { |
|
|
|
|
enable = true; |
|
|
|
|
config = { |
|
|
|
|
Policy.AutoEnable = true; |
|
|
|
|
General = { |
|
|
|
|
Enable = "Source,Sink,Media,Socket"; |
|
|
|
|
#DiscoverableTimeout = 0; |
|
|
|
|
#Discoverable = true; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
hardware.pulseaudio = { |
|
|
|
|
enable = true; |
|
|
|
|
systemWide = true; |
|
|
|
|
tcp.enable = true; |
|
|
|
|
tcp.anonymousClients.allowedIpRanges = [ |
|
|
|
|
"127.0.0.0/8" "::1/128" |
|
|
|
|
"172.22.99.0/24" "2a02:8106:208:5201:58::/64" |
|
|
|
|
]; |
|
|
|
|
zeroconf.publish.enable = true; |
|
|
|
|
package = pkgs.pulseaudioFull; |
|
|
|
|
extraModules = [ pkgs.pulseaudio-modules-bt ]; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
# tell Avahi to publish CUPS and PulseAudio |
|
|
|
|
services.avahi = { |
|
|
|
@ -170,9 +122,6 @@ in {
|
|
|
|
|
publish.userServices = true; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
# Enable Audio streaming for Mac clients |
|
|
|
|
services.shairport-sync.enable = true; |
|
|
|
|
|
|
|
|
|
# Enable the X11 windowing system. |
|
|
|
|
# services.xserver.enable = true; |
|
|
|
|
# services.xserver.layout = "us"; |
|
|
|
@ -185,88 +134,19 @@ in {
|
|
|
|
|
# services.xserver.displayManager.sddm.enable = true; |
|
|
|
|
# services.xserver.desktopManager.plasma5.enable = true; |
|
|
|
|
|
|
|
|
|
security.pam.enableSSHAgentAuth = true; |
|
|
|
|
security.sudo = { |
|
|
|
|
enable = true; |
|
|
|
|
wheelNeedsPassword = false; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
users.users.k-ot.extraGroups = [ "wheel" ]; |
|
|
|
|
|
|
|
|
|
# This value determines the NixOS release with which your system is to be |
|
|
|
|
# compatible, in order to avoid breaking some software such as database |
|
|
|
|
# servers. You should change this only after NixOS release notes say you |
|
|
|
|
# should. |
|
|
|
|
system.stateVersion = "18.09"; # Did you read the comment? |
|
|
|
|
|
|
|
|
|
# vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden |
|
|
|
|
#### https://nixos.org/nixos/options.html#services.mpd.enable |
|
|
|
|
# See ../../mpd.nix |
|
|
|
|
services.mpd = { |
|
|
|
|
enable = true; |
|
|
|
|
dbFile = null; |
|
|
|
|
musicDirectory = "/mnt/storage/Music"; |
|
|
|
|
playlistDirectory = "/home/k-ot/Playlists"; |
|
|
|
|
network.listenAddress = "any"; |
|
|
|
|
|
|
|
|
|
extraConfig = '' |
|
|
|
|
audio_output { |
|
|
|
|
type "pulse" |
|
|
|
|
name "/proc" |
|
|
|
|
} |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
services.caddy = { |
|
|
|
|
enable = true; |
|
|
|
|
agree = true; |
|
|
|
|
# TODO: add auth? |
|
|
|
|
config = '' |
|
|
|
|
${mpdVhost} { |
|
|
|
|
proxy / localhost:${toString ympdPort} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
:80 { |
|
|
|
|
redir https://${mpdVhost}{uri} |
|
|
|
|
} |
|
|
|
|
''; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
fileSystems."/mnt/storage" = { |
|
|
|
|
#device = "storage-ng.hq.c3d2.de:/mnt/zroot/storage/rpool"; |
|
|
|
|
#device = "storage-ng.hq.c3d2.de:/c3d2/rpool"; |
|
|
|
|
device = |
|
|
|
|
"172.22.99.13:6789,172.22.99.15:6789,172.22.99.16:6789:/c3d2/rpool"; |
|
|
|
|
fsType = "ceph"; |
|
|
|
|
options = [ |
|
|
|
|
"rw" |
|
|
|
|
"relatime" |
|
|
|
|
"name=public" |
|
|
|
|
"secret=AQDgER1chJcMORAAK1ysRTN59B5x/MyniwVXFQ==" |
|
|
|
|
"acl" |
|
|
|
|
"wsize=16777216" |
|
|
|
|
"_netdev" |
|
|
|
|
]; |
|
|
|
|
}; |
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’. |
|
|
|
|
# users.users.jane = { |
|
|
|
|
# isNormalUser = true; |
|
|
|
|
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. |
|
|
|
|
# }; |
|
|
|
|
|
|
|
|
|
# MPD music playing daemon with webinterface |
|
|
|
|
services.ympd = { |
|
|
|
|
enable = true; |
|
|
|
|
webPort = toString ympdPort; |
|
|
|
|
}; |
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: with pkgs; { |
|
|
|
|
ympd = ympd.overrideAttrs (oldAttrs: { |
|
|
|
|
src = fetchFromGitHub { |
|
|
|
|
owner = "c3d2"; |
|
|
|
|
repo = "ympd"; |
|
|
|
|
rev = "feature/somafm_browser"; |
|
|
|
|
sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1"; |
|
|
|
|
}; |
|
|
|
|
}); |
|
|
|
|
}; |
|
|
|
|
programs.bash.shellAliases = { |
|
|
|
|
mpv = "mpv --no-vid"; |
|
|
|
|
}; |
|
|
|
|
# This value determines the NixOS release from which the default |
|
|
|
|
# settings for stateful data, like file locations and database versions |
|
|
|
|
# on your system were taken. It‘s perfectly fine and recommended to leave |
|
|
|
|
# this value at the release version of the first install of this system. |
|
|
|
|
# Before changing this value read the documentation for this option |
|
|
|
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). |
|
|
|
|
system.stateVersion = "20.09"; # Did you read the comment? |
|
|
|
|
|
|
|
|
|
users.users.emery.cryptHomeLuks = "/home/emery.luks.img"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|