diff --git a/hosts/containers/spaceapi/configuration.nix b/hosts/containers/spaceapi/configuration.nix
new file mode 100644
index 00000000..8f165a63
--- /dev/null
+++ b/hosts/containers/spaceapi/configuration.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, lib, ... }:
+
+let
+ spacemsgGit = builtins.fetchGit https://github.com/astro/spacemsg.git;
+in
+{
+ imports =
+ [ ../../../lib/lxc-container.nix
+ ../../../lib/shared.nix
+ ../../../lib/admins.nix
+ "${spacemsgGit}/spaceapi/module.nix"
+ ];
+
+ networking.hostName = "spaceapi";
+ networking.useNetworkd = true;
+ networking.defaultGateway = "172.22.99.4";
+ networking.useDHCP = lib.mkForce true;
+
+ services.spaceapi = {
+ enable = true;
+ };
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "19.03"; # Did you read the comment?
+}
diff --git a/hosts/glotzbert/configuration.nix b/hosts/glotzbert/configuration.nix
index 1d378827..2898f45f 100644
--- a/hosts/glotzbert/configuration.nix
+++ b/hosts/glotzbert/configuration.nix
@@ -16,7 +16,6 @@ in
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
- ../../lib/admins.nix
];
# Use the systemd-boot EFI boot loader.
@@ -94,10 +93,10 @@ in
anonymousClients.allowAll = true;
};
extraConfig = ''
- load-module module-tunnel-sink server=cibert.hq.c3d2.de
+ load-module module-tunnel-sink server=pulsebert.hq.c3d2.de
'';
extraClientConf = ''
- default-server = cibert.hq.c3d2.de
+ default-server = pulsebert.hq.c3d2.de
'';
};
@@ -117,8 +116,8 @@ in
};
services.xserver.desktopManager = {
gnome3.enable = true;
- kodi.enable = false;
- default = "gnome";
+ kodi.enable = true;
+ default = "kodi";
};
security.sudo = {
diff --git a/hosts/glotzbert/hardware-configuration.nix b/hosts/glotzbert/hardware-configuration.nix
index 9533311f..533703d9 100644
--- a/hosts/glotzbert/hardware-configuration.nix
+++ b/hosts/glotzbert/hardware-configuration.nix
@@ -11,7 +11,7 @@
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" "wl" "forcedeth" "b43" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
- boot.kernelParams = [ "irqpoll" ]; # noapic seems to improve things
+ boot.kernelParams = [ "irqpoll" "hpet=off" ]; # noapic seems to improve things
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4568bf11-6e40-4514-9bc9-3194a299c45f";
diff --git a/hosts/glotzbert/x11vnc-service.nix b/hosts/glotzbert/x11vnc-service.nix
new file mode 100644
index 00000000..fbd18c24
--- /dev/null
+++ b/hosts/glotzbert/x11vnc-service.nix
@@ -0,0 +1,24 @@
+{ stdenv, pkgs, ... }:
+
+with pkgs;
+stdenv.mkDerivation rec {
+ name = "x11vnc-service";
+ version = "0.0.0";
+ src = ./.;
+
+ buildInputs = [ x11vnc ];
+
+ dontBuild = true;
+ installPhase = ''
+ cat > $out/lib/systemd/user/x11vnc.service <<_EOF_
+ [Unit]
+ Description=VNC server
+
+ [Service]
+ Type=simple
+ ExecStart=${x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
+ Restart=on-failure
+
+ _EOF_
+ '';
+}
diff --git a/hosts/hydra/adc.nix b/hosts/hydra/adc.nix
new file mode 100644
index 00000000..56577c74
--- /dev/null
+++ b/hosts/hydra/adc.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+
+let ncdcPort = 1512;
+in {
+ services.uhub = {
+ enable = true;
+ enableTLS = false;
+ port = 19061;
+ hubConfig = ''
+ hub_name=c3d2
+ hub_description=<<>>
+ show_banner_sys_info=0
+ '';
+ plugins.history.enable = true;
+ plugins.welcome = {
+ enable = true;
+ motd = ''
+ ______ ______
+ / / / / / /\ \ \
+ / / / / / / \ \ \
+ \ \ \ \ / / / / /
+ \_\_\_\/_/ /_/_/
+ '';
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ ncdcPort config.services.uhub.port ];
+ networking.firewall.allowedUDPPorts = [ ncdcPort ];
+
+ users.users.ncdc = {
+ isNormalUser = true;
+ uid = 1511;
+ openssh.authorizedKeys.keys =
+ config.users.users.root.openssh.authorizedKeys.keys;
+ };
+}
diff --git a/hosts/hydra/c3d2.svg b/hosts/hydra/c3d2.svg
new file mode 100644
index 00000000..9d201eb6
--- /dev/null
+++ b/hosts/hydra/c3d2.svg
@@ -0,0 +1,140 @@
+
+
+
+
diff --git a/hosts/hydra/cache.nix b/hosts/hydra/cache.nix
new file mode 100644
index 00000000..e5a3b84b
--- /dev/null
+++ b/hosts/hydra/cache.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = "/var/cache-priv-key.pem";
+ };
+
+ networking.firewall.allowedTCPPorts = [ config.services.nix-serve.port ];
+
+ services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".extraConfig = ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+}
diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix
new file mode 100644
index 00000000..1898ed0e
--- /dev/null
+++ b/hosts/hydra/configuration.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports = [
+
+ ./adc.nix
+ ./hydra.nix
+ ./cache.nix
+ ./../../lib/common/c3d2.nix
+ ];
+
+ security.pam.enableSSHAgentAuth = true;
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgL2kRs+cXAcUzOO2Tp+mtMBVuHqMuslQy3LN+HLSP4 emery@nixos"
+ ];
+ services.openssh.enable = true;
+
+ nix.useSandbox = false;
+ nix.maxJobs = lib.mkDefault 4;
+
+ boot.isContainer = true;
+ boot.loader.initScript.enable = true;
+ boot.loader.grub.enable = false;
+
+ fileSystems."/" = {
+ fsType = "rootfs";
+ device = "rootfs";
+ };
+
+ networking.hostName = "192";
+ networking.useNetworkd = true;
+
+ # Set your time zone.
+ time.timeZone = "Europe/Berlin";
+ i18n = {
+ defaultLocale = "en_US.UTF-8";
+ supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
+ };
+
+ environment.systemPackages = with pkgs; [ tmux htop vim ];
+
+ # Create a few files early before packing tarball for Proxmox
+ # architecture/OS detection.
+ system.extraSystemBuilderCmds = ''
+ mkdir -m 0755 -p $out/bin
+ ln -s ${pkgs.bash}/bin/bash $out/bin/sh
+ mkdir -m 0755 -p $out/sbin
+ ln -s ../init $out/sbin/init
+ '';
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "19.03"; # Did you read the comment?
+}
diff --git a/hosts/hydra/hydra.nix b/hosts/hydra/hydra.nix
new file mode 100644
index 00000000..7e228649
--- /dev/null
+++ b/hosts/hydra/hydra.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+{
+ nix = {
+ binaryCaches = [ "https://cache.nixos.org" "https://cache.dhall-lang.org" ];
+ binaryCachePublicKeys =
+ [ "cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM=" ];
+ buildMachines = [{
+ hostName = "localhost";
+ system = "x86_64-linux";
+ maxJobs = 2;
+ }];
+ };
+
+ services.hydra = {
+ enable = true;
+ hydraURL = "https://hydra.hq.c3d2.de";
+ logo = ./c3d2.svg;
+ notificationSender = "hydra@spam.works";
+ useSubstitutes = false;
+ };
+
+ services.nginx = {
+ enable = true;
+ recommendedProxySettings = true;
+ recommendedGzipSettings = true;
+ virtualHosts = {
+ "hydra.hq.c3d2.de" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/".proxyPass =
+ "http://localhost:${toString config.services.hydra.port}";
+ };
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
diff --git a/hosts/pulsebert/configuration.nix b/hosts/pulsebert/configuration.nix
index 2b6f3a1d..1ba732f0 100644
--- a/hosts/pulsebert/configuration.nix
+++ b/hosts/pulsebert/configuration.nix
@@ -12,9 +12,9 @@ in {
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib/admins.nix
- ../../common.nix
- ../../users.nix
- ../../mpd.nix
+ ../../lib/common/common.nix
+ ../../lib/users.nix
+ ../../lib/mpd.nix
];
# Use the systemd-boot EFI boot loader.
@@ -192,12 +192,6 @@ in {
type "pulse"
name "/proc"
}
-
- audio_output {
- type "pulse"
- name "SDK"
- server "dacbert.hq.c3d2.de"
- }
'';
services.caddy = {
diff --git a/hq.nixops b/hq.nixops
index 54443e4f..c0512737 100644
--- a/hq.nixops
+++ b/hq.nixops
@@ -127,5 +127,16 @@
};
};
+ "spaceapi" =
+ { ... }:
+ {
+ imports = [
+ hosts/containers/spaceapi/configuration.nix
+ ];
+ deployment = {
+ targetHost = "2a02:8106:208:5282:1457:adff:fe93:62e9";
+ storeKeysOnMachine = true;
+ };
+ };
}
diff --git a/lib/common/c3d2.nix b/lib/common/c3d2.nix
index f3b0625e..5d66d5d9 100644
--- a/lib/common/c3d2.nix
+++ b/lib/common/c3d2.nix
@@ -1,11 +1,18 @@
{ config, pkgs, ... }:
{
- imports = [./common.nix];
+ imports = [ ./common.nix ];
- networking = {
- domain = "hq.c3d2.de";
- defaultGateway.address = "172.22.99.1";
+ users.motd = builtins.readFile ./motd;
+
+ networking.domain = "hq.c3d2.de";
+
+ nix = if config.services.nix-serve.enable then
+ { }
+ else {
+ binaryCaches = [ "https://nix-serve.hq.c3d2.de" ];
+ binaryCachePublicKeys =
+ [ "nix-serve.hq.c3d2.de:FEi9GyFkou1Ua8INaEKmuGaww9E5y3XwrNGNRfKYeLo=" ];
};
}
diff --git a/lib/common/motd b/lib/common/motd
new file mode 100644
index 00000000..8d861030
--- /dev/null
+++ b/lib/common/motd
@@ -0,0 +1,6 @@
+ ______ ______
+ / / / / / /\ \ \
+/ / / / / / \ \ \
+\ \ \ \ / / / / /
+ \_\_\_\/_/ /_/_/
+
diff --git a/lib/mpd.nix b/lib/mpd.nix
index 17e54bd5..3ff2d1e9 100644
--- a/lib/mpd.nix
+++ b/lib/mpd.nix
@@ -1,28 +1,30 @@
{ config, pkgs, lib, ... }:
let
- hostMpd = if config.networking.hostName == "storage-ng" then
- {
- musicDirectory = "/mnt/cephfs/c3d2/rpool/Music";
- }
- else
- {
- dbFile = null;
- musicDirectory = "/mnt/storage/Music";
- extraConfig = ''
- database {
- plugin "proxy"
- host "storage-ng.hq.c3d2.de"
- }
- '';
- };
-in
-{
+ hostMpd = if config.networking.hostName == "storage-ng" then {
+ musicDirectory = "/mnt/cephfs/c3d2/rpool/Music";
+ extraConfig = ''
+ audio_output {
+ name "null"
+ type "null"
+ }
+ '';
+ } else {
+ dbFile = null;
+ musicDirectory = "/mnt/storage/Music";
+ playlistDirectory = "/home/k-ot/Playlists";
+ extraConfig = ''
+ database {
+ plugin "proxy"
+ host "storage-ng.hq.c3d2.de"
+ }
+ '';
+ };
+in {
services.mpd = (hostMpd // {
- enable=true;
+ enable = true;
network.listenAddress = "any";
});
- networking.firewall.allowedTCPPorts =
- [ config.services.mpd.network.port ];
+ networking.firewall.allowedTCPPorts = [ config.services.mpd.network.port ];
}