c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

The big format and cleanup

This commit is contained in:
Sandro - 2022-06-12 17:26:32 +02:00
parent c042dd5c03
commit aaddec8194
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
33 changed files with 816 additions and 756 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
config/audio-server/default.nix
View File

@ -1,11 +1,11 @@
{ config, lib, pkgs, ... }:
{
options.c3d2.audioServer = with lib; {
enable = mkEnableOption "Enable PulseAudio and Bluetooth sinks";
options.c3d2.audioServer = {
enable = lib.mkEnableOption "Enable PulseAudio and Bluetooth sinks";
};
config = lib.mkIf config.c3d2.audioServer.enable {
# Enable sound.
sound.enable = true;
hardware.bluetooth = {
enable = lib.mkDefault true;
@ -30,12 +30,15 @@
zeroconf.publish.enable = true;
package = pkgs.pulseaudioFull;
};
# TODO: configure system wide service
#services.pipewire = {
# enable = true;
# alsa.enable = true;
# config.pipewire-pulse = lib.importJSON ./pipewire-pulse.conf.json;
# pulse.enable = true;
#};
security.rtkit.enable = true;
# tell Avahi to publish CUPS and PulseAudio

4
config/c3d2.nix
View File

@ -3,8 +3,8 @@
{ config, options, lib, pkgs, ... }:
let
hqPrefix64 = "fd23:42:c3d2:523";
# TODO: Is this stable? Is there a better place to specifiy this?
hqPrefix64 = "fd23:42:c3d2:523";
# Generate a deterministic IPv6 address for a 64 bit prefix
# and seed string. Prefix must not contain trailing ':'.
@ -20,7 +20,6 @@ let
toHqPrivateAddress = toIpv6Address hqPrefix64;
in {
imports = [
./stats.nix
./audio-server
@ -34,7 +33,6 @@ in {
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in {
# Configuration specific to this machine
assertions = [
{
assertion = cfg.isInHq -> (config.users.users.root.password == null);

7
config/logging.nix
View File

@ -51,7 +51,8 @@ in {
'';
};
services.prometheus.exporters.node.enable = true;
services.prometheus.exporters.node.openFirewall = true;
services.prometheus.exporters.node = {
enable = true;
openFirewall = true;
};
}

129
config/lxc-container.nix
View File

@ -6,42 +6,78 @@
(modulesPath + "/profiles/docker-container.nix")
];
networking.networkmanager.dns = "unbound";
networking.useHostResolvConf = false;
boot = {
isContainer = true;
loader = {
grub.enable = false;
# /sbin/init
initScript.enable = true;
};
};
environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''
nameserver ${ns}
'') config.networking.nameservers;
nix.useSandbox = false;
nix.maxJobs = lib.mkDefault 1;
nix.buildCores = lib.mkDefault 4;
networking.useNetworkd = true;
networking.useDHCP = false;
services.resolved.enable = false;
networking.nameservers = [
hostRegistry.hosts.dnscache.ip4
hostRegistry.hosts.dnscache.ip6
"9.9.9.9"
];
networking.interfaces.eth0 = {
useDHCP = false;
tempAddress = "disabled";
fileSystems."/" = {
fsType = "rootfs";
device = "rootfs";
};
systemd.network.networks."40-eth0"
.networkConfig = {
IPv6AcceptRA = true;
LinkLocalAddressing = "ipv6";
nix = {
useSandbox = false;
maxJobs = lib.mkDefault 1;
buildCores = lib.mkDefault 4;
};
networking = {
interfaces.eth0 = {
useDHCP = false;
tempAddress = "disabled";
};
nameservers = with hostRegistry.hosts.dnscache; [
ip4
ip6
"9.9.9.9"
];
networkmanager.dns = "unbound";
useDHCP = false;
useHostResolvConf = false;
useNetworkd = true;
};
boot.isContainer = true;
services = {
journalbeat = {
enable = false;
tags = [ "container" ];
extraConfig = ''
journalbeat.inputs:
# Paths that should be crawled and fetched. Possible values files and directories.
# When setting a directory, all journals under it are merged.
# When empty starts to read from local journal.
- paths: []
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
'';
};
# Required for remote deployment
openssh.enable = true;
resolved.enable = false;
};
# /sbin/init
boot.loader.initScript.enable = true;
boot.loader.grub.enable = false;
# Create a few files early before packing tarball for Proxmox
# architecture/OS detection.
# Create a few files early before packing tarball for Proxmox architecture/OS detection.
system.extraSystemBuilderCmds = ''
mkdir -m 0755 -p $out/bin
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
@ -49,39 +85,8 @@
ln -s ../init $out/sbin/init
'';
fileSystems."/" = {
fsType = "rootfs";
device = "rootfs";
systemd.network.networks."40-eth0".networkConfig = {
IPv6AcceptRA = true;
LinkLocalAddressing = "ipv6";
};
# add central logging
services.journalbeat = {
enable = false;
tags = [ "container" ];
extraConfig = ''
journalbeat.inputs:
# Paths that should be crawled and fetched. Possible values files and directories.
# When setting a directory, all journals under it are merged.
# When empty starts to read from local journal.
- paths: []
journalbeat:
seek_position: cursor
cursor_seek_fallback: tail
write_cursor_state: true
cursor_flush_period: 5s
clean_field_names: true
convert_to_numbers: false
move_metadata_to_field: journal
default_type: journal
kernel: true
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
'';
};
# Required for remote deployment
services.openssh.enable = true;
}

10
config/shared.nix
View File

@ -2,11 +2,15 @@
{
imports = [ ./logging.nix ];
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
supportedLocales = lib.mkForce [
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
"C.UTF-8/UTF-8"
];
};
}

114
hosts/dacbert/default.nix
View File

@ -1,6 +1,15 @@
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
{
c3d2 = {
isInHq = true;
mergeHostsFile = true;
hq.interface = "eth0";
hq.statistics.enable = true;
audioServer.enable = true;
k-ot.enable = true;
};
hardware.enableRedistributableFirmware = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
@ -9,6 +18,7 @@
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
boot = {
loader = {
raspberryPi = {
@ -38,15 +48,6 @@
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
};
c3d2 = {
isInHq = true;
mergeHostsFile = true;
hq.interface = "eth0";
hq.statistics.enable = true;
audioServer.enable = true;
k-ot.enable = true;
};
networking = {
hostName = "dacbert"; # Define your hostname.
useDHCP = false;
@ -65,13 +66,6 @@
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
};
systemd.services.nix-daemon.serviceConfig = {
LimitNOFILE = lib.mkForce 8192;
CPUWeight = 5;
MemoryHigh = "4G";
MemoryMax = "6G";
MemorySwapMax = "0";
};
environment.systemPackages = with pkgs; [
libraspberrypi
@ -92,15 +86,6 @@
programs.tmux.enable = true;
# Do not log to flash:
services.journald.extraConfig = ''
Storage=volatile
'';
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
};
security.sudo = {
enable = true;
wheelNeedsPassword = false;
@ -112,41 +97,60 @@
keyMap = "de";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
services = {
# Do not log to flash:
journald.extraConfig = ''
Storage=volatile
'';
services.xserver.displayManager = {
lightdm = { enable = true; };
autoLogin = {
openssh = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
};
services.xserver.desktopManager = {
gnome.enable = true;
# kodi.enable = true;
};
systemd.user.services.x11vnc = {
description = "X11 VNC server";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
'';
RestartSec = 3;
Restart = "always";
xserver = {
enable = true;
layout = "de";
xkbOptions = "eurosign:e";
};
};
services.xserver = {
desktopManager = {
gnome.enable = true;
};
displayManager = {
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
};
};
systemd = {
services.nix-daemon.serviceConfig = {
LimitNOFILE = lib.mkForce 8192;
CPUWeight = 5;
MemoryHigh = "4G";
MemoryMax = "6G";
MemorySwapMax = "0";
};
user.services.x11vnc = {
description = "X11 VNC server";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
'';
RestartSec = 3;
Restart = "always";
};
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

56
hosts/glotzbert/default.nix
View File

@ -13,6 +13,7 @@
};
nixpkgs.config.allowUnfree = true;
nix = {
useSandbox = true;
buildCores = 4;
@ -21,10 +22,13 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
kernelPackages = pkgs.linuxPackages_latest;
};
networking.hostName = "glotzbert"; # Define your hostname.
networking.interfaces.eno1.useDHCP = true;
@ -34,6 +38,7 @@
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
keyMap = "de";
};
i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; [
@ -70,8 +75,10 @@
# Users must be in "audio" group
systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
zeroconf = {
discovery.enable = true;
publish.enable = true;
};
tcp = {
enable = true;
anonymousClients.allowAll = true;
@ -85,21 +92,25 @@
};
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager = {
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
services.xserver = {
enable = true;
layout = "de";
xkbOptions = "eurosign:e";
};
services.xserver.desktopManager = {
gnome.enable = true;
kodi.enable = true;
services.xserver = {
displayManager = {
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
};
desktopManager = {
gnome.enable = true;
kodi.enable = true;
};
};
security.sudo = {
@ -113,10 +124,5 @@
extraGroups = [ "networkmanager" ];
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}

4
hosts/hydra/default.nix
View File

@ -60,9 +60,5 @@
c3d2.hq.statistics.enable = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "20.09"; # Did you read the comment?
}

27
hosts/hydra/hydra.nix
View File

@ -43,18 +43,21 @@ in {
evaluator_max_memory_size = 2048
'';
};
systemd.services.hydra-evaluator.serviceConfig = {
CPUWeight = 2;
MemoryHigh = "32G";
MemoryMax = "32G";
MemorySwapMax = "16G";
};
systemd.services.nix-daemon.serviceConfig = {
LimitNOFILE = lib.mkForce 8192;
CPUWeight = 5;
MemoryHigh = "32G";
MemoryMax = "32G";
MemorySwapMax = "16G";
systemd.services = {
hydra-evaluator.serviceConfig = {
CPUWeight = 2;
MemoryHigh = "32G";
MemoryMax = "32G";
MemorySwapMax = "16G";
};
services.nix-daemon.serviceConfig = {
LimitNOFILE = lib.mkForce 8192;
CPUWeight = 5;
MemoryHigh = "32G";
MemoryMax = "32G";
MemorySwapMax = "16G";
};
};
services.nginx =

85
hosts/hydra/updater.nix
View File

@ -1,49 +1,52 @@
{ config, pkgs, ... }:
{
# Build user
users.groups.updater = {};
users.users.updater = {
isSystemUser = true;
group = "updater";
home = "/var/lib/updater";
};
systemd.tmpfiles.rules = [
# needs to be provisioned with ssh privkey
"d ${config.users.users.updater.home} 0700 updater ${config.users.users.updater.group} -"
];
# Timer-triggered service that updates flake.lock and pushes to a
# branch to be picked up by Hydra.
systemd.services.updater = {
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ git nixFlakes curl openssh ];
script = ''
git config --global user.email "astro@spaceboyz.net"
git config --global user.name "Astrobot"
TEMP=$(mktemp -d)
cd $TEMP
git clone --depth=1 --single-branch gitea@gitea.c3d2.de:C3D2/nix-config.git
cd nix-config
nix flake update --commit-lock-file
git push -f origin HEAD:flake-update
'';
serviceConfig = {
User = "updater";
Group = config.users.users.updater.group;
PrivateTmp = true;
ProtectSystem = "full";
users = {
groups.updater = {};
users.updater = {
isSystemUser = true;
group = "updater";
home = "/var/lib/updater";
};
};
systemd.timers.updater = {
partOf = [ "updater.service" ];
wantedBy = [ "timers.target" ];
# update flake.lock daily at 10am so that systems are freshly
# built by afternoon
timerConfig.OnCalendar = "10:00";
systemd = {
# Timer-triggered service that updates flake.lock and pushes to a branch to be picked up by Hydra.
services.updater = {
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ git nixFlakes curl openssh ];
script = ''
git config --global user.email "astro@spaceboyz.net"
git config --global user.name "Astrobot"
TEMP=$(mktemp -d)
cd $TEMP
git clone --depth=1 --single-branch gitea@gitea.c3d2.de:C3D2/nix-config.git
cd nix-config
nix flake update --commit-lock-file
git push -f origin HEAD:flake-update
'';
serviceConfig = {
User = "updater";
Group = config.users.users.updater.group;
PrivateTmp = true;
ProtectSystem = "full";
};
};
timers.updater = {
partOf = [ "updater.service" ];
wantedBy = [ "timers.target" ];
# update flake.lock daily at 10am so that systems are freshly
# built by afternoon
timerConfig.OnCalendar = "10:00";
};
tmpfiles.rules = [
# needs to be provisioned with ssh privkey
"d ${config.users.users.updater.home} 0700 updater ${config.users.users.updater.group} -"
];
};
}

178
hosts/pulsebert/default.nix
View File

@ -5,10 +5,18 @@ let
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
c3d2 = {
isInHq = true;
mergeHostsFile = true;
hq.interface = "eth0";
hq.statistics.enable = true;
k-ot.enable = true;
audioServer.enable = true;
};
boot = {
loader = {
grub.enable = false;
@ -24,23 +32,18 @@ in
kernelParams = [ "console=tty0" ];
tmpOnTmpfs = true;
};
hardware.deviceTree = {
enable = true;
kernelPackage = config.boot.kernelPackages.kernel;
};
nixpkgs.config.packageOverrides = pkgs: {
makeModulesClosure = x:
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
c3d2 = {
isInHq = true;
mergeHostsFile = true;
hq.interface = "eth0";
hq.statistics.enable = true;
};
nix = {
buildCores = 4;
maxJobs = 2;
@ -69,104 +72,101 @@ in
programs.tmux.enable = true;
# Do not log to flash:
services.journald.extraConfig = ''
Storage=volatile
'';
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
};
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
c3d2.k-ot.enable = true;
c3d2.audioServer.enable = true;
# quirk for this pi3
systemd.services.bluetooth.serviceConfig = {
Restart = "always";
RestartSec = "1s";
};
services.nginx = {
enable = true;
#recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"drkkr.hq.c3d2.de" = {
default = true;
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString octoprintPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Scheme $scheme;
proxy_set_header Accept-Encoding identity;
client_max_body_size 2000M;
'';
};
locations."/cam/stream" = {
proxyPass = "http://localhost:3020/?action=stream";
extraConfig = "proxy_pass_request_headers off;";
};
locations."/cam/capture" = {
proxyPass = "http://localhost:3020/?action=snapshot";
extraConfig = "proxy_pass_request_headers off;";
users.users = {
# Allow access to printer serial port and GPIO
"${config.services.octoprint.user}".extraGroups = [ "dialout" "gpio" ];
# Allow gpio group to access GPIO devices
gpio = { };
};
services = {
# Do not log to flash:
journald.extraConfig = ''
Storage=volatile
'';
openssh = {
enable = true;
};
mjpg-streamer = {
enable = true;
inputPlugin = "input_uvc.so -d /dev/v4l/by-id/usb-046d_0817_4B7115A0-video-index0 -r 640x480 -f 30 -pl 50hz -ex auto";
outputPlugin = "output_http.so -p 3020";
};
nginx = {
enable = true;
#recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"drkkr.hq.c3d2.de" = {
default = true;
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString octoprintPort}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Scheme $scheme;
proxy_set_header Accept-Encoding identity;
client_max_body_size 2000M;
'';
};
locations."/cam/stream" = {
proxyPass = "http://localhost:3020/?action=stream";
extraConfig = "proxy_pass_request_headers off;";
};
locations."/cam/capture" = {
proxyPass = "http://localhost:3020/?action=snapshot";
extraConfig = "proxy_pass_request_headers off;";
};
};
};
};
};
services.octoprint = rec {
enable = true;
port = octoprintPort;
extraConfig.webcam = {
snapshot = "http://localhost:3020?action=snapshot";
stream = "https://drkkr.hq.c3d2.de/cam/stream";
octoprint = rec {
enable = true;
port = octoprintPort;
extraConfig.webcam = {
snapshot = "http://localhost:3020?action=snapshot";
stream = "https://drkkr.hq.c3d2.de/cam/stream";
};
# plugins = let
# python = pkgs.octoprint.python;
# octoprint-filament-sensor-universal = python.pkgs.buildPythonPackage rec {
# pname = "OctoPrint-Filament-Sensor-Universal";
# version = "1.0.0";
# src = pkgs.fetchFromGitHub {
# owner = "lopsided98";
# repo = pname;
# rev = "8a72696867a9a008c5a79b49a9b029a4fc426720";
# sha256 = "1a7lzmjbwx47qhrkjp3hggiwnx172x4axcz0labm9by17zxlsimr";
# };
# propagatedBuildInputs = [ pkgs.octoprint python.pkgs.libgpiod ];
# };
# #in p: [ octoprint-filament-sensor-universal ];
# in p: [];
};
# plugins = let
# python = pkgs.octoprint.python;
# octoprint-filament-sensor-universal = python.pkgs.buildPythonPackage rec {
# pname = "OctoPrint-Filament-Sensor-Universal";
# version = "1.0.0";
# src = pkgs.fetchFromGitHub {
# owner = "lopsided98";
# repo = pname;
# rev = "8a72696867a9a008c5a79b49a9b029a4fc426720";
# sha256 = "1a7lzmjbwx47qhrkjp3hggiwnx172x4axcz0labm9by17zxlsimr";
# };
# propagatedBuildInputs = [ pkgs.octoprint python.pkgs.libgpiod ];
# };
# #in p: [ octoprint-filament-sensor-universal ];
# in p: [];
udev.extraRules = ''
KERNEL=="gpiochip*", GROUP="gpio", MODE="0660"
'';
};
# Allow access to printer serial port and GPIO
users.users."${config.services.octoprint.user}".extraGroups = [ "dialout" "gpio" ];
services.mjpg-streamer = {
enable = true;
inputPlugin = "input_uvc.so -d /dev/v4l/by-id/usb-046d_0817_4B7115A0-video-index0 -r 640x480 -f 30 -pl 50hz -ex auto";
outputPlugin = "output_http.so -p 3020";
};
# Allow gpio group to access GPIO devices
users.groups.gpio = { };
services.udev.extraRules = ''
KERNEL=="gpiochip*", GROUP="gpio", MODE="0660"
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

121
hosts/radiobert/base.nix
View File

@ -1,121 +0,0 @@
{ zentralwerk, config, lib, pkgs, ... }:
{
boot.initrd.availableKernelModules = [ "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
fileSystems."/boot/firmware" = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
};
swapDevices = [ ];
hardware.enableRedistributableFirmware = true;
#networking.wireless.enable = true;
hardware.deviceTree.enable = false;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
boot = {
loader = {
grub.enable = false;
raspberryPi = {
enable = true;
version = 4;
# TODO: this machine actually has u-boot setup but that's no
# longer working with nixos-22.05. DO NOT REBOOT! :-)
# https://github.com/NixOS/nixpkgs/pull/112677
# uboot.enable = true;
firmwareConfig = ''
gpu_mem=192
dtparam=audio=on
'';
};
};
kernelPackages = pkgs.linuxPackages_latest;
# No ZFS on latest kernel:
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true;
};
nixpkgs.config.packageOverrides = pkgs: {
makeModulesClosure = x:
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
pi-sensors = if true then [] else [ {
type = "dht22";
pin = 17;
location = "Schrank";
} {
type = "dht22";
pin = 23;
location = "Aussen";
} ];
# unless you automate walking up to the roof, do never enable
# automatic updates for this machine!
autoUpdate = lib.mkForce false;
};
nix = {
buildCores = 4;
maxJobs = 2;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking = {
hostName = "radiobert"; # Define your hostname.
useDHCP = false;
interfaces.eth0.ipv4.addresses = [{
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";
firewall.enable = false;
nameservers = [ "172.20.73.8" "9.9.9.9" ];
};
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
vim
wget
];
programs.tmux.enable = true;
# Do not log to flash:
services.journald.extraConfig = ''
Storage=volatile
'';
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
};
# Allow access to USB
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE:="0666"
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

122
hosts/radiobert/default.nix
View File

@ -1,7 +1,127 @@
{ zentralwerk, config, lib, pkgs, ... }:
{
imports = [
./base.nix
./soapysdr.nix
./readsb.nix
];
c3d2 = {
isInHq = false;
hq.statistics.enable = true;
pi-sensors = if true then [] else [ {
type = "dht22";
pin = 17;
location = "Schrank";
} {
type = "dht22";
pin = 23;
location = "Aussen";
} ];
# unless you automate walking up to the roof, do never enable
# automatic updates for this machine!
autoUpdate = lib.mkForce false;
};
boot = {
loader = {
grub.enable = false;
raspberryPi = {
enable = true;
version = 4;
# TODO: this machine actually has u-boot setup but that's no
# longer working with nixos-22.05. DO NOT REBOOT! :-)
# https://github.com/NixOS/nixpkgs/pull/112677
# uboot.enable = true;
firmwareConfig = ''
gpu_mem=192
dtparam=audio=on
'';
};
};
kernelPackages = pkgs.linuxPackages_latest;
# No ZFS on latest kernel:
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
tmpOnTmpfs = true;
extraModulePackages = [ ];
initrd = {
availableKernelModules = [ "usbhid" ];
kernelModules = [ ];
};
kernelModules = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
"/boot/firmware" = {
device = "/dev/disk/by-label/FIRMWARE";
fsType = "vfat";
};
};
swapDevices = [ ];
hardware = {
deviceTree.enable = false;
enableRedistributableFirmware = true;
};
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
nixpkgs.config.packageOverrides = pkgs: {
makeModulesClosure = x:
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
nix = {
buildCores = 4;
maxJobs = 2;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
networking = {
hostName = "radiobert"; # Define your hostname.
useDHCP = false;
interfaces.eth0.ipv4.addresses = [{
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
}];
defaultGateway = "172.20.73.1";
firewall.enable = false;
nameservers = [ "172.20.73.8" "9.9.9.9" ];
};
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
vim
wget
];
programs.tmux.enable = true;
services = {
# Do not log to flash:
journald.extraConfig = ''
Storage=volatile
'';
openssh = {
enable = true;
};
# Allow access to USB
udev.extraRules = ''
SUBSYSTEM=="usb", MODE:="0666"
'';
};
system.stateVersion = "21.05"; # Did you read the comment?
}

238
hosts/radiobert/readsb.nix
View File

@ -25,122 +25,132 @@ in {
# no watching TV intended
"dvb_usb_rtl28xxu"
];
sops.secrets = {
"chaos-consulting/user".owner = "mlat-client";
};
users.users.readsb = {
isSystemUser = true;
group = "adsb";
};
users.groups.adsb = {};
systemd.services.readsb = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.readsb}/bin/readsb --modeac --aggressive --fix --stats-range --dcfilter --quiet --gain=-10 --lon=${lon} --lat=${lat} --net --net-ro-port=30002 --net-sbs-port=30003 --net-bo-port=30005 --net-vrs-port=30006 --net-beast-reduce-interval 1 --net-connector feed.adsbexchange.com,30005,beast_reduce_out";
User = "readsb";
Group = "adsb";
ProtectSystem = "full";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
};
users.users.mlat-client = {
isSystemUser = true;
group = "adsb";
};
# Feeds adsbexchange.com, test at https://www.adsbexchange.com/myip/
systemd.services.mlat-client-adsbexchange = makeMlatClientService "--server feed.adsbexchange.com:31090 --user C3D2";
# Feeds https://adsb.chaos-consulting.de/map/
systemd.services.mlat-client-chaos-consulting = makeMlatClientService "--server ${config.services.stunnel.clients.mlat-client-chaos-consulting.accept} --user \"$(cat ${config.sops.secrets."chaos-consulting/user".path})\"";
# mlat-client-chaos-consulting needs ssl
services.stunnel = {
enable = true;
clients.mlat-client-chaos-consulting = {
accept = "127.0.0.1:3334";
connect = "mlat.chaos-consulting.de:3334";
verifyChain = false;
verifyPeer = false;
};
};
users.users.sbs2json = {
isSystemUser = true;
group = "adsb";
};
# SHIM because readsb has no web server like dump1090
systemd.services.sbs2json = {
wantedBy = [ "multi-user.target" ];
requires = [ "readsb.service" ];
serviceConfig = {
ExecStart = "${pkgs.heliwatch.http-json}/bin/http-json";
User = "sbs2json";
Group = "adsb";
ProtectSystem = "full";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
};
systemd.services.feed-chaos-consulting = {
wantedBy = [ "multi-user.target" ];
requires = [ "sbs2json.service" ];
serviceConfig = {
User = "mlat-client";
Group = "adsb";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
path = with pkgs; [ curl gzip ];
script = ''
while (
echo '{"now":'
date +%s
echo ',"aircraft":'
curl -s http://localhost:8080/data.json
echo '}'
) \
| gzip -c \
| curl -s \
-u "$(cat ${config.sops.secrets."chaos-consulting/user".path})" \
-X POST \
-H "Content-type: application/json" \
-H "Content-encoding: gzip" \
--data-binary @- \
https://adsb.chaos-consulting.de/aircraftin/index.php
do
sleep 1
done
'';
};
users.users.dump1090-influxdb = {
isSystemUser = true;
group = "adsb";
};
systemd.services.dump1090-influxdb = {
wantedBy = [ "multi-user.target" ];
requires = [ "readsb.service" ];
serviceConfig = {
ExecStart = "${pkgs.dump1090-influxdb}/bin/dump1090-influxdb";
User = "dump1090-influxdb";
Group = "adsb";
ProtectSystem = "full";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
};
services.collectd.plugins.exec = ''
Exec "${config.services.collectd.user}" "${pkgs.heliwatch.collectd-stats}/bin/collectd-stats"
'';
environment.systemPackages = with pkgs; [
readsb
];
sops.secrets = {
"chaos-consulting/user".owner = "mlat-client";
};
users = {
groups.adsb = {};
users = {
dump1090-influxdb = {
isSystemUser = true;
group = "adsb";
};
mlat-client = {
isSystemUser = true;
group = "adsb";
};
readsb = {
isSystemUser = true;
group = "adsb";
};
sbs2json = {
isSystemUser = true;
group = "adsb";
};
};
};
systemd.services = {
dump1090-influxdb = {
wantedBy = [ "multi-user.target" ];
requires = [ "readsb.service" ];
serviceConfig = {
ExecStart = "${pkgs.dump1090-influxdb}/bin/dump1090-influxdb";
User = "dump1090-influxdb";
Group = "adsb";
ProtectSystem = "full";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
};
feed-chaos-consulting = {
wantedBy = [ "multi-user.target" ];
requires = [ "sbs2json.service" ];
serviceConfig = {
User = "mlat-client";
Group = "adsb";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
path = with pkgs; [ curl gzip ];
script = ''
while (
echo '{"now":'
date +%s
echo ',"aircraft":'
curl -s http://localhost:8080/data.json
echo '}'
) \
| gzip -c \
| curl -s \
-u "$(cat ${config.sops.secrets."chaos-consulting/user".path})" \
-X POST \
-H "Content-type: application/json" \
-H "Content-encoding: gzip" \
--data-binary @- \
https://adsb.chaos-consulting.de/aircraftin/index.php
do
sleep 1
done
'';
};
# Feeds adsbexchange.com, test at https://www.adsbexchange.com/myip/
mlat-client-adsbexchange = makeMlatClientService "--server feed.adsbexchange.com:31090 --user C3D2";
# Feeds https://adsb.chaos-consulting.de/map/
mlat-client-chaos-consulting = makeMlatClientService "--server ${config.services.stunnel.clients.mlat-client-chaos-consulting.accept} --user \"$(cat ${config.sops.secrets."chaos-consulting/user".path})\"";
readsb = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.readsb}/bin/readsb --modeac --aggressive --fix --stats-range --dcfilter --quiet --gain=-10 --lon=${lon} --lat=${lat} --net --net-ro-port=30002 --net-sbs-port=30003 --net-bo-port=30005 --net-vrs-port=30006 --net-beast-reduce-interval 1 --net-connector feed.adsbexchange.com,30005,beast_reduce_out";
User = "readsb";
Group = "adsb";
ProtectSystem = "full";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
};
# SHIM because readsb has no web server like dump1090
sbs2json = {
wantedBy = [ "multi-user.target" ];
requires = [ "readsb.service" ];
serviceConfig = {
ExecStart = "${pkgs.heliwatch.http-json}/bin/http-json";
User = "sbs2json";
Group = "adsb";
ProtectSystem = "full";
ProtectHome = true;
Restart = "always";
RestartSec = "10s";
};
};
};
services = {
collectd.plugins.exec = ''
Exec "${config.services.collectd.user}" "${pkgs.heliwatch.collectd-stats}/bin/collectd-stats"
'';
# mlat-client-chaos-consulting needs ssl
stunnel = {
enable = true;
clients.mlat-client-chaos-consulting = {
accept = "127.0.0.1:3334";
connect = "mlat.chaos-consulting.de:3334";
verifyChain = false;
verifyPeer = false;
};
};
};
}

11
hosts/radiobert/soapysdr.nix
View File

@ -6,11 +6,14 @@
hackrf
];
users.users.soapysdr = {
isSystemUser = true;
group = "soapysdr";
users = {
groups.soapysdr = {};
users.soapysdr = {
isSystemUser = true;
group = "soapysdr";
};
};
users.groups.soapysdr = {};
systemd.services.soapysdr-server = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {

160
hosts/rpi-netboot/default.nix
View File

@ -1,20 +1,6 @@
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }:
{
boot.kernelParams = [ "verbose" ];
swapDevices = [ ];
hardware.enableRedistributableFirmware = true;
hardware.bluetooth.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
nixpkgs.config.packageOverrides = pkgs: {
makeModulesClosure = x:
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
c3d2 = {
isInHq = true;
mergeHostsFile = true;
@ -25,6 +11,23 @@
autoUpdate = false;
};
boot.kernelParams = [ "verbose" ];
swapDevices = [ ];
hardware = {
bluetooth.enable = true;
enableRedistributableFirmware = true;
};
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
nixpkgs.config.packageOverrides = pkgs: {
makeModulesClosure = x:
# prevent kernel install fail due to missing modules
pkgs.makeModulesClosure (x // { allowMissing = true; });
};
networking = {
hostName = "rpi-netboot"; # Define your hostname.
useDHCP = false;
@ -32,25 +35,26 @@
firewall.enable = false;
};
# mount the server's /nix/store
fileSystems."/nix/store" = {
device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
fsType = "nfs";
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
neededForBoot = true;
};
# volatile system: everything is tmpfs
fileSystems."/" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/etc" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
fileSystems."/var" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
fileSystems = {
"/" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
"/etc" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
# mount the server's /nix/store
"/nix/store" = {
device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
fsType = "nfs";
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
neededForBoot = true;
};
"/var" = {
fsType = "tmpfs";
options = [ "mode=0755" ];
};
};
environment.systemPackages = with pkgs; [
@ -74,23 +78,8 @@
programs.tmux.enable = true;
systemd = {
# r/o /nix/store
services.nix-daemon.enable = false;
sockets.nix-daemon.enable = false;
services.nix-gc.enable = false;
};
nix.gc.automatic = lib.mkForce false;
# Do not log to flash:
services.journald.extraConfig = ''
Storage=volatile
'';
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
};
security.sudo = {
enable = true;
wheelNeedsPassword = false;
@ -102,41 +91,52 @@
keyMap = "de";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
services.xserver = {
enable = true;
layout = "de";
xkbOptions = "eurosign:e";
};
services.xserver.displayManager = {
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
};
services.xserver.desktopManager = {
gnome.enable = true;
# kodi.enable = true;
};
systemd.user.services.x11vnc = {
description = "X11 VNC server";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
'';
RestartSec = 3;
Restart = "always";
services = {
# Do not log to flash
journald.extraConfig = ''
Storage=volatile
'';
openssh.enable = true;
xserver = {
displayManager = {
lightdm.enable = true;
autoLogin = {
enable = true;
user = "k-ot";
};
defaultSession = "gnome-xorg";
};
desktopManager.gnome.enable = true;
};
};
systemd = {
# r/o /nix/store
services = {
nix-daemon.enable = false;
nix-gc.enable = false
};
sockets.nix-daemon.enable = false;
user.services.x11vnc = {
description = "X11 VNC server";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
'';
RestartSec = 3;
Restart = "always";
};
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

70
hosts/server10/default.nix
View File

@ -1,52 +1,44 @@
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./network.nix
./microvm-staging.nix
./microvms.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# FIXME: Package zfs-kernel-2.1.4-5.18 is marked as broken
# boot.kernelPackages = pkgs.linuxPackages_latest;
# FIXME: kernel null ptr derefs
# boot.kernelPackages = pkgs.linuxPackages_5_17;
boot.kernelParams = [
"preempt=none"
# No server/router runs any untrusted user code
"mitigations=off"
imports = [
./hardware-configuration.nix
./network.nix
./microvm-staging.nix
./microvms.nix
];
boot.tmpOnTmpfs = true;
boot.tmpOnTmpfsSize = "80%";
networking.hostName = "server10"; # Define your hostname.
networking.hostId = "10101010";
c3d2.hq.statistics.enable = true;
boot= {
loader.grub = {
enable = true;
version = 2;
device = "/dev/sda";
};
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [
"preempt=none"
# No server/router runs any untrusted user code
"mitigations=off"
];
tmpOnTmpfs = true;
tmpOnTmpfsSize = "80%";
};
networking = {
hostName = "server10";
# TODO: change that to something more random
hostId = "10101010";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 ];
};
services.openssh.enable = true;
c3d2.hq.statistics.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

8
hosts/server10/network.nix
View File

@ -19,10 +19,12 @@ in
default = {};
};
};
config = {
networking.useDHCP = false;
networking.useNetworkd = true;
networking = {
useDHCP = false;
useNetworkd = true;
};
boot.kernelParams = [
# Prevents automatic creation of interface bond0 by the kernel

110
hosts/storage-ng/default.nix
View File

@ -5,12 +5,8 @@ let
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./streamdump.nix
# ../../config
# ../../config/hq.nix
# ../../config/shared.nix
];
c3d2 = {
@ -23,14 +19,19 @@ in
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
boot.loader.grub = {
enable = true;
version = 2;
efiSupport = true;
devices = [ "nodev" ];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
version = 2;
efiSupport = true;
devices = [ "nodev" ];
};
};
};
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.efi.canTouchEfiVariables = true;
systemd.enableEmergencyMode = false;
networking = {
@ -46,14 +47,16 @@ in
prefixLength = 64;
}];
};
defaultGateway.address = "172.22.99.4";
defaultGateway.interface = eth0;
defaultGateway = {
address = "172.22.99.4";
interface = eth0;
};
nameservers = [
hostRegistry.hosts.dnscache.ip4
hostRegistry.hosts.dnscache.ip6
"9.9.9.9"
];
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
@ -68,51 +71,52 @@ in
iotop
];
programs.bash.enableCompletion = true;
programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
services.openssh = {
enable = true;
allowSFTP = true;
programs = {
bash.enableCompletion = true;
mtr.enable = true;
};
services.atftpd = {
enable = true;
root = "/mnt/cephfs/c3d2/tftp";
};
services = {
atftpd = {
enable = true;
root = "/mnt/cephfs/c3d2/tftp";
};
services.samba = {
enable = true;
enableNmbd = true;
extraConfig = ''
workgroup = HQ
server string = storage
netbios name = storage
hosts allow = 172.20.0.0/14 127.0.0.0/8 ::1/128 fe80::/64 fd23:42:c3d2:500::/56 2a00:8180:2c00:200::/56
hosts deny = 0.0.0.0/0
security = user
guest account = nobody
map to guest = bad user
smb encrypt = required
ntlm auth = yes
passdb backend = smbpasswd
server smb encrypt = desired
'';
shares = {
c3d2 = {
path = "/mnt/cephfs/c3d2";
browseable = "yes";
writable = "yes";
"valid users" = "k-ot";
"guest ok" = "no";
"create mode" = "0666";
"directory mode" = "0777";
openssh = {
enable = true;
allowSFTP = true;
};
samba = {
enable = true;
enableNmbd = true;
extraConfig = ''
workgroup = HQ
server string = storage
netbios name = storage
hosts allow = 172.20.0.0/14 127.0.0.0/8 ::1/128 fe80::/64 fd23:42:c3d2:500::/56 2a00:8180:2c00:200::/56
hosts deny = 0.0.0.0/0
security = user
guest account = nobody
map to guest = bad user
smb encrypt = required
ntlm auth = yes
passdb backend = smbpasswd
server smb encrypt = desired
'';
shares = {
c3d2 = {
path = "/mnt/cephfs/c3d2";
browseable = "yes";
writable = "yes";
"valid users" = "k-ot";
"guest ok" = "no";
"create mode" = "0666";
"directory mode" = "0777";
};
};
};
};
networking.firewall.enable = false;
system.stateVersion = "19.03"; # Did you read the comment?
}

3
hosts/storage-ng/streamdump.nix
View File

@ -1,6 +1,5 @@
{ config, pkgs, ... }:
let
archiveRoot = "/mnt/cephfs/c3d2/Radio";
streams = {
coloradio = "http://streaming.fueralle.org/coloradio_160.mp3";
};
@ -17,7 +16,7 @@ in {
mp3splt
];
script = ''
DIR=${archiveRoot}/${stream}/$(date +%F)
DIR=mnt/cephfs/c3d2/Radio/${stream}/$(date +%F)
mkdir -p $DIR
cd $DIR

1
modules/c3d2.nix
View File

@ -67,7 +67,6 @@ in
'';
hq = {
interface = mkOption {
type = nullOr str;
default = null;

13
modules/default.nix
View File

@ -1,14 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
let
# TODO: move to flake
nixcloud-webservices = pkgs.fetchFromGitHub {
owner = "nixcloud";
repo = "nixcloud-webservices";
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
};
inherit ((import "${nixcloud-webservices}/pkgs" { inherit pkgs; })) nixcloud;
inherit (import "${nixcloud-webservices}/pkgs" { inherit pkgs; }) nixcloud;
profilesDir = "/nix/var/nix/profiles/lxc";
inherit (config.lxc) containers;
@ -89,10 +91,11 @@ in {
path = with pkgs; [ coreutils nix ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
serviceConfig.Environment =
[ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
Environment = [ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
};
script = ''
mkdir -p ${profilesDir}/${name}

6
modules/nncp.nix
View File

@ -9,11 +9,11 @@ let
settingsFormat = pkgs.formats.json { };
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
pkg = programCfg.package;
in {
in
{
options = {
services.nncp = {
caller = {
enable = mkEnableOption ''
croned NNCP TCP daemon caller.
@ -130,7 +130,5 @@ in {
wantedBy = [ "sockets.target" ];
socketConfig.Accept = true;
};
};
}

1
modules/pi-sensors.nix
View File

@ -1,4 +1,5 @@
{ pkgs, config, lib, ... }:
{
options.c3d2.pi-sensors = lib.mkOption {
default = [];

2
modules/rpi-netboot.nix
View File

@ -46,9 +46,11 @@
libraspberrypi
raspberrypi-eeprom
];
services.journald.extraConfig = ''
Storage=volatile
'';
networking.networkmanager.enable = false;
system.build.tftproot = pkgs.runCommand "tftproot-${config.networking.hostName}" {} ''

3
nix-maintenance.sh
View File

@ -1,7 +1,6 @@
#!/usr/bin/env bash
set -x
set -e
set -ex
sudo nix-channel --update
time nix-env -- -u \*

34
overlay/bmxd.nix
View File

@ -1,26 +1,28 @@
{ stdenv, fetchgit, fetchpatch, }:
let
stdenv.mkDerivation {
pname = "bmxd";
version = "0.4-1"; # ${version}-${release}
src = fetchgit {
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git";
rev = "T_FIRMWARE_7.0.1";
sha256 = "sha256-3sV59uqFp+TZKrDf7kmksLvz+5ZKriwFyXZMBH2Sdws=";
};
path = "feeds/19.07/feeds-own/bmxd";
patch = fetchpatch {
name = "timercpy.patch";
url =
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng=";
};
in stdenv.mkDerivation {
pname = "bmxd";
version = "0.4-1"; # ${version}-${release}
inherit src;
patches = [ patch ];
buildPhase = "cd ${path}/sources";
installPhase = ''
make install SBINDIR=$out/sbin
patches = [
(fetchpatch {
name = "timercpy.patch";
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng=";
})
];
buildPhase = ''
cd feeds/19.07/feeds-own/bmxd/sources
'';
installFlags = [
"SBINDIR=$out/sbin"
];
}

4
overlay/dump1090_rs.nix
View File

@ -6,15 +6,19 @@
rustPlatform.buildRustPackage rec {
name = "dump1090_rs";
version = "0.5.1";
src = fetchFromGitHub {
owner = "rsadsb";
repo = "dump1090_rs";
rev = "v${version}";
sha256 = "1jhcb5b3l1q8zz3hfwyxy69i1015jmbdw3zlnhvalgqhp9qli2li";
};
cargoSha256 = "00270yfbgz794m8mifnskvgqd6h17mm18cxr10371zlymnsnjf2c";
nativeBuildInputs = [ pkg-config llvmPackages.clang ];
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
buildInputs = [ soapysdr-with-plugins ];
}

4
overlay/pile.nix
View File

@ -9,9 +9,13 @@ in
rustPlatform.buildRustPackage {
name = "ledball";
version = "0.0.0";
src = "${pile}/ledball";
cargoSha256 = "0zyfbf3gph8gqab07fmm5a7x5slapsqn8ck6isp53fsa7ljnagjy";
cargoBuildFlags = [ "--examples" ];
postInstall = ''
mkdir -p $out/bin

6
overlay/readsb.nix
View File

@ -5,7 +5,8 @@
# , libad9361, libiio
}:
stdenv.mkDerivation rec {
name = "readsb-protobuf";
pname = "readsb-protobuf";
version = "unstable-2021-12-10";
src = fetchFromGitHub {
owner = "Mictronics";
@ -18,12 +19,15 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [
pkg-config protobufc
];
buildInputs = [
ncurses rrdtool libusb1
libbladeRF librtlsdr
# libad9361 libiio
];
# enableParallelBuilding = true;
makeFlags = [
"BLADERF=yes"
"RTLSDR=yes"

6
overlay/simpleygggen.nix
View File

@ -3,15 +3,19 @@
stdenv.mkDerivation rec {
pname = "SimpleYggGen-CPP";
version = "5.1";
src = fetchurl {
url = "https://notabug.org/acetone/${pname}/archive/${version}.tar.gz";
hash = "sha256-z5Wtmw2vq3qRjNSOJ0xlxdmB5g2Oa+UQn1Awt7+R/XY=";
};
nativeBuildInputs = [ cmake ];
buildInputs = [ libsodium ];
installPhase = ''
find .
install -D src/sygcpp $out/bin/$pname
'';
meta.maintainers = [ lib.maintainers.ehmry ];
}

23
proxmox/nixprox.sh
View File

@ -44,22 +44,29 @@ echo Preparing sensible defaults
run "cat > /etc/nixos/configuration.nix" <<EOF
{ pkgs, ... }:
{
boot.isContainer = true;
boot.loader.initScript.enable = true;
boot = {
isContainer = true;
loader.initScript.enable = true;
};
environment.systemPackages = with pkgs; [ vim git ];
networking = {
hostName = "$NAME";
useDHCP = false;
interfaces.eth0.useDHCP = true;
firewall.allowedTCPPorts = [ 22 ];
};
networking.hostName = "$NAME";
nix = {
useSandbox = false;
extraOptions = "experimental-features = nix-command flakes";
# package = pkgs.nixFlakes;
};
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh.enable = true;
environment.systemPackages = with pkgs; [ vim git ];
}
EOF
# Disable Nix sandbox
run rm /etc/nix/nix.conf
run cp /etc/static/nix/nix.conf /etc/nix/nix.conf

3
users.nix
View File

@ -1,4 +1,6 @@
{
# Please use ed25519 keys!
antrares.sshKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDC6Io8mHskJhkUh+vaSo95pi1E/gAoesQ0v+s+7DCTgjpOkB+W6vdJ8U6rblFxrETaWFAIVfkg+I/ZYvNWqCAxu1iWXaZ3IEK2ZiP5Vg0HevAP0ratfIHw50V8wfsyA8/lLVGdpX76xqexdY3G1SYZUcedq6AqWx6FpyoKGVOL2+jlJhmxCoEYfOJe6HbTi02UtAw1qavaD2acvuLksHOiwRAq1+ijPo/OmU3LmaErheceiPC97Wn4H/a98HdnWXJ3AXZCpPzp784/gUxOd/fvKRQPv0Lza9dytmpkAVc9efLMAQZm60w9InpIY0VxJRu2iFDc6msMF/iJp1UXSJfk4hTxUvXL8rPXc4GYKDSQlWO4UXoKd2gZEmCdcsIN/re6VR1lJWcm4eKxI9zJAQRZDrYHZP3ALBJrBY+7pJUHGSB+jCdZ73zkvkiNWUHZ9Wwp4RvdFoCR9qT+AoDU2SMiBMn8/hNMZRUs6RKjUzzn2vhCbZh19QIDxivaFg3DOKq7CCI3XNR3M781MFdmeTXKBLnv2YEVXy5XDIMvucQaZIUoD14fSF2wnncuP9h0gs2H1zG7nQfMagGpE+ro56FO3rBQqfRzz/U528yuq8uf/6TD9u3jTu7ngZ0YpDvAwAh8yG3b2KGFbrcYc3N1zEQOz7IqKixmIt/f3VOOjQ3Yww== antrares@c3d2.de"
];
@ -54,5 +56,4 @@
windsleep.sshKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD6vi3Y/e5wxJzsehFyM+N16f1QAmepMwIOSL3gO9w7CZ1jUF2Cky6y/40TcNWMDyvgxbcEfobG/Foa8DXQgKcc9LZS8jjGmzTVRCKxON5hQsYXRmxzawe8Fg2bkYxpWeoknW0wgDc/3XJA17IP2ONfVtX3YVQyhf5WPDHrXojnBadXMBUtvK5p7T+L9Z3/cGB80K5BoQCC4ZRn6gkOMjpFOKYXJfIzmLI5WPvTe7B/uuEfZ8IT8nzZsi2VBwru01s+iEXs7th/rAp2Q74pWTW8Q8jhNL1E15Yct9K7yV1p6D7YPF/BCKtXKP6VzU2ULmTp6nlCkeDJvZgLP6UpzLJJ basti@windnix"
];
}