nix-config/hosts/pulsebert/default.nix

{ config, lib, pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
  ];

  c3d2 = {
    isInHq = true;
    mergeHostsFile = true;
    hq.interface = "enp1s0";
    hq.statistics.enable = true;
    k-ot.enable = true;
    audioServer.enable = true;
  };

  boot = {
    loader.systemd-boot = {
      enable = true;
      configurationLimit = 2;
    };
    loader.efi.canTouchEfiVariables = true;
    kernelPackages = pkgs.linuxPackages_latest;
    tmpOnTmpfs = true;
  };

  hardware = {
    bluetooth.enable = false; # has no wireless hardware
    enableRedistributableFirmware = true;
  };

  nix = {
    buildCores = 2;
    maxJobs = 1;
  };

  networking = {
    firewall = {
      allowedTCPPorts = [
        80 # nginx
        443 # nginx
        4713 # pulseaudio/pipewire network sync
        5355 # llmnr
      ];
      allowedUDPPorts = [
        5353 # mdns
        5355 # llmnr
      ];
    };
    hostName = "pulsebert";
    useDHCP = false;
    interfaces = {
      enp1s0.useDHCP = true;
    };
  };

  environment.systemPackages = with pkgs; [
    mpd
    mpv
    ncmpcpp
    ncpamixer
    pulseaudio # required for pactl
  ];

  programs.tmux.enable = true;

  security = {
    rtkit.enable = true;
    sudo = {
      enable = true;
      wheelNeedsPassword = false;
    };
  };

  users.users = lib.mkMerge [
    (lib.optionalAttrs config.services.octoprint.enable {
      # Allow access to printer serial port and GPIO
      "${config.services.octoprint.user}".extraGroups = [ "dialout" ];
    })
    {
    }
  ];

  services = {
    # Do not log to flash:
    journald.extraConfig = ''
      Storage=volatile
    '';

    openssh = {
      enable = true;
    };

    nginx = {
      enable = true;
      virtualHosts = {
        "drkkr.hq.c3d2.de" = {
          default = true;
          enableACME = true;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
            proxyWebsockets = true;
            extraConfig = ''
              proxy_set_header X-Scheme $scheme;
              proxy_set_header Accept-Encoding identity;
              client_max_body_size 2000M;
            '';
          };
          locations."/cam/stream" = {
            proxyPass = "http://localhost:3020/?action=stream";
            extraConfig = "proxy_pass_request_headers off;";
          };
          locations."/cam/capture" = {
            proxyPass = "http://localhost:3020/?action=snapshot";
            extraConfig = "proxy_pass_request_headers off;";
          };
        };
      };
    };

    octoprint = rec {
      enable = true;
      port = 8080;
      extraConfig.webcam = {
        snapshot = "http://localhost:3020?action=snapshot";
        stream = "https://drkkr.hq.c3d2.de/cam/stream";
      };
      # plugins = let
      #   python = pkgs.octoprint.python;

      #   octoprint-filament-sensor-universal = python.pkgs.buildPythonPackage rec {
      #     pname = "OctoPrint-Filament-Sensor-Universal";
      #     version = "1.0.0";

      #     src = pkgs.fetchFromGitHub {
      #       owner = "lopsided98";
      #       repo = pname;
      #       rev = "8a72696867a9a008c5a79b49a9b029a4fc426720";
      #       sha256 = "1a7lzmjbwx47qhrkjp3hggiwnx172x4axcz0labm9by17zxlsimr";
      #     };

      #     propagatedBuildInputs = [ pkgs.octoprint python.pkgs.libgpiod ];
      #   };
      # #in p: [ octoprint-filament-sensor-universal ];
      # in p: [];
    };
  };

  system.stateVersion = "22.11";
}