c3d2
/
nix-config
22
6
Fork 3
Code Issues 17 Pull Requests 1 Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
flake-update
master
marenz-skyflake
ds-future
broken
container/radius
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '891a808415'
${ noResults }
nix-config/hosts/pulsebert/configuration.nix

276 lines
8.1 KiB
Nix
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
ympdPort = 8080;
mpdVhost = "mpd.hq.c3d2.de";
in {
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../lib/admins.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "pulsebert"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n = {
consoleFont = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# specific printer drivers for our printers
epson-escpr
splix
# utilities
nix-index
usbutils
tmux
vim
git
openssl
# NCurses Music Player Client (Plus Plus)
# a commandline front-end client for mpd
# 2019-01-21 mag vater gern gleich einen schoenen lokalen Verwaltung fuer MPD haben.
# ncmpcpp
home-manager
mumble
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# X11 Forwarding for mumble...
programs.ssh.forwardX11 = true;
services.openssh.forwardX11 = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
4713 # PulseAudio
631 # cups
80 443 # Web/ympd
6600 # mpd
5000 # shairport
];
networking.firewall.allowedUDPPorts = [
631
];
networking.firewall.extraCommands = ''
iptables -I INPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
iptables -I OUTPUT -p udp --dport mdns -d 224.0.0.251 -j ACCEPT # zeroconf
''; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
services.printing = {
enable = true;
browsing = true;
listenAddresses = [ "*:631" ];
defaultShared = true;
# logLevel = "debug";
drivers = [ pkgs.gutenprint pkgs.hplip pkgs.splix ];
extraConf =
''
DefaultAuthType Basic
<Location />
Order allow,deny
Allow ALL
</Location>
<Location /admin>
Order allow,deny
Allow ALL
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow ALL
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
'';
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# PulseAudio as-a-Service
hardware.pulseaudio.systemWide = true;
hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [
"127.0.0.0/8" "::1/128"
"172.22.99.0/24" "2a02:8106:208:5201:58::/64"
];
hardware.pulseaudio.tcp.enable = true;
hardware.pulseaudio.zeroconf.publish.enable = true;
# tell Avahi to publish CUPS and PulseAudio
services.avahi = {
enable = true;
publish.enable = true;
publish.userServices = true;
};
# Enable Audio streaming for Mac clients
services.shairport-sync.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
# Define a user account. Don't forget to set a password with passwd.
users.users."k-ot" = {
extraGroups = ["audio" "wheel"]; # allow k-ot to use PulseAudio
isNormalUser = true;
uid = 1000;
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
# vater hoerte, dass menschen im space gern mpd fuer das abspielen von musik erwarten wuerden
#### https://nixos.org/nixos/options.html#services.mpd.enable
services.mpd = {
enable=true;
dbFile = null;
network.listenAddress = "any";
musicDirectory = "/mnt/storage/Music";
#### musicDirectory = "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music";
extraConfig = ''
#### music_directory "nfs://storage.hq.c3d2.de:/mnt/zroot/storage/rpool/Music"
####
audio_output {
type "pulse"
name "/proc"
}
audio_output {
type "pulse"
name "SDK"
server "dacbert.hq.c3d2.de"
}
#### mpd startet bei der option nicht mehr
database {
plugin "proxy"
#### vater was here!
#### jail (auf storage)
#### externe erstellung der datenbank von mpd in der naehe der ablage der daten
host "172.22.99.98"
}
#### ausschalten der automatischen aktualisierung der datenbank von mpd
#### angeblich gibt es 2019-02-13 probleme, die zum absturz vom dienst mpd fuehren
#### wenn das problem behoben ist, dann kann die option wieder entfernt werden
auto_update "no"
'';
};
# mpd likes to crash a lot while indexing, so...
systemd.services.mpd.serviceConfig.Restart="on-failure";
services.caddy = {
enable = true;
agree = true;
# TODO: add auth?
config = ''
${mpdVhost} {
proxy / localhost:${toString ympdPort}
}
:80 {
redir https://${mpdVhost}{uri}
}
'';
};
fileSystems."/mnt/storage" = {
device = "storage.hq.c3d2.de:/mnt/zroot/storage/rpool";
fsType = "nfs";
};
#### nur zum spielen mit dem bereitstellen von einer per nfs angebundenen datei als datenbank fuer mpd
fileSystems."/mnt/service-data/mpd_index" = {
device = "storage.hq.c3d2.de:/mnt/zroot/iocage/jails/mpd_index/root/var/mpd/.mpd";
fsType = "nfs";
};
# MPD music playing daemon with webinterface
services.ympd = {
enable = true;
webPort = toString ympdPort;
};
nixpkgs.config.packageOverrides = pkgs: with pkgs; {
ympd = ympd.overrideAttrs (oldAttrs: {
src = fetchFromGitHub {
owner = "c3d2";
repo = "ympd";
rev = "feature/somafm_browser";
sha256 = "17x3jfys6gxghz5yp0gvd39ylvzfm59qxg75hwc5a52rj1n2jpb1";
};
});
};
}
Reference in New Issue View Git Blame Copy Permalink