forked from c3d2/nix-config
The big format and cleanup
This commit is contained in:
parent
c042dd5c03
commit
aaddec8194
|
@ -1,11 +1,11 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
options.c3d2.audioServer = with lib; {
|
options.c3d2.audioServer = {
|
||||||
enable = mkEnableOption "Enable PulseAudio and Bluetooth sinks";
|
enable = lib.mkEnableOption "Enable PulseAudio and Bluetooth sinks";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf config.c3d2.audioServer.enable {
|
config = lib.mkIf config.c3d2.audioServer.enable {
|
||||||
# Enable sound.
|
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
hardware.bluetooth = {
|
hardware.bluetooth = {
|
||||||
enable = lib.mkDefault true;
|
enable = lib.mkDefault true;
|
||||||
|
@ -30,12 +30,15 @@
|
||||||
zeroconf.publish.enable = true;
|
zeroconf.publish.enable = true;
|
||||||
package = pkgs.pulseaudioFull;
|
package = pkgs.pulseaudioFull;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# TODO: configure system wide service
|
||||||
#services.pipewire = {
|
#services.pipewire = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# alsa.enable = true;
|
# alsa.enable = true;
|
||||||
# config.pipewire-pulse = lib.importJSON ./pipewire-pulse.conf.json;
|
# config.pipewire-pulse = lib.importJSON ./pipewire-pulse.conf.json;
|
||||||
# pulse.enable = true;
|
# pulse.enable = true;
|
||||||
#};
|
#};
|
||||||
|
|
||||||
security.rtkit.enable = true;
|
security.rtkit.enable = true;
|
||||||
|
|
||||||
# tell Avahi to publish CUPS and PulseAudio
|
# tell Avahi to publish CUPS and PulseAudio
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
{ config, options, lib, pkgs, ... }:
|
{ config, options, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
hqPrefix64 = "fd23:42:c3d2:523";
|
|
||||||
# TODO: Is this stable? Is there a better place to specifiy this?
|
# TODO: Is this stable? Is there a better place to specifiy this?
|
||||||
|
hqPrefix64 = "fd23:42:c3d2:523";
|
||||||
|
|
||||||
# Generate a deterministic IPv6 address for a 64 bit prefix
|
# Generate a deterministic IPv6 address for a 64 bit prefix
|
||||||
# and seed string. Prefix must not contain trailing ':'.
|
# and seed string. Prefix must not contain trailing ':'.
|
||||||
|
@ -20,7 +20,6 @@ let
|
||||||
toHqPrivateAddress = toIpv6Address hqPrefix64;
|
toHqPrivateAddress = toIpv6Address hqPrefix64;
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./stats.nix
|
./stats.nix
|
||||||
./audio-server
|
./audio-server
|
||||||
|
@ -34,7 +33,6 @@ in {
|
||||||
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
|
||||||
in {
|
in {
|
||||||
# Configuration specific to this machine
|
# Configuration specific to this machine
|
||||||
|
|
||||||
assertions = [
|
assertions = [
|
||||||
{
|
{
|
||||||
assertion = cfg.isInHq -> (config.users.users.root.password == null);
|
assertion = cfg.isInHq -> (config.users.users.root.password == null);
|
||||||
|
|
|
@ -51,7 +51,8 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.prometheus.exporters.node.enable = true;
|
services.prometheus.exporters.node = {
|
||||||
services.prometheus.exporters.node.openFirewall = true;
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,56 +6,48 @@
|
||||||
(modulesPath + "/profiles/docker-container.nix")
|
(modulesPath + "/profiles/docker-container.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.networkmanager.dns = "unbound";
|
boot = {
|
||||||
networking.useHostResolvConf = false;
|
isContainer = true;
|
||||||
|
loader = {
|
||||||
|
grub.enable = false;
|
||||||
|
# /sbin/init
|
||||||
|
initScript.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''
|
environment.etc."resolv.conf".text = lib.concatMapStrings (ns: ''
|
||||||
nameserver ${ns}
|
nameserver ${ns}
|
||||||
'') config.networking.nameservers;
|
'') config.networking.nameservers;
|
||||||
|
|
||||||
nix.useSandbox = false;
|
|
||||||
nix.maxJobs = lib.mkDefault 1;
|
|
||||||
nix.buildCores = lib.mkDefault 4;
|
|
||||||
networking.useNetworkd = true;
|
|
||||||
networking.useDHCP = false;
|
|
||||||
services.resolved.enable = false;
|
|
||||||
networking.nameservers = [
|
|
||||||
hostRegistry.hosts.dnscache.ip4
|
|
||||||
hostRegistry.hosts.dnscache.ip6
|
|
||||||
"9.9.9.9"
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.interfaces.eth0 = {
|
|
||||||
useDHCP = false;
|
|
||||||
tempAddress = "disabled";
|
|
||||||
};
|
|
||||||
systemd.network.networks."40-eth0"
|
|
||||||
.networkConfig = {
|
|
||||||
IPv6AcceptRA = true;
|
|
||||||
LinkLocalAddressing = "ipv6";
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.isContainer = true;
|
|
||||||
|
|
||||||
# /sbin/init
|
|
||||||
boot.loader.initScript.enable = true;
|
|
||||||
boot.loader.grub.enable = false;
|
|
||||||
|
|
||||||
# Create a few files early before packing tarball for Proxmox
|
|
||||||
# architecture/OS detection.
|
|
||||||
system.extraSystemBuilderCmds = ''
|
|
||||||
mkdir -m 0755 -p $out/bin
|
|
||||||
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
|
||||||
mkdir -m 0755 -p $out/sbin
|
|
||||||
ln -s ../init $out/sbin/init
|
|
||||||
'';
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
fsType = "rootfs";
|
fsType = "rootfs";
|
||||||
device = "rootfs";
|
device = "rootfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
# add central logging
|
nix = {
|
||||||
services.journalbeat = {
|
useSandbox = false;
|
||||||
|
maxJobs = lib.mkDefault 1;
|
||||||
|
buildCores = lib.mkDefault 4;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
interfaces.eth0 = {
|
||||||
|
useDHCP = false;
|
||||||
|
tempAddress = "disabled";
|
||||||
|
};
|
||||||
|
nameservers = with hostRegistry.hosts.dnscache; [
|
||||||
|
ip4
|
||||||
|
ip6
|
||||||
|
"9.9.9.9"
|
||||||
|
];
|
||||||
|
networkmanager.dns = "unbound";
|
||||||
|
useDHCP = false;
|
||||||
|
useHostResolvConf = false;
|
||||||
|
useNetworkd = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
journalbeat = {
|
||||||
enable = false;
|
enable = false;
|
||||||
tags = [ "container" ];
|
tags = [ "container" ];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -80,8 +72,21 @@
|
||||||
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
|
hosts: ["${config.c3d2.hosts.logging.ip4}:5044"]
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# Required for remote deployment
|
# Required for remote deployment
|
||||||
services.openssh.enable = true;
|
openssh.enable = true;
|
||||||
|
resolved.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Create a few files early before packing tarball for Proxmox architecture/OS detection.
|
||||||
|
system.extraSystemBuilderCmds = ''
|
||||||
|
mkdir -m 0755 -p $out/bin
|
||||||
|
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||||||
|
mkdir -m 0755 -p $out/sbin
|
||||||
|
ln -s ../init $out/sbin/init
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.network.networks."40-eth0".networkConfig = {
|
||||||
|
IPv6AcceptRA = true;
|
||||||
|
LinkLocalAddressing = "ipv6";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,11 +2,15 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ ./logging.nix ];
|
imports = [ ./logging.nix ];
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n = {
|
i18n = {
|
||||||
defaultLocale = "en_US.UTF-8";
|
defaultLocale = "en_US.UTF-8";
|
||||||
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
|
supportedLocales = lib.mkForce [
|
||||||
|
"en_US.UTF-8/UTF-8"
|
||||||
|
"de_DE.UTF-8/UTF-8"
|
||||||
|
"C.UTF-8/UTF-8"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,15 @@
|
||||||
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
|
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
c3d2 = {
|
||||||
|
isInHq = true;
|
||||||
|
mergeHostsFile = true;
|
||||||
|
hq.interface = "eth0";
|
||||||
|
hq.statistics.enable = true;
|
||||||
|
audioServer.enable = true;
|
||||||
|
k-ot.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
|
|
||||||
|
@ -9,6 +18,7 @@
|
||||||
# prevent kernel install fail due to missing modules
|
# prevent kernel install fail due to missing modules
|
||||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
raspberryPi = {
|
raspberryPi = {
|
||||||
|
@ -38,15 +48,6 @@
|
||||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
|
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "rw" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
c3d2 = {
|
|
||||||
isInHq = true;
|
|
||||||
mergeHostsFile = true;
|
|
||||||
hq.interface = "eth0";
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
audioServer.enable = true;
|
|
||||||
k-ot.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "dacbert"; # Define your hostname.
|
hostName = "dacbert"; # Define your hostname.
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
|
@ -65,13 +66,6 @@
|
||||||
daemonCPUSchedPolicy = "idle";
|
daemonCPUSchedPolicy = "idle";
|
||||||
daemonIOSchedClass = "idle";
|
daemonIOSchedClass = "idle";
|
||||||
};
|
};
|
||||||
systemd.services.nix-daemon.serviceConfig = {
|
|
||||||
LimitNOFILE = lib.mkForce 8192;
|
|
||||||
CPUWeight = 5;
|
|
||||||
MemoryHigh = "4G";
|
|
||||||
MemoryMax = "6G";
|
|
||||||
MemorySwapMax = "0";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
libraspberrypi
|
libraspberrypi
|
||||||
|
@ -92,15 +86,6 @@
|
||||||
|
|
||||||
programs.tmux.enable = true;
|
programs.tmux.enable = true;
|
||||||
|
|
||||||
# Do not log to flash:
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
Storage=volatile
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
security.sudo = {
|
security.sudo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wheelNeedsPassword = false;
|
wheelNeedsPassword = false;
|
||||||
|
@ -112,12 +97,29 @@
|
||||||
keyMap = "de";
|
keyMap = "de";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
services = {
|
||||||
services.xserver.enable = true;
|
# Do not log to flash:
|
||||||
services.xserver.layout = "de";
|
journald.extraConfig = ''
|
||||||
services.xserver.xkbOptions = "eurosign:e";
|
Storage=volatile
|
||||||
|
'';
|
||||||
|
|
||||||
services.xserver.displayManager = {
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
xserver = {
|
||||||
|
enable = true;
|
||||||
|
layout = "de";
|
||||||
|
xkbOptions = "eurosign:e";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.xserver = {
|
||||||
|
desktopManager = {
|
||||||
|
gnome.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
displayManager = {
|
||||||
lightdm = { enable = true; };
|
lightdm = { enable = true; };
|
||||||
autoLogin = {
|
autoLogin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -125,11 +127,18 @@
|
||||||
};
|
};
|
||||||
defaultSession = "gnome-xorg";
|
defaultSession = "gnome-xorg";
|
||||||
};
|
};
|
||||||
services.xserver.desktopManager = {
|
|
||||||
gnome.enable = true;
|
|
||||||
# kodi.enable = true;
|
|
||||||
};
|
};
|
||||||
systemd.user.services.x11vnc = {
|
|
||||||
|
systemd = {
|
||||||
|
services.nix-daemon.serviceConfig = {
|
||||||
|
LimitNOFILE = lib.mkForce 8192;
|
||||||
|
CPUWeight = 5;
|
||||||
|
MemoryHigh = "4G";
|
||||||
|
MemoryMax = "6G";
|
||||||
|
MemorySwapMax = "0";
|
||||||
|
};
|
||||||
|
|
||||||
|
user.services.x11vnc = {
|
||||||
description = "X11 VNC server";
|
description = "X11 VNC server";
|
||||||
wantedBy = [ "graphical-session.target" ];
|
wantedBy = [ "graphical-session.target" ];
|
||||||
partOf = [ "graphical-session.target" ];
|
partOf = [ "graphical-session.target" ];
|
||||||
|
@ -141,12 +150,7 @@
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
useSandbox = true;
|
useSandbox = true;
|
||||||
buildCores = 4;
|
buildCores = 4;
|
||||||
|
@ -21,10 +22,13 @@
|
||||||
|
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
boot = {
|
||||||
boot.loader.systemd-boot.enable = true;
|
loader = {
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
systemd-boot.enable = true;
|
||||||
|
};
|
||||||
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "glotzbert"; # Define your hostname.
|
networking.hostName = "glotzbert"; # Define your hostname.
|
||||||
networking.interfaces.eno1.useDHCP = true;
|
networking.interfaces.eno1.useDHCP = true;
|
||||||
|
@ -34,6 +38,7 @@
|
||||||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||||||
keyMap = "de";
|
keyMap = "de";
|
||||||
};
|
};
|
||||||
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -70,8 +75,10 @@
|
||||||
# Users must be in "audio" group
|
# Users must be in "audio" group
|
||||||
systemWide = true;
|
systemWide = true;
|
||||||
support32Bit = true;
|
support32Bit = true;
|
||||||
zeroconf.discovery.enable = true;
|
zeroconf = {
|
||||||
zeroconf.publish.enable = true;
|
discovery.enable = true;
|
||||||
|
publish.enable = true;
|
||||||
|
};
|
||||||
tcp = {
|
tcp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
anonymousClients.allowAll = true;
|
anonymousClients.allowAll = true;
|
||||||
|
@ -85,11 +92,14 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
services.xserver.enable = true;
|
services.xserver = {
|
||||||
services.xserver.layout = "de";
|
enable = true;
|
||||||
services.xserver.xkbOptions = "eurosign:e";
|
layout = "de";
|
||||||
|
xkbOptions = "eurosign:e";
|
||||||
|
};
|
||||||
|
|
||||||
services.xserver.displayManager = {
|
services.xserver = {
|
||||||
|
displayManager = {
|
||||||
lightdm = { enable = true; };
|
lightdm = { enable = true; };
|
||||||
autoLogin = {
|
autoLogin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -97,10 +107,11 @@
|
||||||
};
|
};
|
||||||
defaultSession = "gnome-xorg";
|
defaultSession = "gnome-xorg";
|
||||||
};
|
};
|
||||||
services.xserver.desktopManager = {
|
desktopManager = {
|
||||||
gnome.enable = true;
|
gnome.enable = true;
|
||||||
kodi.enable = true;
|
kodi.enable = true;
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
security.sudo = {
|
security.sudo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -113,10 +124,5 @@
|
||||||
extraGroups = [ "networkmanager" ];
|
extraGroups = [ "networkmanager" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
|
||||||
# compatible, in order to avoid breaking some software such as database
|
|
||||||
# servers. You should change this only after NixOS release notes say you
|
|
||||||
# should.
|
|
||||||
system.stateVersion = "18.09"; # Did you read the comment?
|
system.stateVersion = "18.09"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -60,9 +60,5 @@
|
||||||
|
|
||||||
c3d2.hq.statistics.enable = true;
|
c3d2.hq.statistics.enable = true;
|
||||||
|
|
||||||
# This value determines the NixOS release with which your system is to be
|
|
||||||
# compatible, in order to avoid breaking some software such as database
|
|
||||||
# servers. You should change this only after NixOS release notes say you
|
|
||||||
# should.
|
|
||||||
system.stateVersion = "20.09"; # Did you read the comment?
|
system.stateVersion = "20.09"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -43,19 +43,22 @@ in {
|
||||||
evaluator_max_memory_size = 2048
|
evaluator_max_memory_size = 2048
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
systemd.services.hydra-evaluator.serviceConfig = {
|
|
||||||
|
systemd.services = {
|
||||||
|
hydra-evaluator.serviceConfig = {
|
||||||
CPUWeight = 2;
|
CPUWeight = 2;
|
||||||
MemoryHigh = "32G";
|
MemoryHigh = "32G";
|
||||||
MemoryMax = "32G";
|
MemoryMax = "32G";
|
||||||
MemorySwapMax = "16G";
|
MemorySwapMax = "16G";
|
||||||
};
|
};
|
||||||
systemd.services.nix-daemon.serviceConfig = {
|
services.nix-daemon.serviceConfig = {
|
||||||
LimitNOFILE = lib.mkForce 8192;
|
LimitNOFILE = lib.mkForce 8192;
|
||||||
CPUWeight = 5;
|
CPUWeight = 5;
|
||||||
MemoryHigh = "32G";
|
MemoryHigh = "32G";
|
||||||
MemoryMax = "32G";
|
MemoryMax = "32G";
|
||||||
MemorySwapMax = "16G";
|
MemorySwapMax = "16G";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx =
|
services.nginx =
|
||||||
let
|
let
|
||||||
|
|
|
@ -1,21 +1,18 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
# Build user
|
# Build user
|
||||||
users.groups.updater = {};
|
users = {
|
||||||
users.users.updater = {
|
groups.updater = {};
|
||||||
|
users.updater = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "updater";
|
group = "updater";
|
||||||
home = "/var/lib/updater";
|
home = "/var/lib/updater";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd = {
|
||||||
# needs to be provisioned with ssh privkey
|
# Timer-triggered service that updates flake.lock and pushes to a branch to be picked up by Hydra.
|
||||||
"d ${config.users.users.updater.home} 0700 updater ${config.users.users.updater.group} -"
|
services.updater = {
|
||||||
];
|
|
||||||
|
|
||||||
# Timer-triggered service that updates flake.lock and pushes to a
|
|
||||||
# branch to be picked up by Hydra.
|
|
||||||
systemd.services.updater = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
path = with pkgs; [ git nixFlakes curl openssh ];
|
path = with pkgs; [ git nixFlakes curl openssh ];
|
||||||
script = ''
|
script = ''
|
||||||
|
@ -39,11 +36,17 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.timers.updater = {
|
timers.updater = {
|
||||||
partOf = [ "updater.service" ];
|
partOf = [ "updater.service" ];
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
# update flake.lock daily at 10am so that systems are freshly
|
# update flake.lock daily at 10am so that systems are freshly
|
||||||
# built by afternoon
|
# built by afternoon
|
||||||
timerConfig.OnCalendar = "10:00";
|
timerConfig.OnCalendar = "10:00";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tmpfiles.rules = [
|
||||||
|
# needs to be provisioned with ssh privkey
|
||||||
|
"d ${config.users.users.updater.home} 0700 updater ${config.users.users.updater.group} -"
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,10 +5,18 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
c3d2 = {
|
||||||
|
isInHq = true;
|
||||||
|
mergeHostsFile = true;
|
||||||
|
hq.interface = "eth0";
|
||||||
|
hq.statistics.enable = true;
|
||||||
|
k-ot.enable = true;
|
||||||
|
audioServer.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader = {
|
loader = {
|
||||||
grub.enable = false;
|
grub.enable = false;
|
||||||
|
@ -24,23 +32,18 @@ in
|
||||||
kernelParams = [ "console=tty0" ];
|
kernelParams = [ "console=tty0" ];
|
||||||
tmpOnTmpfs = true;
|
tmpOnTmpfs = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
hardware.deviceTree = {
|
hardware.deviceTree = {
|
||||||
enable = true;
|
enable = true;
|
||||||
kernelPackage = config.boot.kernelPackages.kernel;
|
kernelPackage = config.boot.kernelPackages.kernel;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
makeModulesClosure = x:
|
makeModulesClosure = x:
|
||||||
# prevent kernel install fail due to missing modules
|
# prevent kernel install fail due to missing modules
|
||||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||||
};
|
};
|
||||||
|
|
||||||
c3d2 = {
|
|
||||||
isInHq = true;
|
|
||||||
mergeHostsFile = true;
|
|
||||||
hq.interface = "eth0";
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
buildCores = 4;
|
buildCores = 4;
|
||||||
maxJobs = 2;
|
maxJobs = 2;
|
||||||
|
@ -69,29 +72,41 @@ in
|
||||||
|
|
||||||
programs.tmux.enable = true;
|
programs.tmux.enable = true;
|
||||||
|
|
||||||
# Do not log to flash:
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
Storage=volatile
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
security.sudo = {
|
security.sudo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wheelNeedsPassword = false;
|
wheelNeedsPassword = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
c3d2.k-ot.enable = true;
|
|
||||||
c3d2.audioServer.enable = true;
|
|
||||||
# quirk for this pi3
|
# quirk for this pi3
|
||||||
systemd.services.bluetooth.serviceConfig = {
|
systemd.services.bluetooth.serviceConfig = {
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "1s";
|
RestartSec = "1s";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
users.users = {
|
||||||
|
# Allow access to printer serial port and GPIO
|
||||||
|
"${config.services.octoprint.user}".extraGroups = [ "dialout" "gpio" ];
|
||||||
|
# Allow gpio group to access GPIO devices
|
||||||
|
gpio = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
# Do not log to flash:
|
||||||
|
journald.extraConfig = ''
|
||||||
|
Storage=volatile
|
||||||
|
'';
|
||||||
|
|
||||||
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
mjpg-streamer = {
|
||||||
|
enable = true;
|
||||||
|
inputPlugin = "input_uvc.so -d /dev/v4l/by-id/usb-046d_0817_4B7115A0-video-index0 -r 640x480 -f 30 -pl 50hz -ex auto";
|
||||||
|
outputPlugin = "output_http.so -p 3020";
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
#recommendedGzipSettings = true;
|
#recommendedGzipSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
@ -120,7 +135,8 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.octoprint = rec {
|
|
||||||
|
octoprint = rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = octoprintPort;
|
port = octoprintPort;
|
||||||
extraConfig.webcam = {
|
extraConfig.webcam = {
|
||||||
|
@ -147,26 +163,10 @@ in
|
||||||
# in p: [];
|
# in p: [];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Allow access to printer serial port and GPIO
|
udev.extraRules = ''
|
||||||
users.users."${config.services.octoprint.user}".extraGroups = [ "dialout" "gpio" ];
|
|
||||||
|
|
||||||
services.mjpg-streamer = {
|
|
||||||
enable = true;
|
|
||||||
inputPlugin = "input_uvc.so -d /dev/v4l/by-id/usb-046d_0817_4B7115A0-video-index0 -r 640x480 -f 30 -pl 50hz -ex auto";
|
|
||||||
outputPlugin = "output_http.so -p 3020";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow gpio group to access GPIO devices
|
|
||||||
users.groups.gpio = { };
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
KERNEL=="gpiochip*", GROUP="gpio", MODE="0660"
|
KERNEL=="gpiochip*", GROUP="gpio", MODE="0660"
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,121 +0,0 @@
|
||||||
{ zentralwerk, config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
boot.initrd.availableKernelModules = [ "usbhid" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot/firmware" = {
|
|
||||||
device = "/dev/disk/by-label/FIRMWARE";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
#networking.wireless.enable = true;
|
|
||||||
hardware.deviceTree.enable = false;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
loader = {
|
|
||||||
grub.enable = false;
|
|
||||||
raspberryPi = {
|
|
||||||
enable = true;
|
|
||||||
version = 4;
|
|
||||||
# TODO: this machine actually has u-boot setup but that's no
|
|
||||||
# longer working with nixos-22.05. DO NOT REBOOT! :-)
|
|
||||||
# https://github.com/NixOS/nixpkgs/pull/112677
|
|
||||||
# uboot.enable = true;
|
|
||||||
firmwareConfig = ''
|
|
||||||
gpu_mem=192
|
|
||||||
dtparam=audio=on
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
|
||||||
# No ZFS on latest kernel:
|
|
||||||
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
|
||||||
|
|
||||||
tmpOnTmpfs = true;
|
|
||||||
};
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
|
||||||
makeModulesClosure = x:
|
|
||||||
# prevent kernel install fail due to missing modules
|
|
||||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
|
||||||
};
|
|
||||||
|
|
||||||
c3d2 = {
|
|
||||||
isInHq = false;
|
|
||||||
hq.statistics.enable = true;
|
|
||||||
pi-sensors = if true then [] else [ {
|
|
||||||
type = "dht22";
|
|
||||||
pin = 17;
|
|
||||||
location = "Schrank";
|
|
||||||
} {
|
|
||||||
type = "dht22";
|
|
||||||
pin = 23;
|
|
||||||
location = "Aussen";
|
|
||||||
} ];
|
|
||||||
|
|
||||||
# unless you automate walking up to the roof, do never enable
|
|
||||||
# automatic updates for this machine!
|
|
||||||
autoUpdate = lib.mkForce false;
|
|
||||||
};
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
buildCores = 4;
|
|
||||||
maxJobs = 2;
|
|
||||||
};
|
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "radiobert"; # Define your hostname.
|
|
||||||
useDHCP = false;
|
|
||||||
interfaces.eth0.ipv4.addresses = [{
|
|
||||||
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
|
|
||||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
|
||||||
}];
|
|
||||||
defaultGateway = "172.20.73.1";
|
|
||||||
firewall.enable = false;
|
|
||||||
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
libraspberrypi
|
|
||||||
raspberrypi-eeprom
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
];
|
|
||||||
|
|
||||||
programs.tmux.enable = true;
|
|
||||||
|
|
||||||
# Do not log to flash:
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
Storage=volatile
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow access to USB
|
|
||||||
services.udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="usb", MODE:="0666"
|
|
||||||
'';
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -1,7 +1,127 @@
|
||||||
|
{ zentralwerk, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./base.nix
|
|
||||||
./soapysdr.nix
|
./soapysdr.nix
|
||||||
./readsb.nix
|
./readsb.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
c3d2 = {
|
||||||
|
isInHq = false;
|
||||||
|
hq.statistics.enable = true;
|
||||||
|
pi-sensors = if true then [] else [ {
|
||||||
|
type = "dht22";
|
||||||
|
pin = 17;
|
||||||
|
location = "Schrank";
|
||||||
|
} {
|
||||||
|
type = "dht22";
|
||||||
|
pin = 23;
|
||||||
|
location = "Aussen";
|
||||||
|
} ];
|
||||||
|
|
||||||
|
# unless you automate walking up to the roof, do never enable
|
||||||
|
# automatic updates for this machine!
|
||||||
|
autoUpdate = lib.mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
grub.enable = false;
|
||||||
|
raspberryPi = {
|
||||||
|
enable = true;
|
||||||
|
version = 4;
|
||||||
|
# TODO: this machine actually has u-boot setup but that's no
|
||||||
|
# longer working with nixos-22.05. DO NOT REBOOT! :-)
|
||||||
|
# https://github.com/NixOS/nixpkgs/pull/112677
|
||||||
|
# uboot.enable = true;
|
||||||
|
firmwareConfig = ''
|
||||||
|
gpu_mem=192
|
||||||
|
dtparam=audio=on
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
# No ZFS on latest kernel:
|
||||||
|
supportedFilesystems = lib.mkForce [ "vfat" "ext4" ];
|
||||||
|
|
||||||
|
tmpOnTmpfs = true;
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [ "usbhid" ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
};
|
||||||
|
kernelModules = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot/firmware" = {
|
||||||
|
device = "/dev/disk/by-label/FIRMWARE";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
deviceTree.enable = false;
|
||||||
|
enableRedistributableFirmware = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
makeModulesClosure = x:
|
||||||
|
# prevent kernel install fail due to missing modules
|
||||||
|
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
buildCores = 4;
|
||||||
|
maxJobs = 2;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "radiobert"; # Define your hostname.
|
||||||
|
useDHCP = false;
|
||||||
|
interfaces.eth0.ipv4.addresses = [{
|
||||||
|
address = config.c3d2.hosts."${config.networking.hostName}".ip4;
|
||||||
|
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||||
|
}];
|
||||||
|
defaultGateway = "172.20.73.1";
|
||||||
|
firewall.enable = false;
|
||||||
|
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
libraspberrypi
|
||||||
|
raspberrypi-eeprom
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.tmux.enable = true;
|
||||||
|
|
||||||
|
services = {
|
||||||
|
# Do not log to flash:
|
||||||
|
journald.extraConfig = ''
|
||||||
|
Storage=volatile
|
||||||
|
'';
|
||||||
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
# Allow access to USB
|
||||||
|
udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="usb", MODE:="0666"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,58 +25,44 @@ in {
|
||||||
# no watching TV intended
|
# no watching TV intended
|
||||||
"dvb_usb_rtl28xxu"
|
"dvb_usb_rtl28xxu"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
readsb
|
||||||
|
];
|
||||||
|
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"chaos-consulting/user".owner = "mlat-client";
|
"chaos-consulting/user".owner = "mlat-client";
|
||||||
};
|
};
|
||||||
users.users.readsb = {
|
|
||||||
|
users = {
|
||||||
|
groups.adsb = {};
|
||||||
|
users = {
|
||||||
|
dump1090-influxdb = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "adsb";
|
group = "adsb";
|
||||||
};
|
};
|
||||||
users.groups.adsb = {};
|
mlat-client = {
|
||||||
systemd.services.readsb = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.readsb}/bin/readsb --modeac --aggressive --fix --stats-range --dcfilter --quiet --gain=-10 --lon=${lon} --lat=${lat} --net --net-ro-port=30002 --net-sbs-port=30003 --net-bo-port=30005 --net-vrs-port=30006 --net-beast-reduce-interval 1 --net-connector feed.adsbexchange.com,30005,beast_reduce_out";
|
|
||||||
User = "readsb";
|
|
||||||
Group = "adsb";
|
|
||||||
ProtectSystem = "full";
|
|
||||||
ProtectHome = true;
|
|
||||||
Restart = "always";
|
|
||||||
RestartSec = "10s";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.mlat-client = {
|
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "adsb";
|
group = "adsb";
|
||||||
};
|
};
|
||||||
# Feeds adsbexchange.com, test at https://www.adsbexchange.com/myip/
|
readsb = {
|
||||||
systemd.services.mlat-client-adsbexchange = makeMlatClientService "--server feed.adsbexchange.com:31090 --user C3D2";
|
|
||||||
# Feeds https://adsb.chaos-consulting.de/map/
|
|
||||||
systemd.services.mlat-client-chaos-consulting = makeMlatClientService "--server ${config.services.stunnel.clients.mlat-client-chaos-consulting.accept} --user \"$(cat ${config.sops.secrets."chaos-consulting/user".path})\"";
|
|
||||||
|
|
||||||
# mlat-client-chaos-consulting needs ssl
|
|
||||||
services.stunnel = {
|
|
||||||
enable = true;
|
|
||||||
clients.mlat-client-chaos-consulting = {
|
|
||||||
accept = "127.0.0.1:3334";
|
|
||||||
connect = "mlat.chaos-consulting.de:3334";
|
|
||||||
verifyChain = false;
|
|
||||||
verifyPeer = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.sbs2json = {
|
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "adsb";
|
group = "adsb";
|
||||||
};
|
};
|
||||||
# SHIM because readsb has no web server like dump1090
|
sbs2json = {
|
||||||
systemd.services.sbs2json = {
|
isSystemUser = true;
|
||||||
|
group = "adsb";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
dump1090-influxdb = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "readsb.service" ];
|
requires = [ "readsb.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.heliwatch.http-json}/bin/http-json";
|
ExecStart = "${pkgs.dump1090-influxdb}/bin/dump1090-influxdb";
|
||||||
User = "sbs2json";
|
User = "dump1090-influxdb";
|
||||||
Group = "adsb";
|
Group = "adsb";
|
||||||
ProtectSystem = "full";
|
ProtectSystem = "full";
|
||||||
ProtectHome = true;
|
ProtectHome = true;
|
||||||
|
@ -85,7 +71,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.feed-chaos-consulting = {
|
feed-chaos-consulting = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "sbs2json.service" ];
|
requires = [ "sbs2json.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -118,16 +104,16 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.dump1090-influxdb = {
|
# Feeds adsbexchange.com, test at https://www.adsbexchange.com/myip/
|
||||||
isSystemUser = true;
|
mlat-client-adsbexchange = makeMlatClientService "--server feed.adsbexchange.com:31090 --user C3D2";
|
||||||
group = "adsb";
|
# Feeds https://adsb.chaos-consulting.de/map/
|
||||||
};
|
mlat-client-chaos-consulting = makeMlatClientService "--server ${config.services.stunnel.clients.mlat-client-chaos-consulting.accept} --user \"$(cat ${config.sops.secrets."chaos-consulting/user".path})\"";
|
||||||
systemd.services.dump1090-influxdb = {
|
|
||||||
|
readsb = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "readsb.service" ];
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.dump1090-influxdb}/bin/dump1090-influxdb";
|
ExecStart = "${pkgs.readsb}/bin/readsb --modeac --aggressive --fix --stats-range --dcfilter --quiet --gain=-10 --lon=${lon} --lat=${lat} --net --net-ro-port=30002 --net-sbs-port=30003 --net-bo-port=30005 --net-vrs-port=30006 --net-beast-reduce-interval 1 --net-connector feed.adsbexchange.com,30005,beast_reduce_out";
|
||||||
User = "dump1090-influxdb";
|
User = "readsb";
|
||||||
Group = "adsb";
|
Group = "adsb";
|
||||||
ProtectSystem = "full";
|
ProtectSystem = "full";
|
||||||
ProtectHome = true;
|
ProtectHome = true;
|
||||||
|
@ -136,11 +122,35 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.collectd.plugins.exec = ''
|
# SHIM because readsb has no web server like dump1090
|
||||||
|
sbs2json = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
requires = [ "readsb.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.heliwatch.http-json}/bin/http-json";
|
||||||
|
User = "sbs2json";
|
||||||
|
Group = "adsb";
|
||||||
|
ProtectSystem = "full";
|
||||||
|
ProtectHome = true;
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = "10s";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
collectd.plugins.exec = ''
|
||||||
Exec "${config.services.collectd.user}" "${pkgs.heliwatch.collectd-stats}/bin/collectd-stats"
|
Exec "${config.services.collectd.user}" "${pkgs.heliwatch.collectd-stats}/bin/collectd-stats"
|
||||||
'';
|
'';
|
||||||
|
# mlat-client-chaos-consulting needs ssl
|
||||||
environment.systemPackages = with pkgs; [
|
stunnel = {
|
||||||
readsb
|
enable = true;
|
||||||
];
|
clients.mlat-client-chaos-consulting = {
|
||||||
|
accept = "127.0.0.1:3334";
|
||||||
|
connect = "mlat.chaos-consulting.de:3334";
|
||||||
|
verifyChain = false;
|
||||||
|
verifyPeer = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,11 +6,14 @@
|
||||||
hackrf
|
hackrf
|
||||||
];
|
];
|
||||||
|
|
||||||
users.users.soapysdr = {
|
users = {
|
||||||
|
groups.soapysdr = {};
|
||||||
|
users.soapysdr = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "soapysdr";
|
group = "soapysdr";
|
||||||
};
|
};
|
||||||
users.groups.soapysdr = {};
|
};
|
||||||
|
|
||||||
systemd.services.soapysdr-server = {
|
systemd.services.soapysdr-server = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
|
|
@ -1,20 +1,6 @@
|
||||||
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }:
|
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
boot.kernelParams = [ "verbose" ];
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
hardware.bluetooth.enable = true;
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
|
||||||
makeModulesClosure = x:
|
|
||||||
# prevent kernel install fail due to missing modules
|
|
||||||
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
|
||||||
};
|
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
isInHq = true;
|
isInHq = true;
|
||||||
mergeHostsFile = true;
|
mergeHostsFile = true;
|
||||||
|
@ -25,6 +11,23 @@
|
||||||
autoUpdate = false;
|
autoUpdate = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
boot.kernelParams = [ "verbose" ];
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
bluetooth.enable = true;
|
||||||
|
enableRedistributableFirmware = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
|
||||||
|
|
||||||
|
nixpkgs.config.packageOverrides = pkgs: {
|
||||||
|
makeModulesClosure = x:
|
||||||
|
# prevent kernel install fail due to missing modules
|
||||||
|
pkgs.makeModulesClosure (x // { allowMissing = true; });
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "rpi-netboot"; # Define your hostname.
|
hostName = "rpi-netboot"; # Define your hostname.
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
|
@ -32,25 +35,26 @@
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [ "mode=0755" ];
|
||||||
|
};
|
||||||
|
"/etc" = {
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [ "mode=0755" ];
|
||||||
|
};
|
||||||
# mount the server's /nix/store
|
# mount the server's /nix/store
|
||||||
fileSystems."/nix/store" = {
|
"/nix/store" = {
|
||||||
device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
|
device = "${hostRegistry.hosts.nix-build.ip4}:/nix/store";
|
||||||
fsType = "nfs";
|
fsType = "nfs";
|
||||||
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
|
options = [ "nfsvers=3" "proto=tcp" "nolock" "hard" "async" "ro" ];
|
||||||
neededForBoot = true;
|
neededForBoot = true;
|
||||||
};
|
};
|
||||||
# volatile system: everything is tmpfs
|
"/var" = {
|
||||||
fileSystems."/" = {
|
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = [ "mode=0755" ];
|
options = [ "mode=0755" ];
|
||||||
};
|
};
|
||||||
fileSystems."/etc" = {
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = [ "mode=0755" ];
|
|
||||||
};
|
|
||||||
fileSystems."/var" = {
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = [ "mode=0755" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -74,23 +78,8 @@
|
||||||
|
|
||||||
programs.tmux.enable = true;
|
programs.tmux.enable = true;
|
||||||
|
|
||||||
systemd = {
|
|
||||||
# r/o /nix/store
|
|
||||||
services.nix-daemon.enable = false;
|
|
||||||
sockets.nix-daemon.enable = false;
|
|
||||||
services.nix-gc.enable = false;
|
|
||||||
};
|
|
||||||
nix.gc.automatic = lib.mkForce false;
|
nix.gc.automatic = lib.mkForce false;
|
||||||
|
|
||||||
# Do not log to flash:
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
Storage=volatile
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
security.sudo = {
|
security.sudo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wheelNeedsPassword = false;
|
wheelNeedsPassword = false;
|
||||||
|
@ -102,24 +91,40 @@
|
||||||
keyMap = "de";
|
keyMap = "de";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
services.xserver = {
|
||||||
services.xserver.enable = true;
|
enable = true;
|
||||||
services.xserver.layout = "de";
|
layout = "de";
|
||||||
services.xserver.xkbOptions = "eurosign:e";
|
xkbOptions = "eurosign:e";
|
||||||
|
};
|
||||||
|
|
||||||
services.xserver.displayManager = {
|
services = {
|
||||||
lightdm = { enable = true; };
|
# Do not log to flash
|
||||||
|
journald.extraConfig = ''
|
||||||
|
Storage=volatile
|
||||||
|
'';
|
||||||
|
openssh.enable = true;
|
||||||
|
xserver = {
|
||||||
|
displayManager = {
|
||||||
|
lightdm.enable = true;
|
||||||
autoLogin = {
|
autoLogin = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "k-ot";
|
user = "k-ot";
|
||||||
};
|
};
|
||||||
defaultSession = "gnome-xorg";
|
defaultSession = "gnome-xorg";
|
||||||
};
|
};
|
||||||
services.xserver.desktopManager = {
|
desktopManager.gnome.enable = true;
|
||||||
gnome.enable = true;
|
|
||||||
# kodi.enable = true;
|
|
||||||
};
|
};
|
||||||
systemd.user.services.x11vnc = {
|
};
|
||||||
|
|
||||||
|
systemd = {
|
||||||
|
# r/o /nix/store
|
||||||
|
services = {
|
||||||
|
nix-daemon.enable = false;
|
||||||
|
nix-gc.enable = false
|
||||||
|
};
|
||||||
|
sockets.nix-daemon.enable = false;
|
||||||
|
|
||||||
|
user.services.x11vnc = {
|
||||||
description = "X11 VNC server";
|
description = "X11 VNC server";
|
||||||
wantedBy = [ "graphical-session.target" ];
|
wantedBy = [ "graphical-session.target" ];
|
||||||
partOf = [ "graphical-session.target" ];
|
partOf = [ "graphical-session.target" ];
|
||||||
|
@ -131,12 +136,7 @@
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,52 +1,44 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./network.nix
|
./network.nix
|
||||||
./microvm-staging.nix
|
./microvm-staging.nix
|
||||||
./microvms.nix
|
./microvms.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the GRUB 2 boot loader.
|
c3d2.hq.statistics.enable = true;
|
||||||
boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
# boot.loader.grub.efiSupport = true;
|
|
||||||
# boot.loader.grub.efiInstallAsRemovable = true;
|
|
||||||
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
|
||||||
# Define on which hard drive you want to install Grub.
|
|
||||||
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
|
||||||
|
|
||||||
# FIXME: Package ‘zfs-kernel-2.1.4-5.18’ is marked as broken
|
boot= {
|
||||||
# boot.kernelPackages = pkgs.linuxPackages_latest;
|
loader.grub = {
|
||||||
# FIXME: kernel null ptr derefs
|
enable = true;
|
||||||
# boot.kernelPackages = pkgs.linuxPackages_5_17;
|
version = 2;
|
||||||
|
device = "/dev/sda";
|
||||||
|
};
|
||||||
|
|
||||||
boot.kernelParams = [
|
# kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
|
kernelParams = [
|
||||||
"preempt=none"
|
"preempt=none"
|
||||||
# No server/router runs any untrusted user code
|
# No server/router runs any untrusted user code
|
||||||
"mitigations=off"
|
"mitigations=off"
|
||||||
];
|
];
|
||||||
boot.tmpOnTmpfs = true;
|
tmpOnTmpfs = true;
|
||||||
boot.tmpOnTmpfsSize = "80%";
|
tmpOnTmpfsSize = "80%";
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "server10"; # Define your hostname.
|
networking = {
|
||||||
networking.hostId = "10101010";
|
hostName = "server10";
|
||||||
|
# TODO: change that to something more random
|
||||||
|
hostId = "10101010";
|
||||||
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [ 22 ];
|
allowedTCPPorts = [ 22 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
|
|
||||||
c3d2.hq.statistics.enable = true;
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
system.stateVersion = "21.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,8 +21,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
networking.useDHCP = false;
|
networking = {
|
||||||
networking.useNetworkd = true;
|
useDHCP = false;
|
||||||
|
useNetworkd = true;
|
||||||
|
};
|
||||||
|
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
# Prevents automatic creation of interface bond0 by the kernel
|
# Prevents automatic creation of interface bond0 by the kernel
|
||||||
|
|
|
@ -5,12 +5,8 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./streamdump.nix
|
./streamdump.nix
|
||||||
# ../../config
|
|
||||||
# ../../config/hq.nix
|
|
||||||
# ../../config/shared.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
c3d2 = {
|
c3d2 = {
|
||||||
|
@ -23,14 +19,19 @@ in
|
||||||
|
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
boot.loader.grub = {
|
boot = {
|
||||||
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
loader = {
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
version = 2;
|
version = 2;
|
||||||
efiSupport = true;
|
efiSupport = true;
|
||||||
devices = [ "nodev" ];
|
devices = [ "nodev" ];
|
||||||
};
|
};
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
};
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
};
|
||||||
|
|
||||||
systemd.enableEmergencyMode = false;
|
systemd.enableEmergencyMode = false;
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
@ -46,14 +47,16 @@ in
|
||||||
prefixLength = 64;
|
prefixLength = 64;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
defaultGateway = {
|
||||||
defaultGateway.address = "172.22.99.4";
|
address = "172.22.99.4";
|
||||||
defaultGateway.interface = eth0;
|
interface = eth0;
|
||||||
|
};
|
||||||
nameservers = [
|
nameservers = [
|
||||||
hostRegistry.hosts.dnscache.ip4
|
hostRegistry.hosts.dnscache.ip4
|
||||||
hostRegistry.hosts.dnscache.ip6
|
hostRegistry.hosts.dnscache.ip6
|
||||||
"9.9.9.9"
|
"9.9.9.9"
|
||||||
];
|
];
|
||||||
|
firewall.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -68,21 +71,23 @@ in
|
||||||
iotop
|
iotop
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.bash.enableCompletion = true;
|
programs = {
|
||||||
programs.mtr.enable = true;
|
bash.enableCompletion = true;
|
||||||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
mtr.enable = true;
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
allowSFTP = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.atftpd = {
|
services = {
|
||||||
|
atftpd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
root = "/mnt/cephfs/c3d2/tftp";
|
root = "/mnt/cephfs/c3d2/tftp";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.samba = {
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
allowSFTP = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
samba = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableNmbd = true;
|
enableNmbd = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -111,8 +116,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
networking.firewall.enable = false;
|
|
||||||
|
|
||||||
system.stateVersion = "19.03"; # Did you read the comment?
|
system.stateVersion = "19.03"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
archiveRoot = "/mnt/cephfs/c3d2/Radio";
|
|
||||||
streams = {
|
streams = {
|
||||||
coloradio = "http://streaming.fueralle.org/coloradio_160.mp3";
|
coloradio = "http://streaming.fueralle.org/coloradio_160.mp3";
|
||||||
};
|
};
|
||||||
|
@ -17,7 +16,7 @@ in {
|
||||||
mp3splt
|
mp3splt
|
||||||
];
|
];
|
||||||
script = ''
|
script = ''
|
||||||
DIR=${archiveRoot}/${stream}/$(date +%F)
|
DIR=mnt/cephfs/c3d2/Radio/${stream}/$(date +%F)
|
||||||
mkdir -p $DIR
|
mkdir -p $DIR
|
||||||
cd $DIR
|
cd $DIR
|
||||||
|
|
||||||
|
|
|
@ -67,7 +67,6 @@ in
|
||||||
'';
|
'';
|
||||||
|
|
||||||
hq = {
|
hq = {
|
||||||
|
|
||||||
interface = mkOption {
|
interface = mkOption {
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
default = null;
|
default = null;
|
||||||
|
|
|
@ -1,14 +1,16 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
# TODO: move to flake
|
||||||
nixcloud-webservices = pkgs.fetchFromGitHub {
|
nixcloud-webservices = pkgs.fetchFromGitHub {
|
||||||
owner = "nixcloud";
|
owner = "nixcloud";
|
||||||
repo = "nixcloud-webservices";
|
repo = "nixcloud-webservices";
|
||||||
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
|
rev = "3a0767f0536fac811065eb87e6342f27eac085aa";
|
||||||
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
|
sha256 = "vC0vBu+0HchrevuWsmE7giouKnSt/q4F0TffwhuNJv8=";
|
||||||
};
|
};
|
||||||
inherit ((import "${nixcloud-webservices}/pkgs" { inherit pkgs; })) nixcloud;
|
inherit (import "${nixcloud-webservices}/pkgs" { inherit pkgs; }) nixcloud;
|
||||||
|
|
||||||
profilesDir = "/nix/var/nix/profiles/lxc";
|
profilesDir = "/nix/var/nix/profiles/lxc";
|
||||||
inherit (config.lxc) containers;
|
inherit (config.lxc) containers;
|
||||||
|
@ -89,10 +91,11 @@ in {
|
||||||
|
|
||||||
path = with pkgs; [ coreutils nix ];
|
path = with pkgs; [ coreutils nix ];
|
||||||
|
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig = {
|
||||||
serviceConfig.RemainAfterExit = true;
|
Type = "oneshot";
|
||||||
serviceConfig.Environment =
|
RemainAfterExit = true;
|
||||||
[ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
|
Environment = [ "NIX_PATH=${builtins.concatStringsSep ":" nixPath}" ];
|
||||||
|
};
|
||||||
|
|
||||||
script = ''
|
script = ''
|
||||||
mkdir -p ${profilesDir}/${name}
|
mkdir -p ${profilesDir}/${name}
|
||||||
|
|
|
@ -9,11 +9,11 @@ let
|
||||||
settingsFormat = pkgs.formats.json { };
|
settingsFormat = pkgs.formats.json { };
|
||||||
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
|
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
|
||||||
pkg = programCfg.package;
|
pkg = programCfg.package;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.nncp = {
|
services.nncp = {
|
||||||
|
|
||||||
caller = {
|
caller = {
|
||||||
enable = mkEnableOption ''
|
enable = mkEnableOption ''
|
||||||
croned NNCP TCP daemon caller.
|
croned NNCP TCP daemon caller.
|
||||||
|
@ -130,7 +130,5 @@ in {
|
||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
socketConfig.Accept = true;
|
socketConfig.Accept = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
options.c3d2.pi-sensors = lib.mkOption {
|
options.c3d2.pi-sensors = lib.mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
|
|
|
@ -46,9 +46,11 @@
|
||||||
libraspberrypi
|
libraspberrypi
|
||||||
raspberrypi-eeprom
|
raspberrypi-eeprom
|
||||||
];
|
];
|
||||||
|
|
||||||
services.journald.extraConfig = ''
|
services.journald.extraConfig = ''
|
||||||
Storage=volatile
|
Storage=volatile
|
||||||
'';
|
'';
|
||||||
|
|
||||||
networking.networkmanager.enable = false;
|
networking.networkmanager.enable = false;
|
||||||
|
|
||||||
system.build.tftproot = pkgs.runCommand "tftproot-${config.networking.hostName}" {} ''
|
system.build.tftproot = pkgs.runCommand "tftproot-${config.networking.hostName}" {} ''
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
set -x
|
set -ex
|
||||||
set -e
|
|
||||||
|
|
||||||
sudo nix-channel --update
|
sudo nix-channel --update
|
||||||
time nix-env -- -u \*
|
time nix-env -- -u \*
|
||||||
|
|
|
@ -1,26 +1,28 @@
|
||||||
{ stdenv, fetchgit, fetchpatch, }:
|
{ stdenv, fetchgit, fetchpatch, }:
|
||||||
|
|
||||||
let
|
stdenv.mkDerivation {
|
||||||
|
pname = "bmxd";
|
||||||
|
version = "0.4-1"; # ${version}-${release}
|
||||||
|
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git";
|
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware.git";
|
||||||
rev = "T_FIRMWARE_7.0.1";
|
rev = "T_FIRMWARE_7.0.1";
|
||||||
sha256 = "sha256-3sV59uqFp+TZKrDf7kmksLvz+5ZKriwFyXZMBH2Sdws=";
|
sha256 = "sha256-3sV59uqFp+TZKrDf7kmksLvz+5ZKriwFyXZMBH2Sdws=";
|
||||||
};
|
};
|
||||||
path = "feeds/19.07/feeds-own/bmxd";
|
|
||||||
patch = fetchpatch {
|
|
||||||
name = "timercpy.patch";
|
|
||||||
url =
|
|
||||||
"https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
|
|
||||||
sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng=";
|
|
||||||
};
|
|
||||||
in stdenv.mkDerivation {
|
|
||||||
pname = "bmxd";
|
|
||||||
version = "0.4-1"; # ${version}-${release}
|
|
||||||
|
|
||||||
inherit src;
|
patches = [
|
||||||
patches = [ patch ];
|
(fetchpatch {
|
||||||
buildPhase = "cd ${path}/sources";
|
name = "timercpy.patch";
|
||||||
installPhase = ''
|
url = "https://gitlab.freifunk-dresden.de/firmware-developer/firmware/merge_requests/36.patch";
|
||||||
make install SBINDIR=$out/sbin
|
sha256 = "sha256-40BbcCZ10cQzvkfsAi8ApCgmC4hGMh2J8xU6gjD3cng=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
|
buildPhase = ''
|
||||||
|
cd feeds/19.07/feeds-own/bmxd/sources
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
installFlags = [
|
||||||
|
"SBINDIR=$out/sbin"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,15 +6,19 @@
|
||||||
rustPlatform.buildRustPackage rec {
|
rustPlatform.buildRustPackage rec {
|
||||||
name = "dump1090_rs";
|
name = "dump1090_rs";
|
||||||
version = "0.5.1";
|
version = "0.5.1";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "rsadsb";
|
owner = "rsadsb";
|
||||||
repo = "dump1090_rs";
|
repo = "dump1090_rs";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "1jhcb5b3l1q8zz3hfwyxy69i1015jmbdw3zlnhvalgqhp9qli2li";
|
sha256 = "1jhcb5b3l1q8zz3hfwyxy69i1015jmbdw3zlnhvalgqhp9qli2li";
|
||||||
};
|
};
|
||||||
|
|
||||||
cargoSha256 = "00270yfbgz794m8mifnskvgqd6h17mm18cxr10371zlymnsnjf2c";
|
cargoSha256 = "00270yfbgz794m8mifnskvgqd6h17mm18cxr10371zlymnsnjf2c";
|
||||||
|
|
||||||
nativeBuildInputs = [ pkg-config llvmPackages.clang ];
|
nativeBuildInputs = [ pkg-config llvmPackages.clang ];
|
||||||
|
|
||||||
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
|
LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib";
|
||||||
|
|
||||||
buildInputs = [ soapysdr-with-plugins ];
|
buildInputs = [ soapysdr-with-plugins ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,9 +9,13 @@ in
|
||||||
rustPlatform.buildRustPackage {
|
rustPlatform.buildRustPackage {
|
||||||
name = "ledball";
|
name = "ledball";
|
||||||
version = "0.0.0";
|
version = "0.0.0";
|
||||||
|
|
||||||
src = "${pile}/ledball";
|
src = "${pile}/ledball";
|
||||||
|
|
||||||
cargoSha256 = "0zyfbf3gph8gqab07fmm5a7x5slapsqn8ck6isp53fsa7ljnagjy";
|
cargoSha256 = "0zyfbf3gph8gqab07fmm5a7x5slapsqn8ck6isp53fsa7ljnagjy";
|
||||||
|
|
||||||
cargoBuildFlags = [ "--examples" ];
|
cargoBuildFlags = [ "--examples" ];
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
mkdir -p $out/bin
|
mkdir -p $out/bin
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,8 @@
|
||||||
# , libad9361, libiio
|
# , libad9361, libiio
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "readsb-protobuf";
|
pname = "readsb-protobuf";
|
||||||
|
version = "unstable-2021-12-10";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "Mictronics";
|
owner = "Mictronics";
|
||||||
|
@ -18,12 +19,15 @@ stdenv.mkDerivation rec {
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
pkg-config protobufc
|
pkg-config protobufc
|
||||||
];
|
];
|
||||||
|
|
||||||
buildInputs = [
|
buildInputs = [
|
||||||
ncurses rrdtool libusb1
|
ncurses rrdtool libusb1
|
||||||
libbladeRF librtlsdr
|
libbladeRF librtlsdr
|
||||||
# libad9361 libiio
|
# libad9361 libiio
|
||||||
];
|
];
|
||||||
|
|
||||||
# enableParallelBuilding = true;
|
# enableParallelBuilding = true;
|
||||||
|
|
||||||
makeFlags = [
|
makeFlags = [
|
||||||
"BLADERF=yes"
|
"BLADERF=yes"
|
||||||
"RTLSDR=yes"
|
"RTLSDR=yes"
|
||||||
|
|
|
@ -3,15 +3,19 @@
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "SimpleYggGen-CPP";
|
pname = "SimpleYggGen-CPP";
|
||||||
version = "5.1";
|
version = "5.1";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://notabug.org/acetone/${pname}/archive/${version}.tar.gz";
|
url = "https://notabug.org/acetone/${pname}/archive/${version}.tar.gz";
|
||||||
hash = "sha256-z5Wtmw2vq3qRjNSOJ0xlxdmB5g2Oa+UQn1Awt7+R/XY=";
|
hash = "sha256-z5Wtmw2vq3qRjNSOJ0xlxdmB5g2Oa+UQn1Awt7+R/XY=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cmake ];
|
nativeBuildInputs = [ cmake ];
|
||||||
|
|
||||||
buildInputs = [ libsodium ];
|
buildInputs = [ libsodium ];
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
find .
|
|
||||||
install -D src/sygcpp $out/bin/$pname
|
install -D src/sygcpp $out/bin/$pname
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta.maintainers = [ lib.maintainers.ehmry ];
|
meta.maintainers = [ lib.maintainers.ehmry ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -44,22 +44,29 @@ echo Preparing sensible defaults
|
||||||
run "cat > /etc/nixos/configuration.nix" <<EOF
|
run "cat > /etc/nixos/configuration.nix" <<EOF
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
boot.isContainer = true;
|
boot = {
|
||||||
boot.loader.initScript.enable = true;
|
isContainer = true;
|
||||||
|
loader.initScript.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [ vim git ];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "$NAME";
|
||||||
|
useDHCP = false;
|
||||||
|
interfaces.eth0.useDHCP = true;
|
||||||
|
firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "$NAME";
|
|
||||||
nix = {
|
nix = {
|
||||||
useSandbox = false;
|
useSandbox = false;
|
||||||
extraOptions = "experimental-features = nix-command flakes";
|
extraOptions = "experimental-features = nix-command flakes";
|
||||||
# package = pkgs.nixFlakes;
|
|
||||||
};
|
};
|
||||||
networking.useDHCP = false;
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
environment.systemPackages = with pkgs; [ vim git ];
|
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Disable Nix sandbox
|
# Disable Nix sandbox
|
||||||
run rm /etc/nix/nix.conf
|
run rm /etc/nix/nix.conf
|
||||||
run cp /etc/static/nix/nix.conf /etc/nix/nix.conf
|
run cp /etc/static/nix/nix.conf /etc/nix/nix.conf
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
{
|
{
|
||||||
|
# Please use ed25519 keys!
|
||||||
|
|
||||||
antrares.sshKeys = [
|
antrares.sshKeys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDC6Io8mHskJhkUh+vaSo95pi1E/gAoesQ0v+s+7DCTgjpOkB+W6vdJ8U6rblFxrETaWFAIVfkg+I/ZYvNWqCAxu1iWXaZ3IEK2ZiP5Vg0HevAP0ratfIHw50V8wfsyA8/lLVGdpX76xqexdY3G1SYZUcedq6AqWx6FpyoKGVOL2+jlJhmxCoEYfOJe6HbTi02UtAw1qavaD2acvuLksHOiwRAq1+ijPo/OmU3LmaErheceiPC97Wn4H/a98HdnWXJ3AXZCpPzp784/gUxOd/fvKRQPv0Lza9dytmpkAVc9efLMAQZm60w9InpIY0VxJRu2iFDc6msMF/iJp1UXSJfk4hTxUvXL8rPXc4GYKDSQlWO4UXoKd2gZEmCdcsIN/re6VR1lJWcm4eKxI9zJAQRZDrYHZP3ALBJrBY+7pJUHGSB+jCdZ73zkvkiNWUHZ9Wwp4RvdFoCR9qT+AoDU2SMiBMn8/hNMZRUs6RKjUzzn2vhCbZh19QIDxivaFg3DOKq7CCI3XNR3M781MFdmeTXKBLnv2YEVXy5XDIMvucQaZIUoD14fSF2wnncuP9h0gs2H1zG7nQfMagGpE+ro56FO3rBQqfRzz/U528yuq8uf/6TD9u3jTu7ngZ0YpDvAwAh8yG3b2KGFbrcYc3N1zEQOz7IqKixmIt/f3VOOjQ3Yww== antrares@c3d2.de"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDC6Io8mHskJhkUh+vaSo95pi1E/gAoesQ0v+s+7DCTgjpOkB+W6vdJ8U6rblFxrETaWFAIVfkg+I/ZYvNWqCAxu1iWXaZ3IEK2ZiP5Vg0HevAP0ratfIHw50V8wfsyA8/lLVGdpX76xqexdY3G1SYZUcedq6AqWx6FpyoKGVOL2+jlJhmxCoEYfOJe6HbTi02UtAw1qavaD2acvuLksHOiwRAq1+ijPo/OmU3LmaErheceiPC97Wn4H/a98HdnWXJ3AXZCpPzp784/gUxOd/fvKRQPv0Lza9dytmpkAVc9efLMAQZm60w9InpIY0VxJRu2iFDc6msMF/iJp1UXSJfk4hTxUvXL8rPXc4GYKDSQlWO4UXoKd2gZEmCdcsIN/re6VR1lJWcm4eKxI9zJAQRZDrYHZP3ALBJrBY+7pJUHGSB+jCdZ73zkvkiNWUHZ9Wwp4RvdFoCR9qT+AoDU2SMiBMn8/hNMZRUs6RKjUzzn2vhCbZh19QIDxivaFg3DOKq7CCI3XNR3M781MFdmeTXKBLnv2YEVXy5XDIMvucQaZIUoD14fSF2wnncuP9h0gs2H1zG7nQfMagGpE+ro56FO3rBQqfRzz/U528yuq8uf/6TD9u3jTu7ngZ0YpDvAwAh8yG3b2KGFbrcYc3N1zEQOz7IqKixmIt/f3VOOjQ3Yww== antrares@c3d2.de"
|
||||||
];
|
];
|
||||||
|
@ -54,5 +56,4 @@
|
||||||
windsleep.sshKeys = [
|
windsleep.sshKeys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD6vi3Y/e5wxJzsehFyM+N16f1QAmepMwIOSL3gO9w7CZ1jUF2Cky6y/40TcNWMDyvgxbcEfobG/Foa8DXQgKcc9LZS8jjGmzTVRCKxON5hQsYXRmxzawe8Fg2bkYxpWeoknW0wgDc/3XJA17IP2ONfVtX3YVQyhf5WPDHrXojnBadXMBUtvK5p7T+L9Z3/cGB80K5BoQCC4ZRn6gkOMjpFOKYXJfIzmLI5WPvTe7B/uuEfZ8IT8nzZsi2VBwru01s+iEXs7th/rAp2Q74pWTW8Q8jhNL1E15Yct9K7yV1p6D7YPF/BCKtXKP6VzU2ULmTp6nlCkeDJvZgLP6UpzLJJ basti@windnix"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD6vi3Y/e5wxJzsehFyM+N16f1QAmepMwIOSL3gO9w7CZ1jUF2Cky6y/40TcNWMDyvgxbcEfobG/Foa8DXQgKcc9LZS8jjGmzTVRCKxON5hQsYXRmxzawe8Fg2bkYxpWeoknW0wgDc/3XJA17IP2ONfVtX3YVQyhf5WPDHrXojnBadXMBUtvK5p7T+L9Z3/cGB80K5BoQCC4ZRn6gkOMjpFOKYXJfIzmLI5WPvTe7B/uuEfZ8IT8nzZsi2VBwru01s+iEXs7th/rAp2Q74pWTW8Q8jhNL1E15Yct9K7yV1p6D7YPF/BCKtXKP6VzU2ULmTp6nlCkeDJvZgLP6UpzLJJ basti@windnix"
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue