hswaw/machines: add sound.waw.hackerspace.pl
Change-Id: Id0e6a02d9ae4cf61d758713a99d21c6da0c72b66
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1401
Reviewed-by: vuko <vuko@hackerspace.pl>
Reviewed-by: informatic <informatic@hackerspace.pl>
diff --git a/hswaw/machines/sound.waw.hackerspace.pl/configuration.nix b/hswaw/machines/sound.waw.hackerspace.pl/configuration.nix
new file mode 100644
index 0000000..fccd656
--- /dev/null
+++ b/hswaw/machines/sound.waw.hackerspace.pl/configuration.nix
@@ -0,0 +1,214 @@
+{ config, pkgs, ... }:
+
+let
+ hw = builtins.fromJSON (builtins.readFile ./hw.json);
+ ssh-keys = {
+ vuko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhaCaC/CVYv6hphqmEdKaPrIn+Q946+myvL9SSnzFZk vuko@eagle";
+ informatic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoKB2p/gFaKthQNXeQvSLzhOlLSq3vjVL3AEOBTMXGH informatic@atuin";
+ };
+ networks = {
+ lan = {
+ description = "LAN";
+ hw_addr = "4c:52:62:ba:a9:78";
+ ipv4 = "10.8.1.26";
+ #ipv6 = "2a0d:eb00:4242::1";
+ };
+ };
+
+ system-vim = pkgs.vim_configurable.customize {
+ name = "vim";
+ vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
+ start = [ vim-nix vim-lastplace ];
+ opt = [];
+ };
+ vimrcConfig.customRC = ''
+ set nocompatible
+ '';
+ };
+
+
+in {
+ imports =
+ [
+ ./hardware-configuration.nix
+ ];
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ time.timeZone = "Europe/Warsaw";
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-partuuid/${hw.rootUUID}";
+ fsType = "ext4";
+ };
+
+ networking.hostName = "newsound";
+ networking.domain = "waw.hackerspace.pl";
+ networking.useDHCP = false;
+
+ networking.defaultGateway = {
+ address = "10.8.1.2";
+ interface = "lan";
+ };
+
+ networking.interfaces = {
+ lan = {
+ ipv4.addresses = [
+ {
+ address = networks.lan.ipv4;
+ prefixLength = 16;
+ }
+ ];
+ };
+ };
+
+ networking.nameservers = ["10.8.1.2"];
+
+ services.acpid.enable = true;
+
+ # TODO copy acls and paswords from old sound
+ services.mosquitto.enable = true;
+ services.mosquitto.listeners = [
+ {
+ settings.allow_anonymous = true;
+ }
+ ];
+
+ services.home-assistant = {
+ enable = true;
+ config = import ./home-assistant.nix;
+
+ # TODO if some components / packages are not needed
+ extraComponents = [
+ "default_config"
+ "mqtt"
+ "met"
+ "media_player"
+ "light"
+ "frontend"
+ "cast"
+ "spotify"
+ ];
+ extraPackages = ps: [
+ ps.aiohttp-cors
+ ps.pillow
+ ps.sqlalchemy
+ ps.websockets
+ ps.fnvhash
+ ps.hass-nabucasa
+ ps.pymetno
+ ps.radios
+ ];
+ };
+
+ sound.enable = true;
+
+ # TODO create config that setups volume, default output etc.
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ zeroconf.publish.enable = true;
+
+ tcp.enable = true;
+ tcp.anonymousClients.allowAll = true;
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "iot.waw.hackerspace.pl" = {
+ serverAliases = ["default_server"];
+ listen = [
+ {
+ addr = networks.lan.ipv4;
+ port = 80;
+ ssl = false;
+ }
+ ];
+ locations."/" = {
+ extraConfig = ''
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $http_connection;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $host:$server_port;
+ proxy_set_header X-Forwarded-Server $host;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ '';
+ proxyPass = "http://localhost:8123";
+ };
+ };
+ };
+ };
+
+
+ systemd.network.links = builtins.listToAttrs (map (
+ name: { name = "10-link-${name}"; value = {
+ enable = true;
+ matchConfig = {
+ MACAddress = networks."${name}".hw_addr;
+ };
+ linkConfig = {
+ Name = "${name}";
+ };
+ }; }
+ ) (builtins.filter (name: builtins.hasAttr "hw_addr" networks."${name}") (builtins.attrNames networks)));
+
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ 22 # ssh
+ 80 # nginx http
+ 1883 # mqtt (mosquitto)
+ 4713 # pulseaudo
+ ];
+ };
+
+ services.openssh = {
+ enable = true;
+ passwordAuthentication = false;
+ };
+
+ # TODO extract ssh keys synchronization from customs and add it here
+ users.users.root.openssh.authorizedKeys.keys = [ ssh-keys.vuko ssh-keys.informatic ];
+
+ environment.systemPackages = with pkgs; [
+ system-vim tcpdump htop nmon tmux git file procps parted dmidecode ack utillinux
+ nmap mosh ncdu tree lz4 bind neovim hdparm usbutils
+ ];
+
+ programs.mtr.enable = true;
+
+ environment.variables = {
+ EDITOR = "vim";
+ };
+
+ #environment.extraInit = ''
+ # export NIX_PATH="nixpkgs=${config.channel-sources.nixpkgs}";
+ #'';
+
+ environment.etc."inputrc" = {
+ text = pkgs.lib.mkDefault( pkgs.lib.mkAfter ''
+ set colored-stats on
+ set show-all-if-ambiguous on
+ set completion-ignore-case on
+
+ # arrow up
+ "\e[A": history-search-backward
+ # arrow down
+ "\e[B": history-search-forward
+
+ "\e[5~": history-search-backward
+ "\e[6~": history-search-forward
+ '');
+ };
+
+ system.stateVersion = "22.05";
+
+
+ boot.vesa = false;
+ boot.loader.grub.splashImage = null;
+}
+