hswaw/machines/printmaster: cups server box
Change-Id: Ibf75d9bad789521bfab77fb17017b20030deed52
diff --git a/hswaw/machines/hive.nix b/hswaw/machines/hive.nix
new file mode 100644
index 0000000..db80d3e
--- /dev/null
+++ b/hswaw/machines/hive.nix
@@ -0,0 +1,15 @@
+let nixpkgs = builtins.fetchTarball {
+ url = "https://github.com/NixOS/nixpkgs/archive/56911ef3403a9318b7621ce745f5452fb9ef6867.zip";
+ sha256 = "0jf6pnz4s5w9p35wd584hy7p6r5aaq1khfdxv2c1nqnmss05nn2b";
+};
+in {
+ network = {
+ nixpkgs = import nixpkgs { };
+ };
+
+ "printmaster.waw.hackerspace.pl" = { ... }: {
+ imports = [ ./printmaster.waw.hackerspace.pl/configuration.nix ];
+ nixpkgs.system = "aarch64-linux";
+ deployment.buildOnTarget = true;
+ };
+}
diff --git a/hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix b/hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix
new file mode 100644
index 0000000..a33619f
--- /dev/null
+++ b/hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix
@@ -0,0 +1,204 @@
+{ config, lib, pkgs, ... }:
+
+{
+ imports =
+ [
+ ./hardware-configuration.nix
+ ];
+
+ boot.loader.grub.enable = false;
+ boot.loader.generic-extlinux-compatible.enable = true;
+
+ networking.hostName = "printmaster";
+ networking.enableIPv6 = false;
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ # nginx
+ 80
+
+ # ftpserver
+ 2121
+ ];
+ allowedUDPPortRanges = [
+ { from = 4000; to = 4007; }
+ { from = 8000; to = 8010; }
+ ];
+ };
+
+ nix.extraOptions = ''
+ experimental-features = nix-command
+ '';
+
+ time.timeZone = "Europe/Warsaw";
+
+ users.users = {
+ pi = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ };
+ root = {
+ openssh.authorizedKeys.keys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXhpZR8NUyJe9ud92uxavLuLLRVMUpqFOUTE0x35JHgve6Qo+IqlmszlmDGtTBqLlR/ZeXw0Rb7aq6rsrM20zmPMl/XQygwzE72dUZVnw4CWlzakI6qntU4FvnpjxMy3dz3KvYUtjf+p44tEuyU64s9TLKipX58GwTtVCKO1gmSI1I+3Ng0hxcXveMln+uH7Wa5LXJhGcyXTbnUXGpp97tXLWxG5xO46kwsmRhBd2MfodeeWe+nB0tVNE/sNybOwPNfzVu/U9wylyjdQ1/CBR9sNNYxT3RhuEwXKW/Unf/0ekB5j9VMpfMNwBMz714Ml3FKGsqacJL8Z0bJuPpveG1P4IYRS6x9pxPb4pgbBO9RZXIC8YQuqdBWulQo76SSEp5yCAkHFdQ3YX7em8zROpaVdZUBRUkwKdflt5PYjcv06rDNLKLoHbVhfZcPkkqKGsP/EA7ioARTezWAWRqc3CMXCnAH2CQLOeuvHmdQ2hqg3QZV8yZd/UzpyW8KjjkEMs= frederic@dedusmuln-macos.local"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3ujDBU/w0J37TQKro5lSmb3H2vGkbllsSxrD+aGAC6/5AosPLVxOXlWUH+P8ljeHsrZRiGhq9nBaafXXvMz7D8EIFqOH6mG1sG+pFL4M0/weebRutYiwRhPn5dl9ABij+lY2ETBP8K3anPXbyHHaSZW3GTNIJbmwVlP5jYfFEzXs5v6jYpMqDZ6i3HRaDDXxp7b9ZHc5LECEvepeO2T4MlTMUSa4bntP2ZzgWKoGkC+Bpyr98ug1hGoYiRGH2Cu9shjnPSopqd/YVCBNQ917FasnGLf8rNmUtNZycE0CPYHrf6N4SslkxSbfz3i+lAsdJLo53eBdn474yryrG0DtZJA8kacBxUWrLIFrWLDHkTlOx/UrdFWV55hMkmc2uo7MvO8nGuqATRoqZwSnYRLhHU8fpZHoOXlwCVoW9fcDOTgukUYHQCbQnfiS3H5ikE5vXxAHpzPE0pZ5o+YvrE0VVSwpB0aaSt55nY8762Q2y89clvjdoGwP7p7TL8M032QGFq2PAMY/+GY01zq+qswg7uEetU8Ccam9U4XoeB8XV7ocBNvGT/1PCfXwami5335SrB6+UHq6aU93ZSqc5lXl0KhrrhwuPDjN67nN3OtoeHsbwhyv+o5QJGB4ahWFs7G37Cxj/KffgdKQnvTLSzidA6uEXqFCjq8FNuEGeG+cKHw=="
+ ];
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ wget
+ neofetch
+ git
+ fd
+ vim
+ ];
+
+ hardware.printers = {
+ ensurePrinters = [
+ {
+ name = "DYMO_LabelWriter450";
+ location = "HSWAW";
+ # FIXME: roll back to previous serial whenever we switch back to the
+ # deep fried printer
+ deviceUri = "usb://DYMO/LabelWriter%20450?serial=07080922282341";
+ # deviceUri = "usb://DYMO/LabelWriter%20450?serial=14070417114480";
+ model = "lw450.ppd";
+ ppdOptions = {
+ PageSize = "w102h252";
+ };
+ }
+
+ {
+ name = "Zebra_GK420T";
+ location = "HSWAW";
+ deviceUri = "socket://10.8.1.22:9100";
+ model = "drv:///sample.drv/zebra.ppd";
+ ppdOptions = {
+ PageSize = "w288h432";
+ MediaType = "Thermal";
+ Resolution = "203dpi";
+ };
+ }
+
+ {
+ name = "Brother_MFC8380DN";
+ location = "HSWAW";
+ deviceUri = "socket://10.8.1.21";
+ model = "BR8380.ppd";
+ ppdOptions = {
+ PageSize = "A4";
+ };
+ }
+ ];
+
+ ensureDefaultPrinter = "DYMO_LabelWriter450";
+ };
+
+ services = {
+ openssh.enable = true;
+ avahi = {
+ enable = true;
+ nssmdns = true;
+ openFirewall = true;
+ publish = {
+ enable = true;
+ userServices = true;
+ };
+ };
+ printing = {
+ enable = true;
+ defaultShared = true;
+ browsing = true;
+ openFirewall = true;
+ allowFrom = [ "all" ];
+ listenAddresses = [ "*:631" ];
+ drivers = [
+ # Workaround for broken multi-copies printing on LW450
+ (pkgs.cups-dymo.overrideAttrs (old: {
+ postPatch = ''
+ sed -i 's/cupsManualCopies: False/cupsManualCopies: True/g' ppd/*
+ '';
+ }))
+
+ # Official Brother PPD
+ (pkgs.runCommand ''cups-brother'' { } ''
+ mkdir -p $out/share/cups/model
+ gunzip --stdout ${pkgs.fetchurl {
+ url = "https://download.brother.com/welcome/dlf006311/BR8380_2_GPL.ppd.gz";
+ hash = "sha256-d7Kly2z8ALLV+j2Zmh3knpqiELFS4wf+4MfgNYeC0hQ=";
+ }} > $out/share/cups/model/BR8380.ppd
+ '')
+ ];
+
+ # Requests coming from beyondspace use printmaster.waw.hackerspace.pl:631 host header which Cups doesn't like - let's just allow all
+ extraConf = "ServerAlias *";
+ };
+
+ samba = {
+ enable = true;
+ securityType = "user";
+ openFirewall = true;
+ extraConfig = ''
+ workgroup = WORKGROUP
+ client min protocol = NT1
+ server min protocol = NT1
+
+ server string = printmaster
+ netbios name = printmaster
+
+ # note: localhost is the ipv6 localhost ::1
+ hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost
+ hosts deny = 0.0.0.0/0
+ guest account = nobody
+ map to guest = bad user
+ '';
+
+ shares = {
+ brother = {
+ path = "/run/brother";
+ browseable = "yes";
+ "read only" = "no";
+ "guest ok" = "yes";
+ "create mask" = "0644";
+ "directory mask" = "0755";
+ "force user" = "nobody";
+ "force group" = "nogroup";
+ };
+ };
+ };
+
+ nginx = {
+ enable = true;
+ virtualHosts."printmaster.waw.hackerspace.pl" = {
+ locations."/brother/" = {
+ alias = "/run/brother/";
+ extraConfig = "autoindex on;";
+ };
+ };
+ };
+ };
+
+ systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip {
+ url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz";
+ hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q=";
+ stripRoot = false;
+ }; in {
+ # TODO move ftpserver.json to secrets
+ script = ''
+ ${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json
+ '';
+
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ };
+
+ systemd.tmpfiles.rules = [
+ "d /run/brother 1777 nobody nogroup 1d"
+ ];
+
+ swapDevices = [{ device = "/swapfile"; size = 2 * 1024; }];
+
+ system.copySystemConfiguration = true;
+ system.stateVersion = "23.11";
+}
diff --git a/hswaw/machines/printmaster.waw.hackerspace.pl/hardware-configuration.nix b/hswaw/machines/printmaster.waw.hackerspace.pl/hardware-configuration.nix
new file mode 100644
index 0000000..70856cc
--- /dev/null
+++ b/hswaw/machines/printmaster.waw.hackerspace.pl/hardware-configuration.nix
@@ -0,0 +1,34 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "usbhid" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ {
+ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enu1u1u1.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}