Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / refs/heads/printmaster-ng / . / hswaw / machines / printmaster.waw.hackerspace.pl / configuration.nix
blob: a33619fd0a08294c69a3f858c5db43b05dafe4a8 [file] [log] [blame]
{ config, lib, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
networking.hostName = "printmaster";
networking.enableIPv6 = false;
networking.firewall = {
enable = true;
allowedTCPPorts = [
# nginx
80
# ftpserver
2121
];
allowedUDPPortRanges = [
{ from = 4000; to = 4007; }
{ from = 8000; to = 8010; }
];
};
nix.extraOptions = ''
experimental-features = nix-command
'';
time.timeZone = "Europe/Warsaw";
users.users = {
pi = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
root = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXhpZR8NUyJe9ud92uxavLuLLRVMUpqFOUTE0x35JHgve6Qo+IqlmszlmDGtTBqLlR/ZeXw0Rb7aq6rsrM20zmPMl/XQygwzE72dUZVnw4CWlzakI6qntU4FvnpjxMy3dz3KvYUtjf+p44tEuyU64s9TLKipX58GwTtVCKO1gmSI1I+3Ng0hxcXveMln+uH7Wa5LXJhGcyXTbnUXGpp97tXLWxG5xO46kwsmRhBd2MfodeeWe+nB0tVNE/sNybOwPNfzVu/U9wylyjdQ1/CBR9sNNYxT3RhuEwXKW/Unf/0ekB5j9VMpfMNwBMz714Ml3FKGsqacJL8Z0bJuPpveG1P4IYRS6x9pxPb4pgbBO9RZXIC8YQuqdBWulQo76SSEp5yCAkHFdQ3YX7em8zROpaVdZUBRUkwKdflt5PYjcv06rDNLKLoHbVhfZcPkkqKGsP/EA7ioARTezWAWRqc3CMXCnAH2CQLOeuvHmdQ2hqg3QZV8yZd/UzpyW8KjjkEMs= frederic@dedusmuln-macos.local"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3ujDBU/w0J37TQKro5lSmb3H2vGkbllsSxrD+aGAC6/5AosPLVxOXlWUH+P8ljeHsrZRiGhq9nBaafXXvMz7D8EIFqOH6mG1sG+pFL4M0/weebRutYiwRhPn5dl9ABij+lY2ETBP8K3anPXbyHHaSZW3GTNIJbmwVlP5jYfFEzXs5v6jYpMqDZ6i3HRaDDXxp7b9ZHc5LECEvepeO2T4MlTMUSa4bntP2ZzgWKoGkC+Bpyr98ug1hGoYiRGH2Cu9shjnPSopqd/YVCBNQ917FasnGLf8rNmUtNZycE0CPYHrf6N4SslkxSbfz3i+lAsdJLo53eBdn474yryrG0DtZJA8kacBxUWrLIFrWLDHkTlOx/UrdFWV55hMkmc2uo7MvO8nGuqATRoqZwSnYRLhHU8fpZHoOXlwCVoW9fcDOTgukUYHQCbQnfiS3H5ikE5vXxAHpzPE0pZ5o+YvrE0VVSwpB0aaSt55nY8762Q2y89clvjdoGwP7p7TL8M032QGFq2PAMY/+GY01zq+qswg7uEetU8Ccam9U4XoeB8XV7ocBNvGT/1PCfXwami5335SrB6+UHq6aU93ZSqc5lXl0KhrrhwuPDjN67nN3OtoeHsbwhyv+o5QJGB4ahWFs7G37Cxj/KffgdKQnvTLSzidA6uEXqFCjq8FNuEGeG+cKHw=="
];
};
};
environment.systemPackages = with pkgs; [
wget
neofetch
git
fd
vim
];
hardware.printers = {
ensurePrinters = [
{
name = "DYMO_LabelWriter450";
location = "HSWAW";
# FIXME: roll back to previous serial whenever we switch back to the
# deep fried printer
deviceUri = "usb://DYMO/LabelWriter%20450?serial=07080922282341";
# deviceUri = "usb://DYMO/LabelWriter%20450?serial=14070417114480";
model = "lw450.ppd";
ppdOptions = {
PageSize = "w102h252";
};
}
{
name = "Zebra_GK420T";
location = "HSWAW";
deviceUri = "socket://10.8.1.22:9100";
model = "drv:///sample.drv/zebra.ppd";
ppdOptions = {
PageSize = "w288h432";
MediaType = "Thermal";
Resolution = "203dpi";
};
}
{
name = "Brother_MFC8380DN";
location = "HSWAW";
deviceUri = "socket://10.8.1.21";
model = "BR8380.ppd";
ppdOptions = {
PageSize = "A4";
};
}
];
ensureDefaultPrinter = "DYMO_LabelWriter450";
};
services = {
openssh.enable = true;
avahi = {
enable = true;
nssmdns = true;
openFirewall = true;
publish = {
enable = true;
userServices = true;
};
};
printing = {
enable = true;
defaultShared = true;
browsing = true;
openFirewall = true;
allowFrom = [ "all" ];
listenAddresses = [ "*:631" ];
drivers = [
# Workaround for broken multi-copies printing on LW450
(pkgs.cups-dymo.overrideAttrs (old: {
postPatch = ''
sed -i 's/cupsManualCopies: False/cupsManualCopies: True/g' ppd/*
'';
}))
# Official Brother PPD
(pkgs.runCommand ''cups-brother'' { } ''
mkdir -p $out/share/cups/model
gunzip --stdout ${pkgs.fetchurl {
url = "https://download.brother.com/welcome/dlf006311/BR8380_2_GPL.ppd.gz";
hash = "sha256-d7Kly2z8ALLV+j2Zmh3knpqiELFS4wf+4MfgNYeC0hQ=";
}} > $out/share/cups/model/BR8380.ppd
'')
];
# Requests coming from beyondspace use printmaster.waw.hackerspace.pl:631 host header which Cups doesn't like - let's just allow all
extraConf = "ServerAlias *";
};
samba = {
enable = true;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
client min protocol = NT1
server min protocol = NT1
server string = printmaster
netbios name = printmaster
# note: localhost is the ipv6 localhost ::1
hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
brother = {
path = "/run/brother";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "nobody";
"force group" = "nogroup";
};
};
};
nginx = {
enable = true;
virtualHosts."printmaster.waw.hackerspace.pl" = {
locations."/brother/" = {
alias = "/run/brother/";
extraConfig = "autoindex on;";
};
};
};
};
systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip {
url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz";
hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q=";
stripRoot = false;
}; in {
# TODO move ftpserver.json to secrets
script = ''
${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json
'';
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
systemd.tmpfiles.rules = [
"d /run/brother 1777 nobody nogroup 1d"
];
swapDevices = [{ device = "/swapfile"; size = 2 * 1024; }];
system.copySystemConfiguration = true;
system.stateVersion = "23.11";
}