| { config, lib, pkgs, ... }: |
| |
| { |
| imports = |
| [ |
| ./hardware-configuration.nix |
| ]; |
| |
| boot.loader.grub.enable = false; |
| boot.loader.generic-extlinux-compatible.enable = true; |
| |
| networking.hostName = "printmaster"; |
| networking.enableIPv6 = false; |
| networking.firewall = { |
| enable = true; |
| allowedTCPPorts = [ |
| # nginx |
| 80 |
| |
| # ftpserver |
| 2121 |
| ]; |
| allowedUDPPortRanges = [ |
| { from = 4000; to = 4007; } |
| { from = 8000; to = 8010; } |
| ]; |
| }; |
| |
| nix.extraOptions = '' |
| experimental-features = nix-command |
| ''; |
| |
| time.timeZone = "Europe/Warsaw"; |
| |
| users.users = { |
| pi = { |
| isNormalUser = true; |
| extraGroups = [ "wheel" ]; |
| }; |
| root = { |
| openssh.authorizedKeys.keys = [ |
| "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXhpZR8NUyJe9ud92uxavLuLLRVMUpqFOUTE0x35JHgve6Qo+IqlmszlmDGtTBqLlR/ZeXw0Rb7aq6rsrM20zmPMl/XQygwzE72dUZVnw4CWlzakI6qntU4FvnpjxMy3dz3KvYUtjf+p44tEuyU64s9TLKipX58GwTtVCKO1gmSI1I+3Ng0hxcXveMln+uH7Wa5LXJhGcyXTbnUXGpp97tXLWxG5xO46kwsmRhBd2MfodeeWe+nB0tVNE/sNybOwPNfzVu/U9wylyjdQ1/CBR9sNNYxT3RhuEwXKW/Unf/0ekB5j9VMpfMNwBMz714Ml3FKGsqacJL8Z0bJuPpveG1P4IYRS6x9pxPb4pgbBO9RZXIC8YQuqdBWulQo76SSEp5yCAkHFdQ3YX7em8zROpaVdZUBRUkwKdflt5PYjcv06rDNLKLoHbVhfZcPkkqKGsP/EA7ioARTezWAWRqc3CMXCnAH2CQLOeuvHmdQ2hqg3QZV8yZd/UzpyW8KjjkEMs= frederic@dedusmuln-macos.local" |
| "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR" |
| "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3ujDBU/w0J37TQKro5lSmb3H2vGkbllsSxrD+aGAC6/5AosPLVxOXlWUH+P8ljeHsrZRiGhq9nBaafXXvMz7D8EIFqOH6mG1sG+pFL4M0/weebRutYiwRhPn5dl9ABij+lY2ETBP8K3anPXbyHHaSZW3GTNIJbmwVlP5jYfFEzXs5v6jYpMqDZ6i3HRaDDXxp7b9ZHc5LECEvepeO2T4MlTMUSa4bntP2ZzgWKoGkC+Bpyr98ug1hGoYiRGH2Cu9shjnPSopqd/YVCBNQ917FasnGLf8rNmUtNZycE0CPYHrf6N4SslkxSbfz3i+lAsdJLo53eBdn474yryrG0DtZJA8kacBxUWrLIFrWLDHkTlOx/UrdFWV55hMkmc2uo7MvO8nGuqATRoqZwSnYRLhHU8fpZHoOXlwCVoW9fcDOTgukUYHQCbQnfiS3H5ikE5vXxAHpzPE0pZ5o+YvrE0VVSwpB0aaSt55nY8762Q2y89clvjdoGwP7p7TL8M032QGFq2PAMY/+GY01zq+qswg7uEetU8Ccam9U4XoeB8XV7ocBNvGT/1PCfXwami5335SrB6+UHq6aU93ZSqc5lXl0KhrrhwuPDjN67nN3OtoeHsbwhyv+o5QJGB4ahWFs7G37Cxj/KffgdKQnvTLSzidA6uEXqFCjq8FNuEGeG+cKHw==" |
| ]; |
| }; |
| }; |
| |
| environment.systemPackages = with pkgs; [ |
| wget |
| neofetch |
| git |
| fd |
| vim |
| ]; |
| |
| hardware.printers = { |
| ensurePrinters = [ |
| { |
| name = "DYMO_LabelWriter450"; |
| location = "HSWAW"; |
| # FIXME: roll back to previous serial whenever we switch back to the |
| # deep fried printer |
| deviceUri = "usb://DYMO/LabelWriter%20450?serial=07080922282341"; |
| # deviceUri = "usb://DYMO/LabelWriter%20450?serial=14070417114480"; |
| model = "lw450.ppd"; |
| ppdOptions = { |
| PageSize = "w102h252"; |
| }; |
| } |
| |
| { |
| name = "Zebra_GK420T"; |
| location = "HSWAW"; |
| deviceUri = "socket://10.8.1.22:9100"; |
| model = "drv:///sample.drv/zebra.ppd"; |
| ppdOptions = { |
| PageSize = "w288h432"; |
| MediaType = "Thermal"; |
| Resolution = "203dpi"; |
| }; |
| } |
| |
| { |
| name = "Brother_MFC8380DN"; |
| location = "HSWAW"; |
| deviceUri = "socket://10.8.1.21"; |
| model = "BR8380.ppd"; |
| ppdOptions = { |
| PageSize = "A4"; |
| }; |
| } |
| ]; |
| |
| ensureDefaultPrinter = "DYMO_LabelWriter450"; |
| }; |
| |
| services = { |
| openssh.enable = true; |
| avahi = { |
| enable = true; |
| nssmdns = true; |
| openFirewall = true; |
| publish = { |
| enable = true; |
| userServices = true; |
| }; |
| }; |
| printing = { |
| enable = true; |
| defaultShared = true; |
| browsing = true; |
| openFirewall = true; |
| allowFrom = [ "all" ]; |
| listenAddresses = [ "*:631" ]; |
| drivers = [ |
| # Workaround for broken multi-copies printing on LW450 |
| (pkgs.cups-dymo.overrideAttrs (old: { |
| postPatch = '' |
| sed -i 's/cupsManualCopies: False/cupsManualCopies: True/g' ppd/* |
| ''; |
| })) |
| |
| # Official Brother PPD |
| (pkgs.runCommand ''cups-brother'' { } '' |
| mkdir -p $out/share/cups/model |
| gunzip --stdout ${pkgs.fetchurl { |
| url = "https://download.brother.com/welcome/dlf006311/BR8380_2_GPL.ppd.gz"; |
| hash = "sha256-d7Kly2z8ALLV+j2Zmh3knpqiELFS4wf+4MfgNYeC0hQ="; |
| }} > $out/share/cups/model/BR8380.ppd |
| '') |
| ]; |
| |
| # Requests coming from beyondspace use printmaster.waw.hackerspace.pl:631 host header which Cups doesn't like - let's just allow all |
| extraConf = "ServerAlias *"; |
| }; |
| |
| samba = { |
| enable = true; |
| securityType = "user"; |
| openFirewall = true; |
| extraConfig = '' |
| workgroup = WORKGROUP |
| client min protocol = NT1 |
| server min protocol = NT1 |
| |
| server string = printmaster |
| netbios name = printmaster |
| |
| # note: localhost is the ipv6 localhost ::1 |
| hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost |
| hosts deny = 0.0.0.0/0 |
| guest account = nobody |
| map to guest = bad user |
| ''; |
| |
| shares = { |
| brother = { |
| path = "/run/brother"; |
| browseable = "yes"; |
| "read only" = "no"; |
| "guest ok" = "yes"; |
| "create mask" = "0644"; |
| "directory mask" = "0755"; |
| "force user" = "nobody"; |
| "force group" = "nogroup"; |
| }; |
| }; |
| }; |
| |
| nginx = { |
| enable = true; |
| virtualHosts."printmaster.waw.hackerspace.pl" = { |
| locations."/brother/" = { |
| alias = "/run/brother/"; |
| extraConfig = "autoindex on;"; |
| }; |
| }; |
| }; |
| }; |
| |
| systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip { |
| url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz"; |
| hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q="; |
| stripRoot = false; |
| }; in { |
| # TODO move ftpserver.json to secrets |
| script = '' |
| ${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json |
| ''; |
| |
| after = [ "network.target" ]; |
| wantedBy = [ "multi-user.target" ]; |
| }; |
| |
| systemd.tmpfiles.rules = [ |
| "d /run/brother 1777 nobody nogroup 1d" |
| ]; |
| |
| swapDevices = [{ device = "/swapfile"; size = 2 * 1024; }]; |
| |
| system.copySystemConfiguration = true; |
| system.stateVersion = "23.11"; |
| } |