Blame - hswaw/machines/sound.waw.hackerspace.pl/configuration.nix - hscloud

blob: fccd656e0e920ab490a3eeb9e865fa2712e22902 [file] [log] [blame]

vuko	deeeff8	2022-10-02 23:12:29 +0200	[diff] [blame]	1	{ config, pkgs, ... }:
				2
				3	let
				4	hw = builtins.fromJSON (builtins.readFile ./hw.json);
				5	ssh-keys = {
				6	vuko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhaCaC/CVYv6hphqmEdKaPrIn+Q946+myvL9SSnzFZk vuko@eagle";
				7	informatic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoKB2p/gFaKthQNXeQvSLzhOlLSq3vjVL3AEOBTMXGH informatic@atuin";
				8	};
				9	networks = {
				10	lan = {
				11	description = "LAN";
				12	hw_addr = "4c:52:62:ba:a9:78";
				13	ipv4 = "10.8.1.26";
				14	#ipv6 = "2a0d:eb00:4242::1";
				15	};
				16	};
				17
				18	system-vim = pkgs.vim_configurable.customize {
				19	name = "vim";
				20	vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
				21	start = [ vim-nix vim-lastplace ];
				22	opt = [];
				23	};
				24	vimrcConfig.customRC = ''
				25	set nocompatible
				26	'';
				27	};
				28
				29
				30	in {
				31	imports =
				32	[
				33	./hardware-configuration.nix
				34	];
				35
				36	boot.loader.systemd-boot.enable = true;
				37	boot.loader.efi.canTouchEfiVariables = true;
				38
				39	time.timeZone = "Europe/Warsaw";
				40
				41	fileSystems."/" = {
				42	device = "/dev/disk/by-partuuid/${hw.rootUUID}";
				43	fsType = "ext4";
				44	};
				45
				46	networking.hostName = "newsound";
				47	networking.domain = "waw.hackerspace.pl";
				48	networking.useDHCP = false;
				49
				50	networking.defaultGateway = {
				51	address = "10.8.1.2";
				52	interface = "lan";
				53	};
				54
				55	networking.interfaces = {
				56	lan = {
				57	ipv4.addresses = [
				58	{
				59	address = networks.lan.ipv4;
				60	prefixLength = 16;
				61	}
				62	];
				63	};
				64	};
				65
				66	networking.nameservers = ["10.8.1.2"];
				67
				68	services.acpid.enable = true;
				69
				70	# TODO copy acls and paswords from old sound
				71	services.mosquitto.enable = true;
				72	services.mosquitto.listeners = [
				73	{
				74	settings.allow_anonymous = true;
				75	}
				76	];
				77
				78	services.home-assistant = {
				79	enable = true;
				80	config = import ./home-assistant.nix;
				81
				82	# TODO if some components / packages are not needed
				83	extraComponents = [
				84	"default_config"
				85	"mqtt"
				86	"met"
				87	"media_player"
				88	"light"
				89	"frontend"
				90	"cast"
				91	"spotify"
				92	];
				93	extraPackages = ps: [
				94	ps.aiohttp-cors
				95	ps.pillow
				96	ps.sqlalchemy
				97	ps.websockets
				98	ps.fnvhash
				99	ps.hass-nabucasa
				100	ps.pymetno
				101	ps.radios
				102	];
				103	};
				104
				105	sound.enable = true;
				106
				107	# TODO create config that setups volume, default output etc.
				108	hardware.pulseaudio = {
				109	enable = true;
				110	systemWide = true;
				111	zeroconf.publish.enable = true;
				112
				113	tcp.enable = true;
				114	tcp.anonymousClients.allowAll = true;
				115	};
				116
				117	services.nginx = {
				118	enable = true;
				119	virtualHosts = {
				120	"iot.waw.hackerspace.pl" = {
				121	serverAliases = ["default_server"];
				122	listen = [
				123	{
				124	addr = networks.lan.ipv4;
				125	port = 80;
				126	ssl = false;
				127	}
				128	];
				129	locations."/" = {
				130	extraConfig = ''
				131	proxy_set_header Upgrade $http_upgrade;
				132	proxy_set_header Connection $http_connection;
				133	proxy_set_header Host $host;
				134	proxy_set_header X-Real-IP $remote_addr;
				135	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
				136	proxy_set_header X-Forwarded-Host $host:$server_port;
				137	proxy_set_header X-Forwarded-Server $host;
				138	proxy_set_header X-Forwarded-Proto $scheme;
				139	'';
				140	proxyPass = "http://localhost:8123";
				141	};
				142	};
				143	};
				144	};
				145
				146
				147	systemd.network.links = builtins.listToAttrs (map (
				148	name: { name = "10-link-${name}"; value = {
				149	enable = true;
				150	matchConfig = {
				151	MACAddress = networks."${name}".hw_addr;
				152	};
				153	linkConfig = {
				154	Name = "${name}";
				155	};
				156	}; }
				157	) (builtins.filter (name: builtins.hasAttr "hw_addr" networks."${name}") (builtins.attrNames networks)));
				158
				159	networking.firewall = {
				160	enable = true;
				161	allowedTCPPorts = [
				162	22 # ssh
				163	80 # nginx http
				164	1883 # mqtt (mosquitto)
				165	4713 # pulseaudo
				166	];
				167	};
				168
				169	services.openssh = {
				170	enable = true;
				171	passwordAuthentication = false;
				172	};
				173
				174	# TODO extract ssh keys synchronization from customs and add it here
				175	users.users.root.openssh.authorizedKeys.keys = [ ssh-keys.vuko ssh-keys.informatic ];
				176
				177	environment.systemPackages = with pkgs; [
				178	system-vim tcpdump htop nmon tmux git file procps parted dmidecode ack utillinux
				179	nmap mosh ncdu tree lz4 bind neovim hdparm usbutils
				180	];
				181
				182	programs.mtr.enable = true;
				183
				184	environment.variables = {
				185	EDITOR = "vim";
				186	};
				187
				188	#environment.extraInit = ''
				189	# export NIX_PATH="nixpkgs=${config.channel-sources.nixpkgs}";
				190	#'';
				191
				192	environment.etc."inputrc" = {
				193	text = pkgs.lib.mkDefault( pkgs.lib.mkAfter ''
				194	set colored-stats on
				195	set show-all-if-ambiguous on
				196	set completion-ignore-case on
				197
				198	# arrow up
				199	"\e[A": history-search-backward
				200	# arrow down
				201	"\e[B": history-search-forward
				202
				203	"\e[5~": history-search-backward
				204	"\e[6~": history-search-forward
				205	'');
				206	};
				207
				208	system.stateVersion = "22.05";
				209
				210
				211	boot.vesa = false;
				212	boot.loader.grub.splashImage = null;
				213	}
				214