Blame - hswaw/machines/sound.waw.hackerspace.pl/configuration.nix - hscloud

blob: fabd01a4190312a16ba4e3791c5607877e3a7f9e [file] [log] [blame]

vuko	deeeff8	2022-10-02 23:12:29 +0200	[diff] [blame]	1	{ config, pkgs, ... }:
				2
				3	let
				4	hw = builtins.fromJSON (builtins.readFile ./hw.json);
				5	ssh-keys = {
				6	vuko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhaCaC/CVYv6hphqmEdKaPrIn+Q946+myvL9SSnzFZk vuko@eagle";
				7	informatic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoKB2p/gFaKthQNXeQvSLzhOlLSq3vjVL3AEOBTMXGH informatic@atuin";
				8	};
				9	networks = {
				10	lan = {
				11	description = "LAN";
				12	hw_addr = "4c:52:62:ba:a9:78";
				13	ipv4 = "10.8.1.26";
				14	#ipv6 = "2a0d:eb00:4242::1";
				15	};
				16	};
				17
				18	system-vim = pkgs.vim_configurable.customize {
				19	name = "vim";
				20	vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
				21	start = [ vim-nix vim-lastplace ];
				22	opt = [];
				23	};
				24	vimrcConfig.customRC = ''
				25	set nocompatible
				26	'';
				27	};
				28
				29
				30	in {
				31	imports =
				32	[
				33	./hardware-configuration.nix
				34	];
				35
				36	boot.loader.systemd-boot.enable = true;
				37	boot.loader.efi.canTouchEfiVariables = true;
				38
				39	time.timeZone = "Europe/Warsaw";
				40
				41	fileSystems."/" = {
				42	device = "/dev/disk/by-partuuid/${hw.rootUUID}";
				43	fsType = "ext4";
				44	};
				45
				46	networking.hostName = "newsound";
				47	networking.domain = "waw.hackerspace.pl";
				48	networking.useDHCP = false;
				49
				50	networking.defaultGateway = {
				51	address = "10.8.1.2";
				52	interface = "lan";
				53	};
				54
				55	networking.interfaces = {
				56	lan = {
				57	ipv4.addresses = [
				58	{
				59	address = networks.lan.ipv4;
				60	prefixLength = 16;
				61	}
				62	];
				63	};
				64	};
				65
				66	networking.nameservers = ["10.8.1.2"];
				67
				68	services.acpid.enable = true;
				69
				70	# TODO copy acls and paswords from old sound
				71	services.mosquitto.enable = true;
				72	services.mosquitto.listeners = [
				73	{
				74	settings.allow_anonymous = true;
				75	}
				76	];
				77
				78	services.home-assistant = {
				79	enable = true;
				80	config = import ./home-assistant.nix;
				81
				82	# TODO if some components / packages are not needed
				83	extraComponents = [
				84	"default_config"
				85	"mqtt"
				86	"met"
				87	"media_player"
				88	"light"
				89	"frontend"
				90	"cast"
				91	"spotify"
				92	];
				93	extraPackages = ps: [
				94	ps.aiohttp-cors
				95	ps.pillow
				96	ps.sqlalchemy
				97	ps.websockets
				98	ps.fnvhash
				99	ps.hass-nabucasa
				100	ps.pymetno
				101	ps.radios
vuko	4fe6e02	2022-12-19 23:55:31 +0100	[diff] [blame^]	102	ps.pyipp
				103	ps.brother
				104	ps.wled
				105	ps.securetar
				106	ps.numpy
				107	ps.pyatv
vuko	deeeff8	2022-10-02 23:12:29 +0200	[diff] [blame]	108	];
				109	};
				110
				111	sound.enable = true;
				112
				113	# TODO create config that setups volume, default output etc.
				114	hardware.pulseaudio = {
				115	enable = true;
				116	systemWide = true;
				117	zeroconf.publish.enable = true;
				118
				119	tcp.enable = true;
				120	tcp.anonymousClients.allowAll = true;
				121	};
				122
				123	services.nginx = {
				124	enable = true;
				125	virtualHosts = {
				126	"iot.waw.hackerspace.pl" = {
				127	serverAliases = ["default_server"];
				128	listen = [
				129	{
				130	addr = networks.lan.ipv4;
				131	port = 80;
				132	ssl = false;
				133	}
				134	];
				135	locations."/" = {
				136	extraConfig = ''
				137	proxy_set_header Upgrade $http_upgrade;
				138	proxy_set_header Connection $http_connection;
				139	proxy_set_header Host $host;
				140	proxy_set_header X-Real-IP $remote_addr;
				141	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
				142	proxy_set_header X-Forwarded-Host $host:$server_port;
				143	proxy_set_header X-Forwarded-Server $host;
				144	proxy_set_header X-Forwarded-Proto $scheme;
				145	'';
				146	proxyPass = "http://localhost:8123";
				147	};
				148	};
				149	};
				150	};
				151
				152
				153	systemd.network.links = builtins.listToAttrs (map (
				154	name: { name = "10-link-${name}"; value = {
				155	enable = true;
				156	matchConfig = {
				157	MACAddress = networks."${name}".hw_addr;
				158	};
				159	linkConfig = {
				160	Name = "${name}";
				161	};
				162	}; }
				163	) (builtins.filter (name: builtins.hasAttr "hw_addr" networks."${name}") (builtins.attrNames networks)));
				164
				165	networking.firewall = {
				166	enable = true;
				167	allowedTCPPorts = [
				168	22 # ssh
				169	80 # nginx http
				170	1883 # mqtt (mosquitto)
				171	4713 # pulseaudo
				172	];
				173	};
				174
				175	services.openssh = {
				176	enable = true;
				177	passwordAuthentication = false;
				178	};
				179
				180	# TODO extract ssh keys synchronization from customs and add it here
				181	users.users.root.openssh.authorizedKeys.keys = [ ssh-keys.vuko ssh-keys.informatic ];
				182
				183	environment.systemPackages = with pkgs; [
				184	system-vim tcpdump htop nmon tmux git file procps parted dmidecode ack utillinux
				185	nmap mosh ncdu tree lz4 bind neovim hdparm usbutils
				186	];
				187
				188	programs.mtr.enable = true;
				189
				190	environment.variables = {
				191	EDITOR = "vim";
				192	};
				193
				194	#environment.extraInit = ''
				195	# export NIX_PATH="nixpkgs=${config.channel-sources.nixpkgs}";
				196	#'';
				197
				198	environment.etc."inputrc" = {
				199	text = pkgs.lib.mkDefault( pkgs.lib.mkAfter ''
				200	set colored-stats on
				201	set show-all-if-ambiguous on
				202	set completion-ignore-case on
				203
				204	# arrow up
				205	"\e[A": history-search-backward
				206	# arrow down
				207	"\e[B": history-search-forward
				208
				209	"\e[5~": history-search-backward
				210	"\e[6~": history-search-forward
				211	'');
				212	};
				213
				214	system.stateVersion = "22.05";
				215
				216
				217	boot.vesa = false;
				218	boot.loader.grub.splashImage = null;
				219	}
				220