| vuko | deeeff8 | 2022-10-02 23:12:29 +0200 | [diff] [blame] | 1 | { config, pkgs, ... }: |
| 2 | |
| 3 | let |
| 4 | hw = builtins.fromJSON (builtins.readFile ./hw.json); |
| 5 | ssh-keys = { |
| 6 | vuko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhaCaC/CVYv6hphqmEdKaPrIn+Q946+myvL9SSnzFZk vuko@eagle"; |
| 7 | informatic = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoKB2p/gFaKthQNXeQvSLzhOlLSq3vjVL3AEOBTMXGH informatic@atuin"; |
| 8 | }; |
| 9 | networks = { |
| 10 | lan = { |
| 11 | description = "LAN"; |
| 12 | hw_addr = "4c:52:62:ba:a9:78"; |
| vuko | aa7303e | 2022-12-19 23:56:03 +0100 | [diff] [blame] | 13 | ipv4 = "10.8.1.16"; |
| vuko | deeeff8 | 2022-10-02 23:12:29 +0200 | [diff] [blame] | 14 | #ipv6 = "2a0d:eb00:4242::1"; |
| 15 | }; |
| 16 | }; |
| 17 | |
| 18 | system-vim = pkgs.vim_configurable.customize { |
| 19 | name = "vim"; |
| 20 | vimrcConfig.packages.myplugins = with pkgs.vimPlugins; { |
| 21 | start = [ vim-nix vim-lastplace ]; |
| 22 | opt = []; |
| 23 | }; |
| 24 | vimrcConfig.customRC = '' |
| 25 | set nocompatible |
| 26 | ''; |
| 27 | }; |
| 28 | |
| 29 | |
| 30 | in { |
| 31 | imports = |
| 32 | [ |
| 33 | ./hardware-configuration.nix |
| vuko | f0ab6c4 | 2022-12-19 23:57:03 +0100 | [diff] [blame^] | 34 | ./spejsiot-api.nix |
| vuko | deeeff8 | 2022-10-02 23:12:29 +0200 | [diff] [blame] | 35 | ]; |
| 36 | |
| 37 | boot.loader.systemd-boot.enable = true; |
| 38 | boot.loader.efi.canTouchEfiVariables = true; |
| 39 | |
| 40 | time.timeZone = "Europe/Warsaw"; |
| 41 | |
| 42 | fileSystems."/" = { |
| 43 | device = "/dev/disk/by-partuuid/${hw.rootUUID}"; |
| 44 | fsType = "ext4"; |
| 45 | }; |
| 46 | |
| 47 | networking.hostName = "newsound"; |
| 48 | networking.domain = "waw.hackerspace.pl"; |
| 49 | networking.useDHCP = false; |
| 50 | |
| 51 | networking.defaultGateway = { |
| 52 | address = "10.8.1.2"; |
| 53 | interface = "lan"; |
| 54 | }; |
| 55 | |
| 56 | networking.interfaces = { |
| 57 | lan = { |
| 58 | ipv4.addresses = [ |
| 59 | { |
| 60 | address = networks.lan.ipv4; |
| 61 | prefixLength = 16; |
| 62 | } |
| 63 | ]; |
| 64 | }; |
| 65 | }; |
| 66 | |
| 67 | networking.nameservers = ["10.8.1.2"]; |
| 68 | |
| 69 | services.acpid.enable = true; |
| 70 | |
| 71 | # TODO copy acls and paswords from old sound |
| 72 | services.mosquitto.enable = true; |
| 73 | services.mosquitto.listeners = [ |
| 74 | { |
| 75 | settings.allow_anonymous = true; |
| 76 | } |
| 77 | ]; |
| 78 | |
| 79 | services.home-assistant = { |
| 80 | enable = true; |
| 81 | config = import ./home-assistant.nix; |
| 82 | |
| 83 | # TODO if some components / packages are not needed |
| 84 | extraComponents = [ |
| 85 | "default_config" |
| 86 | "mqtt" |
| 87 | "met" |
| 88 | "media_player" |
| 89 | "light" |
| 90 | "frontend" |
| 91 | "cast" |
| 92 | "spotify" |
| 93 | ]; |
| 94 | extraPackages = ps: [ |
| 95 | ps.aiohttp-cors |
| 96 | ps.pillow |
| 97 | ps.sqlalchemy |
| 98 | ps.websockets |
| 99 | ps.fnvhash |
| 100 | ps.hass-nabucasa |
| 101 | ps.pymetno |
| 102 | ps.radios |
| vuko | 4fe6e02 | 2022-12-19 23:55:31 +0100 | [diff] [blame] | 103 | ps.pyipp |
| 104 | ps.brother |
| 105 | ps.wled |
| 106 | ps.securetar |
| 107 | ps.numpy |
| 108 | ps.pyatv |
| vuko | deeeff8 | 2022-10-02 23:12:29 +0200 | [diff] [blame] | 109 | ]; |
| 110 | }; |
| 111 | |
| 112 | sound.enable = true; |
| 113 | |
| 114 | # TODO create config that setups volume, default output etc. |
| 115 | hardware.pulseaudio = { |
| 116 | enable = true; |
| 117 | systemWide = true; |
| 118 | zeroconf.publish.enable = true; |
| 119 | |
| 120 | tcp.enable = true; |
| 121 | tcp.anonymousClients.allowAll = true; |
| 122 | }; |
| 123 | |
| 124 | services.nginx = { |
| 125 | enable = true; |
| 126 | virtualHosts = { |
| 127 | "iot.waw.hackerspace.pl" = { |
| 128 | serverAliases = ["default_server"]; |
| 129 | listen = [ |
| 130 | { |
| 131 | addr = networks.lan.ipv4; |
| 132 | port = 80; |
| 133 | ssl = false; |
| 134 | } |
| 135 | ]; |
| 136 | locations."/" = { |
| 137 | extraConfig = '' |
| 138 | proxy_set_header Upgrade $http_upgrade; |
| 139 | proxy_set_header Connection $http_connection; |
| 140 | proxy_set_header Host $host; |
| 141 | proxy_set_header X-Real-IP $remote_addr; |
| 142 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 143 | proxy_set_header X-Forwarded-Host $host:$server_port; |
| 144 | proxy_set_header X-Forwarded-Server $host; |
| 145 | proxy_set_header X-Forwarded-Proto $scheme; |
| 146 | ''; |
| 147 | proxyPass = "http://localhost:8123"; |
| 148 | }; |
| 149 | }; |
| vuko | f0ab6c4 | 2022-12-19 23:57:03 +0100 | [diff] [blame^] | 150 | "spejsiot.waw.hackerspace.pl" = { |
| 151 | serverAliases = ["default_server"]; |
| 152 | listen = [ |
| 153 | { |
| 154 | addr = networks.lan.ipv4; |
| 155 | port = 80; |
| 156 | ssl = false; |
| 157 | } |
| 158 | ]; |
| 159 | locations."/" = { |
| 160 | # TODO copied from iot, are all headers needed? |
| 161 | extraConfig = '' |
| 162 | proxy_set_header Upgrade $http_upgrade; |
| 163 | proxy_set_header Connection $http_connection; |
| 164 | proxy_set_header Host $host; |
| 165 | proxy_set_header X-Real-IP $remote_addr; |
| 166 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
| 167 | proxy_set_header X-Forwarded-Host $host:$server_port; |
| 168 | proxy_set_header X-Forwarded-Server $host; |
| 169 | proxy_set_header X-Forwarded-Proto $scheme; |
| 170 | ''; |
| 171 | proxyPass = "http://localhost:5100"; |
| 172 | }; |
| 173 | }; |
| vuko | deeeff8 | 2022-10-02 23:12:29 +0200 | [diff] [blame] | 174 | }; |
| 175 | }; |
| 176 | |
| 177 | |
| 178 | systemd.network.links = builtins.listToAttrs (map ( |
| 179 | name: { name = "10-link-${name}"; value = { |
| 180 | enable = true; |
| 181 | matchConfig = { |
| 182 | MACAddress = networks."${name}".hw_addr; |
| 183 | }; |
| 184 | linkConfig = { |
| 185 | Name = "${name}"; |
| 186 | }; |
| 187 | }; } |
| 188 | ) (builtins.filter (name: builtins.hasAttr "hw_addr" networks."${name}") (builtins.attrNames networks))); |
| 189 | |
| 190 | networking.firewall = { |
| 191 | enable = true; |
| 192 | allowedTCPPorts = [ |
| 193 | 22 # ssh |
| 194 | 80 # nginx http |
| 195 | 1883 # mqtt (mosquitto) |
| 196 | 4713 # pulseaudo |
| 197 | ]; |
| 198 | }; |
| 199 | |
| 200 | services.openssh = { |
| 201 | enable = true; |
| 202 | passwordAuthentication = false; |
| 203 | }; |
| 204 | |
| 205 | # TODO extract ssh keys synchronization from customs and add it here |
| 206 | users.users.root.openssh.authorizedKeys.keys = [ ssh-keys.vuko ssh-keys.informatic ]; |
| 207 | |
| 208 | environment.systemPackages = with pkgs; [ |
| 209 | system-vim tcpdump htop nmon tmux git file procps parted dmidecode ack utillinux |
| 210 | nmap mosh ncdu tree lz4 bind neovim hdparm usbutils |
| 211 | ]; |
| 212 | |
| 213 | programs.mtr.enable = true; |
| 214 | |
| 215 | environment.variables = { |
| 216 | EDITOR = "vim"; |
| 217 | }; |
| 218 | |
| 219 | #environment.extraInit = '' |
| 220 | # export NIX_PATH="nixpkgs=${config.channel-sources.nixpkgs}"; |
| 221 | #''; |
| 222 | |
| 223 | environment.etc."inputrc" = { |
| 224 | text = pkgs.lib.mkDefault( pkgs.lib.mkAfter '' |
| 225 | set colored-stats on |
| 226 | set show-all-if-ambiguous on |
| 227 | set completion-ignore-case on |
| 228 | |
| 229 | # arrow up |
| 230 | "\e[A": history-search-backward |
| 231 | # arrow down |
| 232 | "\e[B": history-search-forward |
| 233 | |
| 234 | "\e[5~": history-search-backward |
| 235 | "\e[6~": history-search-forward |
| 236 | ''); |
| 237 | }; |
| 238 | |
| 239 | system.stateVersion = "22.05"; |
| 240 | |
| 241 | |
| 242 | boot.vesa = false; |
| 243 | boot.loader.grub.splashImage = null; |
| 244 | } |
| 245 | |