[lucia] working certs and mpd

2023-10-24 18:47:12 +02:00
parent a5360da04b
commit 9b7a1745aa
2 changed files with 78 additions and 49 deletions
--- a/machines/lucia/configuration.nix
+++ b/machines/lucia/configuration.nix
@@ -8,8 +8,19 @@
      ../modules/malobeo_user.nix
    ];

+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets.njala_api_key = {};
+
  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
  boot.loader.grub.enable = false;
+  boot.loader.raspberryPi.enable = false;
+  boot.loader.raspberryPi.version = 3;
+  boot.loader.raspberryPi.uboot.enable = true;
+  boot.loader.raspberryPi.firmwareConfig = ''
+    dtparam=audio=on
+    hdmi_ignore_edid_audio=1
+    audio_pwm_mode=2
+  '';

  # Enables the generation of /boot/extlinux/extlinux.conf
  boot.loader.generic-extlinux-compatible.enable = true;
@@ -21,6 +32,9 @@
  # Set your time zone.
  time.timeZone = "Europe/Berlin";

+  # hardware audio support:
+  sound.enable = true;
+
  services = {
  dokuwiki.sites."wiki.malobeo.org" = {
    enable = true;
@@ -50,29 +64,69 @@
    };
  };

-    mpd = {
-      enable = true;
-      musicDirectory = "/var/lib/mpd/music";
-      extraConfig = ''
-          audio_output {
-            type "alsa"
-            name "My ALSA"
-            device			"hw:0,0"	# optional 
-            format			"44100:16:2"	# optional
-            mixer_type		"hardware"
-            mixer_device	"default"
-            mixer_control	"PCM"
-          }
-      '';
-    
-      # Optional:
-      network.listenAddress = "any"; # if you want to allow non-localhost connections
-      startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket
-    };

-    ympd = {
-      enable = true;
+  mpd = {
+    enable = true;
+    musicDirectory = "/var/lib/mpd/music";
+    extraConfig = ''
+      audio_output {
+        type "alsa"
+        name "My ALSA"
+        device			"hw:0,0"	# optional 
+        format			"44100:16:2"	# optional
+        mixer_type		"hardware"
+        mixer_device	"default"
+        mixer_control	"PCM"
+      }
+    '';
+  
+    # Optional:
+    network.listenAddress = "any"; # if you want to allow non-localhost connections
+    startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket
+  };
+
+  ympd = {
+    enable = true;
+  };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "malobeo@systemli.org";
+    defaults = {
+      dnsProvider = "njalla";
+      credentialsFile = config.sops.secrets.njala_api_key.path;
+      dnsPropagationCheck = false;
    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."music.malobeo.org" = {
+      enableACME = true;
+      forceSSL = true;
+      acmeRoot = null;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 6680 80 443 ];
+
+  environment.systemPackages = with pkgs; [
+    vim
+    htop
+    wget
+    git
+    pciutils
+    nix-tree
+  ];
+
+  system.stateVersion = "23.05";
+}
+
    #mopidy = {
    #  enable = true;
    #  configuration = ''
@@ -127,28 +181,3 @@
    #  '';
    #  extensionPackages = with pkgs; [ mopidy-iris mopidy-youtube python3Packages.yt-dlp ];
    #};
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."music.malobeo.org" = {
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8080";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 6680 80 ];
-
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    wget
-    git
-    pciutils
-    nix-tree
-  ];
-
-  system.stateVersion = "23.05";
-}