[lucia] working certs and mpd

machines/lucia/configuration.nix

@@ -8,8 +8,19 @@
       ../modules/malobeo_user.nix
     ];
 
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.secrets.njala_api_key = {};
+
   # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
   boot.loader.grub.enable = false;
+  boot.loader.raspberryPi.enable = false;
+  boot.loader.raspberryPi.version = 3;
+  boot.loader.raspberryPi.uboot.enable = true;
+  boot.loader.raspberryPi.firmwareConfig = ''
+    dtparam=audio=on
+    hdmi_ignore_edid_audio=1
+    audio_pwm_mode=2
+  '';
 
   # Enables the generation of /boot/extlinux/extlinux.conf
   boot.loader.generic-extlinux-compatible.enable = true;
@@ -21,6 +32,9 @@
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
+  # hardware audio support:
+  sound.enable = true;
+
   services = {
   dokuwiki.sites."wiki.malobeo.org" = {
     enable = true;
@@ -50,6 +64,7 @@
     };
   };
 
+
   mpd = {
     enable = true;
     musicDirectory = "/var/lib/mpd/music";
@@ -73,6 +88,45 @@
   ympd = {
     enable = true;
   };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "malobeo@systemli.org";
+    defaults = {
+      dnsProvider = "njalla";
+      credentialsFile = config.sops.secrets.njala_api_key.path;
+      dnsPropagationCheck = false;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."music.malobeo.org" = {
+      enableACME = true;
+      forceSSL = true;
+      acmeRoot = null;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 6680 80 443 ];
+
+  environment.systemPackages = with pkgs; [
+    vim
+    htop
+    wget
+    git
+    pciutils
+    nix-tree
+  ];
+
+  system.stateVersion = "23.05";
+}
+
     #mopidy = {
     #  enable = true;
     #  configuration = ''
@@ -127,28 +181,3 @@
     #  '';
     #  extensionPackages = with pkgs; [ mopidy-iris mopidy-youtube python3Packages.yt-dlp ];
     #};
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."music.malobeo.org" = {
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:8080";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 6680 80 ];
-
-  environment.systemPackages = with pkgs; [
-    vim
-    htop
-    wget
-    git
-    pciutils
-    nix-tree
-  ];
-
-  system.stateVersion = "23.05";
-}

machines/lucia/secrets.yaml

@@ -1,13 +1,13 @@
 hello: ENC[AES256_GCM,data:3VuyuX7MaLSmor4W22F3FUCGp8SUq4pE6z5nuiZenH07+zEeMAllVCP6g/j1fQ==,iv:A3Oh99AchsmrkMEb4ZRSIigb8Cr+3WlQtsgyZJGpLY8=,tag:TOHF9BaydkRD6cJAndryTg==,type:str]
-njala_api_key: ENC[AES256_GCM,data:cFngyUfg+hATbqK+nizeKGgzriyhqQ+C2cACgvxYX8mbc5BcXSomiw==,iv:c4W9Ow1yQ3F+MG8QLOSbTCJ55+BadtpAZSsB+eEo8cs=,tag:wTeT+feLbx8rYfUEJgfepA==,type:str]
+njala_api_key: ENC[AES256_GCM,data:qXGngMJaAOk2Gb8B4nwMTht9Vp/OEhGmKS5vh1kpi0MyqcsmwuwpWuUz+RWD6NDFn2w/35M=,iv:lsZyCrmcT1xJcLjzK4zkcRYmbKUeLUFYZ7oDfCVJV8c=,tag:WK+aF3XGBRDQuvL87Qdusw==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-10-24T14:43:15Z"
+    lastmodified: "2023-10-24T15:09:51Z"
-    mac: ENC[AES256_GCM,data:GginYeOix/N5Y5SfKYJPAWlrRYWNPRaoqwKkSCIiAhtpTSC6GBXUkbx3a465YP60MIb5e43MhQcpxUN9pOd49yt2Jka9zphBUElitHniRj1NPsFRQxtZIM6bRsrFG3frUT0+1YYNd0x+Nbz+scm+MnZmKuk6+ZnQRMYyJvcb1UQ=,iv:kh/zbW2UGpow6QuUp/9juqKKi2uxwAa/kfhu8hmz0+I=,tag:+E/eJhWgvslvzxorq5KyNQ==,type:str]
+    mac: ENC[AES256_GCM,data:f/wf0EuNmy+ic/k+fHg3IJ8p4I8BftFn6QwGJsXJgTBDspe7Plnwh+kGEqdPg8OEbWy/1niRfCXJa/vKoquWsxL7LUP2lGYT7lj7QYuj2F8fo2WIe2qhCikuxO6Q1asKyBcebYv5KAY/yQlVBYs9X9tcU6Fu4IU2AmJhjYB6m3s=,iv:K3DCEV4/FocdnEulNM9snH4uym8pAZRSmsYbM+rghe4=,tag:429oJE1du0IRl4aDuLzoZA==,type:str]
     pgp:
         - created_at: "2023-10-24T14:42:18Z"
           enc: |