{ config, pkgs, ... }: let sshKeys = import ../ssh_keys.nix; in { imports = [ # Include the results of the hardware scan. ../modules/malobeo_user.nix ]; sops.defaultSopsFile = ./secrets.yaml; sops.secrets.njala_api_key = {}; services.openssh.enable = true; services.openssh.ports = [ 22 ]; services.openssh.passwordAuthentication = false; services.openssh.settings.PermitRootLogin = "prohibit-password"; users.users.root.openssh.authorizedKeys.keys = sshKeys.admins; # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) boot.loader.grub.enable = false; boot.loader.raspberryPi.enable = false; boot.loader.raspberryPi.version = 3; boot.loader.raspberryPi.uboot.enable = true; boot.loader.raspberryPi.firmwareConfig = '' dtparam=audio=on hdmi_ignore_edid_audio=1 audio_pwm_mode=2 ''; # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; networking.hostName = "lucia"; # Define your hostname. networking.dhcpcd.enable = true; # Set your time zone. time.timeZone = "Europe/Berlin"; # hardware audio support: sound.enable = true; services = { dokuwiki.sites."wiki.malobeo.org" = { enable = true; #acl = "* @ALL 8"; # everyone can edit using this config # note there is a users file at # /var/lib/dokuwiki//users.auth.php # makes sense to edit it by hand #superUser = "@admin"; #plugins = let # plugin-todo = pkgs.stdenv.mkDerivation { # name = "todo"; # src = pkgs.fetchFromGitHub { # owner = "leibler"; # repo = "dokuwiki-plugin-todo"; # rev = "7e36f4fffc46df9e2fd116d7d6dc326202530b71"; # sha256 = "sha256-o794cFdnVEUHvLRP/UzrD26fzNGa9gYzR7sw2Ns8tvo="; # }; # buildInputs = [ pkgs.unzip ]; # installPhase = "mkdir -p $out; cp -R * $out/"; # }; #in [ plugin-todo ]; #disableActions = "register"; settings = { title = "malobeo wiki"; lang = "en"; useacl = true; superuser = "admin"; password = "admin"; }; }; mpd = { enable = true; musicDirectory = "/var/lib/mpd/music"; extraConfig = '' audio_output { type "alsa" name "My ALSA" device "hw:0,0" # optional format "44100:16:2" # optional mixer_type "hardware" mixer_device "default" mixer_control "PCM" } ''; # Optional: network.listenAddress = "any"; # if you want to allow non-localhost connections startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket }; ympd = { enable = true; }; #samba = { # enable = true; # securityType = "user"; # openFirewall = true; # extraConfig = '' # workgroup = maloinfra # server string = smbmalo # netbios name = smbmalo # security = user # #use sendfile = yes # max protocol = smb2 # # note: localhost is the ipv6 localhost ::1 # hosts allow = 192.168.1. 127.0.0.1 localhost # hosts deny = 0.0.0.0/0 # guest account = nobody # map to guest = bad user # ''; # shares = { # zines = { # comment = "malobeo Zines"; # path = "/var/sambaShares/zines"; # browseable = "yes"; # "read only" = "no"; # "guest ok" = "yes"; # "create mask" = "0644"; # "directory mask" = "0755"; # #"force user" = "username"; # #"force group" = "groupname"; # "write list" = "malobeo"; # "read list" = "guest nobody"; # }; # #private = { # # path = "/mnt/Shares/Private"; # # browseable = "yes"; # # "read only" = "no"; # # "guest ok" = "no"; # # "create mask" = "0644"; # # "directory mask" = "0755"; # # "force user" = "username"; # # "force group" = "groupname"; # #}; # }; #}; #samba-wsdd = { # enable = true; # openFirewall = true; #}; hedgedoc = { enable = true; settings = { #allowAnonymousEdits = true; #allowEmailRegister = false; #allowFreeURL = true; allowOrigin = [ "localhost" "pad.malobeo.org" ]; db = { dialect = "sqlite"; storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; }; domain = "pad.malobeo.org"; port = 3333; useSSL = false; protocolUseSSL = false; }; }; }; environment.systemPackages = with pkgs; [ mpd mpv ncmpcpp ncpamixer # pulseaudio vim htop wget git pciutils nix-tree ]; #hardware.pulseaudio = { # enable = true; # systemWide = true; # tcp = { # enable = true; # anonymousClients.allowedIpRanges = [ # "127.0.0.0/8" # "192.168.1.0/24" # ]; # }; # zeroconf.publish.enable = true; #}; services.avahi = { enable = true; nssmdns = true; publish = { enable = true; addresses = true; userServices = true; }; }; security.acme = { acceptTerms = true; defaults.email = "malobeo@systemli.org"; defaults = { dnsProvider = "njalla"; credentialsFile = config.sops.secrets.njala_api_key.path; dnsPropagationCheck = false; }; }; services.nginx = { enable = true; virtualHosts."music.malobeo.org" = { enableACME = true; forceSSL = true; acmeRoot = null; locations."/" = { proxyPass = "http://127.0.0.1:8080"; proxyWebsockets = true; }; }; virtualHosts."pad.malobeo.org" = { enableACME = true; forceSSL = true; acmeRoot = null; locations."/" = { proxyPass = "http://localhost:3333"; #proxyWebsockets = true; }; locations."/socket.io/" = { proxyPass = "http://localhost:3333"; proxyWebsockets = true; extraConfig = "proxy_ssl_server_name on;" ; }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 4713 ]; networking.firewall.allowedUDPPorts = [ 5353 9875 ]; system.stateVersion = "23.05"; }