ahtlon/infrastructure
1
0
Fork 0
forked from kalipso/infrastructure
Code Pull Requests Activity
Files
cc5701a3b9513651fcf4971423e4e92ac5d3df14
infrastructure/machines/lucia/configuration.nix
kalipso 435dfa170b [lucia] disable pulse
2024-10-24 13:34:36 +02:00

258 lines
6.0 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
sshKeys = import ../ssh_keys.nix;
in
{
imports =
[ # Include the results of the hardware scan.
../modules/malobeo_user.nix
];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.njala_api_key = {};
services.openssh.enable = true;
services.openssh.ports = [ 22 ];
services.openssh.passwordAuthentication = false;
services.openssh.settings.PermitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = false;
boot.loader.raspberryPi.version = 3;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.firmwareConfig = ''
dtparam=audio=on
hdmi_ignore_edid_audio=1
audio_pwm_mode=2
'';
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
networking.hostName = "lucia"; # Define your hostname.
networking.dhcpcd.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
# hardware audio support:
sound.enable = true;
services = {
dokuwiki.sites."wiki.malobeo.org" = {
enable = true;
#acl = "* @ALL 8"; # everyone can edit using this config
# note there is a users file at
# /var/lib/dokuwiki/<wiki-name>/users.auth.php
# makes sense to edit it by hand
#superUser = "@admin";
#plugins = let
# plugin-todo = pkgs.stdenv.mkDerivation {
# name = "todo";
# src = pkgs.fetchFromGitHub {
# owner = "leibler";
# repo = "dokuwiki-plugin-todo";
# rev = "7e36f4fffc46df9e2fd116d7d6dc326202530b71";
# sha256 = "sha256-o794cFdnVEUHvLRP/UzrD26fzNGa9gYzR7sw2Ns8tvo=";
# };
# buildInputs = [ pkgs.unzip ];
# installPhase = "mkdir -p $out; cp -R * $out/";
# };
#in [ plugin-todo ];
#disableActions = "register";
settings = {
title = "malobeo wiki";
lang = "en";
useacl = true;
superuser = "admin";
password = "admin";
};
};
mpd = {
enable = true;
musicDirectory = "/var/lib/mpd/music";
extraConfig = ''
audio_output {
type "alsa"
name "My ALSA"
device "hw:0,0" # optional
format "44100:16:2" # optional
mixer_type "hardware"
mixer_device "default"
mixer_control "PCM"
}
'';
# Optional:
network.listenAddress = "any"; # if you want to allow non-localhost connections
startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket
};
ympd = {
enable = true;
};
#samba = {
# enable = true;
# securityType = "user";
# openFirewall = true;
# extraConfig = ''
# workgroup = maloinfra
# server string = smbmalo
# netbios name = smbmalo
# security = user
# #use sendfile = yes
# max protocol = smb2
# # note: localhost is the ipv6 localhost ::1
# hosts allow = 192.168.1. 127.0.0.1 localhost
# hosts deny = 0.0.0.0/0
# guest account = nobody
# map to guest = bad user
# '';
# shares = {
# zines = {
# comment = "malobeo Zines";
# path = "/var/sambaShares/zines";
# browseable = "yes";
# "read only" = "no";
# "guest ok" = "yes";
# "create mask" = "0644";
# "directory mask" = "0755";
# #"force user" = "username";
# #"force group" = "groupname";
# "write list" = "malobeo";
# "read list" = "guest nobody";
# };
# #private = {
# # path = "/mnt/Shares/Private";
# # browseable = "yes";
# # "read only" = "no";
# # "guest ok" = "no";
# # "create mask" = "0644";
# # "directory mask" = "0755";
# # "force user" = "username";
# # "force group" = "groupname";
# #};
# };
#};
#samba-wsdd = {
# enable = true;
# openFirewall = true;
#};
hedgedoc = {
enable = true;
settings = {
#allowAnonymousEdits = true;
#allowEmailRegister = false;
#allowFreeURL = true;
allowOrigin = [ "localhost" "pad.malobeo.org" ];
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
domain = "pad.malobeo.org";
port = 3333;
useSSL = false;
protocolUseSSL = false;
};
};
};
environment.systemPackages = with pkgs; [
mpd
mpv
ncmpcpp
ncpamixer
# pulseaudio
vim
htop
wget
git
pciutils
nix-tree
];
#hardware.pulseaudio = {
# enable = true;
# systemWide = true;
# tcp = {
# enable = true;
# anonymousClients.allowedIpRanges = [
# "127.0.0.0/8"
# "192.168.1.0/24"
# ];
# };
# zeroconf.publish.enable = true;
#};
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "malobeo@systemli.org";
defaults = {
dnsProvider = "njalla";
credentialsFile = config.sops.secrets.njala_api_key.path;
dnsPropagationCheck = false;
};
};
services.nginx = {
enable = true;
virtualHosts."music.malobeo.org" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
};
virtualHosts."pad.malobeo.org" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://localhost:3333";
#proxyWebsockets = true;
};
locations."/socket.io/" = {
proxyPass = "http://localhost:3333";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;"
;
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 4713 ];
networking.firewall.allowedUDPPorts = [ 5353 9875 ];
system.stateVersion = "23.05";
}
View Git Blame Copy Permalink