kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity
Files
5b735b864b9b74f9a6c4d8997baf0032b1df1119
infrastructure/machines/lucia/configuration.nix
kalipso 5b735b864b [lucia] fix config
2023-12-05 18:48:46 +01:00

172 lines
4.0 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
sshKeys = import ../ssh_keys.nix;
in
{
imports =
[ # Include the results of the hardware scan.
../modules/malobeo_user.nix
];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.njala_api_key = {};
services.openssh.enable = true;
services.openssh.ports = [ 22 ];
services.openssh.passwordAuthentication = false;
services.openssh.settings.PermitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = false;
boot.loader.raspberryPi.version = 3;
boot.loader.raspberryPi.uboot.enable = true;
boot.loader.raspberryPi.firmwareConfig = ''
dtparam=audio=on
hdmi_ignore_edid_audio=1
audio_pwm_mode=2
'';
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
networking.hostName = "lucia"; # Define your hostname.
networking.dhcpcd.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
# hardware audio support:
sound.enable = true;
services = {
#mopidy = {
# enable = true;
# configuration = ''
# [audio]
# output = alsasink
# [mpd]
# enabled = true
# hostname = ::
#
# [core]
# restore_state = true
#
# [http]
# allowed_origins =
# music.malobeo.org
# https://music.malobeo.org
#
# [youtube]
# allow_cache = true
# youtube_dl_package = yt_dlp
#
# [file]
# enabled = true
# media_dirs = /var/lib/mpd/music/
# '';
# extensionPackages = with pkgs; [ mopidy-iris mopidy-mpd mopidy-youtube python3Packages.yt-dlp ];
#};
dokuwiki.sites."wiki.malobeo.org" = {
enable = true;
#acl = "* @ALL 8"; # everyone can edit using this config
# note there is a users file at
# /var/lib/dokuwiki/<wiki-name>/users.auth.php
# makes sense to edit it by hand
#superUser = "@admin";
#plugins = let
# plugin-todo = pkgs.stdenv.mkDerivation {
# name = "todo";
# src = pkgs.fetchFromGitHub {
# owner = "leibler";
# repo = "dokuwiki-plugin-todo";
# rev = "7e36f4fffc46df9e2fd116d7d6dc326202530b71";
# sha256 = "sha256-o794cFdnVEUHvLRP/UzrD26fzNGa9gYzR7sw2Ns8tvo=";
# };
# buildInputs = [ pkgs.unzip ];
# installPhase = "mkdir -p $out; cp -R * $out/";
# };
#in [ plugin-todo ];
#disableActions = "register";
settings = {
title = "malobeo wiki";
lang = "en";
useacl = true;
superuser = "admin";
password = "admin";
};
};
mpd = {
enable = true;
musicDirectory = "/var/lib/mpd/music";
extraConfig = ''
audio_output {
type "alsa"
name "My ALSA"
device "hw:0,0" # optional
format "44100:16:2" # optional
mixer_type "hardware"
mixer_device "default"
mixer_control "PCM"
}
'';
# Optional:
network.listenAddress = "any"; # if you want to allow non-localhost connections
startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket
};
ympd = {
enable = true;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "malobeo@systemli.org";
defaults = {
dnsProvider = "njalla";
credentialsFile = config.sops.secrets.njala_api_key.path;
dnsPropagationCheck = false;
};
};
services.nginx = {
enable = true;
virtualHosts."music.malobeo.org" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.systemPackages = with pkgs; [
vim
htop
wget
git
pciutils
nix-tree
];
system.stateVersion = "23.05";
}
Reference in New Issue View Git Blame Copy Permalink