stockholm/makefu/1systems/wbob/config.nix

238 lines
7.0 KiB
Nix
Raw Normal View History

2016-08-23 17:13:50 +00:00
{ config, pkgs, lib, ... }:
2017-05-12 09:29:46 +00:00
let
2016-08-23 17:13:50 +00:00
rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
2017-05-12 09:29:46 +00:00
user = config.makefu.gui.user;
2017-12-05 14:15:32 +00:00
primaryIP = "192.168.8.11";
2016-07-20 18:35:30 +00:00
in {
2016-01-19 19:26:38 +00:00
imports =
[ # Include the results of the hardware scan.
<stockholm/makefu>
<stockholm/makefu/2configs/zsh-user.nix>
<stockholm/makefu/2configs/tools/core.nix>
2017-12-05 14:15:32 +00:00
<stockholm/makefu/2configs/disable_v6.nix>
# <stockholm/makefu/2configs/tools/core-gui.nix>
# <stockholm/makefu/2configs/tools/extra-gui.nix>
# <stockholm/makefu/2configs/tools/media.nix>
2017-07-31 12:23:25 +00:00
<stockholm/makefu/2configs/virtualisation/libvirt.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
<stockholm/makefu/2configs/mqtt.nix>
2018-01-29 13:47:00 +00:00
<stockholm/makefu/2configs/gui/wbob-kiosk.nix>
2017-12-05 14:15:32 +00:00
<stockholm/makefu/2configs/stats/client.nix>
2017-05-12 09:29:46 +00:00
2017-12-05 14:15:32 +00:00
2017-07-31 12:23:25 +00:00
# <stockholm/makefu/2configs/gui/studio-virtual.nix>
# <stockholm/makefu/2configs/audio/jack-on-pulse.nix>
# <stockholm/makefu/2configs/audio/realtime-audio.nix>
# <stockholm/makefu/2configs/vncserver.nix>
2017-11-14 09:17:16 +00:00
2017-09-29 19:38:08 +00:00
# Services
<stockholm/makefu/2configs/remote-build/slave.nix>
2017-12-05 14:15:32 +00:00
<stockholm/makefu/2configs/share/wbob.nix>
2018-01-29 13:47:00 +00:00
(let
musicDirectory = "/data/music";
in {
services.mpd = {
enable = true;
inherit musicDirectory;
# dataDir = "/home/anders/.mpd";
network.listenAddress = "any";
extraConfig = ''
audio_output {
type "pulse"
name "Local MPD"
server "127.0.0.1"
}
'';
};
# open because of truestedInterfaces
# networking.firewall.allowedTCPPorts = [ 6600 4713 ];
services.samba.shares.music = {
path = musicDirectory;
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
sound.enable = true;
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.8.0/24" ];
};
configFile = pkgs.writeText "default.pa" ''
load-module module-udev-detect
load-module module-bluetooth-policy
load-module module-bluetooth-discover
load-module module-native-protocol-unix
load-module module-always-sink
load-module module-console-kit
load-module module-systemd-login
load-module module-intended-roles
load-module module-position-event-sounds
load-module module-filter-heuristics
load-module module-filter-apply
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
load-module module-switch-on-connect
'';
};
# connect via https://nixos.wiki/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
})
2017-12-05 14:15:32 +00:00
2017-12-28 15:05:39 +00:00
# Sensors
2017-12-05 14:15:32 +00:00
<stockholm/makefu/2configs/stats/telegraf>
2017-12-08 13:04:35 +00:00
<stockholm/makefu/2configs/deployment/led-fader.nix>
<stockholm/makefu/2configs/stats/external/aralast.nix>
2017-12-05 14:15:32 +00:00
<stockholm/makefu/2configs/stats/telegraf/airsensor.nix>
2017-12-28 15:05:39 +00:00
# <stockholm/makefu/2configs/stats/telegraf/bamstats.nix>
2017-12-08 13:04:35 +00:00
<stockholm/makefu/2configs/deployment/bureautomation>
2017-12-05 14:15:32 +00:00
(let
collectd-port = 25826;
influx-port = 8086;
grafana-port = 3000; # TODO nginx forward
db = "collectd_db";
logging-interface = "enp0s25";
in {
services.grafana.enable = true;
services.grafana.addr = "0.0.0.0";
services.influxdb.enable = true;
services.influxdb.extraConfig = {
meta.hostname = config.krebs.build.host.name;
# meta.logging-enabled = true;
http.bind-address = ":${toString influx-port}";
admin.bind-address = ":8083";
collectd = [{
enabled = true;
typesdb = "${pkgs.collectd}/share/collectd/types.db";
database = db;
bind-address = ":${toString collectd-port}";
}];
};
networking.firewall.extraCommands = ''
iptables -A INPUT -i ${logging-interface} -p tcp --dport ${toString grafana-port} -j ACCEPT
'';
})
2017-11-14 09:17:16 +00:00
# temporary
# <stockholm/makefu/2configs/temp/rst-issue.nix>
2017-09-29 19:38:08 +00:00
];
2016-08-23 17:13:50 +00:00
2016-02-11 16:05:00 +00:00
krebs = {
enable = true;
build.host = config.krebs.hosts.wbob;
};
2016-08-23 17:13:50 +00:00
swapDevices = [ { device = "/var/swap"; } ];
2017-09-29 19:38:08 +00:00
services.collectd.extraConfig = lib.mkAfter ''
2016-08-23 17:13:50 +00:00
2017-09-29 19:38:08 +00:00
#LoadPlugin ping
# does not work because it requires privileges
#<Plugin "ping">
# Host "google.de"
# Host "heise.de"
#</Plugin>
LoadPlugin curl
<Plugin curl>
TotalTime true
NamelookupTime true
ConnectTime true
<Page "google">
MeasureResponseTime true
MeasureResponseCode true
URL "https://google.de"
</Page>
<Page "webde">
MeasureResponseTime true
MeasureResponseCode true
URL "http://web.de"
</Page>
</Plugin>
#LoadPlugin netlink
#<Plugin "netlink">
# Interface "enp0s25"
# Interface "wlp2s0"
# IgnoreSelected false
#</Plugin>
'';
2016-02-11 16:05:00 +00:00
2016-08-23 17:13:50 +00:00
networking.firewall.allowedUDPPorts = [ 655 ];
2017-09-29 19:38:08 +00:00
networking.firewall.allowedTCPPorts = [
655
8081 #smokeping
49152
];
2017-05-11 14:06:41 +00:00
networking.firewall.trustedInterfaces = [ "enp0s25" ];
2016-08-23 17:13:50 +00:00
#services.tinc.networks.siem = {
# name = "display";
# extraConfig = ''
# ConnectTo = sjump
# Port = 1655
# '';
#};
2016-02-11 16:05:00 +00:00
# rt2870.bin wifi card, part of linux-unfree
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
networking.wireless.enable = true;
# rt2870 with nonfree creates wlp2s0 from wlp0s20u2
# not explicitly setting the interface results in wpa_supplicant to crash
networking.wireless.interfaces = [ "wlp2s0" ];
2016-10-19 10:31:13 +00:00
networking.interfaces.virbr1.ip4 = [{
address = "10.8.8.11";
prefixLength = 24;
}];
2016-02-11 16:05:00 +00:00
# nuc hardware
2016-07-20 18:35:30 +00:00
boot.loader.grub.device = rootdisk;
2016-02-11 16:05:00 +00:00
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
2018-01-29 13:47:00 +00:00
boot.kernelModules = [ "kvm-intel"
"snd-seq" "snd-rawmidi"
];
2016-08-23 17:13:50 +00:00
fileSystems = {
"/" = {
2016-07-20 18:35:30 +00:00
device = rootdisk + "-part1";
2016-02-11 16:05:00 +00:00
fsType = "ext4";
2016-08-23 17:13:50 +00:00
};
"/data" = {
device = datadisk + "-part1";
fsType = "ext4";
};
2016-02-11 16:05:00 +00:00
};
# DualHead on NUC
2016-06-27 10:51:21 +00:00
# TODO: update synergy package with these extras (username)
# TODO: add crypto layer
systemd.services."synergy-client" = {
environment.DISPLAY = ":0";
2017-05-12 09:29:46 +00:00
serviceConfig.User = user;
2016-06-27 10:51:21 +00:00
};
2016-02-11 16:05:00 +00:00
2016-06-27 10:51:21 +00:00
services.synergy = {
client = {
enable = true;
screenName = "wbob";
2016-07-28 10:58:54 +00:00
serverAddress = "x.r";
2016-06-27 10:51:21 +00:00
};
};
2016-01-19 19:26:38 +00:00
}