wip

README.md

@@ -1,3 +0,0 @@
-# Leitstelle config management
-
-To deploy, run `./deploy.sh switch <host>`, where the host is nuc or bemmer.

common/default.nix

@@ -1,7 +1,7 @@
 { lib, pkgs, ... }:
 
 {
-  boot.kernelPackages = lib.mkOverride 2000 pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
   boot.kernelParams = [ "quiet" ];
 
   services.openssh.enable = true;
@@ -38,7 +38,6 @@
     vim
     wget
     jq
-    lsof
   ];
 
   programs.bash.shellAliases = {
@@ -50,13 +49,5 @@
     ll = "exa -l";
     la = "exa -la";
     tree = "exa -T";
-    apt = "echo 'please use nix-env -iA nixos.<packagename> instead to install packages.'";
-  };
-
-  users.mutableUsers = false;
-  users.users.c3h = {
-    isNormalUser = true;
-    password = "c3h";
-    extraGroups = [ "wheel" ];
   };
 }

deploy.sh

@@ -6,30 +6,21 @@ cd "$(dirname "$0")"
 if ! command -v nix-build &> /dev/null
 then
 	echo "Nix installation could not be found. Please follow the instructions linked below."
-	echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html"
+	echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html#multi-user-installation"
 	exit
 fi
 
 mode="${1:-switch}"
 host="${2:-nuc}"
-target="${3:-c3h@$host.c3h}"
+target="${3:-$host.c3h}"
-
-if ! [ -d "hosts/$host" ]
-then
-	echo "Host $host does not exist. Choose from:"
-	ls hosts
-	exit
-fi
 
 echo "deploying $host to $target"
 sleep 1
 
+sources=$(nix-build nix/sources-dir.nix --no-out-link)
+
 set -x
-system_drv=$(
+system_drv=$(nix-instantiate "<nixpkgs/nixos>" -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" | head -n1)
-  nix-instantiate "<nixpkgs/nixos>" -A config.system.build.toplevel \
-    -I "$(nix-build nix/sources-dir.nix --no-out-link)" \
-    -I "nixos-config=$PWD/hosts/$host/configuration.nix"
-)
 nix-copy-closure --to $target $system_drv
 system=$(ssh $target "nix-store --realise $system_drv")
 ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode"

hosts/bemmer/configuration.nix

@@ -8,7 +8,7 @@
 
     # services
     ../../shared-services/pulseaudio.nix
-    ../../shared-services/nfs-client.nix
+    #../../shared-services/nfs-server.nix
     ../../shared-services/mpd.nix
     ../../shared-services/ympd.nix
     ../../shared-services/spotifyd.nix
@@ -16,21 +16,28 @@
     ../../shared-services/vnc.nix
     ../../shared-services/webserver.nix
   ];
-
+  users.users.c3h = {
-  # We import sd-image-aarch64.nix so we can build a config.system.build.sdImage
+    isNormalUser = true;
-  # But it imports some modules we don't want, so disable them
+    password = "c3h";
-  disabledModules = [
+    extraGroups = [ "wheel" ];
-    "profiles/base.nix"
+    packages = with pkgs; [ chromium firefox mpv youtube-dl ];
-    "profiles/all-hardware.nix"
+  };
-  ];
 
   networking.hostName = "bemmer";
   networking.domain = "c3h";
+
   networking.useDHCP = true;
 
   nixpkgs.system = "aarch64-linux";
-  hardware.raspberry-pi."4".fkms-3d.enable = true;
+  boot.initrd.availableKernelModules = lib.mkForce [ "vc4" "i2c_bcm2835" ];
-  boot.tmpOnTmpfs = true; # building stuff on sd-card is slow
+  boot.supportedFilesystems = lib.mkForce [ "ext4" "vfat" ];
+  boot.kernelPackages = pkgs.linuxPackages_rpi4;
+  documentation.enable = false;
+
+  hardware.raspberry-pi."4" = {
+    fkms-3d.enable = true;
+    #audio.enable = true;
+  };
 
   system.stateVersion = "21.05";
 }

hosts/nuc/configuration.nix

@@ -8,7 +8,7 @@
 
     # services
     ../../shared-services/pulseaudio.nix
-    ../../shared-services/nfs-client.nix
+    ../../shared-services/nfs-server.nix
     ../../shared-services/mpd.nix
     ../../shared-services/ympd.nix
     ../../shared-services/spotifyd.nix

hosts/nuc/hardware-configuration.nix

@@ -23,7 +23,7 @@
       fsType = "vfat";
     };
 
-  fileSystems."/mnt/hdd" =
+  fileSystems."/mnt" =
     { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c";
       fsType = "btrfs";
     };

modules/spotifyd.nix

@@ -1,68 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.spotifyd;
-  toml = pkgs.formats.toml {};
-  warnConfig =
-    if cfg.config != ""
-    then lib.trace "Using the stringly typed .config attribute is discouraged. Use the TOML typed .settings attribute instead."
-    else id;
-  spotifydConf =
-    if cfg.settings != {}
-    then toml.generate "spotify.conf" cfg.settings
-    else warnConfig (pkgs.writeText "spotifyd.conf" cfg.config);
-in
-{
-  options = {
-    services.spotifyd = {
-      enable = mkEnableOption "spotifyd, a Spotify playing daemon";
-
-      config = mkOption {
-        default = "";
-        type = types.lines;
-        description = ''
-          (Deprecated) Configuration for Spotifyd. For syntax and directives, see
-          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
-        '';
-      };
-
-      settings = mkOption {
-        default = {};
-        type = toml.type;
-        example = { global.bitrate = 320; };
-        description = ''
-          Configuration for Spotifyd. For syntax and directives, see
-          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = cfg.config == "" || cfg.settings == {};
-        message = "At most one of the .config attribute and the .settings attribute may be set";
-      }
-    ];
-
-    systemd.services.spotifyd = {
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network-online.target" "sound.target" ];
-      description = "spotifyd, a Spotify playing daemon";
-      environment.SHELL = "/bin/sh";
-      serviceConfig = {
-        ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
-        Restart = "always";
-        RestartSec = 12;
-        DynamicUser = true;
-        CacheDirectory = "spotifyd";
-        SupplementaryGroups = ["audio"];
-      };
-    };
-  };
-
-  meta.maintainers = [ maintainers.anderslundstedt ];
-}

nix/sources-dir.nix

@@ -9,6 +9,6 @@ in
     lib.concatStringsSep "\n" ([
       "mkdir $out"
     ]
-      ++ lib.mapAttrsToList (name: source: "cp -r --reflink=auto ${source.outPath} $out/${name}") sources
+      ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources
     )
   )

nix/sources.json

@@ -5,10 +5,10 @@
         "homepage": "https://github.com/nmattia/niv",
         "owner": "nmattia",
         "repo": "niv",
-        "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c",
+        "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070",
-        "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm",
+        "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx",
         "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz",
+        "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixos-hardware": {
@@ -17,10 +17,10 @@
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2",
+        "rev": "3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f",
-        "sha256": "173ms858wni43l2p7vqjarm2bnjdhpii0zgn46750nyfff1f2184",
+        "sha256": "10g240brgjz7qi20adwajxwqrqb5zxc79ii1mc20fasgqlf2a8sx",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixos-hardware/archive/2a7063461c3751d83869a2a0a8ebc59e34bec5b2.tar.gz",
+        "url": "https://github.com/NixOS/nixos-hardware/archive/3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
@@ -29,10 +29,10 @@
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "581d2d6c9cd5c289002203581d8aa0861963a933",
+        "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be",
-        "sha256": "1qpmqj075pppa6ihmkacf491lhq7rpxlcm8cm6h18raardsr3irr",
+        "sha256": "02li241rz5668nfyp88zfjilxf0mr9yansa93fbl38hjwkhf3ix6",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/581d2d6c9cd5c289002203581d8aa0861963a933.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }

shared-services/desktop.nix

@@ -1,17 +1,13 @@
 { pkgs, ... }:
 
 {
-  users.users.c3h.packages = with pkgs; [
+  users.mutableUsers = false;
-    chromium
+  users.users.c3h = {
-    firefox
+    isNormalUser = true;
-    mpv
+    password = "c3h";
-    youtube-dl
+    extraGroups = [ "wheel" ];
-    pavucontrol
+    packages = with pkgs; [ chromium firefox mpv youtube-dl ];
-    dosbox
+  };
-    vlc
-    ffmpeg-full
-    sox
-  ];
 
   services.xserver = {
     enable = true;

shared-services/nfs-client.nix

@@ -1,15 +0,0 @@
-{ ... }:
-
-{
-  boot.supportedFilesystems = [ "nfs" ];
-  fileSystems."/mnt/Music" = {
-    device = "10.23.42.126:/music";
-    fsType = "nfs";
-    options = [
-      "nfsvers=4.1"
-      "noauto"
-      "x-systemd.automount"
-      "x-systemd.idle-timeout=600"
-    ];
-  };
-}

shared-services/nfs-server.nix

@@ -0,0 +1,17 @@
+{ ... }:
+
+{
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check)
+    '';
+
+    statdPort = 4000;
+    lockdPort = 4001;
+    mountdPort = 4002;
+  };
+
+  networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ];
+  networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ];
+}

shared-services/pulseaudio.nix

@@ -5,12 +5,8 @@
   sound.enable = true;
   hardware.pulseaudio.enable = true;
   hardware.pulseaudio.systemWide = true;
-  hardware.pulseaudio.package = pkgs.pulseaudioFull;
+  hardware.pulseaudio.package = pkgs.pulseaudio;
   hardware.pulseaudio.tcp.enable = true;
   hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ];
   environment.variables.PULSE_SERVER = "127.0.0.1";
-  hardware.pulseaudio.extraConfig = ''
-    unload-module module-native-protocol-unix
-    load-module module-native-protocol-unix auth-anonymous=1
-  '';
 }

shared-services/spotifyd.nix

@@ -1,36 +1,12 @@
-{ config, pkgs, ... }:
+{ ... }:
 
 {
-  disabledModules = [ "services/audio/spotifyd.nix" ];
-  imports = [ ../modules/spotifyd.nix ];
-
-
   services.spotifyd = {
     enable = true;
-    settings.global = {
+    config = ''
-      bitrate = 320;
+      zeroconf_port = 18572
-      zeroconf_port = 18572;
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.global.zeroconf_port ];
-  networking.firewall.allowedUDPPorts = [ 5353 ];
-
-  systemd.services.restart-spotifyd = {
-    serviceConfig.Type = "oneshot";
-    script = ''
-      ${pkgs.systemd}/bin/systemctl restart spotifyd.service
-      ${pkgs.systemd}/bin/systemctl restart pulseaudio.service
     '';
   };
 
-  systemd.timers.restart-spotifyd = {
+  networking.firewall.allowedTCPPorts = [ 18572 ];
-    wantedBy = [ "timers.target" ];
-    partOf = [ "restart-spotifyd.service" ];
-    timerConfig = {
-      OnCalendar = "*-*-* 07:00:00";
-      Persistent = "True";
-      Unit = "restart-spotifyd.service";
-    };
-  };
 }