diff --git a/README.md b/README.md new file mode 100644 index 0000000..64e9b7e --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Leitstelle config management + +To deploy, run `./deploy.sh switch `, where the host is nuc or bemmer. diff --git a/common/default.nix b/common/default.nix index 838bb20..73f681d 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,7 +1,7 @@ { lib, pkgs, ... }: { - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + boot.kernelPackages = lib.mkOverride 2000 pkgs.linuxPackages_latest; boot.kernelParams = [ "quiet" ]; services.openssh.enable = true; @@ -38,6 +38,7 @@ vim wget jq + lsof ]; programs.bash.shellAliases = { @@ -49,5 +50,13 @@ ll = "exa -l"; la = "exa -la"; tree = "exa -T"; + apt = "echo 'please use nix-env -iA nixos. instead to install packages.'"; + }; + + users.mutableUsers = false; + users.users.c3h = { + isNormalUser = true; + password = "c3h"; + extraGroups = [ "wheel" ]; }; } diff --git a/deploy.sh b/deploy.sh index c19b0a8..46240ad 100755 --- a/deploy.sh +++ b/deploy.sh @@ -6,17 +6,30 @@ cd "$(dirname "$0")" if ! command -v nix-build &> /dev/null then echo "Nix installation could not be found. Please follow the instructions linked below." - echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html#multi-user-installation" + echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html" exit fi mode="${1:-switch}" -host="nuc" -target="nuc@nuc.c3h" -#host="${2:-nuc}" -#target="${3:-$host.c3h}" +host="${2:-nuc}" +target="${3:-c3h@$host.c3h}" -sources=$(nix-build nix/sources-dir.nix --no-out-link) +if ! [ -d "hosts/$host" ] +then + echo "Host $host does not exist. Choose from:" + ls hosts + exit +fi + +echo "deploying $host to $target" +sleep 1 set -x -nixos-rebuild "$mode" --target-host "$target" --use-remote-sudo -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" +system_drv=$( + nix-instantiate "" -A config.system.build.toplevel \ + -I "$(nix-build nix/sources-dir.nix --no-out-link)" \ + -I "nixos-config=$PWD/hosts/$host/configuration.nix" +) +nix-copy-closure --to $target $system_drv +system=$(ssh $target "nix-store --realise $system_drv") +ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode" diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix new file mode 100644 index 0000000..e7d0951 --- /dev/null +++ b/hosts/bemmer/configuration.nix @@ -0,0 +1,36 @@ +{ modulesPath, lib, pkgs, ... }: + +{ + imports = [ + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + + ../../common + + # services + ../../shared-services/pulseaudio.nix + ../../shared-services/nfs-client.nix + ../../shared-services/mpd.nix + ../../shared-services/ympd.nix + ../../shared-services/spotifyd.nix + ../../shared-services/desktop.nix + ../../shared-services/vnc.nix + ../../shared-services/webserver.nix + ]; + + # We import sd-image-aarch64.nix so we can build a config.system.build.sdImage + # But it imports some modules we don't want, so disable them + disabledModules = [ + "profiles/base.nix" + "profiles/all-hardware.nix" + ]; + + networking.hostName = "bemmer"; + networking.domain = "c3h"; + networking.useDHCP = true; + + nixpkgs.system = "aarch64-linux"; + hardware.raspberry-pi."4".fkms-3d.enable = true; + boot.tmpOnTmpfs = true; # building stuff on sd-card is slow + + system.stateVersion = "21.05"; +} diff --git a/hosts/nuc/configuration.nix b/hosts/nuc/configuration.nix index 741c50e..56cea2e 100644 --- a/hosts/nuc/configuration.nix +++ b/hosts/nuc/configuration.nix @@ -3,17 +3,18 @@ { imports = [ ./hardware-configuration.nix + ../../common # services - ./pulseaudio.nix - ./nfs-server.nix - ./mpd.nix - ./ympd.nix - ./spotifyd.nix - ./desktop.nix - ./vnc.nix - ./webserver.nix + ../../shared-services/pulseaudio.nix + ../../shared-services/nfs-client.nix + ../../shared-services/mpd.nix + ../../shared-services/ympd.nix + ../../shared-services/spotifyd.nix + ../../shared-services/desktop.nix + ../../shared-services/vnc.nix + ../../shared-services/webserver.nix ]; networking.hostName = "nuc"; diff --git a/hosts/nuc/hardware-configuration.nix b/hosts/nuc/hardware-configuration.nix index ef0e54b..4355e9e 100644 --- a/hosts/nuc/hardware-configuration.nix +++ b/hosts/nuc/hardware-configuration.nix @@ -23,7 +23,7 @@ fsType = "vfat"; }; - fileSystems."/mnt" = + fileSystems."/mnt/hdd" = { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c"; fsType = "btrfs"; }; diff --git a/hosts/nuc/nfs-server.nix b/hosts/nuc/nfs-server.nix deleted file mode 100644 index 8a6f8ca..0000000 --- a/hosts/nuc/nfs-server.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.nfs.server = { - enable = true; - exports = '' - /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check) - ''; - - statdPort = 4000; - lockdPort = 4001; - mountdPort = 4002; - }; - - networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ]; - networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ]; -} diff --git a/hosts/nuc/spotifyd.nix b/hosts/nuc/spotifyd.nix deleted file mode 100644 index 7cf79ce..0000000 --- a/hosts/nuc/spotifyd.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - services.spotifyd = { - enable = true; - config = '' - zeroconf_port = 18572 - ''; - }; - - networking.firewall.allowedTCPPorts = [ 18572 ]; -} diff --git a/modules/spotifyd.nix b/modules/spotifyd.nix new file mode 100644 index 0000000..2e72596 --- /dev/null +++ b/modules/spotifyd.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.spotifyd; + toml = pkgs.formats.toml {}; + warnConfig = + if cfg.config != "" + then lib.trace "Using the stringly typed .config attribute is discouraged. Use the TOML typed .settings attribute instead." + else id; + spotifydConf = + if cfg.settings != {} + then toml.generate "spotify.conf" cfg.settings + else warnConfig (pkgs.writeText "spotifyd.conf" cfg.config); +in +{ + options = { + services.spotifyd = { + enable = mkEnableOption "spotifyd, a Spotify playing daemon"; + + config = mkOption { + default = ""; + type = types.lines; + description = '' + (Deprecated) Configuration for Spotifyd. For syntax and directives, see + . + ''; + }; + + settings = mkOption { + default = {}; + type = toml.type; + example = { global.bitrate = 320; }; + description = '' + Configuration for Spotifyd. For syntax and directives, see + . + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.config == "" || cfg.settings == {}; + message = "At most one of the .config attribute and the .settings attribute may be set"; + } + ]; + + systemd.services.spotifyd = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "sound.target" ]; + description = "spotifyd, a Spotify playing daemon"; + environment.SHELL = "/bin/sh"; + serviceConfig = { + ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}"; + Restart = "always"; + RestartSec = 12; + DynamicUser = true; + CacheDirectory = "spotifyd"; + SupplementaryGroups = ["audio"]; + }; + }; + }; + + meta.maintainers = [ maintainers.anderslundstedt ]; +} \ No newline at end of file diff --git a/nix/sources-dir.nix b/nix/sources-dir.nix index 223fc00..e5fa9bf 100644 --- a/nix/sources-dir.nix +++ b/nix/sources-dir.nix @@ -9,6 +9,6 @@ in lib.concatStringsSep "\n" ([ "mkdir $out" ] - ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources + ++ lib.mapAttrsToList (name: source: "cp -r --reflink=auto ${source.outPath} $out/${name}") sources ) ) diff --git a/nix/sources.json b/nix/sources.json index d23d445..2b7fc09 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -5,22 +5,34 @@ "homepage": "https://github.com/nmattia/niv", "owner": "nmattia", "repo": "niv", - "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070", - "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx", + "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c", + "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm", "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", + "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "nixos-hardware": { + "branch": "master", + "description": "A collection of NixOS modules covering hardware quirks.", + "homepage": "", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2", + "sha256": "173ms858wni43l2p7vqjarm2bnjdhpii0zgn46750nyfff1f2184", + "type": "tarball", + "url": "https://github.com/NixOS/nixos-hardware/archive/2a7063461c3751d83869a2a0a8ebc59e34bec5b2.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { - "branch": "nixos-21.05", + "branch": "nixos-unstable", "description": "Nix Packages collection", "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", - "sha256": "08vvir0npyrdx85ypiannwzvyryqdw3749bghffhdsq2dgz1cx8z", + "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", + "sha256": "1qpmqj075pppa6ihmkacf491lhq7rpxlcm8cm6h18raardsr3irr", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/70904d4a9927a4d6e05c72c4aaac4370e05107f3.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/581d2d6c9cd5c289002203581d8aa0861963a933.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } diff --git a/hosts/nuc/desktop.nix b/shared-services/desktop.nix similarity index 86% rename from hosts/nuc/desktop.nix rename to shared-services/desktop.nix index f11fb04..7bb36d0 100644 --- a/hosts/nuc/desktop.nix +++ b/shared-services/desktop.nix @@ -1,13 +1,17 @@ { pkgs, ... }: { - users.mutableUsers = false; - users.users.c3h = { - isNormalUser = true; - password = "c3h"; - extraGroups = [ "wheel" ]; - packages = with pkgs; [ chromium firefox mpv youtube-dl ]; - }; + users.users.c3h.packages = with pkgs; [ + chromium + firefox + mpv + youtube-dl + pavucontrol + dosbox + vlc + ffmpeg-full + sox + ]; services.xserver = { enable = true; diff --git a/hosts/nuc/mpd.nix b/shared-services/mpd.nix similarity index 100% rename from hosts/nuc/mpd.nix rename to shared-services/mpd.nix diff --git a/shared-services/nfs-client.nix b/shared-services/nfs-client.nix new file mode 100644 index 0000000..1659449 --- /dev/null +++ b/shared-services/nfs-client.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + boot.supportedFilesystems = [ "nfs" ]; + fileSystems."/mnt/Music" = { + device = "10.23.42.126:/music"; + fsType = "nfs"; + options = [ + "nfsvers=4.1" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=600" + ]; + }; +} diff --git a/hosts/nuc/pulseaudio.nix b/shared-services/pulseaudio.nix similarity index 55% rename from hosts/nuc/pulseaudio.nix rename to shared-services/pulseaudio.nix index 7bb6565..a3b516b 100644 --- a/hosts/nuc/pulseaudio.nix +++ b/shared-services/pulseaudio.nix @@ -5,7 +5,12 @@ sound.enable = true; hardware.pulseaudio.enable = true; hardware.pulseaudio.systemWide = true; - hardware.pulseaudio.package = pkgs.pulseaudio; + hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.tcp.enable = true; hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ]; + environment.variables.PULSE_SERVER = "127.0.0.1"; + hardware.pulseaudio.extraConfig = '' + unload-module module-native-protocol-unix + load-module module-native-protocol-unix auth-anonymous=1 + ''; } diff --git a/shared-services/spotifyd.nix b/shared-services/spotifyd.nix new file mode 100644 index 0000000..c3ce6c4 --- /dev/null +++ b/shared-services/spotifyd.nix @@ -0,0 +1,36 @@ +{ config, pkgs, ... }: + +{ + disabledModules = [ "services/audio/spotifyd.nix" ]; + imports = [ ../modules/spotifyd.nix ]; + + + services.spotifyd = { + enable = true; + settings.global = { + bitrate = 320; + zeroconf_port = 18572; + }; + }; + + networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.global.zeroconf_port ]; + networking.firewall.allowedUDPPorts = [ 5353 ]; + + systemd.services.restart-spotifyd = { + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.systemd}/bin/systemctl restart spotifyd.service + ${pkgs.systemd}/bin/systemctl restart pulseaudio.service + ''; + }; + + systemd.timers.restart-spotifyd = { + wantedBy = [ "timers.target" ]; + partOf = [ "restart-spotifyd.service" ]; + timerConfig = { + OnCalendar = "*-*-* 07:00:00"; + Persistent = "True"; + Unit = "restart-spotifyd.service"; + }; + }; +} diff --git a/hosts/nuc/vnc.nix b/shared-services/vnc.nix similarity index 100% rename from hosts/nuc/vnc.nix rename to shared-services/vnc.nix diff --git a/hosts/nuc/webserver.nix b/shared-services/webserver.nix similarity index 100% rename from hosts/nuc/webserver.nix rename to shared-services/webserver.nix diff --git a/hosts/nuc/ympd.nix b/shared-services/ympd.nix similarity index 100% rename from hosts/nuc/ympd.nix rename to shared-services/ympd.nix