better fix for recent nix versions

The issue is now solved upstream: https://github.com/NixOS/nix/issues/5410

README.md

@@ -0,0 +1,3 @@
+# Leitstelle config management
+
+To deploy, run `./deploy.sh switch <host>`, where the host is nuc or bemmer.

common/default.nix

@@ -1,7 +1,7 @@
 { lib, pkgs, ... }:
 
 {
-  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkOverride 2000 pkgs.linuxPackages_latest;
   boot.kernelParams = [ "quiet" ];
 
   services.openssh.enable = true;
@@ -38,6 +38,7 @@
     vim
     wget
     jq
+    lsof
   ];
 
   programs.bash.shellAliases = {
@@ -49,5 +50,13 @@
     ll = "exa -l";
     la = "exa -la";
     tree = "exa -T";
+    apt = "echo 'please use nix-env -iA nixos.<packagename> instead to install packages.'";
+  };
+
+  users.mutableUsers = false;
+  users.users.c3h = {
+    isNormalUser = true;
+    password = "c3h";
+    extraGroups = [ "wheel" ];
   };
 }

deploy.sh

@@ -6,17 +6,30 @@ cd "$(dirname "$0")"
 if ! command -v nix-build &> /dev/null
 then
 	echo "Nix installation could not be found. Please follow the instructions linked below."
-	echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html#multi-user-installation"
+	echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html"
 	exit
 fi
 
 mode="${1:-switch}"
-host="nuc"
+host="${2:-nuc}"
-target="nuc@nuc.c3h"
+target="${3:-c3h@$host.c3h}"
-#host="${2:-nuc}"
-#target="${3:-$host.c3h}"
 
-sources=$(nix-build nix/sources-dir.nix --no-out-link)
+if ! [ -d "hosts/$host" ]
+then
+	echo "Host $host does not exist. Choose from:"
+	ls hosts
+	exit
+fi
+
+echo "deploying $host to $target"
+sleep 1
 
 set -x
-nixos-rebuild "$mode" --target-host "$target" --use-remote-sudo -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix"
+system_drv=$(
+  nix-instantiate "<nixpkgs/nixos>" -A config.system.build.toplevel \
+    -I "$(nix-build nix/sources-dir.nix --no-out-link)" \
+    -I "nixos-config=$PWD/hosts/$host/configuration.nix"
+)
+nix-copy-closure --to $target $system_drv
+system=$(ssh $target "nix-store --realise $system_drv")
+ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode"

hosts/bemmer/configuration.nix

@@ -0,0 +1,36 @@
+{ modulesPath, lib, pkgs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+    <nixos-hardware/raspberry-pi/4>
+    ../../common
+
+    # services
+    ../../shared-services/pulseaudio.nix
+    ../../shared-services/nfs-client.nix
+    ../../shared-services/mpd.nix
+    ../../shared-services/ympd.nix
+    ../../shared-services/spotifyd.nix
+    ../../shared-services/desktop.nix
+    ../../shared-services/vnc.nix
+    ../../shared-services/webserver.nix
+  ];
+
+  # We import sd-image-aarch64.nix so we can build a config.system.build.sdImage
+  # But it imports some modules we don't want, so disable them
+  disabledModules = [
+    "profiles/base.nix"
+    "profiles/all-hardware.nix"
+  ];
+
+  networking.hostName = "bemmer";
+  networking.domain = "c3h";
+  networking.useDHCP = true;
+
+  nixpkgs.system = "aarch64-linux";
+  hardware.raspberry-pi."4".fkms-3d.enable = true;
+  boot.tmpOnTmpfs = true; # building stuff on sd-card is slow
+
+  system.stateVersion = "21.05";
+}

hosts/nuc/configuration.nix

@@ -3,17 +3,18 @@
 {
   imports = [
     ./hardware-configuration.nix
+    <nixos-hardware/common/cpu/intel>
     ../../common
 
     # services
-    ./pulseaudio.nix
+    ../../shared-services/pulseaudio.nix
-    ./nfs-server.nix
+    ../../shared-services/nfs-client.nix
-    ./mpd.nix
+    ../../shared-services/mpd.nix
-    ./ympd.nix
+    ../../shared-services/ympd.nix
-    ./spotifyd.nix
+    ../../shared-services/spotifyd.nix
-    ./desktop.nix
+    ../../shared-services/desktop.nix
-    ./vnc.nix
+    ../../shared-services/vnc.nix
-    ./webserver.nix
+    ../../shared-services/webserver.nix
   ];
 
   networking.hostName = "nuc";

hosts/nuc/hardware-configuration.nix

@@ -23,7 +23,7 @@
       fsType = "vfat";
     };
 
-  fileSystems."/mnt" =
+  fileSystems."/mnt/hdd" =
     { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c";
       fsType = "btrfs";
     };

hosts/nuc/nfs-server.nix

@@ -1,17 +0,0 @@
-{ ... }:
-
-{
-  services.nfs.server = {
-    enable = true;
-    exports = ''
-      /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check)
-    '';
-
-    statdPort = 4000;
-    lockdPort = 4001;
-    mountdPort = 4002;
-  };
-
-  networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ];
-  networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ];
-}

hosts/nuc/spotifyd.nix

@@ -1,12 +0,0 @@
-{ ... }:
-
-{
-  services.spotifyd = {
-    enable = true;
-    config = ''
-      zeroconf_port = 18572
-    '';
-  };
-
-  networking.firewall.allowedTCPPorts = [ 18572 ];
-}

modules/spotifyd.nix

@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.spotifyd;
+  toml = pkgs.formats.toml {};
+  warnConfig =
+    if cfg.config != ""
+    then lib.trace "Using the stringly typed .config attribute is discouraged. Use the TOML typed .settings attribute instead."
+    else id;
+  spotifydConf =
+    if cfg.settings != {}
+    then toml.generate "spotify.conf" cfg.settings
+    else warnConfig (pkgs.writeText "spotifyd.conf" cfg.config);
+in
+{
+  options = {
+    services.spotifyd = {
+      enable = mkEnableOption "spotifyd, a Spotify playing daemon";
+
+      config = mkOption {
+        default = "";
+        type = types.lines;
+        description = ''
+          (Deprecated) Configuration for Spotifyd. For syntax and directives, see
+          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
+        '';
+      };
+
+      settings = mkOption {
+        default = {};
+        type = toml.type;
+        example = { global.bitrate = 320; };
+        description = ''
+          Configuration for Spotifyd. For syntax and directives, see
+          <link xlink:href="https://github.com/Spotifyd/spotifyd#Configuration"/>.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.config == "" || cfg.settings == {};
+        message = "At most one of the .config attribute and the .settings attribute may be set";
+      }
+    ];
+
+    systemd.services.spotifyd = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" "sound.target" ];
+      description = "spotifyd, a Spotify playing daemon";
+      environment.SHELL = "/bin/sh";
+      serviceConfig = {
+        ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}";
+        Restart = "always";
+        RestartSec = 12;
+        DynamicUser = true;
+        CacheDirectory = "spotifyd";
+        SupplementaryGroups = ["audio"];
+      };
+    };
+  };
+
+  meta.maintainers = [ maintainers.anderslundstedt ];
+}

nix/sources-dir.nix

@@ -9,6 +9,6 @@ in
     lib.concatStringsSep "\n" ([
       "mkdir $out"
     ]
-      ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources
+      ++ lib.mapAttrsToList (name: source: "cp -r --reflink=auto ${source.outPath} $out/${name}") sources
     )
   )

nix/sources.json

@@ -5,22 +5,34 @@
         "homepage": "https://github.com/nmattia/niv",
         "owner": "nmattia",
         "repo": "niv",
-        "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070",
+        "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c",
-        "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx",
+        "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm",
         "type": "tarball",
-        "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
+        "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
+    "nixos-hardware": {
+        "branch": "master",
+        "description": "A collection of NixOS modules covering hardware quirks.",
+        "homepage": "",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2",
+        "sha256": "173ms858wni43l2p7vqjarm2bnjdhpii0zgn46750nyfff1f2184",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixos-hardware/archive/2a7063461c3751d83869a2a0a8ebc59e34bec5b2.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "nixpkgs": {
-        "branch": "nixos-21.05",
+        "branch": "nixos-unstable",
         "description": "Nix Packages collection",
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3",
+        "rev": "581d2d6c9cd5c289002203581d8aa0861963a933",
-        "sha256": "08vvir0npyrdx85ypiannwzvyryqdw3749bghffhdsq2dgz1cx8z",
+        "sha256": "1qpmqj075pppa6ihmkacf491lhq7rpxlcm8cm6h18raardsr3irr",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/70904d4a9927a4d6e05c72c4aaac4370e05107f3.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/581d2d6c9cd5c289002203581d8aa0861963a933.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }

shared-services/desktop.nix

@@ -1,13 +1,17 @@
 { pkgs, ... }:
 
 {
-  users.mutableUsers = false;
+  users.users.c3h.packages = with pkgs; [
-  users.users.c3h = {
+    chromium
-    isNormalUser = true;
+    firefox
-    password = "c3h";
+    mpv
-    extraGroups = [ "wheel" ];
+    youtube-dl
-    packages = with pkgs; [ chromium firefox mpv youtube-dl ];
+    pavucontrol
-  };
+    dosbox
+    vlc
+    ffmpeg-full
+    sox
+  ];
 
   services.xserver = {
     enable = true;

shared-services/nfs-client.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  boot.supportedFilesystems = [ "nfs" ];
+  fileSystems."/mnt/Music" = {
+    device = "10.23.42.126:/music";
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.1"
+      "noauto"
+      "x-systemd.automount"
+      "x-systemd.idle-timeout=600"
+    ];
+  };
+}

shared-services/pulseaudio.nix

@@ -5,7 +5,12 @@
   sound.enable = true;
   hardware.pulseaudio.enable = true;
   hardware.pulseaudio.systemWide = true;
-  hardware.pulseaudio.package = pkgs.pulseaudio;
+  hardware.pulseaudio.package = pkgs.pulseaudioFull;
   hardware.pulseaudio.tcp.enable = true;
   hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ];
+  environment.variables.PULSE_SERVER = "127.0.0.1";
+  hardware.pulseaudio.extraConfig = ''
+    unload-module module-native-protocol-unix
+    load-module module-native-protocol-unix auth-anonymous=1
+  '';
 }

shared-services/spotifyd.nix

@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+{
+  disabledModules = [ "services/audio/spotifyd.nix" ];
+  imports = [ ../modules/spotifyd.nix ];
+
+
+  services.spotifyd = {
+    enable = true;
+    settings.global = {
+      bitrate = 320;
+      zeroconf_port = 18572;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.global.zeroconf_port ];
+  networking.firewall.allowedUDPPorts = [ 5353 ];
+
+  systemd.services.restart-spotifyd = {
+    serviceConfig.Type = "oneshot";
+    script = ''
+      ${pkgs.systemd}/bin/systemctl restart spotifyd.service
+      ${pkgs.systemd}/bin/systemctl restart pulseaudio.service
+    '';
+  };
+
+  systemd.timers.restart-spotifyd = {
+    wantedBy = [ "timers.target" ];
+    partOf = [ "restart-spotifyd.service" ];
+    timerConfig = {
+      OnCalendar = "*-*-* 07:00:00";
+      Persistent = "True";
+      Unit = "restart-spotifyd.service";
+    };
+  };
+}