move desktop-related programs to shared-services/desktop

use settings attribute

common/default.nix

@@ -1,7 +1,7 @@
 { lib, pkgs, ... }:
 
 {
-  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  boot.kernelPackages = lib.mkOverride 2000 pkgs.linuxPackages_latest;
   boot.kernelParams = [ "quiet" ];
 
   services.openssh.enable = true;
@@ -49,5 +49,13 @@
     ll = "exa -l";
     la = "exa -la";
     tree = "exa -T";
+    apt = "echo 'please use nix-env -iA nixos.<packagename> instead to install packages.'";
+  };
+
+  users.mutableUsers = false;
+  users.users.c3h = {
+    isNormalUser = true;
+    password = "c3h";
+    extraGroups = [ "wheel" ];
   };
 }

deploy.sh

@@ -11,12 +11,26 @@ then
 fi
 
 mode="${1:-switch}"
-host="nuc"
-target="nuc@nuc.c3h"
-#host="${2:-nuc}"
-#target="${3:-$host.c3h}"
+host="${2:-nuc}"
+target="${3:-c3h@$host.c3h}"
 
-sources=$(nix-build nix/sources-dir.nix --no-out-link)
+if ! [ -d "hosts/$host" ]
+then
+	echo "Host $host does not exist. Choose from:"
+	ls hosts
+	exit
+fi
+
+echo "deploying $host to $target"
+sleep 1
+
+tmp=$(mktemp -d)
+trap 'rm -rf "$tmp"' EXIT
+sources="$tmp/sources"
+cp -r $(nix-build nix/sources-dir.nix --no-out-link) $tmp/sources
 
 set -x
-nixos-rebuild "$mode" --target-host "$target" --use-remote-sudo -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix"
+system_drv=$(nix-instantiate "<nixpkgs/nixos>" -A config.system.build.toplevel -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix")
+nix-copy-closure --to $target $system_drv
+system=$(ssh $target "nix-store --realise $system_drv")
+ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode"

hosts/bemmer/configuration.nix

@@ -0,0 +1,36 @@
+{ modulesPath, lib, pkgs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
+    <nixos-hardware/raspberry-pi/4>
+    ../../common
+
+    # services
+    ../../shared-services/pulseaudio.nix
+    ../../shared-services/nfs-client.nix
+    ../../shared-services/mpd.nix
+    ../../shared-services/ympd.nix
+    ../../shared-services/spotifyd.nix
+    ../../shared-services/desktop.nix
+    ../../shared-services/vnc.nix
+    ../../shared-services/webserver.nix
+  ];
+
+  # We import sd-image-aarch64.nix so we can build a config.system.build.sdImage
+  # But it imports some modules we don't want, so disable them
+  disabledModules = [
+    "profiles/base.nix"
+    "profiles/all-hardware.nix"
+  ];
+
+  networking.hostName = "bemmer";
+  networking.domain = "c3h";
+  networking.useDHCP = true;
+
+  nixpkgs.system = "aarch64-linux";
+  hardware.raspberry-pi."4".fkms-3d.enable = true;
+  boot.tmpOnTmpfs = true; # building stuff on sd-card is slow
+
+  system.stateVersion = "21.05";
+}

hosts/nuc/configuration.nix

@@ -3,17 +3,18 @@
 {
   imports = [
     ./hardware-configuration.nix
+    <nixos-hardware/common/cpu/intel>
     ../../common
 
     # services
-    ./pulseaudio.nix
-    ./nfs-server.nix
-    ./mpd.nix
-    ./ympd.nix
-    ./spotifyd.nix
-    ./desktop.nix
-    ./vnc.nix
-    ./webserver.nix
+    ../../shared-services/pulseaudio.nix
+    ../../shared-services/nfs-client.nix
+    ../../shared-services/mpd.nix
+    ../../shared-services/ympd.nix
+    ../../shared-services/spotifyd.nix
+    ../../shared-services/desktop.nix
+    ../../shared-services/vnc.nix
+    ../../shared-services/webserver.nix
   ];
 
   networking.hostName = "nuc";

hosts/nuc/hardware-configuration.nix

@@ -23,7 +23,7 @@
       fsType = "vfat";
     };
 
-  fileSystems."/mnt" =
+  fileSystems."/mnt/hdd" =
     { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c";
       fsType = "btrfs";
     };

hosts/nuc/nfs-server.nix

@@ -1,17 +0,0 @@
-{ ... }:
-
-{
-  services.nfs.server = {
-    enable = true;
-    exports = ''
-      /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check)
-    '';
-
-    statdPort = 4000;
-    lockdPort = 4001;
-    mountdPort = 4002;
-  };
-
-  networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ];
-  networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ];
-}

hosts/nuc/spotifyd.nix

@@ -1,12 +0,0 @@
-{ ... }:
-
-{
-  services.spotifyd = {
-    enable = true;
-    config = ''
-      zeroconf_port = 18572
-    '';
-  };
-
-  networking.firewall.allowedTCPPorts = [ 18572 ];
-}

nix/sources.json

@@ -11,16 +11,28 @@
         "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
+    "nixos-hardware": {
+        "branch": "master",
+        "description": "A collection of NixOS modules covering hardware quirks.",
+        "homepage": "",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f",
+        "sha256": "10g240brgjz7qi20adwajxwqrqb5zxc79ii1mc20fasgqlf2a8sx",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixos-hardware/archive/3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f.tar.gz",
+        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
+    },
     "nixpkgs": {
-        "branch": "nixos-21.05",
+        "branch": "nixos-unstable",
         "description": "Nix Packages collection",
         "homepage": "",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3",
-        "sha256": "08vvir0npyrdx85ypiannwzvyryqdw3749bghffhdsq2dgz1cx8z",
+        "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be",
+        "sha256": "02li241rz5668nfyp88zfjilxf0mr9yansa93fbl38hjwkhf3ix6",
         "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/70904d4a9927a4d6e05c72c4aaac4370e05107f3.tar.gz",
+        "url": "https://github.com/NixOS/nixpkgs/archive/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     }
 }

shared-services/desktop.nix

@@ -1,13 +1,17 @@
 { pkgs, ... }:
 
 {
-  users.mutableUsers = false;
-  users.users.c3h = {
-    isNormalUser = true;
-    password = "c3h";
-    extraGroups = [ "wheel" ];
-    packages = with pkgs; [ chromium firefox mpv youtube-dl ];
-  };
+  users.users.c3h.packages = with pkgs; [
+    chromium
+    firefox
+    mpv
+    youtube-dl
+    pavucontrol
+    dosbox
+    vlc
+    ffmpeg-full
+    sox
+  ];
 
   services.xserver = {
     enable = true;

shared-services/nfs-client.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  boot.supportedFilesystems = [ "nfs" ];
+  fileSystems."/mnt/Music" = {
+    device = "10.23.42.126:/music";
+    fsType = "nfs";
+    options = [
+      "nfsvers=4.1"
+      "noauto"
+      "x-systemd.automount"
+      "x-systemd.idle-timeout=600"
+    ];
+  };
+}

shared-services/pulseaudio.nix

@@ -8,4 +8,5 @@
   hardware.pulseaudio.package = pkgs.pulseaudio;
   hardware.pulseaudio.tcp.enable = true;
   hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ];
+  environment.variables.PULSE_SERVER = "127.0.0.1";
 }

shared-services/spotifyd.nix

@@ -0,0 +1,10 @@
+{ config, ... }:
+
+{
+  services.spotifyd = {
+    enable = true;
+    settings.zeroconf_port = 18572;
+  };
+
+  networking.firewall.allowedTCPPorts = [ config.services.spotifyd.settings.zeroconf_port ];
+}