summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--bragi.nix209
-rw-r--r--custom/bar-service.nix99
-rw-r--r--custom/bar/default.nix (renamed from bragi/bar/default.nix)0
-rw-r--r--custom/bar/generated.nix (renamed from bragi/bar/generated.nix)0
-rw-r--r--custom/bar/generated.nix.gup (renamed from bragi/bar/generated.nix.gup)0
-rw-r--r--custom/trivmix-service.nix8
-rw-r--r--odin.nix48
7 files changed, 153 insertions, 211 deletions
diff --git a/bragi.nix b/bragi.nix
index 146defc8..156abdbc 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -40,22 +40,8 @@ in rec {
40 nixpkgs = { 40 nixpkgs = {
41 overlays = [ 41 overlays = [
42 (selfPkgs: superPkgs: { 42 (selfPkgs: superPkgs: {
43 haskellPackages = superPkgs.haskellPackages.extend (selfH: superH: {
44 encoding = superPkgs.haskell.lib.overrideCabal superH.encoding ( oldAttrs: {
45 src = superPkgs.fetchFromGitHub { owner = "pngwjpgh"; repo = "encoding"; rev = "extended-version-bounds"; sha256 = "0pzxixp384a1ywzj56pl7xc4ln7i9x6mq8spqjwcs80y0pgfpp9s"; };
46 patches = [];
47 });
48 inherit
49 (lib.mapAttrs (name: superPkgs.haskell.lib.dontCheck) superH)
50 Glob filelock hedgehog scientific http-date;
51 bar = superPkgs.callPackage ./bragi/bar { haskellPackages = selfH; };
52 } // (import ./custom/thermoprint { callPackage = superPkgs.lib.callPackageWith (selfH // { inherit (superPkgs) stdenv makeWrapper runCommand; }); extraPackages = (p: with p; [ persistent-postgresql ]); }));
53
54 jack2Full = superPkgs.jack2Full.override { dbus = null; }; 43 jack2Full = superPkgs.jack2Full.override { dbus = null; };
55
56 mpd = superPkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; }; 44 mpd = superPkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; };
57
58 inherit (selfPkgs.haskellPackages) thermoprint-server thermoprint-webgui tprint bar;
59 }) 45 })
60 ]; 46 ];
61 47
@@ -72,9 +58,7 @@ in rec {
72 nfs-utils 58 nfs-utils
73 jack2Full 59 jack2Full
74 tprint 60 tprint
75 samba
76 rebuild-system 61 rebuild-system
77 vnstat
78 ]; 62 ];
79 63
80 # List services that you want to enable: 64 # List services that you want to enable:
@@ -87,33 +71,6 @@ in rec {
87 rateLimitBurst = 0; 71 rateLimitBurst = 0;
88 }; 72 };
89 73
90 systemd.automounts = [
91 {
92 wantedBy = [ "multi-user.target" ];
93 where = "/media/dellingr";
94 automountConfig.TimoutIdleSec = "30s";
95 }
96 {
97 wantedBy = [ "multi-user.target" ];
98 where = "/media/vali";
99 automountConfig.TimoutIdleSec = "5min";
100 }
101 ];
102
103 systemd.mounts = [
104 {
105 what = "/dev/disk/by-uuid/6436-3432";
106 where = "/media/dellingr";
107 type = "vfat";
108 }
109 {
110 what = "//VALI/Public";
111 where = "/media/vali";
112 type = "cifs";
113 options = "guest,dir_mode=0777,file_mode=0666,nounix,iocharset=utf8,sec=none";
114 }
115 ];
116
117 systemd.globalEnvironment = { 74 systemd.globalEnvironment = {
118 JACK_PROMISCUOUS_SERVER = "1"; 75 JACK_PROMISCUOUS_SERVER = "1";
119 }; 76 };
@@ -224,176 +181,14 @@ in rec {
224 esac 181 esac
225 ''; 182 '';
226 183
227 services.samba = { 184 users.users.root = let
228 enable = true;
229 extraConfig = ''
230 domain master = no
231 workgroup = ASGARD
232 load printers = no
233 printing = bsd
234 printcap name = /dev/null
235 disable spoolss = yes
236 '';
237 };
238
239 users.extraUsers.root = let
240 template = (import users/gkleen.nix); 185 template = (import users/gkleen.nix);
241 in { 186 in {
242 inherit (template) shell; 187 inherit (template) shell;
243 openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; 188 openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles;
244 }; 189 };
245
246 users.extraUsers."thermoprint" = {
247 name = "thermoprint";
248 group = "lp";
249 isSystemUser = true;
250 createHome = true;
251 home = "/var/lib/thermoprint";
252 }; 190 };
253 191
254 systemd.services."thermoprint" = {
255 environment = {
256 THERMOPRINT_CONFIG = "${./bragi/thermoprint-server}";
257 THERMOPRINT_CACHE = "${users.extraUsers."thermoprint".home}/dyre";
258 };
259 requires = [ "postgresql.service" ];
260 wantedBy = [ "default.target" ];
261 serviceConfig = {
262 Type = "simple";
263 ExecStart = "${pkgs.thermoprint-server}/bin/thermoprint-server --force-reconf";
264 User = users.extraUsers."thermoprint".name;
265 Group = users.extraUsers."thermoprint".group;
266 WorkingDirectory = "~";
267 };
268 };
269
270 systemd.services."thermoprint-webgui" = {
271 wantedBy = [ "default.target" ];
272 serviceConfig = {
273 Type = "simple";
274 ExecStart = ''
275 ${pkgs.thermoprint-webgui}/bin/thermoprint-webgui -P 80 -A localhost -F /thermoprint/api/ -a "localhost" -p 8081
276 '';
277 User = users.extraUsers."thermoprint".name;
278 Group = users.extraUsers."thermoprint".group;
279 WorkingDirectory = "~";
280 };
281 };
282
283 users.extraUsers."bar" = {
284 name = "bar";
285 group = "nogroup";
286 isSystemUser = true;
287 createHome = true;
288 home = "/var/lib/bar";
289 };
290
291 systemd.services."bar" = let
292 ghc = pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql]);
293 in {
294 environment = {
295 PORT = "8082";
296 HOST = "::1";
297 TPRINT_BASEURL = "http://localhost:80/thermoprint/api";
298 APPROOT = "/bar";
299 IP_FROM_HEADER = "true";
300 };
301 bindsTo = [ "postgresql.service" ];
302 after = [ "postgresql.service" ];
303 wantedBy = [ "default.target" ];
304 path = with pkgs; [ bar ];
305 script = ''
306 exec bar
307 '';
308 serviceConfig = {
309 Type = "notify";
310 User = users.extraUsers."bar".name;
311 Group = users.extraUsers."bar".group;
312 WorkingDirectory = "~";
313 };
314 };
315
316 services.nginx = {
317 enable = true;
318 httpConfig = ''
319 default_type application/octet-stream;
320
321 log_format main
322 '$remote_addr - $remote_user [$time_local] '
323 '"$request" $status $bytes_sent '
324 '"$http_referer" "$http_user_agent" '
325 '"$gzip_ratio"';
326
327 client_header_timeout 10m;
328 client_body_timeout 10m;
329 send_timeout 10m;
330
331 connection_pool_size 256;
332 client_header_buffer_size 1k;
333 large_client_header_buffers 4 2k;
334 request_pool_size 4k;
335
336 gzip on;
337 gzip_min_length 1100;
338 gzip_buffers 4 8k;
339 gzip_types text/plain;
340
341 output_buffers 1 32k;
342 postpone_output 1460;
343
344 sendfile on;
345 tcp_nopush on;
346 tcp_nodelay on;
347
348 keepalive_timeout 75 20;
349
350 ignore_invalid_headers on;
351
352 access_log stderr;
353 error_log stderr;
354
355 server {
356 listen *:80;
357 server_name _;
358
359 location /thermoprint/api/ {
360 proxy_pass http://[::1]:8080/;
361 proxy_http_version 1.1;
362 proxy_set_header Upgrade $http_upgrade;
363 proxy_set_header Connection "upgrade";
364 }
365
366 location /thermoprint/ {
367 proxy_pass http://localhost:8081/;
368 }
369
370 location /bar/ {
371 proxy_pass http://[::1]:8082/;
372 }
373 }
374 '';
375 };
376
377 services.postgresql = {
378 enable = true;
379 enableTCPIP = true;
380 authentication = lib.mkForce ''
381 local all all peer
382 host all all 10.141.0.0/16 md5
383 '';
384 initialScript = pkgs.writeText "schema.sql" ''
385 CREATE USER thermoprint;
386 CREATE DATABASE thermoprint WITH OWNER = thermoprint;
387 GRANT ALL ON DATABASE thermoprint TO thermoprint;
388
389 CREATE USER bar;
390 CREATE DATABASE bar WITH OWNER = bar;
391 GRANT ALL ON DATABASE bar TO bar;
392 '';
393 };
394
395 services.vnstat.enable = true;
396
397 nix = { 192 nix = {
398 daemonIONiceLevel = 3; 193 daemonIONiceLevel = 3;
399 daemonNiceLevel = 10; 194 daemonNiceLevel = 10;
@@ -405,7 +200,7 @@ in rec {
405 }; 200 };
406 201
407 system.autoUpgrade.enable = true; 202 system.autoUpgrade.enable = true;
408 system.nixos.stateVersion = "16.09"; 203 system.stateVersion = "16.09";
409 204
410 systemd.services."nixos-upgrade".path = with pkgs; [ git ]; 205 systemd.services."nixos-upgrade".path = with pkgs; [ git ];
411 systemd.services."nixos-upgrade".preStart = '' 206 systemd.services."nixos-upgrade".preStart = ''
diff --git a/custom/bar-service.nix b/custom/bar-service.nix
new file mode 100644
index 00000000..2a492ce1
--- /dev/null
+++ b/custom/bar-service.nix
@@ -0,0 +1,99 @@
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.bar;
7in {
8 options.services.bar = {
9 enable = mkEnableOption "the Bar Inventory System";
10
11 user = mkOption {
12 type = types.str;
13 default = "bar";
14 description = "User to execute the daemon under";
15 };
16
17 group = mkOption {
18 type = types.str;
19 default = "bar";
20 description = "Group to execute the daemon under";
21 };
22
23 stateDir = mkOption {
24 type = types.path;
25 default = "/var/lib/bar";
26 description = "Directory for the daemon to store semi-transient state (encryption keys etc.)";
27 };
28
29 port = mkOption {
30 type = types.int;
31 default = 8080;
32 description = "Port for the daemon to listen on";
33 };
34
35 host = mkOption {
36 type = types.str;
37 default = "localhost";
38 description = "Host to bind to";
39 };
40
41 approot = mkOption {
42 type = types.str;
43 default = "/";
44 description = "Subdirectory of the daemon-managed site relative to HTTP /; only useful when using a reverse proxy";
45 };
46
47 thermoprintBaseURL = mkOption {
48 type = with types; nullOr types.str;
49 default = null;
50 example = "http://localhost:80/thermoprint/api";
51 description = "Thermoprint base url";
52 };
53 };
54
55 config = mkIf cfg.enable {
56 assertions = [
57 { assertion = config.services.postgresql.enable;
58 message = "bar requires PostgreSQL";
59 }
60 ];
61
62 users.users."${cfg.user}" = {
63 group = cfg.group;
64 description = "User for the Bar Inventory System";
65 isSystemUser = true;
66 home = cfg.stateDir;
67 createHome = true;
68 };
69
70 users.groups."${cfg.group}" = {};
71
72 nixpkgs.overlays = [(self: super: {
73 bar = self.callPackage ./bar { inherit (self) haskellPackages; };
74 })];
75
76 systemd.services."bar" = {
77 environment = {
78 PORT = cfg.port;
79 HOST = cfg.host;
80 APPROOT = cfg.approot;
81 IP_FROM_HEADER = cfg.ipFromHeader;
82 TPRINT_BASEURL = mkIf (cfg.thermoprintBaseURL != null) cfg.thermoprintBaseURL;
83 };
84
85 bindsTo = [ "postgresql.service" ];
86 after = [ "postgresql.service" ];
87 wantedBy = [ "default.target" ];
88
89 serviceConfig = {
90 Type = "notify";
91 User = cfg.user;
92 Group = cfg.group;
93 WorkingDirectory = cfg.stateDir;
94
95 ExecStart = with pkgs; "${bar}/bin/bar";
96 };
97 };
98 };
99}
diff --git a/bragi/bar/default.nix b/custom/bar/default.nix
index 98b36901..98b36901 100644
--- a/bragi/bar/default.nix
+++ b/custom/bar/default.nix
diff --git a/bragi/bar/generated.nix b/custom/bar/generated.nix
index 966924ad..966924ad 100644
--- a/bragi/bar/generated.nix
+++ b/custom/bar/generated.nix
diff --git a/bragi/bar/generated.nix.gup b/custom/bar/generated.nix.gup
index eeb13ad2..eeb13ad2 100644
--- a/bragi/bar/generated.nix.gup
+++ b/custom/bar/generated.nix.gup
diff --git a/custom/trivmix-service.nix b/custom/trivmix-service.nix
index fc69d93e..f278c7eb 100644
--- a/custom/trivmix-service.nix
+++ b/custom/trivmix-service.nix
@@ -5,8 +5,6 @@ with lib;
5let 5let
6 cfg = config.services.trivmix; 6 cfg = config.services.trivmix;
7 7
8 trivmix = pkgs.haskellPackages.callPackage ./trivmix {};
9
10 mixerModule = { 8 mixerModule = {
11 options = { 9 options = {
12 connectIn = mkOption { 10 connectIn = mkOption {
@@ -117,7 +115,11 @@ in {
117 }; 115 };
118 116
119 config = mkIf (cfg.mixers != {}) { 117 config = mkIf (cfg.mixers != {}) {
120 environment.systemPackages = [ trivmix ]; 118 nixpkgs.overlays = [(self: super: {
119 trivmix = self.haskellPackages.callPackage ./trivmix {};
120 })];
121
122 environment.systemPackages = with pkgs; [ trivmix ];
121 123
122 systemd.services = mapAttrs service cfg.mixers; 124 systemd.services = mapAttrs service cfg.mixers;
123 }; 125 };
diff --git a/odin.nix b/odin.nix
index 71e5617d..7e911610 100644
--- a/odin.nix
+++ b/odin.nix
@@ -15,6 +15,7 @@
15 ./custom/motion.nix 15 ./custom/motion.nix
16 ./custom/unit-status-mail.nix 16 ./custom/unit-status-mail.nix
17 ./custom/zsh.nix 17 ./custom/zsh.nix
18 ./custom/bar-service.nix
18 ./utils/nix/module.nix 19 ./utils/nix/module.nix
19 ]; 20 ];
20 21
@@ -423,6 +424,51 @@
423 ''; 424 '';
424 }; 425 };
425 426
427 services.postgresql = {
428 enable = true;
429 package = with pkgs; postgresql100;
430 enableTCPIP = true;
431 authentication = lib.mkForce ''
432 local all all peer
433 host all all 127.0.0.1/32 scram-sha-256
434 host all all ::1/128 scram-sha-256
435 host all all 10.141.0.0/16 scram-sha-256
436 '';
437 initialScript = pkgs.writeText "schema.sql" ''
438 CREATE USER bar;
439 CREATE DATABASE bar WITH OWNER = bar;
440 GRANT ALL ON DATABASE bar TO bar;
441 '';
442 };
443
444 services.bar = {
445 enable = true;
446 port = 8082;
447 approot = "/bar";
448 };
449
450 services.nginx = {
451 enable = true;
452
453 recommendedOptimisation = true;
454 recommendedGzipSettings = true;
455 recommendedProxySettings = true;
456
457 virtualHosts."odin.asgard.yggdrasil" = {
458 serverAliases = [ "odin" "10.141.1.2" ];
459
460 locations = {
461 "/bar/".proxyPass = "http://bar";
462 };
463 };
464
465 upstreams = {
466 "bar" = {
467 servers."localhost:${services.bar.port}"= {};
468 };
469 };
470 };
471
426 systemd.status-mail = { 472 systemd.status-mail = {
427 recipient = "root@odin.asgard.yggdrasil"; 473 recipient = "root@odin.asgard.yggdrasil";
428 onFailure = [ "nixos-upgrade" 474 onFailure = [ "nixos-upgrade"
@@ -432,7 +478,7 @@
432 }; 478 };
433 479
434 system.autoUpgrade.enable = true; 480 system.autoUpgrade.enable = true;
435 system.nixos.stateVersion = "18.09"; 481 system.stateVersion = "18.09";
436 482
437 systemd.services."nixos-upgrade" = { 483 systemd.services."nixos-upgrade" = {
438 path = with pkgs; [ git ]; 484 path = with pkgs; [ git ];
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 01:37:11 +0000