{ config, pkgs, ... }: let trivmixService = opts: (pkgs.callPackage ./custom/trivmix-service.nix opts).out; thermoprint-servant = (pkgs.callPackage ./custom/thermoprint {}).thermoprint-servant; in rec { imports = [ ./bragi-hw.nix ./custom/zsh.nix ./users.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.extraConfig = "serial; terminal_output.serial"; boot.kernelParams = [ "console=ttyS0,115200" ]; networking.hostName = "bragi"; networking.hostId = "2af11085"; networking.wireless.enable = true; nixpkgs.config.packageOverrides = pkgs: rec { customizedHaskellPackages = pkgs.recurseIntoAttrs ( pkgs.haskellPackages.override { overrides = self: super: let callPackage = pkgs.lib.callPackageWith ( pkgs // self ); in { trivmix = callPackage ./custom/trivmix.nix {}; # filelock = callPackage ./custom/filelock.nix {}; }; } ); trivmix = let trivmix = customizedHaskellPackages.trivmix; in pkgs.stdenv.mkDerivation { name = "trivmix-wrapper"; nativeBuildInputs = [ pkgs.makeWrapper ]; buildCommand = '' mkdir -p $out/bin makeWrapper ${trivmix}/bin/trivmix $out/bin/trivmix \ --run "umask 0" \ --set JACK_PROMISCUOUS_SERVER 1 ''; }; # jack2 = pkgs.callPackage ./customized/jack2.nix {}; jack2Full = pkgs.symlinkJoin { name = "jack2"; paths = [ pkgs.jack2Full ]; buildInputs = [ pkgs.makeWrapper ]; postBuild = '' for bin in $out/bin/*; do wrapProgram $bin \ --set JACK_PROMISCUOUS_SERVER 1 \ --run "umask 0" done ''; }; mpd = pkgs.callPackage ./customized/mpd.nix { gmeSupport = false; game-music-emu = null; pulseaudio = pkgs.pulseaudioLight; }; mpv = pkgs.stdenv.lib.overrideDerivation pkgs.mpv (oldAttrs: { buildInputs = oldAttrs.buildInputs ++ [pkgs.makeWrapper]; postInstall = '' wrapProgram $out/bin/mpv \ --set JACK_PROMISCUOUS_SERVER 1 \ --run "umask 0" ''; }); }; environment.systemPackages = with pkgs; [ git mosh rsync tmux nfs-utils jack2 trivmix zsh ]; # List services that you want to enable: services.openssh = { enable = true; }; services.fcron = { enable = true; systab = '' %weekly * * nix-collect-garbage --delete-older-than '7d' ''; }; services.autofs = { enable = true; autoMaster = let mapConf = pkgs.writeText "auto" '' odin -fstype=nfs,ro odin.asgard.yggdrasil:/srv/media dellingr -fstype=vfat,ro /dev/disk/by-uuid/6436-3432 ''; in '' /media file:${mapConf} ''; }; systemd.services.jack = { wantedBy = [ "sound.target" ]; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.jack2}/bin/jackd -d alsa -d 'hw:1' -M -H -r 96000"; User = "jack"; Group = "audio"; }; }; systemd.services."mpdmix0" = trivmixService { name = "mpdmix0"; connectOut = "system:playback_3"; group = "mpd"; }; systemd.services."mpdmix1" = trivmixService { name = "mpdmix1"; connectOut = "system:playback_4"; group = "mpd"; }; systemd.services."passmix0" = trivmixService { name = "passmix0"; connectOut = "system:playback_3"; connectIn = "system:capture_5"; group = "vali_out"; }; systemd.services."passmix1" = trivmixService { name = "passmix1"; connectOut = "system:playback_4"; connectIn = "system:capture_6"; group = "vali_out"; }; systemd.services."passmix2" = trivmixService { name = "passmix2"; connectOut = "system:playback_5"; connectIn = "system:capture_1"; group = "vali_in"; }; systemd.services."passmix3" = trivmixService { name = "passmix3"; connectOut = "system:playback_6"; connectIn = "system:capture_1"; group = "vali_in"; }; systemd.services."passmix4" = trivmixService { name = "passmix4"; connectOut = "system:playback_3"; connectIn = "system:capture_7"; group = "hel_out"; }; systemd.services."passmix5" = trivmixService { name = "passmix5"; connectOut = "system:playback_4"; connectIn = "system:capture_8"; group = "hel_out"; }; services.mpd = { enable = true; musicDirectory = "/media/odin/music"; extraConfig = '' bind_to_address "bragi.bragisheimr.yggdrasil" bind_to_address "bragi.asgard.yggdrasil" bind_to_address "localhost" bind_to_address "~/run/mpd.socket" audio_output { name "JACK" type "jack" client_name "mpd" destination_ports "mpdmix0:in,mpdmix1:in" } ''; }; users.extraUsers.jack = { name = "jack"; isSystemUser = true; group = "audio"; }; security.setuidPrograms = ["mount.nfs"]; security.pam.loginLimits = [ { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; } { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; } { domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; } { domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; } ]; programs.bash.promptInit = '' PROMPT_COLOR="1;31m" return $UID && PROMPT_COLOR="1;32m" case "$TERM" in xterm*|rxvt*|kterm|aterm|gnome*) # Others can go here. PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " if test "$TERM" = "xterm"; then PS1="\[\033]2;\h:\u:\w\007\]$PS1" fi ;; *) PS1="[\u@\h:\w]$ " ;; esac ''; networking.interfaces = { "enp1s0" = { useDHCP = false; ipAddress = "10.141.4.1"; prefixLength = 24; }; }; networking.nat = { enable = true; externalIP = "10.141.1.5"; externalInterface = "wlp4s0"; internalIPs = [ "10.141.4.0/24" ]; internalInterfaces = [ "enp1s0" ]; }; networking.firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 # SSH # 8080 # thermoprint 6600 # MPD ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; extraCommands = '' iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE #iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT ''; }; services.dhcpd = { enable = true; interfaces = [ "enp1s0" ]; extraConfig = '' option subnet-mask 255.255.255.0; option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4; option domain-name "bragisheimr.yggdrasil"; option routers 10.141.4.1; subnet 10.141.4.0 netmask 255.255.255.0 { range 10.141.4.100 10.141.4.254; } group { use-host-decl-names on; host vali { hardware ethernet e0:cb:4e:f7:10:3d; fixed-address vali.bragisheimr.yggdrasil; } } ''; }; services.ntp = { enable = false; }; services.chrony = { enable = true; }; users.extraUsers.root = let template = (import users/gkleen.nix); in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; users.extraUsers."thermoprint" = { name = "thermoprint"; group = "lp"; isSystemUser = true; createHome = true; home = "/var/lib/thermoprint"; }; # systemd.services."thermoprint" = { # serviceConfig = { # Type = "simple"; # ExecStart = ''${thermoprint-servant}/bin/thermoprint --database ${users.extraUsers."thermoprint".home}/database.sqlite /dev/usb/lp0''; # User = users.extraUsers."thermoprint".name; # Group = users.extraUsers."thermoprint".group; # }; # }; nix = { daemonIONiceLevel = 3; daemonNiceLevel = 10; gc = { automatic = true; }; }; system.autoUpgrade.enable = true; system.stateVersion = "16.09"; }