{ config, pkgs, ... }: let inherit (pkgs) lib; in rec { imports = [ ./musnix ./bragi/hw.nix ./custom/zsh.nix ./users.nix ./custom/unit-status-mail.nix ./custom/trivmix-service.nix ./custom/mpd.nix ./utils/nix/module.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.kernelModules = [ "usblp" ]; boot.tmpOnTmpfs = true; boot.supportedFilesystems = [ "cifs" ]; networking = { hostName = "bragi"; hostId = "2af11085"; wireless = { enable = true; userControlled.enable = true; }; bridges = { eth.interfaces = [ "enp1s0" "enp2s0" "enp3s0" ]; }; interfaces.eth = { useDHCP = false; ipv4.addresses = [ { address = "10.141.4.1"; prefixLength = 24; } ]; }; nat = { enable = true; externalInterface = "wlp4s0"; internalInterfaces = [ "eth" ]; }; firewall.enable = false; defaultMailServer = { directDelivery = true; hostName = "ymir.niflheim.yggdrasil"; useSTARTTLS = true; setSendmail = true; }; dhcpcd = { enable = true; extraConfig = '' interface wlp4s0 ipv6rs ia_pd 1/::/64 eth/0/64 ''; }; }; services.dhcpd4 = { enable = true; interfaces = [ "eth" ]; machines = [ { ethernetAddress = "e0:cb:4e:f7:10:3d"; hostName = "vali"; ipAddress = "vali.bragisheimr.yggdrasil"; } ]; extraConfig = '' subnet 10.141.4.0 netmask 255.255.255.0 { range 10.141.4.128 10.141.4.254; option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4; option domain-name "bragisheimr.yggdrasil"; option domain-search "asgard.yggdrasil", "yggdrasil"; option routers 10.141.4.1; } ''; }; nixpkgs = { overlays = [ (selfPkgs: superPkgs: { haskellPackages = superPkgs.haskellPackages.extend (selfH: superH: { encoding = superPkgs.haskell.lib.overrideCabal superH.encoding ( oldAttrs: { src = superPkgs.fetchFromGitHub { owner = "pngwjpgh"; repo = "encoding"; rev = "extended-version-bounds"; sha256 = "0pzxixp384a1ywzj56pl7xc4ln7i9x6mq8spqjwcs80y0pgfpp9s"; }; patches = []; }); inherit (lib.mapAttrs (name: superPkgs.haskell.lib.dontCheck) superH) Glob filelock hedgehog scientific http-date; bar = superPkgs.callPackage ./bragi/bar { haskellPackages = selfH; }; } // (import ./custom/thermoprint { callPackage = superPkgs.lib.callPackageWith (selfH // { inherit (superPkgs) stdenv makeWrapper runCommand; }); extraPackages = (p: with p; [ persistent-postgresql ]); })); jack2Full = superPkgs.jack2Full.override { dbus = null; }; mpd = superPkgs.mpd.override { gmeSupport = false; pulseaudioSupport = false; }; inherit (selfPkgs.haskellPackages) thermoprint-server thermoprint-webgui tprint bar; }) ]; config = { allowUnfree = true; }; }; environment.systemPackages = with pkgs; [ git mosh rsync tmux nfs-utils jack2Full tprint samba rebuild-system vnstat ]; # List services that you want to enable: services.openssh = { enable = true; }; services.journald = { rateLimitBurst = 0; }; systemd.automounts = [ { wantedBy = [ "multi-user.target" ]; where = "/media/dellingr"; automountConfig.TimoutIdleSec = "30s"; } { wantedBy = [ "multi-user.target" ]; where = "/media/vali"; automountConfig.TimoutIdleSec = "5min"; } ]; systemd.mounts = [ { what = "/dev/disk/by-uuid/6436-3432"; where = "/media/dellingr"; type = "vfat"; } { what = "//VALI/Public"; where = "/media/vali"; type = "cifs"; options = "guest,dir_mode=0777,file_mode=0666,nounix,iocharset=utf8,sec=none"; } ]; systemd.globalEnvironment = { JACK_PROMISCUOUS_SERVER = "1"; }; environment.sessionVariables = { JACK_PROMISCUOUS_SERVER = "1"; }; musnix = { enable = true; alsaSeq.enable = false; kernel = { packages = with pkgs; linuxPackages_latest_rt; optimize = true; realtime = true; }; }; systemd.services.jack = { wantedBy = [ "sound.target" ]; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.jack2Full}/bin/jackd -d alsa -d 'hw:1' -M -H -r 96000"; ExecStartPost = "${pkgs.jack2Full}/bin/jack_wait -w -t 5"; User = "jack"; Group = "audio"; UMask = "0000"; Nice = "-15"; LimitRTPRIO = "95:95"; LimitMEMLOCK = "infinity"; }; }; services.trivmix = { fps = "20"; interval = "0.5"; mixers = { "mpdmix0" = { connectOut = "outnode0:in"; group = "mpd"; initial = "-35dB"; }; "mpdmix1" = { connectOut = "outnode1:in"; group = "mpd"; initial = "-35dB"; }; "passmix0" = { connectOut = "outnode0:in"; connectIn = "system:capture_5"; group = "vali_out"; initial = "-5dB"; }; "passmix1" = { connectOut = "outnode1:in"; connectIn = "system:capture_6"; group = "vali_out"; initial = "-5dB"; }; "passmix2" = { connectOut = "system:playback_5"; connectIn = "system:capture_1"; group = "mic_out"; initial = "1"; }; "passmix3" = { connectOut = "system:playback_6"; connectIn = "system:capture_1"; group = "mic_out"; initial = "1"; }; "passmix4" = { connectOut = "outnode0:in"; connectIn = "system:capture_7"; group = "hel_out"; initial = "-5dB"; }; "passmix5" = { connectOut = "outnode1:in"; connectIn = "system:capture_8"; group = "hel_out"; initial = "-5dB"; }; "outnode0" = { initial = "1"; adjustable = false; }; "outnode1" = { initial = "1"; adjustable = false; }; "headphones0" = { connectOut = "system:playback_3"; connectIn = "outnode0:out"; group = "headphones"; initial = "1"; balance = "left"; }; "headphones1" = { connectOut = "system:playback_4"; connectIn = "outnode1:out"; group = "headphones"; initial = "1"; balance = "right"; }; "speakers0" = { connectOut = "system:playback_7"; connectIn = "outnode0:out"; group = "speakers"; initial = "0"; balance = "left"; }; "speakers1" = { connectOut = "system:playback_8"; connectIn = "outnode1:out"; group = "speakers"; initial = "0"; balance = "right"; }; }; }; services.mpd = { enable = true; musicDirectory = "smb://odin.asgard.yggdrasil/media/music"; network.listenAddresses = [ { address = "any"; } "/var/lib/mpd/socket" ]; startWhenNeeded = true; extraConfig = '' audio_output { name "JACK" type "jack" client_name "mpd" destination_ports "mpdmix0:in,mpdmix1:in" } ''; user = "mpd"; group = "audio"; }; systemd.services."mpd".requires = [ "mpdmix0.service" "mpdmix1.service" ]; systemd.services."mpd".after = [ "mpdmix0.service" "mpdmix1.service" ]; systemd.services."mpd".serviceConfig = { LimitMEMLOCK = "infinity"; Nice = "-5"; LimitRTPRIO = lib.mkForce "95:95"; UMask = "0000"; }; users.extraUsers.jack = { name = "jack"; isSystemUser = true; group = "audio"; }; programs.bash.promptInit = '' PROMPT_COLOR="1;31m" return $UID && PROMPT_COLOR="1;32m" case "$TERM" in xterm*|rxvt*|kterm|aterm|gnome*) # Others can go here. PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] " if test "$TERM" = "xterm"; then PS1="\[\033]2;\h:\u:\w\007\]$PS1" fi ;; *) PS1="[\u@\h:\w]$ " ;; esac ''; services.samba = { enable = true; extraConfig = '' domain master = no workgroup = ASGARD load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes ''; }; users.extraUsers.root = let template = (import users/gkleen.nix); in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; users.extraUsers."thermoprint" = { name = "thermoprint"; group = "lp"; isSystemUser = true; createHome = true; home = "/var/lib/thermoprint"; }; systemd.services."thermoprint" = { environment = { THERMOPRINT_CONFIG = "${./bragi/thermoprint-server}"; THERMOPRINT_CACHE = "${users.extraUsers."thermoprint".home}/dyre"; }; requires = [ "postgresql.service" ]; wantedBy = [ "default.target" ]; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.thermoprint-server}/bin/thermoprint-server --force-reconf"; User = users.extraUsers."thermoprint".name; Group = users.extraUsers."thermoprint".group; WorkingDirectory = "~"; }; }; systemd.services."thermoprint-webgui" = { wantedBy = [ "default.target" ]; serviceConfig = { Type = "simple"; ExecStart = '' ${pkgs.thermoprint-webgui}/bin/thermoprint-webgui -P 80 -A localhost -F /thermoprint/api/ -a "localhost" -p 8081 ''; User = users.extraUsers."thermoprint".name; Group = users.extraUsers."thermoprint".group; WorkingDirectory = "~"; }; }; users.extraUsers."bar" = { name = "bar"; group = "nogroup"; isSystemUser = true; createHome = true; home = "/var/lib/bar"; }; systemd.services."bar" = let ghc = pkgs.haskellPackages.ghcWithPackages (p: with p; [yesod persistent-postgresql]); in { environment = { PORT = "8082"; HOST = "::1"; TPRINT_BASEURL = "http://localhost:80/thermoprint/api"; APPROOT = "/bar"; IP_FROM_HEADER = "true"; }; bindsTo = [ "postgresql.service" ]; after = [ "postgresql.service" ]; wantedBy = [ "default.target" ]; path = with pkgs; [ bar ]; script = '' exec bar ''; serviceConfig = { Type = "notify"; User = users.extraUsers."bar".name; Group = users.extraUsers."bar".group; WorkingDirectory = "~"; }; }; services.nginx = { enable = true; httpConfig = '' default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$gzip_ratio"'; client_header_timeout 10m; client_body_timeout 10m; send_timeout 10m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; gzip on; gzip_min_length 1100; gzip_buffers 4 8k; gzip_types text/plain; output_buffers 1 32k; postpone_output 1460; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 75 20; ignore_invalid_headers on; access_log stderr; error_log stderr; server { listen *:80; server_name _; location /thermoprint/api/ { proxy_pass http://[::1]:8080/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /thermoprint/ { proxy_pass http://localhost:8081/; } location /bar/ { proxy_pass http://[::1]:8082/; } } ''; }; services.postgresql = { enable = true; enableTCPIP = true; authentication = lib.mkForce '' local all all peer host all all 10.141.0.0/16 md5 ''; initialScript = pkgs.writeText "schema.sql" '' CREATE USER thermoprint; CREATE DATABASE thermoprint WITH OWNER = thermoprint; GRANT ALL ON DATABASE thermoprint TO thermoprint; CREATE USER bar; CREATE DATABASE bar WITH OWNER = bar; GRANT ALL ON DATABASE bar TO bar; ''; }; services.vnstat.enable = true; nix = { daemonIONiceLevel = 3; daemonNiceLevel = 10; gc = { automatic = true; options = "--delete-older-than 21d"; }; autoOptimiseStore = true; }; system.autoUpgrade.enable = true; system.stateVersion = "16.09"; systemd.services."nixos-upgrade".path = with pkgs; [ git ]; systemd.services."nixos-upgrade".preStart = '' git -C /etc/nixos pull git -C /etc/nixos submodule update ''; systemd.status-mail = { recipient = "root@yggdrasil.li"; onFailure = [ "nixos-upgrade" ]; }; }