nixos-config/murex.nix

148 lines
3.8 KiB
Nix

{ config, pkgs, ... }:
{
imports = [
./basic-tools.nix
];
boot.loader.grub.enable = false;
boot.loader.raspberryPi = {
enable = true;
version = 3;
uboot.enable = true;
};
boot.kernelPackages = pkgs.linuxPackages_latest;
# boot.kernelPackages = pkgs.linuxPackages_4_18;
# boot.kernelPackages = pkgs.linuxPackages_rpi;
boot.kernelParams = [
"cma=32M" # for virtual console, see https://nixos.wiki/wiki/NixOS_on_ARM
"console=tty0"
];
hardware.enableRedistributableFirmware = true;
# hardware.firmware = with pkgs; [
# (stdenv.mkDerivation {
# name = "broadcom-rpi3bplus-extra";
# src = fetchurl {
# url = "https://raw.githubusercontent.com/RPi-Distro/firmware-nonfree/b518de4/brcm/brcmfmac43455-sdio.txt";
# sha256 = "0r4bvwkm3fx60bbpwd83zbjganjnffiq1jkaj0h20bwdj9ysawg9";
# };
# phases = [ "installPhase" ];
# installPhase = ''
# mkdir -p $out/lib/firmware/brcm
# cp $src $out/lib/firmware/brcm/brcmfmac43455-sdio.txt
# '';
# })
# ];
# networking.wireless.enable = true;
# networking.networkmanager.enable = true;
networking.wireless.iwd.enable = true;
fileSystems = {
# "/boot" = {
# device = "/dev/disk/by-label/NIXOS_BOOT";
# fsType = "vfat";
# };
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
networking.hostName = "murex";
#networking.hostId = "34a820f1";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
raspberrypi-tools
];
users.extraUsers.gebner = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "dialout" ];
shell = pkgs.fish;
# password = if config.virtualisation != null then "" else null;
};
services.openssh = {
enable = true;
passwordAuthentication = false;
};
documentation.nixos.enable = false;
services.octoprint = {
enable = true;
plugins = ps: with ps; [ printtimegenius touchui psucontrol ];
};
systemd.services.setupGpioForRelais = rec {
wantedBy = [ "octoprint.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = let gpio = toString (458 + 17); in ''
if echo ${gpio} > /sys/class/gpio/export; then
echo high > /sys/class/gpio/gpio${gpio}/direction
fi
chown octoprint:dialout /sys/class/gpio/gpio${gpio}/value
'';
};
users.users.${config.services.octoprint.user}.extraGroups = [
"dialout" # ttyUSB access
];
systemd.services.ethKernelPanicFix = rec {
wantedBy = [ "networking.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
# https://github.com/raspberrypi/linux/issues/2449
script = ''
${pkgs.ethtool}/bin/ethtool -K eth0 tx-tcp-segmentation off tx-tcp6-segmentation off
'';
};
services.mjpg-streamer = {
enable = true;
# inputPlugin = "input_uvc.so -r 1920x1080";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
# config.services.octoprint.port
# 5050 # mjpg-streamer
80
];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."murex.ams.gebner.org" = {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.octoprint.port}";
proxyWebsockets = true;
# do not cache that octoprint is inaccessible on startup
extraConfig = ''
proxy_cache off;
'';
};
locations."/webcam/".proxyPass = "http://localhost:5050/?action=stream";
locations."/webcampic/".proxyPass = "http://localhost:5050/?action=snapshot";
};
};
system.stateVersion = "19.03";
}