127 lines
4.5 KiB
Nix
127 lines
4.5 KiB
Nix
{
|
|
description = "bokhylle";
|
|
|
|
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
inputs.grzegorz.url = "github:Programvareverkstedet/grzegorz";
|
|
inputs.grzegorz.inputs.nixpkgs.follows = "nixpkgs";
|
|
inputs.grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients";
|
|
inputs.grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
outputs = {
|
|
self,
|
|
nixpkgs,
|
|
grzegorz,
|
|
grzegorz-clients,
|
|
...
|
|
}@inputs:
|
|
{
|
|
inherit inputs;
|
|
|
|
nixosConfigurations.brzeczyszczykiewicz = nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
grzegorz.nixosModules.grzegorz-kiosk
|
|
grzegorz-clients.nixosModules.grzegorz-webui
|
|
./hardware-configuration.nix
|
|
({ config, pkgs, ... }: {
|
|
system.stateVersion = "23.05";
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/sda";
|
|
boot.loader.grub.useOSProber = true;
|
|
|
|
services.resolved.enable = true;
|
|
networking.hostName = "brzeczyszczykiewicz";
|
|
networking.domain = "pvv.ntnu.no";
|
|
networking.search = [ "pvv.ntnu.no" ];
|
|
networking = {
|
|
interfaces = {
|
|
eno1.ipv4.addresses = [{
|
|
address = "129.241.210.205";
|
|
prefixLength = 25;
|
|
}];
|
|
eno1.ipv6.addresses = [{
|
|
address = "2001:700:300:1900::1:50";
|
|
prefixLength = 64;
|
|
}];
|
|
};
|
|
defaultGateway.address = "129.241.210.129";
|
|
defaultGateway.interface = "eno1";
|
|
defaultGateway6.address = "2001:700:300:1900::1";
|
|
defaultGateway6.interface = "eno1";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [ git ];
|
|
|
|
services.openssh.enable = true;
|
|
services.openssh.settings.PermitRootLogin = "yes";
|
|
|
|
services.xserver.layout = "no";
|
|
services.xserver.xkbVariant = "";
|
|
console.keyMap = "no";
|
|
|
|
services.pipewire.enable = true;
|
|
services.pipewire.alsa.enable = true;
|
|
services.pipewire.alsa.support32Bit = true;
|
|
services.pipewire.pulse.enable = true;
|
|
|
|
users.users.pvv = {
|
|
isNormalUser = true;
|
|
description = "pvv";
|
|
extraGroups = [ "networkmanager" "wheel" ];
|
|
#packages = [ ];
|
|
};
|
|
|
|
services.grzegorz.enable = true;
|
|
services.grzegorz.listenAddr = "localhost";
|
|
services.grzegorz.listenPort = 31337;
|
|
|
|
services.grzegorz-webui.enable = true;
|
|
services.grzegorz-webui.listenAddr = "localhost";
|
|
services.grzegorz-webui.listenPort = 42069;
|
|
services.grzegorz-webui.listenWebsocketPort = 42042;
|
|
services.grzegorz-webui.hostName = "brzeczyszczykiewicz.pvv.ntnu.no";
|
|
services.grzegorz-webui.apiBase = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}/api";
|
|
#services.grzegorz-webui.apiBase = "https://brzeczyszczykiewicz.pvv.ntnu.no/api";
|
|
|
|
security.acme.acceptTerms = true;
|
|
security.acme.defaults.email = "pederbs@pvv.ntnu.no";
|
|
|
|
services.nginx.enable = true;
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
services.nginx.virtualHosts."brzeczyszczykiewicz.pvv.ntnu.no" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
serverAliases = [
|
|
"brzeczyszczykiewicz.pvv.org"
|
|
"bokhylle.pvv.ntnu.no"
|
|
"bokhylle.pvv.org"
|
|
];
|
|
extraConfig = ''
|
|
allow 129.241.210.128/25;
|
|
allow 2001:700:300:1900::/64;
|
|
deny all;
|
|
'';
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}";
|
|
};
|
|
# https://github.com/rawpython/remi/issues/216
|
|
locations."/websocket" = {
|
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenWebsocketPort}";
|
|
proxyWebsockets = true;
|
|
};
|
|
locations."/api" = {
|
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
|
|
};
|
|
locations."/docs" = {
|
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
|
|
};
|
|
};
|
|
|
|
})
|
|
];
|
|
};
|
|
};
|
|
}
|