diff --git a/hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix b/hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix new file mode 100644 index 00000000..106d3a81 --- /dev/null +++ b/hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./scanning.nix + ./printing.nix + ]; + + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + networking.hostName = "printmaster"; + networking.enableIPv6 = false; + networking.firewall.enable = true; + time.timeZone = "Europe/Warsaw"; + + nix.extraOptions = '' + experimental-features = nix-command + ''; + + users.users = { + root = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXhpZR8NUyJe9ud92uxavLuLLRVMUpqFOUTE0x35JHgve6Qo+IqlmszlmDGtTBqLlR/ZeXw0Rb7aq6rsrM20zmPMl/XQygwzE72dUZVnw4CWlzakI6qntU4FvnpjxMy3dz3KvYUtjf+p44tEuyU64s9TLKipX58GwTtVCKO1gmSI1I+3Ng0hxcXveMln+uH7Wa5LXJhGcyXTbnUXGpp97tXLWxG5xO46kwsmRhBd2MfodeeWe+nB0tVNE/sNybOwPNfzVu/U9wylyjdQ1/CBR9sNNYxT3RhuEwXKW/Unf/0ekB5j9VMpfMNwBMz714Ml3FKGsqacJL8Z0bJuPpveG1P4IYRS6x9pxPb4pgbBO9RZXIC8YQuqdBWulQo76SSEp5yCAkHFdQ3YX7em8zROpaVdZUBRUkwKdflt5PYjcv06rDNLKLoHbVhfZcPkkqKGsP/EA7ioARTezWAWRqc3CMXCnAH2CQLOeuvHmdQ2hqg3QZV8yZd/UzpyW8KjjkEMs= frederic@dedusmuln-macos.local" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3ujDBU/w0J37TQKro5lSmb3H2vGkbllsSxrD+aGAC6/5AosPLVxOXlWUH+P8ljeHsrZRiGhq9nBaafXXvMz7D8EIFqOH6mG1sG+pFL4M0/weebRutYiwRhPn5dl9ABij+lY2ETBP8K3anPXbyHHaSZW3GTNIJbmwVlP5jYfFEzXs5v6jYpMqDZ6i3HRaDDXxp7b9ZHc5LECEvepeO2T4MlTMUSa4bntP2ZzgWKoGkC+Bpyr98ug1hGoYiRGH2Cu9shjnPSopqd/YVCBNQ917FasnGLf8rNmUtNZycE0CPYHrf6N4SslkxSbfz3i+lAsdJLo53eBdn474yryrG0DtZJA8kacBxUWrLIFrWLDHkTlOx/UrdFWV55hMkmc2uo7MvO8nGuqATRoqZwSnYRLhHU8fpZHoOXlwCVoW9fcDOTgukUYHQCbQnfiS3H5ikE5vXxAHpzPE0pZ5o+YvrE0VVSwpB0aaSt55nY8762Q2y89clvjdoGwP7p7TL8M032QGFq2PAMY/+GY01zq+qswg7uEetU8Ccam9U4XoeB8XV7ocBNvGT/1PCfXwami5335SrB6+UHq6aU93ZSqc5lXl0KhrrhwuPDjN67nN3OtoeHsbwhyv+o5QJGB4ahWFs7G37Cxj/KffgdKQnvTLSzidA6uEXqFCjq8FNuEGeG+cKHw==" + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + wget + neofetch + git + fd + vim + ]; + + services.openssh.enable = true; + + swapDevices = [{ device = "/swapfile"; size = 2 * 1024; }]; + system.stateVersion = "23.11"; +} diff --git a/hswaw/machines/printmaster.waw.hackerspace.pl/hardware-configuration.nix b/hswaw/machines/printmaster.waw.hackerspace.pl/hardware-configuration.nix new file mode 100644 index 00000000..70856cc2 --- /dev/null +++ b/hswaw/machines/printmaster.waw.hackerspace.pl/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "usbhid" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enu1u1u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hswaw/machines/printmaster.waw.hackerspace.pl/printing.nix b/hswaw/machines/printmaster.waw.hackerspace.pl/printing.nix new file mode 100644 index 00000000..548f9038 --- /dev/null +++ b/hswaw/machines/printmaster.waw.hackerspace.pl/printing.nix @@ -0,0 +1,84 @@ +{ pkgs, ... }: + +{ + hardware.printers = { + ensurePrinters = [ + { + name = "DYMO_LabelWriter450"; + location = "HSWAW"; + # FIXME: roll back to previous serial whenever we switch back to the + # deep fried printer + deviceUri = "usb://DYMO/LabelWriter%20450?serial=07080922282341"; + # deviceUri = "usb://DYMO/LabelWriter%20450?serial=14070417114480"; + model = "lw450.ppd"; + ppdOptions = { + PageSize = "w102h252"; + }; + } + + { + name = "Zebra_GK420T"; + location = "HSWAW"; + deviceUri = "socket://10.8.1.22:9100"; + model = "drv:///sample.drv/zebra.ppd"; + ppdOptions = { + PageSize = "w288h432"; + MediaType = "Thermal"; + Resolution = "203dpi"; + }; + } + + { + name = "Brother_MFC8380DN"; + location = "HSWAW"; + deviceUri = "socket://10.8.1.21"; + model = "BR8380.ppd"; + ppdOptions = { + PageSize = "A4"; + }; + } + ]; + + ensureDefaultPrinter = "DYMO_LabelWriter450"; + }; + + services = { + avahi = { + enable = true; + nssmdns = true; + openFirewall = true; + publish = { + enable = true; + userServices = true; + }; + }; + printing = { + enable = true; + defaultShared = true; + browsing = true; + openFirewall = true; + allowFrom = [ "all" ]; + listenAddresses = [ "*:631" ]; + drivers = [ + # Workaround for broken multi-copies printing on LW450 + (pkgs.cups-dymo.overrideAttrs (old: { + postPatch = '' + sed -i 's/cupsManualCopies: False/cupsManualCopies: True/g' ppd/* + ''; + })) + + # Official Brother PPD + (pkgs.runCommand ''cups-brother'' { } '' + mkdir -p $out/share/cups/model + gunzip --stdout ${pkgs.fetchurl { + url = "https://download.brother.com/welcome/dlf006311/BR8380_2_GPL.ppd.gz"; + hash = "sha256-d7Kly2z8ALLV+j2Zmh3knpqiELFS4wf+4MfgNYeC0hQ="; + }} > $out/share/cups/model/BR8380.ppd + '') + ]; + + # Requests coming from beyondspace use printmaster.waw.hackerspace.pl:631 host header which Cups doesn't like - let's just allow all + extraConf = "ServerAlias *"; + }; + }; +} \ No newline at end of file diff --git a/hswaw/machines/printmaster.waw.hackerspace.pl/scanning.nix b/hswaw/machines/printmaster.waw.hackerspace.pl/scanning.nix new file mode 100644 index 00000000..2b2cbb4a --- /dev/null +++ b/hswaw/machines/printmaster.waw.hackerspace.pl/scanning.nix @@ -0,0 +1,74 @@ +{ pkgs, ...}: + +{ + # Samba server exposed for Brother scanner - exposed on http://printmaster.waw.hackerspace.pl/brother/ + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + extraConfig = '' + workgroup = WORKGROUP + client min protocol = NT1 + server min protocol = NT1 + + server string = printmaster + netbios name = printmaster + + # note: localhost is the ipv6 localhost ::1 + hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + + shares = { + brother = { + path = "/run/brother"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "nobody"; + "force group" = "nogroup"; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."printmaster.waw.hackerspace.pl" = { + locations."/brother/" = { + alias = "/run/brother/"; + extraConfig = "autoindex on;"; + }; + }; + }; + + systemd.tmpfiles.rules = [ + "d /run/brother 1777 nobody nogroup 1d" + ]; + + # FTP-to-mail proxy used for paperless + systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip { + url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz"; + hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q="; + stripRoot = false; + }; in { + # TODO move ftpserver.json to secrets + script = '' + ${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json + ''; + + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + }; + + networking.firewall.allowedTCPPorts = [ + # ftpserver + 2121 + + # nginx + 80 + ]; +} diff --git a/ops/hive.nix b/ops/hive.nix index 9b0bdaa7..f233bcbe 100644 --- a/ops/hive.nix +++ b/ops/hive.nix @@ -72,6 +72,13 @@ in sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0"; }) { }; + + "printmaster.waw.hackerspace.pl" = import + (fetchTarball { + url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/56911ef3403a9318b7621ce745f5452fb9ef6867"; + sha256 = "0jf6pnz4s5w9p35wd584hy7p6r5aaq1khfdxv2c1nqnmss05nn2b"; + }) + { system = "aarch64-linux"; }; }; allowApplyAll = false; @@ -101,4 +108,9 @@ in "tv1.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv1.nix; "tv2.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv2.nix; "sound.waw.hackerspace.pl" = import ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix; + "arcade.waw.hackerspace.pl" = import ../hswaw/machines/arcade.waw.hackerspace.pl/configuration.nix; + "printmaster.waw.hackerspace.pl" = { ... }: { + imports = [ ../hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix ]; + deployment.buildOnTarget = true; + }; }