mirror of
https://gerrit.hackerspace.pl/hscloud
synced 2024-10-18 02:58:06 +00:00
hswaw/machines/printmaster: cups server box
Change-Id: Ibf75d9bad789521bfab77fb17017b20030deed52 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1894 Reviewed-by: informatic <informatic@hackerspace.pl>
This commit is contained in:
parent
d63ed67aa7
commit
c8d1d51c11
5 changed files with 249 additions and 0 deletions
|
@ -0,0 +1,45 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
./scanning.nix
|
||||
./printing.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
|
||||
networking.hostName = "printmaster";
|
||||
networking.enableIPv6 = false;
|
||||
networking.firewall.enable = true;
|
||||
time.timeZone = "Europe/Warsaw";
|
||||
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command
|
||||
'';
|
||||
|
||||
users.users = {
|
||||
root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXhpZR8NUyJe9ud92uxavLuLLRVMUpqFOUTE0x35JHgve6Qo+IqlmszlmDGtTBqLlR/ZeXw0Rb7aq6rsrM20zmPMl/XQygwzE72dUZVnw4CWlzakI6qntU4FvnpjxMy3dz3KvYUtjf+p44tEuyU64s9TLKipX58GwTtVCKO1gmSI1I+3Ng0hxcXveMln+uH7Wa5LXJhGcyXTbnUXGpp97tXLWxG5xO46kwsmRhBd2MfodeeWe+nB0tVNE/sNybOwPNfzVu/U9wylyjdQ1/CBR9sNNYxT3RhuEwXKW/Unf/0ekB5j9VMpfMNwBMz714Ml3FKGsqacJL8Z0bJuPpveG1P4IYRS6x9pxPb4pgbBO9RZXIC8YQuqdBWulQo76SSEp5yCAkHFdQ3YX7em8zROpaVdZUBRUkwKdflt5PYjcv06rDNLKLoHbVhfZcPkkqKGsP/EA7ioARTezWAWRqc3CMXCnAH2CQLOeuvHmdQ2hqg3QZV8yZd/UzpyW8KjjkEMs= frederic@dedusmuln-macos.local"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQb3YQoiYFZLKwvHYKbu1bMqzNeDCAszQhAe1+QI5SLDOotclyY/vFmOReZOsmyMFl71G2d7d+FbYNusUnNNjTxRYQ021tVc+RkMdLJaORRURmQfEFEKbai6QSFTwErXzuoIzyEPK0lbsQuGgqT9WaVnRzHJ2Q/4+qQbxAS34PuR5NqEkmn4G6LMo3OyJ5mwPkCj9lsqz4BcxRaMWFO3mNcwGDfSW+sqgc3E8N6LKrTpZq3ke7xacpQmcG5DU9VO+2QVPdltl9jWbs3gXjmF92YRNOuKPVfAOZBBsp8JOznfx8s9wDgs7RwPmDpjIAJEyoABqW5hlXfqRbTnfnMvuR"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD3ujDBU/w0J37TQKro5lSmb3H2vGkbllsSxrD+aGAC6/5AosPLVxOXlWUH+P8ljeHsrZRiGhq9nBaafXXvMz7D8EIFqOH6mG1sG+pFL4M0/weebRutYiwRhPn5dl9ABij+lY2ETBP8K3anPXbyHHaSZW3GTNIJbmwVlP5jYfFEzXs5v6jYpMqDZ6i3HRaDDXxp7b9ZHc5LECEvepeO2T4MlTMUSa4bntP2ZzgWKoGkC+Bpyr98ug1hGoYiRGH2Cu9shjnPSopqd/YVCBNQ917FasnGLf8rNmUtNZycE0CPYHrf6N4SslkxSbfz3i+lAsdJLo53eBdn474yryrG0DtZJA8kacBxUWrLIFrWLDHkTlOx/UrdFWV55hMkmc2uo7MvO8nGuqATRoqZwSnYRLhHU8fpZHoOXlwCVoW9fcDOTgukUYHQCbQnfiS3H5ikE5vXxAHpzPE0pZ5o+YvrE0VVSwpB0aaSt55nY8762Q2y89clvjdoGwP7p7TL8M032QGFq2PAMY/+GY01zq+qswg7uEetU8Ccam9U4XoeB8XV7ocBNvGT/1PCfXwami5335SrB6+UHq6aU93ZSqc5lXl0KhrrhwuPDjN67nN3OtoeHsbwhyv+o5QJGB4ahWFs7G37Cxj/KffgdKQnvTLSzidA6uEXqFCjq8FNuEGeG+cKHw=="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
neofetch
|
||||
git
|
||||
fd
|
||||
vim
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
swapDevices = [{ device = "/swapfile"; size = 2 * 1024; }];
|
||||
system.stateVersion = "23.11";
|
||||
}
|
|
@ -0,0 +1,34 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "usbhid" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enu1u1u1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
}
|
84
hswaw/machines/printmaster.waw.hackerspace.pl/printing.nix
Normal file
84
hswaw/machines/printmaster.waw.hackerspace.pl/printing.nix
Normal file
|
@ -0,0 +1,84 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
hardware.printers = {
|
||||
ensurePrinters = [
|
||||
{
|
||||
name = "DYMO_LabelWriter450";
|
||||
location = "HSWAW";
|
||||
# FIXME: roll back to previous serial whenever we switch back to the
|
||||
# deep fried printer
|
||||
deviceUri = "usb://DYMO/LabelWriter%20450?serial=07080922282341";
|
||||
# deviceUri = "usb://DYMO/LabelWriter%20450?serial=14070417114480";
|
||||
model = "lw450.ppd";
|
||||
ppdOptions = {
|
||||
PageSize = "w102h252";
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
name = "Zebra_GK420T";
|
||||
location = "HSWAW";
|
||||
deviceUri = "socket://10.8.1.22:9100";
|
||||
model = "drv:///sample.drv/zebra.ppd";
|
||||
ppdOptions = {
|
||||
PageSize = "w288h432";
|
||||
MediaType = "Thermal";
|
||||
Resolution = "203dpi";
|
||||
};
|
||||
}
|
||||
|
||||
{
|
||||
name = "Brother_MFC8380DN";
|
||||
location = "HSWAW";
|
||||
deviceUri = "socket://10.8.1.21";
|
||||
model = "BR8380.ppd";
|
||||
ppdOptions = {
|
||||
PageSize = "A4";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
ensureDefaultPrinter = "DYMO_LabelWriter450";
|
||||
};
|
||||
|
||||
services = {
|
||||
avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
openFirewall = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
userServices = true;
|
||||
};
|
||||
};
|
||||
printing = {
|
||||
enable = true;
|
||||
defaultShared = true;
|
||||
browsing = true;
|
||||
openFirewall = true;
|
||||
allowFrom = [ "all" ];
|
||||
listenAddresses = [ "*:631" ];
|
||||
drivers = [
|
||||
# Workaround for broken multi-copies printing on LW450
|
||||
(pkgs.cups-dymo.overrideAttrs (old: {
|
||||
postPatch = ''
|
||||
sed -i 's/cupsManualCopies: False/cupsManualCopies: True/g' ppd/*
|
||||
'';
|
||||
}))
|
||||
|
||||
# Official Brother PPD
|
||||
(pkgs.runCommand ''cups-brother'' { } ''
|
||||
mkdir -p $out/share/cups/model
|
||||
gunzip --stdout ${pkgs.fetchurl {
|
||||
url = "https://download.brother.com/welcome/dlf006311/BR8380_2_GPL.ppd.gz";
|
||||
hash = "sha256-d7Kly2z8ALLV+j2Zmh3knpqiELFS4wf+4MfgNYeC0hQ=";
|
||||
}} > $out/share/cups/model/BR8380.ppd
|
||||
'')
|
||||
];
|
||||
|
||||
# Requests coming from beyondspace use printmaster.waw.hackerspace.pl:631 host header which Cups doesn't like - let's just allow all
|
||||
extraConf = "ServerAlias *";
|
||||
};
|
||||
};
|
||||
}
|
74
hswaw/machines/printmaster.waw.hackerspace.pl/scanning.nix
Normal file
74
hswaw/machines/printmaster.waw.hackerspace.pl/scanning.nix
Normal file
|
@ -0,0 +1,74 @@
|
|||
{ pkgs, ...}:
|
||||
|
||||
{
|
||||
# Samba server exposed for Brother scanner - exposed on http://printmaster.waw.hackerspace.pl/brother/
|
||||
services.samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
client min protocol = NT1
|
||||
server min protocol = NT1
|
||||
|
||||
server string = printmaster
|
||||
netbios name = printmaster
|
||||
|
||||
# note: localhost is the ipv6 localhost ::1
|
||||
hosts allow = 10.8.1. 10.8.0. 127.0.0.1 localhost
|
||||
hosts deny = 0.0.0.0/0
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
'';
|
||||
|
||||
shares = {
|
||||
brother = {
|
||||
path = "/run/brother";
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "yes";
|
||||
"create mask" = "0644";
|
||||
"directory mask" = "0755";
|
||||
"force user" = "nobody";
|
||||
"force group" = "nogroup";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."printmaster.waw.hackerspace.pl" = {
|
||||
locations."/brother/" = {
|
||||
alias = "/run/brother/";
|
||||
extraConfig = "autoindex on;";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /run/brother 1777 nobody nogroup 1d"
|
||||
];
|
||||
|
||||
# FTP-to-mail proxy used for paperless
|
||||
systemd.services.ftpserver = let ftpserver-bin = pkgs.fetchzip {
|
||||
url = "https://github.com/fclairamb/ftpserver/releases/download/v0.13.0/ftpserver_0.13.0_linux_arm64.tar.gz";
|
||||
hash = "sha256-HMaE2vM4HpD80aUxt5mI0ZUexHT7XEOJPnHqwO+W01Q=";
|
||||
stripRoot = false;
|
||||
}; in {
|
||||
# TODO move ftpserver.json to secrets
|
||||
script = ''
|
||||
${ftpserver-bin}/ftpserver -conf /etc/ftpserver.json
|
||||
'';
|
||||
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
# ftpserver
|
||||
2121
|
||||
|
||||
# nginx
|
||||
80
|
||||
];
|
||||
}
|
12
ops/hive.nix
12
ops/hive.nix
|
@ -72,6 +72,13 @@ in
|
|||
sha256 = "1k71lmzdaa48yqkmsnd22n177qmxxi4gj2qcmdbv0mc6l4f27wd0";
|
||||
})
|
||||
{ };
|
||||
|
||||
"printmaster.waw.hackerspace.pl" = import
|
||||
(fetchTarball {
|
||||
url = "https://api.github.com/repos/NixOS/nixpkgs/tarball/56911ef3403a9318b7621ce745f5452fb9ef6867";
|
||||
sha256 = "0jf6pnz4s5w9p35wd584hy7p6r5aaq1khfdxv2c1nqnmss05nn2b";
|
||||
})
|
||||
{ system = "aarch64-linux"; };
|
||||
};
|
||||
|
||||
allowApplyAll = false;
|
||||
|
@ -101,4 +108,9 @@ in
|
|||
"tv1.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv1.nix;
|
||||
"tv2.waw.hackerspace.pl" = import ../hswaw/machines/tv/tv2.nix;
|
||||
"sound.waw.hackerspace.pl" = import ../hswaw/machines/sound.waw.hackerspace.pl/configuration.nix;
|
||||
"arcade.waw.hackerspace.pl" = import ../hswaw/machines/arcade.waw.hackerspace.pl/configuration.nix;
|
||||
"printmaster.waw.hackerspace.pl" = { ... }: {
|
||||
imports = [ ../hswaw/machines/printmaster.waw.hackerspace.pl/configuration.nix ];
|
||||
deployment.buildOnTarget = true;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue