From 0aaae1c7a799de75cde0e864df2391346d9c389f Mon Sep 17 00:00:00 2001 From: Ashhhleyyy Date: Sun, 26 May 2024 20:10:31 +0100 Subject: [PATCH] feat: initial commit --- .envrc | 1 + .gitignore | 2 + .vscode/settings.json | 3 + flake.lock | 109 +++++++++++++++++++++++++++++ flake.nix | 25 +++++++ lq/sustainer.liq | 0 machine/configuration.nix | 48 +++++++++++++ machine/hardware-configuration.nix | 31 ++++++++ roles/icecast.nix | 81 +++++++++++++++++++++ roles/station.nix | 5 ++ secrets/icecast_admin.age | 5 ++ secrets/secrets.nix | 7 ++ 12 files changed, 317 insertions(+) create mode 100644 .envrc create mode 100644 .gitignore create mode 100644 .vscode/settings.json create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 lq/sustainer.liq create mode 100644 machine/configuration.nix create mode 100644 machine/hardware-configuration.nix create mode 100644 roles/icecast.nix create mode 100644 roles/station.nix create mode 100644 secrets/icecast_admin.age create mode 100644 secrets/secrets.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8bffd98 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.direnv/ +/result diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..7ba84c7 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "editor.tabSize": 2, +} \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..668458e --- /dev/null +++ b/flake.lock @@ -0,0 +1,109 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", + "owner": "ryantm", + "repo": "agenix", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1716361217, + "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..39901e6 --- /dev/null +++ b/flake.nix @@ -0,0 +1,25 @@ +{ + inputs = { + nixpkgs = { + url = "github:NixOS/nixpkgs/nixos-23.11"; + }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, agenix, ... }: + let + in + { + nixosConfigurations.shorkbox = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + agenix.nixosModules.default + ./machine/configuration.nix + ./roles/station.nix + ]; + }; + }; +} diff --git a/lq/sustainer.liq b/lq/sustainer.liq new file mode 100644 index 0000000..e69de29 diff --git a/machine/configuration.nix b/machine/configuration.nix new file mode 100644 index 0000000..d53f514 --- /dev/null +++ b/machine/configuration.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "shorkbox"; + networking.networkmanager.enable = true; + + time.timeZone = "Europe/London"; + + i18n.defaultLocale = "en_GB.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "uk"; + }; + + sound.enable = true; + + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # firefox + # tree + # ]; + # }; + + environment.systemPackages = with pkgs; [ + vim + wget + git + htop + ]; + + services.openssh.enable = true; + + networking.firewall.allowedTCPPorts = [ 22 ]; + #networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "23.11"; +} + diff --git a/machine/hardware-configuration.nix b/machine/hardware-configuration.nix new file mode 100644 index 0000000..9aa1a3c --- /dev/null +++ b/machine/hardware-configuration.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f6f0a08f-48e1-4bc2-a6bb-e5881126546f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/73D2-FA13"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/49c3026c-7bac-4a7d-81e6-c0c1d924f655"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/roles/icecast.nix b/roles/icecast.nix new file mode 100644 index 0000000..0322a8d --- /dev/null +++ b/roles/icecast.nix @@ -0,0 +1,81 @@ +{ config, pkgs, ... }: +let + # TODO: Update + hostname = "shorkbox.lan"; + location = "EMF Camp 2024"; + admin = "radio@shorks.gay"; + + logDir = "/var/log/icecast"; + user = "nobody"; + group = "nogroup"; + + port = 8016; + address = "::"; + + adminPasswordSecret = config.age.secrets.icecast_admin.path; + + configFile = pkgs.writeText "icecast.xml" '' + + ${hostname} + ${location} + ${admin} + + + admin + @icecast-admin-password@ + 123123 + + + + ${logDir} + ${pkgs.icecast}/share/icecast/admin + ${pkgs.icecast}/share/icecast/web + + + + + ${toString port} + ${address} + + + + 0 + + ${user} + ${group} + + + + ''; + + setupScript = pkgs.writeShellScriptBin "generate-icecast-config" + '' + secret=$(cat "${adminPasswordSecret}") + mkdir -p /run/icecast + cp ${configFile} /run/icecast/icecast.xml + ${pkgs.gnused}/bin/sed -i "s#@icecast-admin-password@#$secret#" "/run/icecast/icecast.xml" + chown -R ${user}:${group} /run/icecast + ''; +in +{ + age.secrets.icecast_admin = { + file = ../secrets/icecast_admin.age; + owner = "root"; + group = "root"; + }; + + systemd.services.icecast = { + after = [ "network.target" ]; + description = "Icecast Network Audio Streaming Server"; + wantedBy = [ "multi-user.target" ]; + + preStart = "mkdir -p ${logDir} && chown ${user}:${group} ${logDir} && ${setupScript}/bin/generate-icecast-config"; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.icecast}/bin/icecast -c /run/icecast/icecast.xml"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + }; + }; + + networking.firewall.allowedTCPPorts = [ port ]; +} diff --git a/roles/station.nix b/roles/station.nix new file mode 100644 index 0000000..9d25bfa --- /dev/null +++ b/roles/station.nix @@ -0,0 +1,5 @@ +{ config, pkgs, ... }: { + imports = [ + ./icecast.nix + ]; +} diff --git a/secrets/icecast_admin.age b/secrets/icecast_admin.age new file mode 100644 index 0000000..1f8119e --- /dev/null +++ b/secrets/icecast_admin.age @@ -0,0 +1,5 @@ +age-encryption.org/v1 +-> ssh-ed25519 vL/JEw oy77KIpOGaEE6gOLzZXmZ2wviOw6fedrCFkmK0SUPwA +a8Bv58/xhhOx6IzhSKXuyQSZibCA036FzZ1HvfDccHw +--- Csp0M+UtZZzsPXHjOQDTkqD8s5HbqM6WhOzqeyf/ht4 +i‡Ò¥”, ¢t¸d#ÏãiwMÊD’š‚I¢†5;I™u ²”°ó‹‡ã#¸¼”ñZüU4lqj­µüºV \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..13cdee5 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,7 @@ +let + shorkbox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoiBqYfOTzm/OC97a1H4JD6TsfJ7inHej12uyNbOC7v"; + systems = [ shorkbox ]; +in +{ + "icecast_admin.age".publicKeys = systems; +}