feat: initial commit

.envrc

@@ -0,0 +1 @@
+use flake

.gitignore

@@ -0,0 +1,2 @@
+.direnv/
+/result

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "editor.tabSize": 2,
+}

flake.lock

@@ -0,0 +1,109 @@
+{
+  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1716561646,
+        "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1716361217,
+        "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "agenix": "agenix",
+        "nixpkgs": "nixpkgs"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,25 @@
+{
+  inputs = {
+    nixpkgs = {
+      url = "github:NixOS/nixpkgs/nixos-23.11";
+    };
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = { self, nixpkgs, agenix, ... }:
+  let
+  in
+  {
+    nixosConfigurations.shorkbox = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        agenix.nixosModules.default
+        ./machine/configuration.nix
+        ./roles/station.nix
+      ];
+    };
+  };
+}

machine/configuration.nix

@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "shorkbox";
+  networking.networkmanager.enable = true;
+
+  time.timeZone = "Europe/London";
+
+  i18n.defaultLocale = "en_GB.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "uk";
+  };
+
+  sound.enable = true;
+
+  # users.users.alice = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  #   packages = with pkgs; [
+  #     firefox
+  #     tree
+  #   ];
+  # };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    wget
+    git
+    htop
+  ];
+
+  services.openssh.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  #networking.firewall.allowedUDPPorts = [ ... ];
+
+  system.stateVersion = "23.11";
+}
+

machine/hardware-configuration.nix

@@ -0,0 +1,31 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f6f0a08f-48e1-4bc2-a6bb-e5881126546f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/73D2-FA13";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/49c3026c-7bac-4a7d-81e6-c0c1d924f655"; }
+    ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

roles/icecast.nix

@@ -0,0 +1,81 @@
+{ config, pkgs, ... }:
+let
+  # TODO: Update
+  hostname = "shorkbox.lan";
+  location = "EMF Camp 2024";
+  admin = "radio@shorks.gay";
+
+  logDir = "/var/log/icecast";
+  user = "nobody";
+  group = "nogroup";
+
+  port = 8016;
+  address = "::";
+
+  adminPasswordSecret = config.age.secrets.icecast_admin.path;
+
+  configFile = pkgs.writeText "icecast.xml" ''
+    <icecast>
+      <hostname>${hostname}</hostname>
+      <location>${location}</location>
+      <admin>${admin}</admin>
+
+      <authentication>
+        <admin-user>admin</admin-user>
+        <admin-password>@icecast-admin-password@</admin-password>
+        <source-password>123123</source-password>
+      </authentication>
+
+      <paths>
+        <logdir>${logDir}</logdir>
+        <adminroot>${pkgs.icecast}/share/icecast/admin</adminroot>
+        <webroot>${pkgs.icecast}/share/icecast/web</webroot>
+        <alias source="/" dest="/status.xsl"/>
+      </paths>
+
+      <listen-socket>
+        <port>${toString port}</port>
+        <bind-address>${address}</bind-address>
+      </listen-socket>
+
+      <security>
+        <chroot>0</chroot>
+        <changeowner>
+            <user>${user}</user>
+            <group>${group}</group>
+        </changeowner>
+      </security>
+    </icecast>
+  '';
+
+  setupScript = pkgs.writeShellScriptBin "generate-icecast-config"
+  ''
+  secret=$(cat "${adminPasswordSecret}")
+  mkdir -p /run/icecast
+  cp ${configFile} /run/icecast/icecast.xml
+  ${pkgs.gnused}/bin/sed -i "s#@icecast-admin-password@#$secret#" "/run/icecast/icecast.xml"
+  chown -R ${user}:${group} /run/icecast
+  '';
+in
+{
+  age.secrets.icecast_admin = {
+    file = ../secrets/icecast_admin.age;
+    owner = "root";
+    group = "root";
+  };
+
+  systemd.services.icecast = {
+    after = [ "network.target" ];
+    description = "Icecast Network Audio Streaming Server";
+    wantedBy = [ "multi-user.target" ];
+
+    preStart = "mkdir -p ${logDir} && chown ${user}:${group} ${logDir} && ${setupScript}/bin/generate-icecast-config";
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.icecast}/bin/icecast -c /run/icecast/icecast.xml";
+      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ port ];
+}

roles/station.nix

@@ -0,0 +1,5 @@
+{ config, pkgs, ... }: {
+  imports = [
+    ./icecast.nix
+  ];
+}

secrets/icecast_admin.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 vL/JEw oy77KIpOGaEE6gOLzZXmZ2wviOw6fedrCFkmK0SUPwA
+a8Bv58/xhhOx6IzhSKXuyQSZibCA036FzZ1HvfDccHw
+--- Csp0M+UtZZzsPXHjOQDTkqD8s5HbqM6WhOzqeyf/ht4
+i‡Ò¥”,¢t¸d#ÏãiwMÊD’š‚I¢†5;I™u ²”°ó‹‡ã#¸¼”ñZüU4lqj­µüºV

secrets/secrets.nix

@@ -0,0 +1,7 @@
+let
+  shorkbox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoiBqYfOTzm/OC97a1H4JD6TsfJ7inHej12uyNbOC7v";
+  systems = [ shorkbox ];
+in
+{
+  "icecast_admin.age".publicKeys = systems;
+}