Setup wiroprint server #1

+14 -3

apps/default.nix

··· 1 1 { pkgs-per-system }: 2 2 3 3 - { lib 3 3 + { self 4 4 + , lib 4 5 , ... 5 6 }@pkgs: 6 7 7 8 let 9 9 + inherit (self.outputs) flake-lib; 10 10 + 11 11 + iso-x86_64-linux = flake-lib.nixos.createSystem pkgs-per-system.x86_64-linux [ ../nixos/profiles/installer.nix ]; 12 12 + path-iso-x86_64-linux = "${iso-x86_64-linux.config.system.build.isoImage}/iso/${iso-x86_64-linux.config.isoImage.isoName}"; 13 13 + 14 14 + iso-rpi = flake-lib.nixos.createSystem pkgs-per-system.aarch64-linux [ ../nixos/profiles/installer-rpi.nix ]; 15 15 + path-iso-rpi = "${iso-rpi.config.system.build.sdImage}/iso/${iso-rpi.config.sdImage.isoName}"; 16 16 + 8 17 apps = { 9 9 - flash-installer-iso-x86_64-linux = import ./flash-installer.nix pkgs-per-system.x86_64-linux pkgs; 18 18 + inherit iso-rpi; 19 19 + 20 20 + installer-iso-x86_64-linux = import ./flash-installer.nix pkgs path-iso-x86_64-linux; 21 21 + installer-rpi = import ./flash-installer.nix pkgs path-iso-rpi; 10 22 }; 11 23 in 12 12 - 13 24 lib.mapAttrs (_: program: { type = "app"; inherit program; }) apps

+2 -10

apps/flash-installer.nix

··· 1 1 - targetSystemPkgs: 2 2 - 3 1 { self 4 2 , lib 5 3 ··· 7 5 , ... 8 6 }@pkgs: 9 7 10 10 - let 11 11 - inherit (self.outputs) flake-lib; 12 12 - 13 13 - iso = flake-lib.nixos.createSystem targetSystemPkgs [ ../nixos/profiles/installer.nix ]; 14 14 - # Build installer ISO 15 15 - isoPath = "${iso.config.system.build.isoImage}/iso/${iso.config.isoImage.isoName}"; 8 8 + image-path: 16 9 17 17 - in 18 10 lib.getExe (writeShellApplication { 19 11 name = "flash-installer"; 20 12 runtimeInputs = with pkgs; [ pv fzf ]; ··· 31 23 echo "Flashing to $dev" 32 24 33 25 # Format selected disk 34 34 - pv -tpreb "${isoPath}" | sudo dd bs=4M of="$dev" iflag=fullblock conv=notrunc,noerror oflag=sync 26 26 + pv -tpreb "${image-path}" | sudo dd bs=4M of="$dev" iflag=fullblock conv=notrunc,noerror oflag=sync 35 27 ''; 36 28 })

+7 -1

configurations.nix

··· 19 19 20 20 # Servers 21 21 "weird-row-server" = createSystem pkgs [ 22 22 - (system "weird-row-server" "server") 22 22 + (system "weird-row-server" "main-server") 23 23 (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; }) 24 24 (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; }) 25 25 ]; 26 26 + 27 27 + "wiroprint-server" = createSystem pkgs [ 28 28 + (system "wiroprint-server" "print-server") 29 29 + # (managedDiskLayout "ext4-hetzner" { device = "sda"; swapSize = 2; }) 30 30 + (user "milomoisson" { description = "Milo Moisson"; profile = "server"; keys = keys.users; }) 31 31 + ]; 26 32 }; 27 33 28 34 # I bundle my Home Manager config via the NixOS modules which create system generations and give free rollbacks.

-2

home-manager/fragments/shell.nix

··· 73 73 # that depends on fish internal ls wrappers and can be overridden by 74 74 # bad configuration. (e.g. NixOS `environment.shellAliases` default) 75 75 ls = "${lib.getExe pkgs.eza} --color=auto --icons=auto --hyperlink"; 76 76 - 77 77 - pasters = "${lib.getExe pkgs.curl} --data-binary @- https://paste.rs/"; 78 76 }; 79 77 80 78 shellAbbrs = {

+1

home-manager/fragments/tools.nix

··· 46 46 openssl 47 47 ouch 48 48 parallel 49 49 + lpkgs.paste-rs 49 50 pv 50 51 restic 51 52 ripgrep

+12 -4

home-manager/profiles/desktop.nix

··· 143 143 programs.ssh = { 144 144 enable = true; 145 145 146 146 - matchBlocks."weird-row-server" = { 147 147 - hostname = "weird-row.portal.wiro.world"; 148 148 - # TODO: reduce automated load on ssh port by changing to a random port 149 149 - # port = "" 146 146 + matchBlocks = { 147 147 + "weird-row-server" = { 148 148 + hostname = "weird-row.portal.wiro.world"; 149 149 + # TODO: reduce automated load on ssh port by changing to a random port 150 150 + # port = "" 151 151 + }; 152 152 + 153 153 + "wiroprint" = { 154 154 + hostname = "wiroprint.portal.wiro.world"; 155 155 + # this machine is not accessible on the public network via SSH 156 156 + # port = ""; 157 157 + }; 150 158 }; 151 159 }; 152 160

+40

nixos/layout/ext4.nix

··· 1 1 + { config 2 2 + , ... 3 3 + }: 4 4 + 5 5 + let 6 6 + cfg = config.local.disk; 7 7 + in 8 8 + { 9 9 + config.disko.devices.disk.primary = { 10 10 + type = "disk"; 11 11 + device = cfg.device; 12 12 + content = { 13 13 + type = "gpt"; 14 14 + partitions = { 15 15 + boot = { 16 16 + size = "1M"; 17 17 + type = "EF02"; 18 18 + priority = 1; 19 19 + }; 20 20 + ESP = { 21 21 + size = "512M"; 22 22 + type = "EF00"; 23 23 + content = { 24 24 + type = "filesystem"; 25 25 + format = "vfat"; 26 26 + mountpoint = "/boot"; 27 27 + }; 28 28 + }; 29 29 + root = { 30 30 + size = "100%"; 31 31 + content = { 32 32 + type = "filesystem"; 33 33 + format = "ext4"; 34 34 + mountpoint = "/"; 35 35 + }; 36 36 + }; 37 37 + }; 38 38 + }; 39 39 + }; 40 40 + }

+101

nixos/profiles/installer-rpi.nix

··· 1 1 + { self 2 2 + , lib 3 3 + , pkgs 4 4 + , lpkgs 5 5 + 6 6 + , modulesPath 7 7 + , ... 8 8 + }: 9 9 + 10 10 + let 11 11 + inherit (self.inputs) nixos-hardware; 12 12 + 13 13 + keys = import ../../secrets/keys.nix; 14 14 + 15 15 + binName = drv: drv.meta.mainProgram; 16 16 + 17 17 + flakeUri = "github:mrnossiom/dotfiles"; 18 18 + 19 19 + ## Formatting related 20 20 + 21 21 + # Does the whole destroy, format, mount disko cycle 22 22 + # disko-cycle <hostname> 23 23 + disko-cycle = pkgs.writeShellScriptBin "disko-cycle" '' 24 24 + if [ -z "$1" ]; then echo "Hostname unset"; exit; fi 25 25 + 26 26 + echo "Running disko destroy, format and mount script for $1" 27 27 + nix build ${flakeUri}#nixosConfigurations.$1.config.system.build.diskoScript 28 28 + sudo bash result 29 29 + ''; 30 30 + 31 31 + ## NixOS install related 32 32 + 33 33 + # Generates hardware related config and uploads it to a paste service 34 34 + # link-hardware-config [root] 35 35 + link-hardware-config = pkgs.writeShellScriptBin "link-hardware-config" '' 36 36 + nixos-generate-config --root ''${1:-/mnt} --show-hardware-config | ${lib.getExe lpkgs.paste-rs} 37 37 + ''; 38 38 + 39 39 + # Install specified flake system to /mnt 40 40 + # install-system <hostname> 41 41 + install-system = pkgs.writeShellScriptBin "install-system" '' 42 42 + if [ -z "$1" ]; then echo "Hostname unset"; exit; fi 43 43 + 44 44 + echo "Installing $1" 45 45 + nixos-install --system ${flakeUri}#$1 46 46 + ''; 47 47 + in 48 48 + { 49 49 + imports = [ 50 50 + nixos-hardware.nixosModules.raspberry-pi-4 51 51 + "${modulesPath}/installer/sd-card/sd-image-aarch64.nix" 52 52 + ]; 53 53 + 54 54 + config = { 55 55 + sdImage.compressImage = false; 56 56 + 57 57 + boot.kernelPackages = lib.mkForce pkgs.linuxKernel.packages.linux_rpi4; 58 58 + 59 59 + nix.settings = { 60 60 + experimental-features = [ "nix-command" "flakes" ]; 61 61 + extra-substituters = [ 62 62 + "https://nix-community.cachix.org" 63 63 + "https://mrnossiom.cachix.org" 64 64 + ]; 65 65 + extra-trusted-public-keys = [ 66 66 + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 67 67 + "mrnossiom.cachix.org-1:WKo+xfDFaT6pRP4YiIFsEXvyBzI/Pm9uGhURgF1wlQg=" 68 68 + ]; 69 69 + }; 70 70 + 71 71 + users.users.nixos = { 72 72 + isNormalUser = true; 73 73 + extraGroups = [ "wheel" ]; 74 74 + # Add our keys to default users for better remote experience 75 75 + openssh.authorizedKeys.keys = keys.users; 76 76 + }; 77 77 + 78 78 + # Start wpa_supplicant right away 79 79 + systemd.services.wpa_supplicant.wantedBy = lib.mkForce [ "multi-user.target" ]; 80 80 + 81 81 + services.getty.helpLine = '' 82 82 + Available custom tools: 83 83 + - File System: ${binName disko-cycle} 84 84 + - Installation: ${binName link-hardware-config}, ${binName install-system} 85 85 + 86 86 + Troubleshoot: 87 87 + - If the disko installer fails to finish due to a dark error just wipe the disk table 88 88 + $ parted /dev/<disk-id> -- mklabel gpt 89 89 + ''; 90 90 + 91 91 + environment.systemPackages = [ 92 92 + disko-cycle 93 93 + link-hardware-config 94 94 + install-system 95 95 + ]; 96 96 + 97 97 + services.openssh.enable = true; 98 98 + 99 99 + security.sudo.wheelNeedsPassword = false; 100 100 + }; 101 101 + }

+7 -9

nixos/profiles/installer.nix

··· 1 1 { lib 2 2 , pkgs 3 3 + , lpkgs 3 4 4 5 , modulesPath 5 6 , ... 6 7 }: 7 8 8 9 let 9 9 - inherit (pkgs) writeShellScriptBin pastebinit; 10 10 - 11 10 keys = import ../../secrets/keys.nix; 12 11 13 12 binName = drv: drv.meta.mainProgram; 14 13 15 15 - flakeUri = "github:mrnossiom/dotfiles/nixos"; 14 14 + flakeUri = "github:mrnossiom/dotfiles"; 16 15 17 16 ## Wireless related 18 17 19 18 # connect-wifi <interface> <BSSID> 20 20 - connect-wifi = writeShellScriptBin "connect-wifi" '' 19 19 + connect-wifi = pkgs.writeShellScriptBin "connect-wifi" '' 21 20 if [ -z "$1" ]; then echo "Interface unset"; exit; fi 22 21 if [ -z "$2" ]; then echo "SSID unset"; exit; fi 23 22 ··· 30 29 31 30 # Does the whole destroy, format, mount disko cycle 32 31 # disko-cycle <hostname> 33 33 - disko-cycle = writeShellScriptBin "disko-cycle" '' 32 32 + disko-cycle = pkgs.writeShellScriptBin "disko-cycle" '' 34 33 if [ -z "$1" ]; then echo "Hostname unset"; exit; fi 35 34 36 35 echo "Running disko destroy, format and mount script for $1" ··· 40 39 41 40 ## NixOS install related 42 41 43 43 - # Generates hardware related config and uploads it to pastebin 42 42 + # Generates hardware related config and uploads it to a paste service 44 43 # link-hardware-config [root] 45 45 - link-hardware-config = writeShellScriptBin "link-hardware-config" '' 46 46 - nixos-generate-config --root ''${1:-/mnt} --show-hardware-config | ${lib.getExe' pastebinit "pastebinit"} 44 44 + link-hardware-config = pkgs.writeShellScriptBin "link-hardware-config" '' 45 45 + nixos-generate-config --root ''${1:-/mnt} --show-hardware-config | ${lib.getExe lpkgs.paste-rs} 47 46 ''; 48 47 49 48 # Install specified flake system to /mnt ··· 54 53 echo "Installing $1" 55 54 nixos-install --system ${flakeUri}#$1 56 55 ''; 57 57 - 58 56 in 59 57 { 60 58 imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" ];

nixos/profiles/server.nix nixos/profiles/main-server.nix

+100

nixos/profiles/print-server.nix

··· 1 1 + { self 2 2 + , config 3 3 + , upkgs 4 4 + , ... 5 5 + }: 6 6 + 7 7 + let 8 8 + inherit (self.inputs) srvos agenix tangled; 9 9 + 10 10 + all-secrets = import ../../secrets; 11 11 + 12 12 + ext-if = "eth0"; 13 13 + external-ip = "91.99.55.74"; 14 14 + external-netmask = 27; 15 15 + external-gw = "144.x.x.255"; 16 16 + external-ip6 = "2a01:4f8:c2c:76d2::1"; 17 17 + external-netmask6 = 64; 18 18 + external-gw6 = "fe80::1"; 19 19 + 20 20 + octoprint-hostname = "print.wiro.world"; 21 21 + octoprint-port = 3000; 22 22 + in 23 23 + { 24 24 + imports = [ 25 25 + srvos.nixosModules.server 26 26 + srvos.nixosModules.hardware-hetzner-cloud 27 27 + srvos.nixosModules.mixins-terminfo 28 28 + 29 29 + agenix.nixosModules.default 30 30 + 31 31 + tangled.nixosModules.knotserver 32 32 + ]; 33 33 + 34 34 + config = { 35 35 + age.secrets = all-secrets.deploy; 36 36 + 37 37 + boot.loader.grub.enable = true; 38 38 + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "ext4" ]; 39 39 + 40 40 + # Single network card is `eth0` 41 41 + networking.usePredictableInterfaceNames = false; 42 42 + 43 43 + networking.nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" ]; 44 44 + 45 45 + networking = { 46 46 + interfaces.${ext-if} = { 47 47 + ipv4.addresses = [{ address = external-ip; prefixLength = external-netmask; }]; 48 48 + ipv6.addresses = [{ address = external-ip6; prefixLength = external-netmask6; }]; 49 49 + }; 50 50 + defaultGateway = { interface = ext-if; address = external-gw; }; 51 51 + defaultGateway6 = { interface = ext-if; address = external-gw6; }; 52 52 + 53 53 + firewall.allowedTCPPorts = [ 22 80 443 ]; 54 54 + }; 55 55 + 56 56 + services.openssh.enable = true; 57 57 + 58 58 + services.fail2ban = { 59 59 + enable = true; 60 60 + 61 61 + maxretry = 5; 62 62 + ignoreIP = [ ]; 63 63 + 64 64 + bantime = "24h"; 65 65 + bantime-increment = { 66 66 + enable = true; 67 67 + multipliers = "1 2 4 8 16 32 64"; 68 68 + maxtime = "168h"; 69 69 + overalljails = true; 70 70 + }; 71 71 + 72 72 + jails = { }; 73 73 + }; 74 74 + 75 75 + services.caddy = { 76 76 + enable = true; 77 77 + package = upkgs.caddy; 78 78 + 79 79 + globalConfig = '' 80 80 + metrics { per_host } 81 81 + ''; 82 82 + 83 83 + virtualHosts.${octoprint-hostname}.extraConfig = '' 84 84 + reverse_proxy http://localhost:${toString octoprint-port} 85 85 + ''; 86 86 + }; 87 87 + 88 88 + services.octoprint = { 89 89 + enable = true; 90 90 + host = octoprint-hostname; 91 91 + port = octoprint-port; 92 92 + }; 93 93 + 94 94 + security.sudo.wheelNeedsPassword = false; 95 95 + 96 96 + local.fragment.nix.enable = true; 97 97 + 98 98 + programs.fish.enable = true; 99 99 + }; 100 100 + }

+1

pkgs/default.nix

··· 9 9 find-unicode = pkgs.callPackage ./find-unicode.nix { }; 10 10 names = pkgs.callPackage ./names.nix { }; 11 11 otree = pkgs.callPackage ./otree.nix { }; 12 12 + paste-rs = pkgs.callPackage ./paste-rs.nix { }; 12 13 probe-rs-udev-rules = pkgs.callPackage ./probe-rs-udev-rules.nix { }; 13 14 14 15 # Import packages defined in foreign repositories

+12

pkgs/paste-rs.nix

··· 1 1 + { writeShellApplication 2 2 + 3 3 + , curl 4 4 + }: 5 5 + 6 6 + writeShellApplication { 7 7 + name = "pasters"; 8 8 + runtimeInputs = [ curl ]; 9 9 + text = '' 10 10 + curl --data-binary @- https://paste.rs/ 11 11 + ''; 12 12 + }