feat: octoprint

config/services/kanidm.nix

@@ -124,8 +124,9 @@ in {
       groups."rss.access" = {};
       groups."firefly.access" = {};
       groups."ollama.access" = {};
-      groups."adguardhome.access" = {
-      };
+      groups."adguardhome.access" = {};
+      groups."octoprint.access" = {};
+
       systems.oauth2.oauth2-proxy = {
         displayName = "Oauth2-Proxy";
         originUrl = "https://oauth2.${config.secrets.secrets.global.domains.web}/";
@@ -134,6 +135,7 @@ in {
         scopeMaps."rss.access" = ["openid" "email" "profile"];
         scopeMaps."firefly.access" = ["openid" "email" "profile"];
         scopeMaps."ollama.access" = ["openid" "email" "profile"];
+        scopeMaps."octoprint.access" = ["openid" "email" "profile"];
         preferShortUsername = true;
         claimMaps.groups = {
           joinType = "array";
@@ -141,6 +143,7 @@ in {
           valuesByGroup."rss.access" = ["ttrss_access"];
           valuesByGroup."firefly.access" = ["firefly_access"];
           valuesByGroup."ollama.access" = ["ollama_access"];
+          valuesByGroup."octoprint.access" = ["octoprint_access"];
         };
       };
 

config/services/octoprint.nix

@@ -0,0 +1,17 @@
+{config, ...}: {
+  wireguard.elisabeth = {
+    client.via = "elisabeth";
+    firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.octoprint.port];
+  };
+  networking.firewall.allowedTCPPorts = [3000];
+  services.octoprint = {
+    port = 3000;
+    enable = true;
+    extraConfig = {
+      accessControl = {
+        addRemoteUser = true;
+        trustRemoteUser = true;
+      };
+    };
+  };
+}

config/services/ollama.nix

@@ -3,7 +3,6 @@
     client.via = "elisabeth";
     firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.open-webui.port];
   };
-  networking.firewall.allowedTCPPorts = [config.services.open-webui.port];
   services.ollama = {
     host = "localhost";
     port = 3001;

hosts/elisabeth/guests.nix

@@ -25,10 +25,14 @@
       actual = "actual";
       firefly = "money";
       homebox = "homebox";
+      octoprint = "print";
     };
   in "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}";
   # TODO hard coded elisabeth nicht so schön
-  ipOf = hostName: nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
+  ipOf = hostName:
+    if nodes ? hostName
+    then nodes.${hostName}.config.wireguard.elisabeth.ipv4
+    else nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
 in {
   services.nginx = let
     blockOf = hostName: {
@@ -164,6 +168,7 @@ in {
       (blockOf "yourspotify" {port = 80;})
       #(blockOf "homebox" {})
       (proxyProtect "ollama" {} true)
+      (proxyProtect "octoprint" {} true)
       (proxyProtect "firefly" {port = 80;} true)
       (blockOf "apispotify" {
         port = 3000;

hosts/octoprint/default.nix

@@ -0,0 +1,18 @@
+{
+  inputs,
+  lib,
+  ...
+}: {
+  imports = [
+    ../../config/basic
+    ../../config/services/octoprint.nix
+
+    inputs.nixos-hardware.nixosModules.raspberry-pi-3
+    ./fs.nix
+    ./net.nix
+  ];
+  nixpkgs.hostPlatform = "aarch64-linux";
+  boot.loader.generic-extlinux-compatible.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  hardware.enableRedistributableFirmware = true;
+}

hosts/octoprint/fs.nix

@@ -0,0 +1,9 @@
+{lib, ...}: {
+  fileSystems = lib.mkForce {
+    "/" = {
+      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+  };
+  environment.persistence = lib.mkForce {};
+}

hosts/octoprint/net.nix

@@ -0,0 +1,30 @@
+{config, ...}: {
+  networking = {
+    inherit (config.secrets.secrets.local.networking) hostId;
+    wireless.iwd = {
+      enable = true;
+    };
+  };
+  systemd.network.networks = {
+    "01-lan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.lan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 10;
+      dhcpV6Config.RouteMetric = 10;
+    };
+    "01-wlan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 40;
+      dhcpV6Config.RouteMetric = 40;
+    };
+  };
+}

hosts/octoprint/secrets/host.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG

hosts/patricknix/net.nix

@@ -3,10 +3,6 @@
     rekeyFile = ./secrets/iwd/eduroam.8021x.age;
     path = "/var/lib/iwd/eduroam.8021x";
   };
-  age.secrets.simonWlan = {
-    rekeyFile = ./. + "/secrets/iwd/=467269747a21426f78373539302048616e7373656e.psk.age";
-    path = "/var/lib/=467269747a21426f78373539302048616e7373656e.psk";
-  };
   age.secrets = {
     devoloog-psk.rekeyFile = ./secrets/iwd/devoloog-psk.age;
     devoloog-pass.rekeyFile = ./secrets/iwd/devoloog-pass.age;

secrets/wireguard/elisabeth/keys/octoprint.pub

@@ -0,0 +1 @@
+eIq8a4zS+xAcuilz8dw2znMm8xzMmYm3jg7wvAX5UV8=

secrets/wireguard/elisabeth/psks/elisabeth+octoprint.age

@@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> X25519 LHMw7uAZNnxG7jj5XxSQX1rXpE6K8umKuO4teduKwBA
+7K/2tt6RgkbkquSy8oxLIeMkhCSRFGojUdrJcE7Jgn0
+-> piv-p256 ZFgiIw A6mFDXKTy3k1hjJCAcoCSYAVu8qFSnsnhdsoRs2y6EGG
+WyIUhPA99Wn9dMWTx5dIHPqeJgcM9FjMQdG0GVmOAmk
+-> piv-p256 XTQkUA AwCrp3H70gkHpOZOgviAgwZyESnKJRbebXRgIMlbHKQ+
+zdhbhHRedkfRWFmeKeL8E+7peUFEwvw31W88qZg0Cl0
+-> piv-p256 ZFgiIw AuHsVWNjUqNCqRVmVSs209G9xdjt+xuOlaKrdvgXP1yp
+X3jZJRJju/MoU33m7Xkzph8skN6KGnv2Dm7Oij3fmJw
+-> piv-p256 5vmPtQ AkgsFDihJBZlsJsupaxJK/gThLaKY+50w6QfKQlF4a8n
+I8eqZzDxr5Vvsjc6Kd3lBA09NriQMro2OQizix49m+U
+-> n<IkY:<-grease m@2> EQ`+g%xS }uX
+I7fOzBFLdnAquybVNl1PL24+eOamYBZVi98wIqh8s0PnYmDLv0E/cqWfhQXM
+--- RDGXtDT+IfBc58+hX5Ohy83AF2FRIDEs/wUGWaRCyc4
+0³Q‰¨0ãë õÖþ+.^»‡P=´Þö¿¯¹#jjãÖP¢—<íÜ8…B3ˆld‰Æ›ºäÛá–Gü»hpïVEìˆAXúËœÎirÛ

users/common/graphical/wayland/hyprland.nix

@@ -136,8 +136,10 @@ in {
             ",Menu,exec,fuzzel"
             "SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}"
 
-            "CTRL,F7,pass,discord"
-            "CTRL,F8,pass,discord"
+            "CTRL,F7,pass,class:^(discord)$"
+            "CTRL,F8,pass,class:^(discord)$"
+            "CTRL,F7,pass,class:^(TeamSpeak 3)$"
+            "CTRL,F8,pass,class:^(TeamSpeak 3)$"
             "CTRL,F9,exec,systemctl --user start swww-update-wallpaper"
 
             "SUPER + SHIFT,q,exit"
@@ -151,24 +153,16 @@ in {
 
         cursor.no_warps = true;
         debug.disable_logs = false;
-        env =
-          optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [
-            # See https://wiki.hyprland.org/Nvidia/
-            "LIBVA_DRIVER_NAME,nvidia"
-            "XDG_SESSION_TYPE,wayland"
-            "GBM_BACKEND,nvidia-drm"
-            "__GLX_VENDOR_LIBRARY_NAME,nvidia"
-          ]
-          ++ [
-            "NIXOS_OZONE_WL,1"
-            "MOZ_ENABLE_WAYLAND,1"
-            "_JAVA_AWT_WM_NONREPARENTING,1"
-            "QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
-            "QT_QPA_PLATFORM,wayland"
-            "SDL_VIDEODRIVER,wayland"
-            "GDK_BACKEND,wayland"
-            "WLR_DRM_NO_ATOMIC,1" #retest on newest nvidia driver
-          ];
+        env = [
+          "NIXOS_OZONE_WL,1"
+          "MOZ_ENABLE_WAYLAND,1"
+          "_JAVA_AWT_WM_NONREPARENTING,1"
+          "QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
+          "QT_QPA_PLATFORM,wayland"
+          "SDL_VIDEODRIVER,wayland"
+          "GDK_BACKEND,wayland"
+          "WLR_DRM_NO_ATOMIC,1" #retest on newest nvidia driver
+        ];
         bindm = [
           # mouse movements
           "SUPER, mouse:272, movewindow"
@@ -214,7 +208,13 @@ in {
           # doesn't exist and crashes yoru session sometimes when moving a window to it.
           "Unknown-1, disable"
         ];
-
+        env = optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [
+          # See https://wiki.hyprland.org/Nvidia/
+          "LIBVA_DRIVER_NAME,nvidia"
+          "XDG_SESSION_TYPE,wayland"
+          "GBM_BACKEND,nvidia-drm"
+          "__GLX_VENDOR_LIBRARY_NAME,nvidia"
+        ];
         windowrulev2 = [
           "workspace 2,class:^(firefox)$"
           "workspace 3,class:^(thunderbird)$"
@@ -223,7 +223,8 @@ in {
           "workspace 4,class:^(prismlauncher)$"
           "workspace 6,class:^(discord)$"
           "workspace 6,class:^(WebCord)$"
-          "workspace 7,class:^(Signal)$"
+          "workspace 6,class:^(TeamSpeak 3)$"
+          "workspace 7,class:^(signal)$"
           "workspace 7,class:^(TelegramDesktop)$"
         ];
 
@@ -241,6 +242,10 @@ in {
       })
       (mkIf (nixosConfig.node.name == "patricknix") {
         monitor = [
+          "eDP-1,preferred,0x0,2"
+          # Thank you NVIDIA for this generous, free-of-charge, extra monitor that
+          # doesn't exist and crashes yoru session sometimes when moving a window to it.
+          "Unknown-1, disable"
         ];
         workspace = [
         ];

users/common/graphical/wayland/waybar/default.nix

@@ -1,29 +1,66 @@
 {
   pkgs,
   lib,
+  nixosConfig,
   ...
 }: {
   programs.waybar = {
     enable = true;
     systemd.enable = false;
-    style = ./waybar.css;
+    style =
+      ({
+          desktopnix = ''
+            * {
+            	/* `otf-font-awesome` is required to be installed for icons */
+            	font-family: "Symbols Nerd Font Mono", "JetBrains Mono";
+            	font-size: 13px;
+            	transition-duration: .1s;
+            }
+          '';
+          patricknix = ''
+            * {
+            	/* `otf-font-awesome` is required to be installed for icons */
+            	font-family: "Symbols Nerd Font Mono", "JetBrains Mono";
+            	font-size: 10px;
+            	transition-duration: .1s;
+            }
+          '';
+        }
+        .${nixosConfig.node.name}
+        or "")
+      + builtins.readFile ./waybar.css;
     settings.main = {
       layer = "top";
       position = "bottom";
       modules-left = ["privacy" "hyprland/submap" "hyprland/window"];
       modules-center = ["hyprland/workspaces"];
-      modules-right = [
-        "cpu"
-        "memory"
-        "wireplumber"
-        "network"
-        #"bluetooth"
-        "backlight"
-        "battery"
-        "clock"
-        "custom/notification"
-        "tray"
-      ];
+      modules-right =
+        {
+          desktopnix = [
+            "cpu"
+            "memory"
+            "wireplumber"
+            "network"
+            "battery"
+            "clock"
+            "custom/notification"
+            "tray"
+          ];
+          patricknix = [
+            "cpu"
+            "memory"
+            "wireplumber"
+            "network"
+            "bluetooth"
+            "backlight"
+            "battery"
+            "clock"
+            "custom/notification"
+            "tray"
+          ];
+        }
+        .${nixosConfig.node.name}
+        or [];
 
       battery = {
         format = "{icon}  {capacity}%";

users/common/graphical/wayland/waybar/waybar.css

@@ -1,9 +1,3 @@
-* {
-	/* `otf-font-awesome` is required to be installed for icons */
-	font-family: "Symbols Nerd Font Mono", "JetBrains Mono";
-	font-size: 13px;
-	transition-duration: .1s;
-}
 
 window#waybar {
 	background-color: #000000;

users/patrick/impermanence.nix

@@ -16,6 +16,8 @@
         ".config/xournalpp"
         ".cache/xournalpp"
 
+        ".config/OrcaSlicer"
+
         # For nextcloud client install
         "Nextcloud"
         ".config/Nextcloud"

users/patrick/patrick.nix

@@ -21,6 +21,7 @@
       teamspeak_client
       zotero
       timer
+      orca-slicer
 
       ocaml
       dune_3