feat: octoprint

2024-07-12 13:27:08 +02:00 · 2024-07-12 13:27:08 +02:00 · 37bf94ca5b
parent beea4686ce
commit 37bf94ca5b
19 changed files with 182 additions and 49 deletions
--- a/config/services/kanidm.nix
+++ b/config/services/kanidm.nix
@ -124,8 +124,9 @@ in {
      groups."rss.access" = {};
      groups."firefly.access" = {};
      groups."ollama.access" = {};
-      groups."adguardhome.access" = {
-      };
+      groups."adguardhome.access" = {};
+      groups."octoprint.access" = {};
+
      systems.oauth2.oauth2-proxy = {
        displayName = "Oauth2-Proxy";
        originUrl = "https://oauth2.${config.secrets.secrets.global.domains.web}/";
@ -134,6 +135,7 @@ in {
        scopeMaps."rss.access" = ["openid" "email" "profile"];
        scopeMaps."firefly.access" = ["openid" "email" "profile"];
        scopeMaps."ollama.access" = ["openid" "email" "profile"];
+        scopeMaps."octoprint.access" = ["openid" "email" "profile"];
        preferShortUsername = true;
        claimMaps.groups = {
          joinType = "array";
@ -141,6 +143,7 @@ in {
          valuesByGroup."rss.access" = ["ttrss_access"];
          valuesByGroup."firefly.access" = ["firefly_access"];
          valuesByGroup."ollama.access" = ["ollama_access"];
+          valuesByGroup."octoprint.access" = ["octoprint_access"];
        };
      };

--- a/config/services/octoprint.nix
+++ b/config/services/octoprint.nix
@ -0,0 +1,17 @@
+{config, ...}: {
+  wireguard.elisabeth = {
+    client.via = "elisabeth";
+    firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.octoprint.port];
+  };
+  networking.firewall.allowedTCPPorts = [3000];
+  services.octoprint = {
+    port = 3000;
+    enable = true;
+    extraConfig = {
+      accessControl = {
+        addRemoteUser = true;
+        trustRemoteUser = true;
+      };
+    };
+  };
+}
--- a/config/services/ollama.nix
+++ b/config/services/ollama.nix
@ -3,7 +3,6 @@
    client.via = "elisabeth";
    firewallRuleForNode.elisabeth.allowedTCPPorts = [config.services.open-webui.port];
  };
-  networking.firewall.allowedTCPPorts = [config.services.open-webui.port];
  services.ollama = {
    host = "localhost";
    port = 3001;
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@ -25,10 +25,14 @@
      actual = "actual";
      firefly = "money";
      homebox = "homebox";
+      octoprint = "print";
    };
  in "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}";
  # TODO hard coded elisabeth nicht so schön
-  ipOf = hostName: nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
+  ipOf = hostName:
+    if nodes ? hostName
+    then nodes.${hostName}.config.wireguard.elisabeth.ipv4
+    else nodes."elisabeth-${hostName}".config.wireguard.elisabeth.ipv4;
 in {
  services.nginx = let
    blockOf = hostName: {
@ -164,6 +168,7 @@ in {
      (blockOf "yourspotify" {port = 80;})
      #(blockOf "homebox" {})
      (proxyProtect "ollama" {} true)
+      (proxyProtect "octoprint" {} true)
      (proxyProtect "firefly" {port = 80;} true)
      (blockOf "apispotify" {
        port = 3000;
--- a/hosts/elisabeth/secrets/kanidm/secrets.nix.age
+++ b/hosts/elisabeth/secrets/kanidm/secrets.nix.age
--- a/hosts/octoprint/default.nix
+++ b/hosts/octoprint/default.nix
@ -0,0 +1,18 @@
+{
+  inputs,
+  lib,
+  ...
+}: {
+  imports = [
+    ../../config/basic
+    ../../config/services/octoprint.nix
+
+    inputs.nixos-hardware.nixosModules.raspberry-pi-3
+    ./fs.nix
+    ./net.nix
+  ];
+  nixpkgs.hostPlatform = "aarch64-linux";
+  boot.loader.generic-extlinux-compatible.enable = true;
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+  hardware.enableRedistributableFirmware = true;
+}
--- a/hosts/octoprint/fs.nix
+++ b/hosts/octoprint/fs.nix
@ -0,0 +1,9 @@
+{lib, ...}: {
+  fileSystems = lib.mkForce {
+    "/" = {
+      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+  };
+  environment.persistence = lib.mkForce {};
+}
--- a/hosts/octoprint/net.nix
+++ b/hosts/octoprint/net.nix
@ -0,0 +1,30 @@
+{config, ...}: {
+  networking = {
+    inherit (config.secrets.secrets.local.networking) hostId;
+    wireless.iwd = {
+      enable = true;
+    };
+  };
+  systemd.network.networks = {
+    "01-lan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.lan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 10;
+      dhcpV6Config.RouteMetric = 10;
+    };
+    "01-wlan1" = {
+      DHCP = "yes";
+      matchConfig.MACAddress = config.secrets.secrets.local.networking.wlan01.mac;
+      networkConfig = {
+        IPv6PrivacyExtensions = "yes";
+        MulticastDNS = true;
+      };
+      dhcpV4Config.RouteMetric = 40;
+      dhcpV6Config.RouteMetric = 40;
+    };
+  };
+}
--- a/hosts/octoprint/secrets/host.pub
+++ b/hosts/octoprint/secrets/host.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG
--- a/hosts/octoprint/secrets/secrets.nix.age
+++ b/hosts/octoprint/secrets/secrets.nix.age
--- a/hosts/patricknix/net.nix
+++ b/hosts/patricknix/net.nix
@ -3,10 +3,6 @@
    rekeyFile = ./secrets/iwd/eduroam.8021x.age;
    path = "/var/lib/iwd/eduroam.8021x";
  };
-  age.secrets.simonWlan = {
-    rekeyFile = ./. + "/secrets/iwd/=467269747a21426f78373539302048616e7373656e.psk.age";
-    path = "/var/lib/=467269747a21426f78373539302048616e7373656e.psk";
-  };
  age.secrets = {
    devoloog-psk.rekeyFile = ./secrets/iwd/devoloog-psk.age;
    devoloog-pass.rekeyFile = ./secrets/iwd/devoloog-pass.age;
--- a/secrets/wireguard/elisabeth/keys/octoprint.age
+++ b/secrets/wireguard/elisabeth/keys/octoprint.age
--- a/secrets/wireguard/elisabeth/keys/octoprint.pub
+++ b/secrets/wireguard/elisabeth/keys/octoprint.pub
@ -0,0 +1 @@
+eIq8a4zS+xAcuilz8dw2znMm8xzMmYm3jg7wvAX5UV8=
--- a/secrets/wireguard/elisabeth/psks/elisabeth+octoprint.age
+++ b/secrets/wireguard/elisabeth/psks/elisabeth+octoprint.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> X25519 LHMw7uAZNnxG7jj5XxSQX1rXpE6K8umKuO4teduKwBA
+7K/2tt6RgkbkquSy8oxLIeMkhCSRFGojUdrJcE7Jgn0
+-> piv-p256 ZFgiIw A6mFDXKTy3k1hjJCAcoCSYAVu8qFSnsnhdsoRs2y6EGG
+WyIUhPA99Wn9dMWTx5dIHPqeJgcM9FjMQdG0GVmOAmk
+-> piv-p256 XTQkUA AwCrp3H70gkHpOZOgviAgwZyESnKJRbebXRgIMlbHKQ+
+zdhbhHRedkfRWFmeKeL8E+7peUFEwvw31W88qZg0Cl0
+-> piv-p256 ZFgiIw AuHsVWNjUqNCqRVmVSs209G9xdjt+xuOlaKrdvgXP1yp
+X3jZJRJju/MoU33m7Xkzph8skN6KGnv2Dm7Oij3fmJw
+-> piv-p256 5vmPtQ AkgsFDihJBZlsJsupaxJK/gThLaKY+50w6QfKQlF4a8n
+I8eqZzDxr5Vvsjc6Kd3lBA09NriQMro2OQizix49m+U
+-> n<IkY:<-grease m@2> EQ`+g%xS }uX
+I7fOzBFLdnAquybVNl1PL24+eOamYBZVi98wIqh8s0PnYmDLv0E/cqWfhQXM
+--- RDGXtDT+IfBc58+hX5Ohy83AF2FRIDEs/wUGWaRCyc4
+0³Q‰¨0ãë õÖþ+.^»‡P=´Þö¿¯¹#jjãÖP¢—<íÜ8…B3ˆld‰Æ›ºäÛá–Gü»hpïVEìˆAXúËœÎirÛ
--- a/users/common/graphical/wayland/hyprland.nix
+++ b/users/common/graphical/wayland/hyprland.nix
@ -136,8 +136,10 @@ in {
            ",Menu,exec,fuzzel"
            "SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}"

-            "CTRL,F7,pass,discord"
-            "CTRL,F8,pass,discord"
+            "CTRL,F7,pass,class:^(discord)$"
+            "CTRL,F8,pass,class:^(discord)$"
+            "CTRL,F7,pass,class:^(TeamSpeak 3)$"
+            "CTRL,F8,pass,class:^(TeamSpeak 3)$"
            "CTRL,F9,exec,systemctl --user start swww-update-wallpaper"

            "SUPER + SHIFT,q,exit"
@ -151,15 +153,7 @@ in {

        cursor.no_warps = true;
        debug.disable_logs = false;
-        env =
-          optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [
-            # See https://wiki.hyprland.org/Nvidia/
-            "LIBVA_DRIVER_NAME,nvidia"
-            "XDG_SESSION_TYPE,wayland"
-            "GBM_BACKEND,nvidia-drm"
-            "__GLX_VENDOR_LIBRARY_NAME,nvidia"
-          ]
-          ++ [
+        env = [
          "NIXOS_OZONE_WL,1"
          "MOZ_ENABLE_WAYLAND,1"
          "_JAVA_AWT_WM_NONREPARENTING,1"
@ -214,7 +208,13 @@ in {
          # doesn't exist and crashes yoru session sometimes when moving a window to it.
          "Unknown-1, disable"
        ];
-
+        env = optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [
+          # See https://wiki.hyprland.org/Nvidia/
+          "LIBVA_DRIVER_NAME,nvidia"
+          "XDG_SESSION_TYPE,wayland"
+          "GBM_BACKEND,nvidia-drm"
+          "__GLX_VENDOR_LIBRARY_NAME,nvidia"
+        ];
        windowrulev2 = [
          "workspace 2,class:^(firefox)$"
          "workspace 3,class:^(thunderbird)$"
@ -223,7 +223,8 @@ in {
          "workspace 4,class:^(prismlauncher)$"
          "workspace 6,class:^(discord)$"
          "workspace 6,class:^(WebCord)$"
-          "workspace 7,class:^(Signal)$"
+          "workspace 6,class:^(TeamSpeak 3)$"
+          "workspace 7,class:^(signal)$"
          "workspace 7,class:^(TelegramDesktop)$"
        ];

@ -241,6 +242,10 @@ in {
      })
      (mkIf (nixosConfig.node.name == "patricknix") {
        monitor = [
+          "eDP-1,preferred,0x0,2"
+          # Thank you NVIDIA for this generous, free-of-charge, extra monitor that
+          # doesn't exist and crashes yoru session sometimes when moving a window to it.
+          "Unknown-1, disable"
        ];
        workspace = [
        ];
--- a/users/common/graphical/wayland/waybar/default.nix
+++ b/users/common/graphical/wayland/waybar/default.nix
@ -1,29 +1,66 @@
 {
  pkgs,
  lib,
+  nixosConfig,
  ...
 }: {
  programs.waybar = {
    enable = true;
    systemd.enable = false;
-    style = ./waybar.css;
+    style =
+      ({
+          desktopnix = ''
+            * {
+            	/* `otf-font-awesome` is required to be installed for icons */
+            	font-family: "Symbols Nerd Font Mono", "JetBrains Mono";
+            	font-size: 13px;
+            	transition-duration: .1s;
+            }
+          '';
+          patricknix = ''
+            * {
+            	/* `otf-font-awesome` is required to be installed for icons */
+            	font-family: "Symbols Nerd Font Mono", "JetBrains Mono";
+            	font-size: 10px;
+            	transition-duration: .1s;
+            }
+          '';
+        }
+        .${nixosConfig.node.name}
+        or "")
+      + builtins.readFile ./waybar.css;
    settings.main = {
      layer = "top";
      position = "bottom";
      modules-left = ["privacy" "hyprland/submap" "hyprland/window"];
      modules-center = ["hyprland/workspaces"];
-      modules-right = [
+      modules-right =
+        {
+          desktopnix = [
            "cpu"
            "memory"
            "wireplumber"
            "network"
-        #"bluetooth"
+            "battery"
+            "clock"
+            "custom/notification"
+            "tray"
+          ];
+          patricknix = [
+            "cpu"
+            "memory"
+            "wireplumber"
+            "network"
+            "bluetooth"
            "backlight"
            "battery"
            "clock"
            "custom/notification"
            "tray"
          ];
+        }
+        .${nixosConfig.node.name}
+        or [];

      battery = {
        format = "{icon}  {capacity}%";
--- a/users/common/graphical/wayland/waybar/waybar.css
+++ b/users/common/graphical/wayland/waybar/waybar.css
@ -1,9 +1,3 @@
-* {
-	/* `otf-font-awesome` is required to be installed for icons */
-	font-family: "Symbols Nerd Font Mono", "JetBrains Mono";
-	font-size: 13px;
-	transition-duration: .1s;
-}

 window#waybar {
 	background-color: #000000;
--- a/users/patrick/impermanence.nix
+++ b/users/patrick/impermanence.nix
@ -16,6 +16,8 @@
        ".config/xournalpp"
        ".cache/xournalpp"

+        ".config/OrcaSlicer"
+
        # For nextcloud client install
        "Nextcloud"
        ".config/Nextcloud"
--- a/users/patrick/patrick.nix
+++ b/users/patrick/patrick.nix
@ -21,6 +21,7 @@
      teamspeak_client
      zotero
      timer
+      orca-slicer

      ocaml
      dune_3
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8G75cwqCVwCTW3b3T2RctfGmNHRuLM8fkFcKCoKvnG`
				`@ -0,0 +1 @@`
				`eIq8a4zS+xAcuilz8dw2znMm8xzMmYm3jg7wvAX5UV8=`