diff --git a/README.md b/README.md
index b55e1f2..bd3a29a 100644
--- a/README.md
+++ b/README.md
@@ -62,3 +62,14 @@ This is exactly what we're doing to set the default deployment user to `colmena-
};
```
This secret would then be available under `/run/secrets/forgejo_git_smtp_password` on the host.
+
+## Build NixOS Proxmox VE Template
+
+Build a new NixOS Proxmox VE Template for the thinkcccore's:
+```shell
+nix build .#proxmox-nixos-template
+```
+Build a new NixOS Proxmox VE Template for the chaosknoten:
+```shell
+nix build .#proxmox-chaosknoten-nixos-template
+```
diff --git a/flake.lock b/flake.lock
index 5caae01..24f50dd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
"nodes": {
"nixlib": {
"locked": {
- "lastModified": 1726966855,
- "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=",
+ "lastModified": 1729386149,
+ "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
- "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2",
+ "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
"type": "github"
},
"original": {
@@ -23,11 +23,11 @@
]
},
"locked": {
- "lastModified": 1727053438,
- "narHash": "sha256-t/+z1Tf7hSaStU1pBYkY7i0/GkG+YIPSmfeRrK8eYUw=",
+ "lastModified": 1729472750,
+ "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community",
"repo": "nixos-generators",
- "rev": "e8c1cd886cc17e31e424f915efd32e84d8af0ce9",
+ "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github"
},
"original": {
@@ -38,11 +38,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1727076372,
- "narHash": "sha256-gXIWudYhY/4LjQPvrGn9lN4fbHjw/mf1mb9KKJK//4I=",
+ "lastModified": 1730428893,
+ "narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "7ca0f93c530406c1610defff0b9bf643333cf992",
+ "rev": "38edd08881ce4dc24056eec173b43587a93c990f",
"type": "github"
},
"original": {
@@ -54,11 +54,11 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1725762081,
- "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
+ "lastModified": 1729973466,
+ "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
+ "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github"
},
"original": {
@@ -70,11 +70,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1727104955,
- "narHash": "sha256-m6kgjR4zAwyMe1Pn4RGXLCzArtoBp1qzhb2AUlPeVh4=",
+ "lastModified": 1730449684,
+ "narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "d266adc5a77ec8c10ed941c7251b2673004dbd62",
+ "rev": "ab464abbeb3a2833288c6e907488c49c2e599f88",
"type": "github"
},
"original": {
@@ -100,11 +100,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
- "lastModified": 1726524647,
- "narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
+ "lastModified": 1729999681,
+ "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
+ "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index a6d9a0a..b787f78 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,50 +26,18 @@
outputs = { self, nixpkgs, nixpkgs-unstable, nixos-generators, sops-nix, ... }:
let
system = "x86_64-linux";
- # Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
# See: https://github.com/mikebrady/shairport-sync/blob/e78a88b64adfe7b5f88fd6faedf55c57445bb240/CONFIGURATION%20FLAGS.md
configureFlags = previousAttr.configureFlags ++ [ "--with-mqtt-client" ];
buildInputs = previousAttr.buildInputs ++ [ final.mosquitto ];
- # Use specific Shairport Sync and nqptp versions, since with those the
- # following error doesn't happen:
- # fatal error: The nqptp service on this system, which is required for
- # Shairport Sync to operate, does not seem to be initialised.
- #
- # Also use a more recent dev version to fix Pipewire stuttering issue.
- # See:
- # https://github.com/mikebrady/shairport-sync/issues/1736
- # https://github.com/mikebrady/shairport-sync/blob/a65ec2d7f1f380bbae196d7f8f1cd6a88ef5777b/RELEASENOTES-DEVELOPMENT.md#version-432-dev-51-g98679bbb
- src = final.fetchFromGitHub {
- owner = "mikebrady";
- repo = finalAttr.pname;
- rev = "98679bbb54f5aaeda859e34aa28425647b8d179e";
- hash = "sha256-k0kcgtWk2xlG34lP0ryEaqdskYMNM68YnIRLwFR3jaY=";
- };
- });
- nqptp = prev.nqptp.overrideAttrs (finalAttr: previousAttr: {
- # See Shairport Sync version note.
- src = final.fetchFromGitHub {
- owner = "mikebrady";
- repo = finalAttr.pname;
- rev = "1.2.4";
- hash = "sha256-roTNcr3v2kzE6vQ5plAVtlw1+2yJplltOYsGGibtoZo=";
- };
- # Custom install phase to avoid setcap.
- # See:
- # https://github.com/mikebrady/nqptp/blob/1.2.4/Makefile.am#L23
- installPhase = ''
- mkdir -p $out/bin
- cp nqptp $out/bin/
- '';
});
};
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
in
{
nixosConfigurations = {
- audio-hauptraum-kueche = nixpkgs-unstable.lib.nixosSystem {
+ audio-hauptraum-kueche = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
@@ -79,7 +47,7 @@
];
};
- audio-hauptraum-tafel = nixpkgs-unstable.lib.nixosSystem {
+ audio-hauptraum-tafel = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./config/common
diff --git a/modules/services/audio/default.nix b/modules/services/audio/default.nix
index ccd7527..f9aa6b3 100644
--- a/modules/services/audio/default.nix
+++ b/modules/services/audio/default.nix
@@ -12,7 +12,6 @@ in
imports = [
./librespot.nix
./mpd.nix
- ./networking.nix
./pipewire.nix
./shairport-sync.nix
];
diff --git a/modules/services/audio/librespot.nix b/modules/services/audio/librespot.nix
index fa4e9ed..4c0fadb 100644
--- a/modules/services/audio/librespot.nix
+++ b/modules/services/audio/librespot.nix
@@ -23,7 +23,7 @@ in
After = [ "network-online.target" "pipewire.service" ];
};
serviceConfig = {
- ExecStart = "${pkgs.librespot}/bin/librespot --name '${config.ccchh.services.audio.name}' --device-type speaker --bitrate 320 --enable-volume-normalisation --disable-audio-cache --disable-credential-cache --quiet";
+ ExecStart = "${pkgs.librespot}/bin/librespot --name '${config.ccchh.services.audio.name}' --device-type speaker --bitrate 320 --enable-volume-normalisation --disable-audio-cache --disable-credential-cache";
User = "librespot";
Group = "librespot";
};
@@ -34,7 +34,7 @@ in
users.librespot = {
isSystemUser = true;
group = "librespot";
- extraGroups = [ "pipewire" ];
+ extraGroups = [ "pipewire" "audio" ];
};
groups.librespot = { };
};
diff --git a/modules/services/audio/networking.nix b/modules/services/audio/networking.nix
deleted file mode 100644
index b0fbf22..0000000
--- a/modules/services/audio/networking.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-
-let
-
- cfg = config.ccchh.services.audio;
-
-in
-
-{
- config = mkIf cfg.enable {
- # Disable IPv6, since Shairport-Sync doesn't work with IPv6. Unclear why.
- networking.enableIPv6 = false;
- };
-}
diff --git a/modules/services/audio/shairport-sync.nix b/modules/services/audio/shairport-sync.nix
index 1f04862..cbc58e7 100644
--- a/modules/services/audio/shairport-sync.nix
+++ b/modules/services/audio/shairport-sync.nix
@@ -20,7 +20,7 @@ in
arguments = "-o pw -v";
};
- users.users.shairport.extraGroups = [ "pipewire" ];
+ users.users.shairport.extraGroups = [ "pipewire" "audio" ];
environment.etc.shairport-sync-config = {
enable = true;