CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 3
Code Issues 1 Pull requests 2 Wiki Activity

Compare commits

base: CCCHH:main
Branches Tags
CCCHH:main
CCCHH:shairport-sync-cleanup
CCCHH:ci-check
CCCHH:ci-check-lix
CCCHH:nixOptions
CCCHH:spaceapi
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid
..
compare: CCCHH:shairport-sync-cleanup
Branches Tags
CCCHH:main
CCCHH:shairport-sync-cleanup
CCCHH:ci-check
CCCHH:ci-check-lix
CCCHH:nixOptions
CCCHH:spaceapi
CCCHH:ptouch-print-server
CCCHH:Bendodroid-ldflagsSpaceapid

1 commit
main ... shairport-

Author SHA1 Message Date
jopejoe1
6a4960066d shairport-sync: use settings module instead of custom text string 2025-12-06 21:15:54 +01:00
24 changed files with 510 additions and 232 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/hosts/forgejo-actions-runner/forgejo-actions-runner.nix
View file

@ -3,11 +3,11 @@
# - https://forgejo.org/docs/latest/user/actions/
# - https://docs.gitea.com/next/usage/actions/act-runner
{ config, pkgs, ... }:
{ config, pkgs-unstable, ... }:
{
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
package = pkgs-unstable.forgejo-actions-runner;
instances.ccchh-forgejo-global-docker = {
enable = true;
name = "Global Docker Forgejo Actions Runner";

9
config/hosts/hydra/configuration.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
networking = {
hostName = "hydra";
};
system.stateVersion = "24.05";
}

11
config/hosts/hydra/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./configuration.nix
./hydra.nix
./networking.nix
./nginx.nix
./nix.nix
];
}

15
config/hosts/hydra/hydra.nix Normal file
View file

@ -0,0 +1,15 @@
{ ... }:
{
services.hydra = {
enable = true;
listenHost = "localhost";
port = 3000;
hydraURL = "https://hydra.hamburg.ccc.de/";
# E-Mail configuration requires some work/investigation still.
notificationSender = "no-reply@hydra.hamburg.ccc.de";
useSubstitutes = true;
minimumDiskFree = 8;
minimumDiskFreeEvaluator = 2;
};
}

22
config/hosts/hydra/networking.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }:
{
networking = {
interfaces.net0 = {
ipv4.addresses = [
{
address = "172.31.17.163";
prefixLength = 25;
}
];
};
defaultGateway = "172.31.17.129";
nameservers = [ "212.12.50.158" "192.76.134.90" ];
search = [ "hamburg.ccc.de" ];
};
systemd.network.links."10-net0" = {
matchConfig.MACAddress = "BC:24:11:45:7C:D6";
linkConfig.Name = "net0";
};
}

58
config/hosts/hydra/nginx.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, pkgs, ... }:
let
domain = "hydra.hamburg.ccc.de";
in
{
services.nginx = {
enable = true;
virtualHosts = {
"acme-${domain}" = {
default = true;
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
"${domain}" = {
default = true;
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
proxyPass = "http://${config.services.hydra.listenHost}:${builtins.toString config.services.hydra.port}";
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 8443 31820 ];
networking.firewall.allowedUDPPorts = [ 8443 ];
}

10
config/hosts/hydra/nix.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
# Allow Hydra to fetch flake inputs.
nix.settings.allowed-uris = [
"github:"
"https://github.com/"
"https://git.hamburg.ccc.de/"
];
}

28
config/hosts/mjolnir/networking.nix
View file

@ -1,24 +1,18 @@
{ ... }:
{
networking.useDHCP = false;
services.cloud-init = {
enable = true;
network.enable = true;
# Version without ssh of:
# https://github.com/NixOS/nixpkgs/blob/3c9db02515ef1d9b6b709fc60ba9a540957f661c/nixos/modules/services/system/cloud-init.nix#L145
# So we don't get ssh hostkey regenerations.
settings.cloud_config_modules = [
"disk_setup"
"mounts"
"ssh-import-id"
"set-passwords"
"timezone"
"disable-ec2-metadata"
"runcmd"
networking = {
interfaces.net0 = {
ipv4.addresses = [
{
address = "172.31.17.161";
prefixLength = 25;
}
];
};
defaultGateway = "172.31.17.129";
nameservers = [ "212.12.50.158" "192.76.134.90" ];
search = [ "hamburg.ccc.de" ];
};
systemd.network.links."10-net0" = {

17
config/hosts/public-reverse-proxy/nginx.nix
View file

@ -6,6 +6,22 @@
{ config, pkgs, ... }:
{
services.nginx.streamConfig = ''
map $ssl_preread_server_name $address {
status.ccchh.net 10.31.206.15:8443;
status.hamburg.ccc.de 10.31.206.15:8443;
}
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
# upstreams.
server {
listen 0.0.0.0:443;
proxy_pass $address;
ssl_preread on;
proxy_protocol on;
}
'';
services.nginx.appendHttpConfig = ''
map $host $upstream_acme_challenge_host {
club-assistant.ccchh.net 10.31.208.10;
@ -19,6 +35,7 @@
zigbee2mqtt.ccchh.net 10.31.208.25:31820;
esphome.ccchh.net 10.31.208.24:31820;
proxmox-backup-server.ccchh.net 10.31.208.28;
status.ccchh.net 10.31.206.15:31820;
default "";
}
'';

7
config/hosts/public-web-static/nginx.nix
View file

@ -1,12 +1,7 @@
{ ... }:
{
services.nginx = {
enable = true;
appendHttpConfig = ''
access_log off;
'';
};
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 8443 31820 ];
networking.firewall.allowedUDPPorts = [ 8443 ];

2
config/hosts/public-web-static/virtualHosts/c3cat.de.nix
View file

@ -23,7 +23,7 @@ in {
];
};
"www.${domain}" = {
"$www.${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";

118
config/hosts/public-web-static/virtualHosts/cpu.ccc.de.nix
View file

@ -1,118 +0,0 @@
{ ... }:
let
domain = "cpu.ccc.de";
dataDir = "/var/www/${domain}";
deployUser = "cpuccc-website-deploy";
in
{
security.acme.certs."cpu.ccc.de".extraDomainNames = [
"lokal.ccc.de"
"local.ccc.de"
];
services.nginx.virtualHosts = {
"acme-${domain}" = {
enableACME = true;
serverName = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 31820;
}
];
};
# https://git.hamburg.ccc.de/CCCHH/cpu.ccc.de/src/branch/main/nginx.conf
"${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
root = "${dataDir}";
extraConfig = ''
index index.html;
default_type text/plain;
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
port_in_redirect off;
'';
locations."/" = {
tryFiles = "$uri $uri/ =404";
extraConfig = ''
location /feed/ {
default_type application/rss+xml;
types {
text/xml application/rss+xml;
}
}
location /rss {
default_type application/rss+xml;
}
'';
};
};
"lokal.ccc.de" = {
forceSSL = true;
useACMEHost = "cpu.ccc.de";
serverAliases = [
"local.ccc.de"
];
listen = [{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}];
locations."/".return = "302 https://cpu.ccc.de";
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
};
systemd.tmpfiles.rules = [
"d ${dataDir} 0755 ${deployUser} ${deployUser}"
];
users.users."${deployUser}" = {
isNormalUser = true;
group = "${deployUser}";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnO7g/7mVVKnvkszto8m3nPljO/6qQc/34aEbrhKOvn deploy key for cpu.ccc.de"
];
};
users.groups."${deployUser}" = { };
}

1
config/hosts/public-web-static/virtualHosts/default.nix
View file

@ -4,7 +4,6 @@
imports = [
./branding-resources.hamburg.ccc.de.nix
./c3cat.de.nix
./cpu.ccc.de.nix
./cryptoparty-hamburg.de.nix
./element-admin.hamburg.ccc.de.nix
./element.hamburg.ccc.de.nix

4
config/hosts/public-web-static/virtualHosts/hacker.tours.nix
View file

@ -23,10 +23,6 @@ in
forceSSL = true;
useACMEHost = "${domain}";
locations."/shop" = {
return = "302 https://tickets.hamburg.ccc.de";
};
listen = [
{
addr = "0.0.0.0";

1
config/hosts/public-web-static/virtualHosts/hamburg.ccc.de.nix
View file

@ -17,7 +17,6 @@
"hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "hamburg.ccc.de";
default = true;
listen = [
{

10
config/hosts/status/configuration.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
networking = {
hostName = "status";
domain = "z9.ccchh.net";
};
system.stateVersion = "24.05";
}

10
config/hosts/status/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./configuration.nix
./networking.nix
./nginx.nix
./uptime-kuma.nix
];
}

29
config/hosts/status/networking.nix Normal file
View file

@ -0,0 +1,29 @@
{ ... }:
{
networking = {
interfaces.net0 = {
ipv4.addresses = [
{
address = "10.31.206.15";
prefixLength = 23;
}
];
ipv6.addresses = [
{
address = "2a07:c481:1:ce::a";
prefixLength = 64;
}
];
};
defaultGateway = "10.31.206.1";
defaultGateway6 = "2a07:c481:1:ce::1";
nameservers = [ "10.31.206.1" "2a07:c481:1:ce::1" ];
search = [ "z9.ccchh.net" ];
};
systemd.network.links."10-net0" = {
matchConfig.MACAddress = "BC:24:11:79:D3:E1";
linkConfig.Name = "net0";
};
}

149
config/hosts/status/nginx.nix Normal file
View file

@ -0,0 +1,149 @@
# Sources for this configuration:
# - https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"status.hamburg.ccc.de" = {
forceSSL = true;
enableACME = true;
serverName = "status.hamburg.ccc.de";
listen = [
{
addr = "[::]";
port = 80;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
locations."/" = {
proxyPass = "http://localhost:3001";
proxyWebsockets = true;
};
};
"status-proxyprotocol.hamburg.ccc.de" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.hamburg.ccc.de";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
locations."/" = {
proxyPass = "http://localhost:3001";
proxyWebsockets = true;
};
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 10.31.206.11;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
"status.ccchh.net" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.ccchh.net";
listen = [
{
addr = "[::]";
port = 80;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
globalRedirect = "status.hamburg.ccc.de";
redirectCode = 307;
};
"status-proxyprotocol.ccchh.net" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 8443;
ssl = true;
proxyProtocol = true;
}
];
globalRedirect = "status.hamburg.ccc.de";
redirectCode = 307;
extraConfig = ''
# Make use of the ngx_http_realip_module to set the $remote_addr and
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 10.31.206.11;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;
'';
};
"status.z9.ccchh.net" = {
forceSSL = true;
useACMEHost = "status.hamburg.ccc.de";
serverName = "status.z9.ccchh.net";
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "[::]";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
}
];
globalRedirect = "status.hamburg.ccc.de";
redirectCode = 307;
};
};
};
security.acme.certs."status.hamburg.ccc.de".extraDomainNames = [
"status.ccchh.net"
"status.z9.ccchh.net"
];
networking.firewall.allowedTCPPorts = [ 80 443 8443 ];
}

7
config/hosts/status/uptime-kuma.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
services.uptime-kuma = {
enable = true;
};
}

5
deployment_configuration.json
View file

@ -16,13 +16,16 @@
"targetHostname": "forgejo-actions-runner-intern.hamburg.ccc.de"
},
"mjolnir": {
"targetHostname": "mjolnir.hosts.hamburg.ccc.de"
"targetHostname": "mjolnir-intern.hamburg.ccc.de"
},
"woodpecker": {
"targetHostname": "woodpecker-intern.hamburg.ccc.de"
},
"penpot": {
"targetHostname": "penpot-intern.hamburg.ccc.de"
},
"hydra": {
"targetHostname": "hydra-intern.hamburg.ccc.de"
}
}
}

81
flake.lock generated
View file

@ -17,29 +17,63 @@
"url": "https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys"
}
},
"nixpkgs": {
"nixlib": {
"locked": {
"lastModified": 1768621446,
"narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "72ac591e737060deab2b86d6952babd1f896d7c5",
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1751903740,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1768661221,
"narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
"lastModified": 1761349956,
"narHash": "sha256-tH3wHnOJms+U4k/rK2Nn1RfBrhffX92jLP/2VndSn0w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
"rev": "02f2cb8e0feb4596d20cc52fda73ccee960e3538",
"type": "github"
},
"original": {
@ -49,10 +83,27 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761173472,
"narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"authorizedKeysRepo": "authorizedKeysRepo",
"nixpkgs": "nixpkgs",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix"
}
@ -64,11 +115,11 @@
]
},
"locked": {
"lastModified": 1768709255,
"narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=",
"lastModified": 1760998189,
"narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9",
"rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github"
},
"original": {

88
flake.nix
View file

@ -5,15 +5,15 @@
# Use the NixOS small channels for nixpkgs.
# https://nixos.org/manual/nixos/stable/#sec-upgrading
# https://github.com/NixOS/nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
# # Add nixos-generators as an input.
# # See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
# nixos-generators = {
# url = "github:nix-community/nixos-generators";
# #inputs.nixpkgs.follows = "nixpkgs";
# };
# Add nixos-generators as an input.
# See here: https://github.com/nix-community/nixos-generators#using-in-a-flake
nixos-generators = {
url = "github:nix-community/nixos-generators";
#inputs.nixpkgs.follows = "nixpkgs";
};
# Add sops-nix as an input for secret management.
# See here: https://github.com/Mic92/sops-nix?tab=readme-ov-file#flakes-current-recommendation
@ -28,7 +28,7 @@
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }:
outputs = { self, nixpkgs, nixos-generators, nixpkgs-unstable, sops-nix, authorizedKeysRepo, ... }:
let
specialArgs = {
inherit authorizedKeysRepo;
@ -147,6 +147,7 @@
];
specialArgs = {
inherit authorizedKeysRepo;
inherit pkgs-unstable;
};
};
@ -200,6 +201,16 @@
];
};
status = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
sops-nix.nixosModules.sops
./config/hosts/status
];
};
penpot = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
@ -210,33 +221,48 @@
./config/hosts/penpot
];
};
hydra = nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
self.nixosModules.common
self.nixosModules.proxmox-vm
self.nixosModules.prometheus-exporter
./config/hosts/hydra
];
};
};
# packages.x86_64-linux = {
# proxmox-nixos-template = nixos-generators.nixosGenerate {
# inherit specialArgs;
# system = "x86_64-linux";
# modules = [
# ./config/nixos-generators/proxmox.nix
# self.nixosModules.common
# self.nixosModules.proxmox-vm
# ];
# format = "proxmox";
# };
packages.x86_64-linux = {
proxmox-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox.nix
self.nixosModules.common
self.nixosModules.proxmox-vm
];
format = "proxmox";
};
# proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
# inherit specialArgs;
# system = "x86_64-linux";
# modules = [
# ./config/nixos-generators/proxmox-chaosknoten.nix
# ./config/proxmox-chaosknoten-additional-initial-config.nix
# self.nixosModules.common
# self.nixosModules.proxmox-vm
# ];
# format = "proxmox";
# };
# };
proxmox-chaosknoten-nixos-template = nixos-generators.nixosGenerate {
inherit specialArgs;
system = "x86_64-linux";
modules = [
./config/nixos-generators/proxmox-chaosknoten.nix
./config/proxmox-chaosknoten-additional-initial-config.nix
self.nixosModules.common
self.nixosModules.proxmox-vm
];
format = "proxmox";
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
hydraJobs = {
inherit (self) packages;
nixosConfigurations = builtins.mapAttrs (name: value: value.config.system.build.toplevel) self.nixosConfigurations;
};
};
}

60
modules/services/audio/shairport-sync.nix
View file

@ -18,47 +18,33 @@ in
services.shairport-sync = {
enable = true;
package = pkgs.shairport-sync-airplay2;
arguments = "-o pw -v";
settings = {
diagnostics = {
log_verbosity = 1;
};
general = {
name = cfg.name;
output_backend = "pw";
};
metadata = {
enabled = "yes";
include_cover_art = "yes";
cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart";
pipe_name = "/tmp/shairport-sync-metadata";
pipe_timeout = 5000;
};
mqtt = {
enabled = "yes";
hostname = "mqtt.ccchh.net";
port = 1883;
publish_parsed = "yes";
publish_cover = "yes";
};
};
};
users.users.shairport.extraGroups = [ "pipewire" "audio" ];
environment.etc.shairport-sync-config = {
enable = true;
text = ''
// Config for MQTT and metadata.
// For reference see:
// https://github.com/mikebrady/shairport-sync/blob/8c607e2d61ea5fde8ed0b48b2471a543840c31e6/scripts/shairport-sync.conf
// https://github.com/mikebrady/shairport-sync/blob/0f0f65b67649d4a25d06f13b56a6077a90b0f6cc/MQTT.md
general =
{
name = "${cfg.name}";
}
metadata =
{
enabled = "yes"; // set this to yes to get Shairport Sync to solicit metadata from the source and to pass it on via a pipe
include_cover_art = "yes"; // set to "yes" to get Shairport Sync to solicit cover art from the source and pass it via the pipe. You must also set "enabled" to "yes".
cover_art_cache_directory = "/tmp/shairport-sync/.cache/coverart"; // artwork will be stored in this directory if the dbus or MPRIS interfaces are enabled or if the MQTT client is in use. Set it to "" to prevent caching, which may be useful on some systems
pipe_name = "/tmp/shairport-sync-metadata";
pipe_timeout = 5000; // wait for this number of milliseconds for a blocked pipe to unblock before giving up
};
mqtt =
{
enabled = "yes"; // set this to yes to enable the mqtt-metadata-service
hostname = "mqtt.ccchh.net"; // Hostname of the MQTT Broker
port = 1883; // Port on the MQTT Broker to connect to
// publish_raw = "no"; //whether to publish all available metadata under the codes given in the 'metadata' docs.
publish_parsed = "yes"; //whether to publish a small (but useful) subset of metadata under human-understandable topics
publish_cover = "yes"; //whether to publish the cover over mqtt in binary form. This may lead to a bit of load on the broker
// enable_remote = "yes"; //whether to remote control via MQTT. RC is available under `topic`/remote.
};
'';
target = "shairport-sync.conf";
};
systemd.services.shairport-sync = {
serviceConfig = {
Restart = "on-failure";