nixos-configs/machine/catacomb/default.nix

173 lines
4.2 KiB
Nix
Raw Normal View History

{ pkgs, lib, ... }:
2021-01-27 04:18:30 +00:00
2023-08-04 04:54:49 +00:00
{
imports = [
./hardware-configuration.nix
./fileserver.nix
2024-01-08 20:10:46 +00:00
./mirror.nix
];
2021-01-27 04:18:30 +00:00
2023-08-02 17:03:35 +00:00
beatific.hostName = "catacomb";
2024-01-04 19:55:33 +00:00
beatific.defaults.tvbSync = true;
2023-08-02 17:03:35 +00:00
2021-01-27 04:18:30 +00:00
boot = {
loader = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
2021-01-27 04:18:30 +00:00
grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
generic-extlinux-compatible.enable = true;
2021-01-27 04:18:30 +00:00
};
supportedFilesystems = ["zfs"];
zfs.enableUnstable = true;
kernelParams = [ "zfs.zfs_dmu_offset_next_sync=0" ];
2021-01-27 04:18:30 +00:00
};
system.stateVersion = "22.11"; # Read the usual warning
2021-01-27 04:18:30 +00:00
swapDevices = [ { device = "/swap"; size = 1024; } ];
2023-12-27 05:17:57 +00:00
environment.systemPackages = with pkgs; [
2024-04-16 20:53:06 +00:00
ffmpeg
lsof # list open files
mkpasswd # used for setting SMB passwords, I think?
samba # provides smbpasswd, mostly
smartmontools # provides smartctl
usbutils # provides lsusb
2021-01-27 04:18:30 +00:00
];
2021-01-27 04:18:30 +00:00
networking = {
2024-01-04 19:54:31 +00:00
hostId = "beeeeee5"; # this must be consistent for ZFS
2021-01-27 04:18:30 +00:00
firewall = {
enable = true;
allowedTCPPorts = [ 139 445 ];
2021-01-27 04:18:30 +00:00
allowedUDPPorts = [ 137 138 ];
};
};
2022-11-27 00:04:40 +00:00
services.cron = {
enable = true;
systemCronJobs =
let
reassertPerms = pkgs.writeShellScript "reassert-nas-permissions.sh" ''
${pkgs.coreutils}/bin/chown -v -R tvb:nas /nas
${pkgs.findutils}/bin/find /nas -type d -exec ${pkgs.coreutils}/bin/chmod -v 750 {} \;
${pkgs.findutils}/bin/find /nas -type f -exec ${pkgs.coreutils}/bin/chmod -v 640 {} \;
'';
in [
"0 20 * * 1 root ${reassertPerms}"
"0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"
];
};
2023-09-17 03:23:54 +00:00
services.openssh.settings.PasswordAuthentication = true;
2021-01-27 04:18:30 +00:00
services.rsyncd.enable = true;
2023-05-03 02:01:01 +00:00
services.samba =
2021-01-27 04:18:30 +00:00
let
sambaShare = path: validUsers: {
path = path;
comment = "Samba share for ${path}";
browseable = "yes";
"read only" = "no";
"guest okay" = "no";
"create mask" = "0640";
"force create mode" = "0640";
"directory mask" = "0750";
"force directory mode" = "0750";
"valid users" = validUsers;
"force group" = ''nas'';
};
sambaShareRO = path: validUsers: {
path = path;
comment = "Read-only Samba share for ${path}";
browseable = "yes";
"read only" = "yes";
"guest okay" = "no";
"valid users" = validUsers;
"force group" = ''nas'';
};
in
{
enable = true;
securityType = "user";
extraConfig = ''
workgroup = beatific
server string = Catacomb Nix SMB
netbios name = catacomb
deadtime = 300
local master = yes
domain master = yes
preferred master = yes
guest account = nobody
map to guest = bad user
case sensitive = yes
veto files = /^.DS_Store$/^.Trash-1000$/
load printers = no
printcap name = /dev/null
printing = bsd
log file = /var/log/samba/client-%m.log
log level = 2
max log size = 64
hide dot files = no
2023-05-03 02:01:01 +00:00
hosts allow = 10.22.20., 192.168.1.
2021-01-27 04:18:30 +00:00
map archive = no
unix extensions = yes
ntlm auth = yes
'';
2023-05-03 02:01:01 +00:00
shares = let
homeShare = user: {
path = "/home/${user}";
comment = "${user}'s home folder";
browseable = "yes";
"read only" = "no";
"guest okay" = "no";
"create mask" = "0640";
"force create mode" = "0640";
"directory mask" = "0750";
"force directory mode" = "0750";
"valid users" = "${user}";
};
in {
tvb = homeShare "tvb";
katydid = homeShare "katydid";
2021-01-27 04:18:30 +00:00
};
2023-05-03 02:01:01 +00:00
};
2021-01-27 04:18:30 +00:00
services.zfs = {
autoScrub = {
enable = true;
pools = ["catapool"];
interval = "monthly";
};
};
users.groups = {
nas = { gid = 1600; };
};
users.users.tvb = {
uid = 1001;
2023-08-02 17:19:54 +00:00
extraGroups = [ "nas" ];
2023-09-17 03:24:22 +00:00
packages = [
(pkgs.writeShellScriptBin "yt-dlp" ''
2023-11-22 19:05:15 +00:00
exec $HOME/.env/bin/yt-dlp "$@"
2023-09-17 03:24:22 +00:00
'')
];
2021-01-27 04:18:30 +00:00
};
2023-04-29 23:12:58 +00:00
users.users.katydid = {
isNormalUser = true;
uid = 1002;
};
nix.settings.cores = 4;
2021-01-27 04:18:30 +00:00
}