nixos-configs/configuration.nix

{ pkgs, ... }:

{
  imports = [
    ./hardware-configuration.nix
    #./fileserver.nix
  ];

  boot = {
    loader = {
      # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
      grub.enable = false;
      # Enables the generation of /boot/extlinux/extlinux.conf
      generic-extlinux-compatible.enable = true;
    };
    supportedFilesystems = ["zfs"];
    zfs.enableUnstable = true;
  };

  system.stateVersion = "22.11"; # Read the usual warning

  swapDevices = [ { device = "/swap"; size = 1024; } ];

  console.keyMap = "us";
  i18n.defaultLocale = "en_US.UTF-8";

  environment.systemPackages = with pkgs;
  let
    py3-packages = python-packages: with python-packages; [
      flask
    ];
    py3-with-packages = python3.withPackages py3-packages;
  in [
    wget vim curl git htop bash tmux psmisc man-pages pv lsof
    zip unzip
    py3-with-packages
    usbutils
    hdparm sdparm smartmontools gptfdisk gnufdisk
    dosfstools
    mkpasswd samba
    tinc_pre
    #file-rename
    rsync
    rclone gnupg
  ];

  networking = {
    hostName = "catacomb";
    hostId = "beeeeee5";
    firewall = {
      enable = true;
      allowPing = true;
      allowedTCPPorts = [ 22 139 445 ];
      allowedUDPPorts = [ 137 138 ];
    };
  };

  #services.cron = {
  #  enable = true;
  #  systemCronJobs = [
  #    "0 20 * * 1 root /root/reassert-nas-permissions.sh"
  #    "0  0 * * 1 tvb  . /etc/profile; /home/tvb/gitea-backup"
  #  ];
  #};

  services.openssh = {
    enable = true;
    passwordAuthentication = true;
  };

  services.ntp = {
    enable = true;
    servers = ["time.nist.gov"];
  };

  services.rsyncd.enable = true;

  /*services.samba =
    let
      sambaShare = path: validUsers: {
        path = path;
        comment = "Samba share for ${path}";
        browseable = "yes";
        "read only" = "no";
        "guest okay" = "no";
        "create mask" = "0640";
        "force create mode" = "0640";
        "directory mask" = "0750";
        "force directory mode" = "0750";
        "valid users" = validUsers;
        "force group" = ''nas'';
      };
      sambaShareRO = path: validUsers: {
        path = path;
        comment = "Read-only Samba share for ${path}";
        browseable = "yes";
        "read only" = "yes";
        "guest okay" = "no";
        "valid users" = validUsers;
        "force group" = ''nas'';
      };
    in
    {
      enable = true;
      securityType = "user";
      extraConfig = ''
        workgroup = beatific
        server string = Catacomb Nix SMB
        netbios name = catacomb
        deadtime = 300

        local master = yes
        domain master = yes
        preferred master = yes

        guest account = nobody
        map to guest = bad user

        case sensitive = yes
        veto files = /^.DS_Store$/^.Trash-1000$/

        load printers = no
        printcap name = /dev/null
        printing = bsd

        log file = /var/log/samba/client-%m.log
        log level = 2
        max log size = 64

        hide dot files = no
        hosts allow = 10.7.3.
        map archive = no
        unix extensions = yes

	ntlm auth = yes
      '';
      shares = {
        audioRO = sambaShareRO "/nas/audio" ''@nas'';
        docRO = sambaShareRO "/nas/doc/" ''@nas'';
        gameRO = sambaShareRO "/nas/game/" ''@nas'';
        imageRO = sambaShareRO "/nas/image" ''@nas'';
        videoRO = sambaShareRO "/nas/video" ''@nas'';
        #audio = sambaShare "/nas/audio" ''@nas'';
        #doc = sambaShare "/nas/doc/" ''@nas'';
        #game = sambaShare "/nas/game/" ''@nas'';
        #image = sambaShare "/nas/image" ''@nas'';
        #video = sambaShare "/nas/video" ''@nas'';
      };
    };*/

  /*services.tinc.networks = {
    beatific = {
      name = "catacomb";
      listenAddress = "0.0.0.0";
      chroot = false;
    };
  };*/

  services.zfs = {
    autoScrub = {
      enable = true;
      pools = ["catapool"];
      interval = "monthly";
    };
  };

  users.groups = {
    nas = { gid = 1600; };
  };

  users.users.tvb = {
    isNormalUser = true;
    uid = 1001;
    password = "badpassword";
    extraGroups = ["wheel" "nas"];
    openssh.authorizedKeys.keyFiles = [
      ./keys/tvb.palamas.pub
      ./keys/tvb.stagirite.pub
      ./keys/tvb.vagrant.pub
      ./keys/monitor.isidore.pub
      ./keys/inquisitor.conduit.pub
    ];
  };
  #./keys/tvb.empyrean.pub

  nix.settings.cores = 4;
  nix.extraOptions = "experimental-features = nix-command flakes";
}
Initial commit 2021-01-27 04:18:30 +00:00			`{ pkgs, ... }:`

			`{`
Refactor catacomb browser into its own file 2021-04-07 03:56:19 +00:00			`imports = [`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`./hardware-configuration.nix`
			`#./fileserver.nix`
Refactor catacomb browser into its own file 2021-04-07 03:56:19 +00:00			`];`
Initial commit 2021-01-27 04:18:30 +00:00
			`boot = {`
			`loader = {`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)`
Initial commit 2021-01-27 04:18:30 +00:00			`grub.enable = false;`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`# Enables the generation of /boot/extlinux/extlinux.conf`
			`generic-extlinux-compatible.enable = true;`
Initial commit 2021-01-27 04:18:30 +00:00			`};`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`supportedFilesystems = ["zfs"];`
			`zfs.enableUnstable = true;`
Initial commit 2021-01-27 04:18:30 +00:00			`};`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00
			`system.stateVersion = "22.11"; # Read the usual warning`

Initial commit 2021-01-27 04:18:30 +00:00			`swapDevices = [ { device = "/swap"; size = 1024; } ];`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00
Initial commit 2021-01-27 04:18:30 +00:00			`console.keyMap = "us";`
			`i18n.defaultLocale = "en_US.UTF-8";`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00
Initial commit 2021-01-27 04:18:30 +00:00			`environment.systemPackages = with pkgs;`
			`let`
			`py3-packages = python-packages: with python-packages; [`
			`flask`
			`];`
			`py3-with-packages = python3.withPackages py3-packages;`
			`in [`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`wget vim curl git htop bash tmux psmisc man-pages pv lsof`
Initial commit 2021-01-27 04:18:30 +00:00			`zip unzip`
			`py3-with-packages`
			`usbutils`
			`hdparm sdparm smartmontools gptfdisk gnufdisk`
			`dosfstools`
			`mkpasswd samba`
			`tinc_pre`
			`#file-rename`
			`rsync`
Add rclone and gpg for gdrive backups 2021-04-03 06:38:12 +00:00			`rclone gnupg`
Initial commit 2021-01-27 04:18:30 +00:00			`];`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00
Initial commit 2021-01-27 04:18:30 +00:00			`networking = {`
			`hostName = "catacomb";`
			`hostId = "beeeeee5";`
			`firewall = {`
			`enable = true;`
			`allowPing = true;`
Refactor catacomb browser into its own file 2021-04-07 03:56:19 +00:00			`allowedTCPPorts = [ 22 139 445 ];`
Initial commit 2021-01-27 04:18:30 +00:00			`allowedUDPPorts = [ 137 138 ];`
			`};`
			`};`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00
			`#services.cron = {`
			`# enable = true;`
			`# systemCronJobs = [`
			`# "0 20 * * 1 root /root/reassert-nas-permissions.sh"`
			`# "0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"`
			`# ];`
			`#};`

Initial commit 2021-01-27 04:18:30 +00:00			`services.openssh = {`
			`enable = true;`
			`passwordAuthentication = true;`
			`};`

			`services.ntp = {`
			`enable = true;`
			`servers = ["time.nist.gov"];`
			`};`

			`services.rsyncd.enable = true;`

Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`/*services.samba =`
Initial commit 2021-01-27 04:18:30 +00:00			`let`
			`sambaShare = path: validUsers: {`
			`path = path;`
			`comment = "Samba share for ${path}";`
			`browseable = "yes";`
			`"read only" = "no";`
			`"guest okay" = "no";`
			`"create mask" = "0640";`
			`"force create mode" = "0640";`
			`"directory mask" = "0750";`
			`"force directory mode" = "0750";`
			`"valid users" = validUsers;`
			`"force group" = ''nas'';`
			`};`
			`sambaShareRO = path: validUsers: {`
			`path = path;`
			`comment = "Read-only Samba share for ${path}";`
			`browseable = "yes";`
			`"read only" = "yes";`
			`"guest okay" = "no";`
			`"valid users" = validUsers;`
			`"force group" = ''nas'';`
			`};`
			`in`
			`{`
			`enable = true;`
			`securityType = "user";`
			`extraConfig = ''`
			`workgroup = beatific`
			`server string = Catacomb Nix SMB`
			`netbios name = catacomb`
			`deadtime = 300`

			`local master = yes`
			`domain master = yes`
			`preferred master = yes`

			`guest account = nobody`
			`map to guest = bad user`

			`case sensitive = yes`
			`veto files = /^.DS_Store$/^.Trash-1000$/`

			`load printers = no`
			`printcap name = /dev/null`
			`printing = bsd`

			`log file = /var/log/samba/client-%m.log`
			`log level = 2`
			`max log size = 64`

			`hide dot files = no`
			`hosts allow = 10.7.3.`
			`map archive = no`
			`unix extensions = yes`

			`ntlm auth = yes`
			`'';`
			`shares = {`
			`audioRO = sambaShareRO "/nas/audio" ''@nas'';`
			`docRO = sambaShareRO "/nas/doc/" ''@nas'';`
			`gameRO = sambaShareRO "/nas/game/" ''@nas'';`
			`imageRO = sambaShareRO "/nas/image" ''@nas'';`
			`videoRO = sambaShareRO "/nas/video" ''@nas'';`
Disable writeable shares while investigating filename corruption 2022-11-25 23:47:55 +00:00			`#audio = sambaShare "/nas/audio" ''@nas'';`
			`#doc = sambaShare "/nas/doc/" ''@nas'';`
			`#game = sambaShare "/nas/game/" ''@nas'';`
			`#image = sambaShare "/nas/image" ''@nas'';`
			`#video = sambaShare "/nas/video" ''@nas'';`
Initial commit 2021-01-27 04:18:30 +00:00			`};`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`};*/`

			`/*services.tinc.networks = {`
Initial commit 2021-01-27 04:18:30 +00:00			`beatific = {`
			`name = "catacomb";`
			`listenAddress = "0.0.0.0";`
			`chroot = false;`
			`};`
Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`};*/`

Initial commit 2021-01-27 04:18:30 +00:00			`services.zfs = {`
			`autoScrub = {`
			`enable = true;`
			`pools = ["catapool"];`
			`interval = "monthly";`
			`};`
			`};`

			`users.groups = {`
			`nas = { gid = 1600; };`
			`};`

			`users.users.tvb = {`
			`isNormalUser = true;`
			`uid = 1001;`
			`password = "badpassword";`
			`extraGroups = ["wheel" "nas"];`
			`openssh.authorizedKeys.keyFiles = [`
			`./keys/tvb.palamas.pub`
			`./keys/tvb.stagirite.pub`
Add tvb@vagrant key 2022-11-25 23:48:45 +00:00			`./keys/tvb.vagrant.pub`
Initial commit 2021-01-27 04:18:30 +00:00			`./keys/monitor.isidore.pub`
Add conduit pubkey 2021-04-03 06:38:42 +00:00			`./keys/inquisitor.conduit.pub`
Initial commit 2021-01-27 04:18:30 +00:00			`];`
			`};`
			`#./keys/tvb.empyrean.pub`

Upgrade system to 22.11 VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable 2022-11-26 18:38:23 +00:00			`nix.settings.cores = 4;`
Enable flakes 2022-11-25 23:48:58 +00:00			`nix.extraOptions = "experimental-features = nix-command flakes";`
Initial commit 2021-01-27 04:18:30 +00:00			`}`