2021-01-27 04:18:30 +00:00
|
|
|
{ pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
2021-04-07 03:56:19 +00:00
|
|
|
imports = [
|
2022-11-26 18:38:23 +00:00
|
|
|
./hardware-configuration.nix
|
|
|
|
#./fileserver.nix
|
2021-04-07 03:56:19 +00:00
|
|
|
];
|
2021-01-27 04:18:30 +00:00
|
|
|
|
|
|
|
boot = {
|
|
|
|
loader = {
|
2022-11-26 18:38:23 +00:00
|
|
|
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
|
2021-01-27 04:18:30 +00:00
|
|
|
grub.enable = false;
|
2022-11-26 18:38:23 +00:00
|
|
|
# Enables the generation of /boot/extlinux/extlinux.conf
|
|
|
|
generic-extlinux-compatible.enable = true;
|
2021-01-27 04:18:30 +00:00
|
|
|
};
|
2022-11-26 18:38:23 +00:00
|
|
|
supportedFilesystems = ["zfs"];
|
|
|
|
zfs.enableUnstable = true;
|
2021-01-27 04:18:30 +00:00
|
|
|
};
|
2022-11-26 18:38:23 +00:00
|
|
|
|
|
|
|
system.stateVersion = "22.11"; # Read the usual warning
|
|
|
|
|
2021-01-27 04:18:30 +00:00
|
|
|
swapDevices = [ { device = "/swap"; size = 1024; } ];
|
2022-11-26 18:38:23 +00:00
|
|
|
|
2021-01-27 04:18:30 +00:00
|
|
|
console.keyMap = "us";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
2022-11-26 18:38:23 +00:00
|
|
|
|
2021-01-27 04:18:30 +00:00
|
|
|
environment.systemPackages = with pkgs;
|
|
|
|
let
|
|
|
|
py3-packages = python-packages: with python-packages; [
|
|
|
|
flask
|
|
|
|
];
|
|
|
|
py3-with-packages = python3.withPackages py3-packages;
|
|
|
|
in [
|
2022-11-26 18:38:23 +00:00
|
|
|
wget vim curl git htop bash tmux psmisc man-pages pv lsof
|
2021-01-27 04:18:30 +00:00
|
|
|
zip unzip
|
|
|
|
py3-with-packages
|
|
|
|
usbutils
|
|
|
|
hdparm sdparm smartmontools gptfdisk gnufdisk
|
|
|
|
dosfstools
|
|
|
|
mkpasswd samba
|
|
|
|
tinc_pre
|
|
|
|
#file-rename
|
|
|
|
rsync
|
2021-04-03 06:38:12 +00:00
|
|
|
rclone gnupg
|
2021-01-27 04:18:30 +00:00
|
|
|
];
|
2022-11-26 18:38:23 +00:00
|
|
|
|
2021-01-27 04:18:30 +00:00
|
|
|
networking = {
|
|
|
|
hostName = "catacomb";
|
|
|
|
hostId = "beeeeee5";
|
|
|
|
firewall = {
|
|
|
|
enable = true;
|
|
|
|
allowPing = true;
|
2021-04-07 03:56:19 +00:00
|
|
|
allowedTCPPorts = [ 22 139 445 ];
|
2021-01-27 04:18:30 +00:00
|
|
|
allowedUDPPorts = [ 137 138 ];
|
|
|
|
};
|
|
|
|
};
|
2022-11-26 18:38:23 +00:00
|
|
|
|
|
|
|
#services.cron = {
|
|
|
|
# enable = true;
|
|
|
|
# systemCronJobs = [
|
|
|
|
# "0 20 * * 1 root /root/reassert-nas-permissions.sh"
|
|
|
|
# "0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"
|
|
|
|
# ];
|
|
|
|
#};
|
|
|
|
|
2021-01-27 04:18:30 +00:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
passwordAuthentication = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
services.ntp = {
|
|
|
|
enable = true;
|
|
|
|
servers = ["time.nist.gov"];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.rsyncd.enable = true;
|
|
|
|
|
2022-11-26 18:38:23 +00:00
|
|
|
/*services.samba =
|
2021-01-27 04:18:30 +00:00
|
|
|
let
|
|
|
|
sambaShare = path: validUsers: {
|
|
|
|
path = path;
|
|
|
|
comment = "Samba share for ${path}";
|
|
|
|
browseable = "yes";
|
|
|
|
"read only" = "no";
|
|
|
|
"guest okay" = "no";
|
|
|
|
"create mask" = "0640";
|
|
|
|
"force create mode" = "0640";
|
|
|
|
"directory mask" = "0750";
|
|
|
|
"force directory mode" = "0750";
|
|
|
|
"valid users" = validUsers;
|
|
|
|
"force group" = ''nas'';
|
|
|
|
};
|
|
|
|
sambaShareRO = path: validUsers: {
|
|
|
|
path = path;
|
|
|
|
comment = "Read-only Samba share for ${path}";
|
|
|
|
browseable = "yes";
|
|
|
|
"read only" = "yes";
|
|
|
|
"guest okay" = "no";
|
|
|
|
"valid users" = validUsers;
|
|
|
|
"force group" = ''nas'';
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
|
|
|
enable = true;
|
|
|
|
securityType = "user";
|
|
|
|
extraConfig = ''
|
|
|
|
workgroup = beatific
|
|
|
|
server string = Catacomb Nix SMB
|
|
|
|
netbios name = catacomb
|
|
|
|
deadtime = 300
|
|
|
|
|
|
|
|
local master = yes
|
|
|
|
domain master = yes
|
|
|
|
preferred master = yes
|
|
|
|
|
|
|
|
guest account = nobody
|
|
|
|
map to guest = bad user
|
|
|
|
|
|
|
|
case sensitive = yes
|
|
|
|
veto files = /^.DS_Store$/^.Trash-1000$/
|
|
|
|
|
|
|
|
load printers = no
|
|
|
|
printcap name = /dev/null
|
|
|
|
printing = bsd
|
|
|
|
|
|
|
|
log file = /var/log/samba/client-%m.log
|
|
|
|
log level = 2
|
|
|
|
max log size = 64
|
|
|
|
|
|
|
|
hide dot files = no
|
|
|
|
hosts allow = 10.7.3.
|
|
|
|
map archive = no
|
|
|
|
unix extensions = yes
|
|
|
|
|
|
|
|
ntlm auth = yes
|
|
|
|
'';
|
|
|
|
shares = {
|
|
|
|
audioRO = sambaShareRO "/nas/audio" ''@nas'';
|
|
|
|
docRO = sambaShareRO "/nas/doc/" ''@nas'';
|
|
|
|
gameRO = sambaShareRO "/nas/game/" ''@nas'';
|
|
|
|
imageRO = sambaShareRO "/nas/image" ''@nas'';
|
|
|
|
videoRO = sambaShareRO "/nas/video" ''@nas'';
|
2022-11-25 23:47:55 +00:00
|
|
|
#audio = sambaShare "/nas/audio" ''@nas'';
|
|
|
|
#doc = sambaShare "/nas/doc/" ''@nas'';
|
|
|
|
#game = sambaShare "/nas/game/" ''@nas'';
|
|
|
|
#image = sambaShare "/nas/image" ''@nas'';
|
|
|
|
#video = sambaShare "/nas/video" ''@nas'';
|
2021-01-27 04:18:30 +00:00
|
|
|
};
|
2022-11-26 18:38:23 +00:00
|
|
|
};*/
|
|
|
|
|
|
|
|
/*services.tinc.networks = {
|
2021-01-27 04:18:30 +00:00
|
|
|
beatific = {
|
|
|
|
name = "catacomb";
|
|
|
|
listenAddress = "0.0.0.0";
|
|
|
|
chroot = false;
|
|
|
|
};
|
2022-11-26 18:38:23 +00:00
|
|
|
};*/
|
|
|
|
|
2021-01-27 04:18:30 +00:00
|
|
|
services.zfs = {
|
|
|
|
autoScrub = {
|
|
|
|
enable = true;
|
|
|
|
pools = ["catapool"];
|
|
|
|
interval = "monthly";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
users.groups = {
|
|
|
|
nas = { gid = 1600; };
|
|
|
|
};
|
|
|
|
|
|
|
|
users.users.tvb = {
|
|
|
|
isNormalUser = true;
|
|
|
|
uid = 1001;
|
|
|
|
password = "badpassword";
|
|
|
|
extraGroups = ["wheel" "nas"];
|
|
|
|
openssh.authorizedKeys.keyFiles = [
|
|
|
|
./keys/tvb.palamas.pub
|
|
|
|
./keys/tvb.stagirite.pub
|
2022-11-25 23:48:45 +00:00
|
|
|
./keys/tvb.vagrant.pub
|
2021-01-27 04:18:30 +00:00
|
|
|
./keys/monitor.isidore.pub
|
2021-04-03 06:38:42 +00:00
|
|
|
./keys/inquisitor.conduit.pub
|
2021-01-27 04:18:30 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
#./keys/tvb.empyrean.pub
|
|
|
|
|
2022-11-26 18:38:23 +00:00
|
|
|
nix.settings.cores = 4;
|
2022-11-25 23:48:58 +00:00
|
|
|
nix.extraOptions = "experimental-features = nix-command flakes";
|
2021-01-27 04:18:30 +00:00
|
|
|
}
|