{ pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ./fileserver.nix ]; beatific.hostName = "catacomb"; beatific.defaults.tvbSync = false; boot = { loader = { # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) grub.enable = false; # Enables the generation of /boot/extlinux/extlinux.conf generic-extlinux-compatible.enable = true; }; supportedFilesystems = ["zfs"]; zfs.enableUnstable = true; zfs.extraPools = [ "catapool" ]; kernelParams = [ "zfs.zfs_dmu_offset_next_sync=0" ]; }; system.stateVersion = "22.11"; # Read the usual warning swapDevices = [ { device = "/swap"; size = 1024; } ]; environment.systemPackages = with pkgs; [ ffmpeg lsof # list open files mkpasswd # used for setting SMB passwords, I think? samba # provides smbpasswd, mostly smartmontools # provides smartctl usbutils # provides lsusb ]; networking = { hostId = "beeeeee5"; # this must be consistent for ZFS firewall = { enable = true; allowedTCPPorts = [ 139 445 ]; allowedUDPPorts = [ 137 138 ]; }; }; services.cron = { enable = true; systemCronJobs = let reassertPerms = pkgs.writeShellScript "reassert-nas-permissions.sh" '' ${pkgs.coreutils}/bin/chown -v -R tvb:nas /nas ${pkgs.findutils}/bin/find /nas -type d -exec ${pkgs.coreutils}/bin/chmod -v 750 {} \; ${pkgs.findutils}/bin/find /nas -type f -exec ${pkgs.coreutils}/bin/chmod -v 640 {} \; ''; in [ "0 20 * * 1 root ${reassertPerms}" "0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup" ]; }; services.openssh.settings.PasswordAuthentication = true; services.rsyncd.enable = true; services.samba = let sambaShare = path: validUsers: { path = path; comment = "Samba share for ${path}"; browseable = "yes"; "read only" = "no"; "guest okay" = "no"; "create mask" = "0640"; "force create mode" = "0640"; "directory mask" = "0750"; "force directory mode" = "0750"; "valid users" = validUsers; "force group" = ''nas''; }; sambaShareRO = path: validUsers: { path = path; comment = "Read-only Samba share for ${path}"; browseable = "yes"; "read only" = "yes"; "guest okay" = "no"; "valid users" = validUsers; "force group" = ''nas''; }; in { enable = true; securityType = "user"; extraConfig = '' workgroup = beatific server string = Catacomb Nix SMB netbios name = catacomb deadtime = 300 local master = yes domain master = yes preferred master = yes guest account = nobody map to guest = bad user case sensitive = yes veto files = /^.DS_Store$/^.Trash-1000$/ load printers = no printcap name = /dev/null printing = bsd log file = /var/log/samba/client-%m.log log level = 2 max log size = 64 hide dot files = no hosts allow = 10.22.20., 192.168.1. map archive = no unix extensions = yes ntlm auth = yes ''; shares = let homeShare = user: { path = "/home/${user}"; comment = "${user}'s home folder"; browseable = "yes"; "read only" = "no"; "guest okay" = "no"; "create mask" = "0640"; "force create mode" = "0640"; "directory mask" = "0750"; "force directory mode" = "0750"; "valid users" = "${user}"; }; in { tvb = homeShare "tvb"; katydid = homeShare "katydid"; }; }; services.zfs = { autoScrub = { enable = true; pools = ["catapool"]; interval = "monthly"; }; }; users.groups = { nas = { gid = 1600; }; }; users.users.tvb = { uid = 1001; extraGroups = [ "nas" ]; packages = [ (pkgs.writeShellScriptBin "yt-dlp" '' exec $HOME/.env/bin/yt-dlp "$@" '') ]; }; users.users.katydid = { isNormalUser = true; uid = 1002; }; nix.settings.cores = 4; }