From 4b88a9038c949fda8e2b2c741768e561decb89c5 Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 20:00:22 +0100 Subject: [PATCH 01/10] fix: adapted samba for nixos 24.11 --- hosts/sisyphe/features/samba-shares.nix | 43 ++++++++++++++++--------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/hosts/sisyphe/features/samba-shares.nix b/hosts/sisyphe/features/samba-shares.nix index 140f449..b4d80c0 100644 --- a/hosts/sisyphe/features/samba-shares.nix +++ b/hosts/sisyphe/features/samba-shares.nix @@ -18,42 +18,43 @@ in enable = true; securityType = "user"; openFirewall = true; - settings = '' - workgroup = WORKGROUP - server string = hyperserver - netbios name = hyperserver - security = user - ''; - shares = { - music = { + settings = { + global = { + security = "user"; + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "music" = { path = "/srv/media/Music"; browseable = "yes"; "read only" = "no"; "create mask" = "0644"; - "directory mask" = "0655"; + "directory mask" = "0755"; }; - ebooks = { + "ebooks" = { path = "${cfg.dir}/Ebooks"; browseable = "yes"; "read only" = "no"; "create mask" = "0644"; - "directory mask" = "0655"; + "directory mask" = "0755"; }; - movies = { + "movies" = { path = "${cfg.dir}/Films"; browseable = "yes"; "create mask" = "0644"; - "directory mask" = "0655"; + "directory mask" = "0755"; "read only" = "no"; }; - shows = { + "shows" = { path = "${cfg.dir}/SeriesTV"; "read only" = "no"; "create mask" = "0644"; "directory mask" = "0755"; browseable = "yes"; }; - torrents = { + "torrents" = { path = "${cfg.dir}/Torrents"; "read only" = "yes"; "create mask" = "644"; @@ -63,4 +64,16 @@ in }; }; + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + + services.avahi = { + enable = true; + publish.enable = true; + publish.userServices = true; + openFirewall = true; + }; } From 670ef0cccb6b6ab7db0552614842079bd984191b Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 20:02:48 +0100 Subject: [PATCH 02/10] fix: indentation --- hosts/sisyphe/features/samba-shares.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/sisyphe/features/samba-shares.nix b/hosts/sisyphe/features/samba-shares.nix index b4d80c0..66aa8d9 100644 --- a/hosts/sisyphe/features/samba-shares.nix +++ b/hosts/sisyphe/features/samba-shares.nix @@ -62,8 +62,6 @@ in }; }; }; - }; - services.samba-wsdd = { enable = true; openFirewall = true; @@ -76,4 +74,7 @@ in publish.userServices = true; openFirewall = true; }; + }; + + } From 7e57ead3c5642fe91db4b37d8fe26ad4df7edb93 Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 20:55:36 +0100 Subject: [PATCH 03/10] change: more changes for nix 24.11 --- hosts/sisyphe/configuration.nix | 66 ++++++++++++++++--- .../sisyphe/features/multimedia/jellyfin.nix | 2 +- hosts/sisyphe/server-configuration.nix | 65 ------------------ 3 files changed, 59 insertions(+), 74 deletions(-) delete mode 100644 hosts/sisyphe/server-configuration.nix diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix index c673c56..1190948 100644 --- a/hosts/sisyphe/configuration.nix +++ b/hosts/sisyphe/configuration.nix @@ -2,9 +2,14 @@ config, lib, pkgs, + secrets, ... }: - +let + ip = "192.168.1.177"; + gateway = "192.168.1.1"; + username = "homelab"; +in { imports = [ ./hardware-configuration.nix @@ -69,13 +74,57 @@ environment.variables.EDITOR = "nvim"; - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - 22 - 80 - 443 - 8080 - ]; + # setting up networking!! + networking = { + interfaces = { + ens18.ipv4.addresses = [ + { + address = ip; + prefixLength = 24; + } + ]; + }; + + defaultGateway = gateway; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + + nftables.enable = true; + # firewall rules + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # ssh + 80 # http + 443 # ssh + 8080 + ]; + allowedUDPPorts = [ ]; + }; + }; + + users.groups.multimedia = { + members = [ + "slskd" + "radarr" + "readarr" + "sonarr" + "transmission" + "jellyfin" + "bazarr" + "calibre-web" + username + ]; + }; + + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; + sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml"; # reducing disk usage boot.loader.systemd-boot.configurationLimit = 10; @@ -94,6 +143,7 @@ "dotnet-sdk-wrapped-6.0.428" ]; + # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # diff --git a/hosts/sisyphe/features/multimedia/jellyfin.nix b/hosts/sisyphe/features/multimedia/jellyfin.nix index b90b9bb..7d2a70d 100644 --- a/hosts/sisyphe/features/multimedia/jellyfin.nix +++ b/hosts/sisyphe/features/multimedia/jellyfin.nix @@ -5,7 +5,7 @@ vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; - hardware.opengl = { + hardware.graphics = { # hardware.opengl in 24.05 enable = true; extraPackages = with pkgs; [ diff --git a/hosts/sisyphe/server-configuration.nix b/hosts/sisyphe/server-configuration.nix deleted file mode 100644 index f038092..0000000 --- a/hosts/sisyphe/server-configuration.nix +++ /dev/null @@ -1,65 +0,0 @@ -# TODO: move file to configuration.nix -{ - config, - lib, - pkgs, - secrets, - ... -}: -let - ip = "192.168.1.177"; - gateway = "192.168.1.1"; - username = "homelab"; -in -{ - # setting up networking!! - networking = { - interfaces = { - ens18.ipv4.addresses = [ - { - address = ip; - prefixLength = 24; - } - ]; - }; - - defaultGateway = gateway; - nameservers = [ - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - - nftables.enable = true; - # firewall rules - firewall = { - enable = true; - allowedTCPPorts = [ - 22 # ssh - 80 # http - 443 # ssh - ]; - allowedUDPPorts = [ ]; - }; - }; - - users.groups.multimedia = { - members = [ - "slskd" - "radarr" - "readarr" - "sonarr" - "transmission" - "jellyfin" - "bazarr" - "calibre-web" - username - ]; - }; - - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - sops.age.keyFile = "/var/lib/sops-nix/key.txt"; - sops.age.generateKey = true; - sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml"; -} From 216cd53d704e8e76c8fef5daf218f834a9768870 Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 21:30:44 +0100 Subject: [PATCH 04/10] started adding config for nas --- hosts/strawberry/configuration.nix | 20 +++++++++++++++++ terraform/main.tf | 35 ++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 hosts/strawberry/configuration.nix create mode 100644 terraform/main.tf diff --git a/hosts/strawberry/configuration.nix b/hosts/strawberry/configuration.nix new file mode 100644 index 0000000..e844cd0 --- /dev/null +++ b/hosts/strawberry/configuration.nix @@ -0,0 +1,20 @@ +{pkgs, username, ...}: { + services.samba = { + enable = true; + openFirewall = true; + }; + + users.users.nas = { + + }; + + users.users.${username} = { + isNormalUser = true; + }; + + systemd.tempfiles.rules = [ + "d /srv/files 0755 nas nas" + ]; + + system.stateVersion = "24.11"; +} \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf new file mode 100644 index 0000000..925bdb2 --- /dev/null +++ b/terraform/main.tf @@ -0,0 +1,35 @@ +provider "proxmox" { + pm_api_url = "https://your-proxmox-server:8006/api2/json" + pm_tls_insecure = true +} + +resource "proxmox_vm_qemu" "nixos-services-vm" { + name = "nixos-services-vm" + target_node = "pve" + clone = "template-name" + os_type = "cloud-init" + cores = 2 + memory = 2048 + disk { + size = "10G" + } + network { + model = "virtio" + bridge = "vmbr0" + } + sshkeys = file("~/.ssh/id_rsa.pub") + ipconfig0 = "ip=dhcp" + cloud_init { + user_data = < Date: Thu, 26 Dec 2024 21:31:03 +0100 Subject: [PATCH 05/10] added terraform support --- hosts/dadarwin/configuration.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hosts/dadarwin/configuration.nix b/hosts/dadarwin/configuration.nix index aefb368..5900950 100644 --- a/hosts/dadarwin/configuration.nix +++ b/hosts/dadarwin/configuration.nix @@ -2,11 +2,12 @@ { # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget - environment.systemPackages = + environment.systemPackages = with pkgs; [ - pkgs.neovim - pkgs.kitty - pkgs.kittysay + neovim + kitty + kittysay + terraform ]; programs.direnv.enable = true; From 84d27c4279affb08c1f3bab6fd164dacdef9c0c1 Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 22:40:01 +0100 Subject: [PATCH 06/10] fix: updated facerecognision --- hosts/sisyphe/features/services/nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index a1dd0ed..7382335 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -84,8 +84,8 @@ }; */ facerecognition = pkgs.fetchNextcloudApp { - sha256 = "1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk"; - url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz"; + sha256 = "0bxahi7prmkhaxfdgsl26nqjxg4h0mxjs7a3cvib9yr9hnisr9r2k"; + url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz"; license = "agpl3Only"; }; From 2957232541b545b535fa222a4d8d370ab3e5a5ad Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 22:45:48 +0100 Subject: [PATCH 07/10] fix: removed forgotten file --- hosts/sisyphe/configuration.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix index 1190948..716f722 100644 --- a/hosts/sisyphe/configuration.nix +++ b/hosts/sisyphe/configuration.nix @@ -13,7 +13,6 @@ in { imports = [ ./hardware-configuration.nix - ./server-configuration.nix ./features/default.nix ../../features/shared/ssh.nix ]; From 5588d0225d9d09eb73d64b4d53f8df84c364d310 Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 22:48:11 +0100 Subject: [PATCH 08/10] typo --- hosts/sisyphe/features/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index 7382335..345095e 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -84,7 +84,7 @@ }; */ facerecognition = pkgs.fetchNextcloudApp { - sha256 = "0bxahi7prmkhaxfdgsl26nqjxg4h0mxjs7a3cvib9yr9hnisr9r2k"; + sha256 = "0bxahi7prmkhaxfdgsl26nqjxg4h0mxjs7a3cvib9yr9hnisr9r2"; url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz"; license = "agpl3Only"; }; From 5540b81f4e114807de58840b20ec1a829f1a83da Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 22:50:26 +0100 Subject: [PATCH 09/10] fix: maybe im the problem after all --- hosts/sisyphe/features/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index 345095e..7610a1b 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -84,7 +84,7 @@ }; */ facerecognition = pkgs.fetchNextcloudApp { - sha256 = "0bxahi7prmkhaxfdgsl26nqjxg4h0mxjs7a3cvib9yr9hnisr9r2"; + sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE="; url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz"; license = "agpl3Only"; }; From 4bdec356fa7603ac134b8dc3d2f505f57f09a311 Mon Sep 17 00:00:00 2001 From: kity Date: Thu, 26 Dec 2024 22:53:52 +0100 Subject: [PATCH 10/10] fix: memories hash update --- hosts/sisyphe/features/services/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index 7610a1b..e96f332 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -71,7 +71,7 @@ ; memories = pkgs.fetchNextcloudApp { - sha256 = "sha256-DJPskJ4rTECTaO1XJFeOD1EfA3TQR4YXqG+NIti0UPE="; + sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo="; url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; license = "agpl3Only"; };