From 86bed3f0d88f4f8421f6c942365a5cbb24235fdd Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 14:05:22 +1000 Subject: [PATCH 01/28] update --- flake.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/flake.nix b/flake.nix index 74d9ffa..c562f22 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,22 @@ } ]; }; + "aly-server" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + nur.modules.nixos.default + nix-flatpak.nixosModules.nix-flatpak + nixvim.nixosModules.nixvim + # TODO + ./system/global.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.aly = import ./home/aly.nix; + } + ]; + }; }; }; } From ae314607e07645961aca2152417448ce5ddc072e Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 14:13:05 +1000 Subject: [PATCH 02/28] update --- system/aly-laptop.nix | 12 ++++++++++++ system/global.nix | 20 ++------------------ 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/system/aly-laptop.nix b/system/aly-laptop.nix index 22bb3f0..4817113 100644 --- a/system/aly-laptop.nix +++ b/system/aly-laptop.nix @@ -13,4 +13,16 @@ lidSwitchDocked = "ignore"; lidSwitchExternalPower = "ignore"; }; + services.flatpak.enable = true; + services.flatpak.packages = [ + "com.moonlight_stream.Moonlight" + ]; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + pulse.enable = true; + }; + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; }) diff --git a/system/global.nix b/system/global.nix index 0491fbb..87d6d2d 100644 --- a/system/global.nix +++ b/system/global.nix @@ -12,15 +12,6 @@ networking.networkmanager.enable = true; - services.flatpak.enable = true; - services.flatpak.packages = [ - "com.moonlight_stream.Moonlight" - ]; - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - pulse.enable = true; - }; time.timeZone = "Australia/Brisbane"; users.users.aly = { isNormalUser = true; @@ -30,20 +21,13 @@ extraGroups = [ "networkmanager" "wheel" ]; }; - # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { X11Forwarding = true; - PermitRootLogin = "no"; # disable root login - PasswordAuthentication = true; # disable password login + PermitRootLogin = "no"; + PasswordAuthentication = true; }; openFirewall = true; }; - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; }) From 974b0e57f1c1d8fc34e64db3237a92749e91d7e4 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 04:22:53 +0000 Subject: [PATCH 03/28] update --- flake.nix | 9 ++------- hw/aly-server.nix | 36 ++++++++++++++++++++++++++++++++++++ system/aly-server.nix | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 7 deletions(-) create mode 100644 hw/aly-server.nix create mode 100644 system/aly-server.nix diff --git a/flake.nix b/flake.nix index c562f22..f03168f 100644 --- a/flake.nix +++ b/flake.nix @@ -45,14 +45,9 @@ nur.modules.nixos.default nix-flatpak.nixosModules.nix-flatpak nixvim.nixosModules.nixvim + ./hw/aly-server.nix + ./system/aly-server.nix # TODO - ./system/global.nix - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.aly = import ./home/aly.nix; - } ]; }; }; diff --git a/hw/aly-server.nix b/hw/aly-server.nix new file mode 100644 index 0000000..1e3330d --- /dev/null +++ b/hw/aly-server.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/EF0E-1E4B"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + virtualisation.hypervGuest.enable = true; +} diff --git a/system/aly-server.nix b/system/aly-server.nix new file mode 100644 index 0000000..d948416 --- /dev/null +++ b/system/aly-server.nix @@ -0,0 +1,35 @@ +({ config, pkgs, ... }: { + system.stateVersion = "25.05"; + virtualisation.hypervGuest.enable = true; + boot.blacklistedKernelModules = [ "hyperv_fb" ]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + environment.systemPackages = with pkgs; [ + cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils + ]; + programs.nixvim.enable = true; + programs.nixvim.defaultEditor = true; + security.sudo.wheelNeedsPassword = false; + + networking.networkmanager.enable = true; + + time.timeZone = "Australia/Brisbane"; + users.users.aly = { + isNormalUser = true; + description = "aly"; + hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; + openssh.authorizedKeys.keys = import ../data/authorized_keys.nix; + extraGroups = [ "networkmanager" "wheel" ]; + }; + + services.openssh = { + enable = true; + settings = { + X11Forwarding = true; + PermitRootLogin = "no"; + PasswordAuthentication = true; + }; + openFirewall = true; + }; +}) From 84661d3f37a40f11ec2a06d9b5accb6860f24d91 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 14:45:41 +1000 Subject: [PATCH 04/28] update --- data/authorized_keys.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/data/authorized_keys.nix b/data/authorized_keys.nix index 0ceb696..0d20f26 100644 --- a/data/authorized_keys.nix +++ b/data/authorized_keys.nix @@ -4,4 +4,5 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos" ] From 0b204ac349f70930f0112699fb5c31f4a8a4f6a5 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:00:11 +1000 Subject: [PATCH 05/28] update --- home/aly.nix | 30 +++++++++++++++--------------- system/aly-server.nix | 1 + 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/home/aly.nix b/home/aly.nix index 4e73a90..5ef4a91 100644 --- a/home/aly.nix +++ b/home/aly.nix @@ -3,28 +3,28 @@ { home.username = "aly"; home.homeDirectory = "/home/aly"; - xresources.properties = { - "Xcursor.size" = 16; - "Xft.dpi" = 300; - }; +# xresources.properties = { +# "Xcursor.size" = 16; +# "Xft.dpi" = 300; +# }; home.packages = with pkgs; [ - gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic +# gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool pciutils usbutils nix-output-monitor ]; - programs.firefox = { - enable = true; - profiles.default = { - extensions = { - packages = with pkgs.nur.repos.rycee.firefox-addons; [ - ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock - ]; - }; - }; - }; +# programs.firefox = { +# enable = true; +# profiles.default = { +# extensions = { +# packages = with pkgs.nur.repos.rycee.firefox-addons; [ +# ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock +# ]; +# }; +# }; +# }; programs.git = { enable = true; diff --git a/system/aly-server.nix b/system/aly-server.nix index d948416..471116c 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -1,4 +1,5 @@ ({ config, pkgs, ... }: { + networking.hostName = "aly-server"; system.stateVersion = "25.05"; virtualisation.hypervGuest.enable = true; boot.blacklistedKernelModules = [ "hyperv_fb" ]; From 17d3c70d1cc593a9fc8d859be6fa299800fee2da Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:03:30 +1000 Subject: [PATCH 06/28] update --- flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/flake.nix b/flake.nix index f03168f..1688216 100644 --- a/flake.nix +++ b/flake.nix @@ -47,6 +47,12 @@ nixvim.nixosModules.nixvim ./hw/aly-server.nix ./system/aly-server.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.aly = import ./home/aly.nix; + } # TODO ]; }; From f65b69e7d6aaa50c6b0c3dfc9c2a2e8546603072 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:06:48 +1000 Subject: [PATCH 07/28] update --- system/aly-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 471116c..516a2ff 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -2,6 +2,7 @@ networking.hostName = "aly-server"; system.stateVersion = "25.05"; virtualisation.hypervGuest.enable = true; + virtualisation.docker.enable = true; boot.blacklistedKernelModules = [ "hyperv_fb" ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -21,7 +22,7 @@ description = "aly"; hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/"; openssh.authorizedKeys.keys = import ../data/authorized_keys.nix; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "networkmanager" "wheel" "docker" ]; }; services.openssh = { From 1d82e41740d8d19d4ef7ee30b953710cc0945d34 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:13:38 +1000 Subject: [PATCH 08/28] update --- aly-server.md | 6 ++++++ system/aly-server.nix | 1 + 2 files changed, 7 insertions(+) create mode 100644 aly-server.md diff --git a/aly-server.md b/aly-server.md new file mode 100644 index 0000000..f457a8d --- /dev/null +++ b/aly-server.md @@ -0,0 +1,6 @@ +samba +ps3netsrv +xbox360 srv +retronas +openmediavault? +btrfs diff --git a/system/aly-server.nix b/system/aly-server.nix index 516a2ff..9c1d8db 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -9,6 +9,7 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; environment.systemPackages = with pkgs; [ cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils + btrfs-progs ]; programs.nixvim.enable = true; programs.nixvim.defaultEditor = true; From 44b6e473c09108db89b4b92e9c14c00869916981 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:27:32 +1000 Subject: [PATCH 09/28] update --- flake.nix | 5 ++++- hw/aly-server.nix | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 1688216..377107f 100644 --- a/flake.nix +++ b/flake.nix @@ -18,9 +18,11 @@ url = "github:nix-community/nixvim/nixos-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + agenix.url = "github:ryantm/agenix"; + agenix.inputs.darwin.follows = ""; }; - outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: { + outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: { nixosConfigurations = { "aly-laptop" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -47,6 +49,7 @@ nixvim.nixosModules.nixvim ./hw/aly-server.nix ./system/aly-server.nix + agenix.nixosModules.default home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/hw/aly-server.nix b/hw/aly-server.nix index 1e3330d..4fbc60f 100644 --- a/hw/aly-server.nix +++ b/hw/aly-server.nix @@ -22,6 +22,11 @@ options = [ "fmask=0022" "dmask=0022" ]; }; + fileSystems."/mnt/storage" = + { device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f"; + fsType = "btrfs"; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking From 11375eec545d2dd9657c10d82c0a5cc13d6034b4 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:34:36 +1000 Subject: [PATCH 10/28] update --- flake.lock | 82 ++++++++++++++++++++++++++++++++++++++++--- system/aly-server.nix | 2 +- 2 files changed, 79 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 5943b5f..9eec9d7 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": [], + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "owner": "ryantm", + "repo": "agenix", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -44,7 +65,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -61,6 +82,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -162,6 +204,22 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1758589230, "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=", @@ -184,7 +242,7 @@ "nixpkgs" ], "nuschtosSearch": "nuschtosSearch", - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1758373036, @@ -247,10 +305,11 @@ }, "root": { "inputs": { - "home-manager": "home-manager", + "agenix": "agenix", + "home-manager": "home-manager_2", "nix-flatpak": "nix-flatpak", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "nur": "nur" } @@ -284,6 +343,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/system/aly-server.nix b/system/aly-server.nix index 9c1d8db..f781280 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -9,7 +9,7 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; environment.systemPackages = with pkgs; [ cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils - btrfs-progs + btrfs-progs agenix.packages.${system}.default ]; programs.nixvim.enable = true; programs.nixvim.defaultEditor = true; From 2aca8b2b7596babebbdb21eac543c942dba14002 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:35:56 +1000 Subject: [PATCH 11/28] update --- system/aly-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index f781280..e137191 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -1,4 +1,4 @@ -({ config, pkgs, ... }: { +({ config, pkgs, agenix, ... }: { networking.hostName = "aly-server"; system.stateVersion = "25.05"; virtualisation.hypervGuest.enable = true; From f5af1370cf9e40da58d7f75aa49e79e6b4508b91 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:37:27 +1000 Subject: [PATCH 12/28] update --- flake.nix | 3 +++ system/aly-server.nix | 3 +-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 377107f..2d6011d 100644 --- a/flake.nix +++ b/flake.nix @@ -50,6 +50,9 @@ ./hw/aly-server.nix ./system/aly-server.nix agenix.nixosModules.default + { + environment.systemPackages = [ agenix.packages.${system}.default ]; + } home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; diff --git a/system/aly-server.nix b/system/aly-server.nix index e137191..418d442 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -8,8 +8,7 @@ boot.loader.efi.canTouchEfiVariables = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; environment.systemPackages = with pkgs; [ - cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils - btrfs-progs agenix.packages.${system}.default + cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs ]; programs.nixvim.enable = true; programs.nixvim.defaultEditor = true; From 1aff413d8368edb005a2da0b0ce14e23cbe43c4a Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:37:47 +1000 Subject: [PATCH 13/28] update --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 2d6011d..17e93b5 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ ./system/aly-server.nix agenix.nixosModules.default { - environment.systemPackages = [ agenix.packages.${system}.default ]; + environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; } home-manager.nixosModules.home-manager { From 6eec5cda43f999f515bc8ebfc794ca1d68934586 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 15:53:17 +1000 Subject: [PATCH 14/28] update --- system/aly-server.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 418d442..d603cbf 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -2,7 +2,11 @@ networking.hostName = "aly-server"; system.stateVersion = "25.05"; virtualisation.hypervGuest.enable = true; - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + autoPrune.enable = true; + }; + virtualisation.oci-containers.backend = "docker"; boot.blacklistedKernelModules = [ "hyperv_fb" ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; From 1369071cb26881f408dafc9d3d032de5005a1d99 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:43:07 +1000 Subject: [PATCH 15/28] update --- system/aly-server.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/system/aly-server.nix b/system/aly-server.nix index d603cbf..2865047 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -38,4 +38,39 @@ }; openFirewall = true; }; + + services.samba-wsdd.enable = true; + services.samba = { + enable = true; + securityType = "user"; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "aly-server"; + "netbios name" = "aly-server"; + "security" = "user"; + "max protocol" = "smb1"; + "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "storage" = { + "path" = "/mnt/storage"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0664"; + "directory mask" = "0775"; + "force user" = "1001"; + "force group" = "1005"; + }; + "media" = { + "path" = "/mnt/storage/media"; + "browseable" = "yes"; + "read only" = "yes"; + "guest ok" = "yes"; + }; + }; + }; }) From 545e4283f13f33accefdacadd938d9fffabdc759 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:43:47 +1000 Subject: [PATCH 16/28] update --- system/aly-server.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 2865047..39c19c6 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -42,7 +42,6 @@ services.samba-wsdd.enable = true; services.samba = { enable = true; - securityType = "user"; settings = { global = { "workgroup" = "WORKGROUP"; From 77ca80d621c923e4ed49a3741678afb647def6e2 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:45:41 +1000 Subject: [PATCH 17/28] update --- system/aly-server.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/system/aly-server.nix b/system/aly-server.nix index 39c19c6..939b711 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -42,6 +42,8 @@ services.samba-wsdd.enable = true; services.samba = { enable = true; + enableNmbd = false; + enableWinbindd = false; settings = { global = { "workgroup" = "WORKGROUP"; From 531c91b9e5460fd65d35b64ba794e25cf9dfaf78 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:46:20 +1000 Subject: [PATCH 18/28] update --- system/aly-server.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 939b711..73539fa 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -42,8 +42,8 @@ services.samba-wsdd.enable = true; services.samba = { enable = true; - enableNmbd = false; - enableWinbindd = false; + nmbd.enable = false; + winbindd.enable = false; settings = { global = { "workgroup" = "WORKGROUP"; From 904a48dff624bde25c35632aa1e9761bc03a9dc6 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:47:41 +1000 Subject: [PATCH 19/28] update --- system/aly-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 73539fa..abe39da 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -50,7 +50,7 @@ "server string" = "aly-server"; "netbios name" = "aly-server"; "security" = "user"; - "max protocol" = "smb1"; + "max protocol" = "smb2"; "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; "hosts deny" = "0.0.0.0/0"; "guest account" = "nobody"; From 8a49a3e57bcd5cdc33920c3f9daff35000ecb47c Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:48:57 +1000 Subject: [PATCH 20/28] update --- system/aly-server.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index abe39da..538d69a 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -42,8 +42,6 @@ services.samba-wsdd.enable = true; services.samba = { enable = true; - nmbd.enable = false; - winbindd.enable = false; settings = { global = { "workgroup" = "WORKGROUP"; From 731564a97d1a01432dc7c9f8b21f3c498e31d7c3 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:52:02 +1000 Subject: [PATCH 21/28] update --- system/aly-server.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/system/aly-server.nix b/system/aly-server.nix index 538d69a..4455ba8 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -1,5 +1,8 @@ ({ config, pkgs, agenix, ... }: { networking.hostName = "aly-server"; + services.openvpn.servers = { + server = { config = '' config /home/aly/.secrets/server.ovpn ''; }; + }; system.stateVersion = "25.05"; virtualisation.hypervGuest.enable = true; virtualisation.docker = { From 5056353f4ce65d466ea472716341a9738c596534 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 17:55:57 +1000 Subject: [PATCH 22/28] update --- system/aly-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 4455ba8..ce87250 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -54,7 +54,7 @@ "max protocol" = "smb2"; "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; + "guest account" = "aly"; "map to guest" = "bad user"; }; "storage" = { From 55717be33ed7c08142cd4e9cb30c9f99638484d0 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 18:01:26 +1000 Subject: [PATCH 23/28] update --- system/aly-server.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index ce87250..d4e2b98 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -1,5 +1,11 @@ ({ config, pkgs, agenix, ... }: { networking.hostName = "aly-server"; + networking.networkmanager.enable = true; + networking.firewall.allowedTCPPorts = [ + 80 443 3923 5656 5030 5031 50300 + 4747 8989 7878 8686 13378 6767 9696 4545 + 52568 + ]; services.openvpn.servers = { server = { config = '' config /home/aly/.secrets/server.ovpn ''; }; }; @@ -21,8 +27,6 @@ programs.nixvim.defaultEditor = true; security.sudo.wheelNeedsPassword = false; - networking.networkmanager.enable = true; - time.timeZone = "Australia/Brisbane"; users.users.aly = { isNormalUser = true; @@ -45,6 +49,7 @@ services.samba-wsdd.enable = true; services.samba = { enable = true; + openFirewall = true; settings = { global = { "workgroup" = "WORKGROUP"; From 7398358fbcac5fb01adfac174a47b2587191990c Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 18:18:32 +1000 Subject: [PATCH 24/28] update --- system/aly-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index d4e2b98..6944270 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -56,7 +56,8 @@ "server string" = "aly-server"; "netbios name" = "aly-server"; "security" = "user"; - "max protocol" = "smb2"; + "min protocol" = "SMB2_02"; + "max protocol" = "SMB3_11"; "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; "hosts deny" = "0.0.0.0/0"; "guest account" = "aly"; From 376626910ceda556efc13054fab6444b31e144a2 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 18:21:05 +1000 Subject: [PATCH 25/28] update --- system/aly-server.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 6944270..33ada51 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -2,9 +2,12 @@ networking.hostName = "aly-server"; networking.networkmanager.enable = true; networking.firewall.allowedTCPPorts = [ - 80 443 3923 5656 5030 5031 50300 + 80 443 445 3923 5656 5030 5031 50300 4747 8989 7878 8686 13378 6767 9696 4545 - 52568 + 52568 50000 + ]; + networking.firewall.allowedUDPPorts = [ + 137 138 139 50000 ]; services.openvpn.servers = { server = { config = '' config /home/aly/.secrets/server.ovpn ''; }; From 7cd3389f7b99383b0972a1305fd8cd730b05d1c5 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 18:25:25 +1000 Subject: [PATCH 26/28] update --- system/aly-server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/system/aly-server.nix b/system/aly-server.nix index 33ada51..b50ed73 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -71,6 +71,7 @@ "browseable" = "yes"; "read only" = "no"; "guest ok" = "no"; + "valid users" = "aly"; "create mask" = "0664"; "directory mask" = "0775"; "force user" = "1001"; From 04f51912039ce5f4ea57211c36a96fa791416657 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 18:27:23 +1000 Subject: [PATCH 27/28] update --- system/aly-server.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index b50ed73..8fc9166 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -63,8 +63,10 @@ "max protocol" = "SMB3_11"; "hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1"; "hosts deny" = "0.0.0.0/0"; - "guest account" = "aly"; + "guest account" = "nobody"; "map to guest" = "bad user"; + "interfaces" = "lo eth0 docker0 tun0"; + "bind interfaces only" = "yes"; }; "storage" = { "path" = "/mnt/storage"; From 565c8a032888e5f2aac5718d05e99045f8a29c61 Mon Sep 17 00:00:00 2001 From: alydev Date: Thu, 25 Sep 2025 18:32:26 +1000 Subject: [PATCH 28/28] update --- system/aly-server.nix | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/system/aly-server.nix b/system/aly-server.nix index 8fc9166..bd75550 100644 --- a/system/aly-server.nix +++ b/system/aly-server.nix @@ -58,6 +58,9 @@ "workgroup" = "WORKGROUP"; "server string" = "aly-server"; "netbios name" = "aly-server"; + "disable netbios" = "yes"; + "wide links" = "yes"; + "allow insecure wide links" = "yes"; "security" = "user"; "min protocol" = "SMB2_02"; "max protocol" = "SMB3_11"; @@ -73,17 +76,36 @@ "browseable" = "yes"; "read only" = "no"; "guest ok" = "no"; + "guest only" = "no"; + "inherit acls" = "no"; + "inherit permissions" = "no"; + "store dos attributes" = "no"; + "follow symlinks" = "yes"; "valid users" = "aly"; "create mask" = "0664"; "directory mask" = "0775"; - "force user" = "1001"; - "force group" = "1005"; }; "media" = { "path" = "/mnt/storage/media"; "browseable" = "yes"; "read only" = "yes"; "guest ok" = "yes"; + "hide special files" = "yes"; + "inherit acls" = "no"; + "inherit permissions" = "no"; + "store dos attributes" = "no"; + "follow symlinks" = "yes"; + }; + "mirror" = { + "path" = "/mnt/storage/mirror"; + "browseable" = "yes"; + "read only" = "yes"; + "guest ok" = "yes"; + "hide special files" = "yes"; + "inherit acls" = "no"; + "inherit permissions" = "no"; + "store dos attributes" = "no"; + "follow symlinks" = "yes"; }; }; };