update

2025-10-13 20:49:40 +10:00 · 2025-09-25 18:32:26 +10:00 · 2025-09-25 18:27:23 +10:00 · 2025-09-25 18:25:25 +10:00 · 2025-09-25 18:21:05 +10:00 · 2025-09-25 18:18:32 +10:00
9 changed files with 291 additions and 38 deletions
--- a/aly-server.md
+++ b/aly-server.md
@ -0,0 +1,6 @@
+samba
+ps3netsrv
+xbox360 srv
+retronas
+openmediavault?
+btrfs
--- a/data/authorized_keys.nix
+++ b/data/authorized_keys.nix
@ -4,4 +4,5 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos"
 ]
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,26 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": [],
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1754433428,
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": [
@ -44,7 +65,7 @@
    },
    "flake-utils": {
      "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
@ -61,6 +82,27 @@
      }
    },
    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -162,6 +204,22 @@
      }
    },
    "nixpkgs": {
+      "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
      "locked": {
        "lastModified": 1758589230,
        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
@ -184,7 +242,7 @@
          "nixpkgs"
        ],
        "nuschtosSearch": "nuschtosSearch",
-        "systems": "systems_2"
+        "systems": "systems_3"
      },
      "locked": {
        "lastModified": 1758373036,
@ -247,10 +305,11 @@
    },
    "root": {
      "inputs": {
-        "home-manager": "home-manager",
+        "agenix": "agenix",
+        "home-manager": "home-manager_2",
        "nix-flatpak": "nix-flatpak",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
        "nixvim": "nixvim",
        "nur": "nur"
      }
@ -284,6 +343,21 @@
        "repo": "default",
        "type": "github"
      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -18,9 +18,11 @@
      url = "github:nix-community/nixvim/nixos-25.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.darwin.follows = "";
  };

-  outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: {
+  outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: {
    nixosConfigurations = {
      "aly-laptop" = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
@ -39,6 +41,27 @@
          }
        ];
      };
+      "aly-server" = nixpkgs.lib.nixosSystem {
+      	system = "x86_64-linux";
+	modules = [
+          nur.modules.nixos.default
+          nix-flatpak.nixosModules.nix-flatpak
+          nixvim.nixosModules.nixvim
+          ./hw/aly-server.nix
+          ./system/aly-server.nix
+	  agenix.nixosModules.default
+	  {
+	    environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
+	  }
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.aly = import ./home/aly.nix;
+          }
+          # TODO
+	];
+      };
    };
  };
 }
--- a/home/aly.nix
+++ b/home/aly.nix
@ -3,28 +3,28 @@
 {
  home.username = "aly";
  home.homeDirectory = "/home/aly";
-  xresources.properties = {
-    "Xcursor.size" = 16;
-    "Xft.dpi" = 300;
-  };
+#  xresources.properties = {
+#    "Xcursor.size" = 16;
+#    "Xft.dpi" = 300;
+#  };
  home.packages = with pkgs; [
-    gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
+#    gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
    neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils
    ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd
    gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool
    pciutils usbutils nix-output-monitor
  ];

-  programs.firefox = {
-    enable = true;
-    profiles.default = {
-      extensions = {
-        packages = with pkgs.nur.repos.rycee.firefox-addons; [
-          ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
-        ];
-      };
-    };
-  };
+#  programs.firefox = {
+#    enable = true;
+#    profiles.default = {
+#      extensions = {
+#        packages = with pkgs.nur.repos.rycee.firefox-addons; [
+#          ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
+#        ];
+#      };
+#    };
+#  };

  programs.git = {
    enable = true;
--- a/hw/aly-server.nix
+++ b/hw/aly-server.nix
@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/EF0E-1E4B";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/mnt/storage" =
+    { device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f";
+      fsType = "btrfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  virtualisation.hypervGuest.enable = true;
+}
--- a/system/aly-laptop.nix
+++ b/system/aly-laptop.nix
@ -13,4 +13,16 @@
    lidSwitchDocked = "ignore";
    lidSwitchExternalPower = "ignore";
  };
+  services.flatpak.enable = true;
+  services.flatpak.packages = [
+    "com.moonlight_stream.Moonlight"
+  ];
+  services.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
 })
--- a/system/aly-server.nix
+++ b/system/aly-server.nix
@ -0,0 +1,112 @@
+({ config, pkgs, agenix, ... }: {
+  networking.hostName = "aly-server";
+  networking.networkmanager.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    80 443 445 3923 5656 5030 5031 50300
+    4747 8989 7878 8686 13378 6767 9696 4545
+    52568 50000
+  ];
+  networking.firewall.allowedUDPPorts = [
+    137 138 139 50000 
+  ];
+  services.openvpn.servers = {
+    server = { config = '' config /home/aly/.secrets/server.ovpn ''; };
+  };
+  system.stateVersion = "25.05";
+  virtualisation.hypervGuest.enable = true;
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+  virtualisation.oci-containers.backend = "docker";
+  boot.blacklistedKernelModules = [ "hyperv_fb" ];
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  environment.systemPackages = with pkgs; [
+    cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs
+  ];
+  programs.nixvim.enable = true;
+  programs.nixvim.defaultEditor = true;
+  security.sudo.wheelNeedsPassword = false;
+
+  time.timeZone = "Australia/Brisbane";
+  users.users.aly = {
+    isNormalUser = true;
+    description = "aly";
+    hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/";
+    openssh.authorizedKeys.keys = import ../data/authorized_keys.nix;
+    extraGroups = [ "networkmanager" "wheel" "docker" ];
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no";
+      PasswordAuthentication = true;
+    };
+    openFirewall = true;
+  };
+
+  services.samba-wsdd.enable = true;
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        "workgroup" = "WORKGROUP";
+	"server string" = "aly-server";
+	"netbios name" = "aly-server";
+	"disable netbios" = "yes";
+	"wide links" = "yes";
+	"allow insecure wide links" = "yes";
+	"security" = "user";
+	"min protocol" = "SMB2_02";
+	"max protocol" = "SMB3_11";
+	"hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1";
+	"hosts deny" = "0.0.0.0/0";
+	"guest account" = "nobody";
+	"map to guest" = "bad user";
+	"interfaces" = "lo eth0 docker0 tun0";
+	"bind interfaces only" = "yes";
+      };
+      "storage" = {
+        "path" = "/mnt/storage";
+	"browseable" = "yes";
+	"read only" = "no";
+	"guest ok" = "no";
+	"guest only" = "no";
+	"inherit acls" = "no";
+	"inherit permissions" = "no";
+	"store dos attributes" = "no";
+	"follow symlinks" = "yes";
+	"valid users" = "aly";
+	"create mask" = "0664";
+        "directory mask" = "0775";
+      };
+      "media" = {
+        "path" = "/mnt/storage/media";
+	"browseable" = "yes";
+	"read only" = "yes";
+	"guest ok" = "yes";
+	"hide special files" = "yes";
+	"inherit acls" = "no";
+	"inherit permissions" = "no";
+	"store dos attributes" = "no";
+	"follow symlinks" = "yes";
+      };
+      "mirror" = {
+        "path" = "/mnt/storage/mirror";
+	"browseable" = "yes";
+	"read only" = "yes";
+	"guest ok" = "yes";
+	"hide special files" = "yes";
+	"inherit acls" = "no";
+	"inherit permissions" = "no";
+	"store dos attributes" = "no";
+	"follow symlinks" = "yes";
+      };
+    };
+  };
+})
--- a/system/global.nix
+++ b/system/global.nix
@ -12,15 +12,6 @@

  networking.networkmanager.enable = true;

-  services.flatpak.enable = true;
-  services.flatpak.packages = [
-    "com.moonlight_stream.Moonlight"
-  ];
-  services.pulseaudio.enable = false;
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-  };
  time.timeZone = "Australia/Brisbane";
  users.users.aly = {
    isNormalUser = true;
@ -30,20 +21,13 @@
    extraGroups = [ "networkmanager" "wheel" ];
  };

-  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    settings = {
      X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
-      PasswordAuthentication = true; # disable password login
+      PermitRootLogin = "no";
+      PasswordAuthentication = true;
    };
    openFirewall = true;
  };
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-
-  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
 })
Author	SHA1	Message	Date
alydev	565c8a0328	update	2025-09-25 18:32:26 +10:00
alydev	04f5191203	update	2025-09-25 18:27:23 +10:00
alydev	7cd3389f7b	update	2025-09-25 18:25:25 +10:00
alydev	376626910c	update	2025-09-25 18:21:05 +10:00
alydev	7398358fbc	update	2025-09-25 18:18:32 +10:00
alydev	55717be33e	update	2025-09-25 18:01:26 +10:00
alydev	5056353f4c	update	2025-09-25 17:55:57 +10:00
alydev	731564a97d	update	2025-09-25 17:52:02 +10:00
alydev	8a49a3e57b	update	2025-09-25 17:48:57 +10:00
alydev	904a48dff6	update	2025-09-25 17:47:41 +10:00
alydev	531c91b9e5	update	2025-09-25 17:46:20 +10:00
alydev	77ca80d621	update	2025-09-25 17:45:41 +10:00
alydev	545e4283f1	update	2025-09-25 17:43:47 +10:00
alydev	1369071cb2	update	2025-09-25 17:43:07 +10:00
alydev	6eec5cda43	update	2025-09-25 15:53:17 +10:00
alydev	1aff413d83	update	2025-09-25 15:37:47 +10:00
alydev	f5af1370cf	update	2025-09-25 15:37:27 +10:00
alydev	2aca8b2b75	update	2025-09-25 15:35:56 +10:00
alydev	11375eec54	update	2025-09-25 15:34:36 +10:00
alydev	44b6e473c0	update	2025-09-25 15:27:32 +10:00
alydev	1d82e41740	update	2025-09-25 15:13:38 +10:00
alydev	f65b69e7d6	update	2025-09-25 15:06:48 +10:00
alydev	17d3c70d1c	update	2025-09-25 15:03:30 +10:00
alydev	0b204ac349	update	2025-09-25 15:00:11 +10:00
alydev	84661d3f37	update	2025-09-25 14:45:41 +10:00
alydev	974b0e57f1	update	2025-09-25 04:22:53 +00:00
alydev	ae314607e0	update	2025-09-25 14:13:05 +10:00
alydev	86bed3f0d8	update	2025-09-25 14:05:22 +10:00