update

aly-server.md

@@ -0,0 +1,6 @@
+samba
+ps3netsrv
+xbox360 srv
+retronas
+openmediavault?
+btrfs

data/authorized_keys.nix

@@ -4,4 +4,5 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAPHB5cZxUF6btKjT8yNLcwWBxXf+Jb9x2iPszWY5l7 aly@alyssd"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPx69hgnDfNMM8nuNdRRnhHSto6BvBBYkEL8mzNtKpVG aly@aly-ubuntu-vm"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmq4bJDXwpIgr60q7EyCXqYWZIT8ZAjazzLRflQPlqX aly@aly-laptop"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFSvtZtEqrl3z1By5LN2iwkmy7ZjsCYUQC43ESoR48Vi aly@nixos"
 ]

flake.lock

@@ -1,5 +1,26 @@
 {
   "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": [],
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1754433428,
+        "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": [
@@ -44,7 +65,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -61,6 +82,27 @@
       }
     },
     "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1745494811,
+        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"
@@ -162,6 +204,22 @@
       }
     },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1754028485,
+        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1758589230,
         "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
@@ -184,7 +242,7 @@
           "nixpkgs"
         ],
         "nuschtosSearch": "nuschtosSearch",
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1758373036,
@@ -247,10 +305,11 @@
     },
     "root": {
       "inputs": {
-        "home-manager": "home-manager",
+        "agenix": "agenix",
+        "home-manager": "home-manager_2",
         "nix-flatpak": "nix-flatpak",
         "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "nixvim": "nixvim",
         "nur": "nur"
       }
@@ -284,6 +343,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -18,9 +18,11 @@
       url = "github:nix-community/nixvim/nixos-25.05";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    agenix.url = "github:ryantm/agenix";
+    agenix.inputs.darwin.follows = "";
   };
 
-  outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, ... }: {
+  outputs = inputs@{ nixpkgs, home-manager, nix-flatpak, nixos-generators, nur, nixvim, agenix, ... }: {
     nixosConfigurations = {
       "aly-laptop" = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
@@ -39,6 +41,27 @@
           }
         ];
       };
+      "aly-server" = nixpkgs.lib.nixosSystem {
+      	system = "x86_64-linux";
+	modules = [
+          nur.modules.nixos.default
+          nix-flatpak.nixosModules.nix-flatpak
+          nixvim.nixosModules.nixvim
+          ./hw/aly-server.nix
+          ./system/aly-server.nix
+	  agenix.nixosModules.default
+	  {
+	    environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
+	  }
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.aly = import ./home/aly.nix;
+          }
+          # TODO
+	];
+      };
     };
   };
 }

home/aly.nix

@@ -3,28 +3,28 @@
 {
   home.username = "aly";
   home.homeDirectory = "/home/aly";
-  xresources.properties = {
+#  xresources.properties = {
-    "Xcursor.size" = 16;
+#    "Xcursor.size" = 16;
-    "Xft.dpi" = 300;
+#    "Xft.dpi" = 300;
-  };
+#  };
   home.packages = with pkgs; [
-    gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
+#    gnome-tweaks obs-studio rpi-imager google-cloud-sdk supersonic
     neofetch nnn zip xz unzip p7zip ripgrep jq yq-go mtr iperf3 dnsutils
     ldns aria2 socat nmap ipcalc file which tree gnused gnutar gawk zstd
     gnupg btop iotop iftop strace ltrace lsof sysstat lm_sensors ethtool
     pciutils usbutils nix-output-monitor
   ];
 
-  programs.firefox = {
+#  programs.firefox = {
-    enable = true;
+#    enable = true;
-    profiles.default = {
+#    profiles.default = {
-      extensions = {
+#      extensions = {
-        packages = with pkgs.nur.repos.rycee.firefox-addons; [
+#        packages = with pkgs.nur.repos.rycee.firefox-addons; [
-          ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
+#          ublock-origin bitwarden darkreader indie-wiki-buddy sponsorblock
-        ];
+#        ];
-      };
+#      };
-    };
+#    };
-  };
+#  };
 
   programs.git = {
     enable = true;

hw/aly-server.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1ede5a16-78e9-4874-b39f-b1d31a021774";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/EF0E-1E4B";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/mnt/storage" =
+    { device = "/dev/disk/by-uuid/e959b50a-31fe-4828-9b46-9f2c80c5a42f";
+      fsType = "btrfs";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  virtualisation.hypervGuest.enable = true;
+}

system/aly-laptop.nix

@@ -13,4 +13,16 @@
     lidSwitchDocked = "ignore";
     lidSwitchExternalPower = "ignore";
   };
+  services.flatpak.enable = true;
+  services.flatpak.packages = [
+    "com.moonlight_stream.Moonlight"
+  ];
+  services.pulseaudio.enable = false;
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+  services.xserver.enable = true;
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
 })

system/aly-server.nix

@@ -0,0 +1,112 @@
+({ config, pkgs, agenix, ... }: {
+  networking.hostName = "aly-server";
+  networking.networkmanager.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    80 443 445 3923 5656 5030 5031 50300
+    4747 8989 7878 8686 13378 6767 9696 4545
+    52568 50000
+  ];
+  networking.firewall.allowedUDPPorts = [
+    137 138 139 50000 
+  ];
+  services.openvpn.servers = {
+    server = { config = '' config /home/aly/.secrets/server.ovpn ''; };
+  };
+  system.stateVersion = "25.05";
+  virtualisation.hypervGuest.enable = true;
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+  virtualisation.oci-containers.backend = "docker";
+  boot.blacklistedKernelModules = [ "hyperv_fb" ];
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  environment.systemPackages = with pkgs; [
+    cargo rustc just git wget gcc gnumake autoconf automake pkg-config cifs-utils btrfs-progs
+  ];
+  programs.nixvim.enable = true;
+  programs.nixvim.defaultEditor = true;
+  security.sudo.wheelNeedsPassword = false;
+
+  time.timeZone = "Australia/Brisbane";
+  users.users.aly = {
+    isNormalUser = true;
+    description = "aly";
+    hashedPassword = "$y$j9T$Q.yFJjo9LMA8o.7Ac5uSr/$Y8pYIPSzCXHSd4nAlUohaaohwpquK6XEIjxFKq3J4s/";
+    openssh.authorizedKeys.keys = import ../data/authorized_keys.nix;
+    extraGroups = [ "networkmanager" "wheel" "docker" ];
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      X11Forwarding = true;
+      PermitRootLogin = "no";
+      PasswordAuthentication = true;
+    };
+    openFirewall = true;
+  };
+
+  services.samba-wsdd.enable = true;
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        "workgroup" = "WORKGROUP";
+	"server string" = "aly-server";
+	"netbios name" = "aly-server";
+	"disable netbios" = "yes";
+	"wide links" = "yes";
+	"allow insecure wide links" = "yes";
+	"security" = "user";
+	"min protocol" = "SMB2_02";
+	"max protocol" = "SMB3_11";
+	"hosts allow" = "192.168.0. 10.8.0. localhost 127.0.0.1";
+	"hosts deny" = "0.0.0.0/0";
+	"guest account" = "nobody";
+	"map to guest" = "bad user";
+	"interfaces" = "lo eth0 docker0 tun0";
+	"bind interfaces only" = "yes";
+      };
+      "storage" = {
+        "path" = "/mnt/storage";
+	"browseable" = "yes";
+	"read only" = "no";
+	"guest ok" = "no";
+	"guest only" = "no";
+	"inherit acls" = "no";
+	"inherit permissions" = "no";
+	"store dos attributes" = "no";
+	"follow symlinks" = "yes";
+	"valid users" = "aly";
+	"create mask" = "0664";
+        "directory mask" = "0775";
+      };
+      "media" = {
+        "path" = "/mnt/storage/media";
+	"browseable" = "yes";
+	"read only" = "yes";
+	"guest ok" = "yes";
+	"hide special files" = "yes";
+	"inherit acls" = "no";
+	"inherit permissions" = "no";
+	"store dos attributes" = "no";
+	"follow symlinks" = "yes";
+      };
+      "mirror" = {
+        "path" = "/mnt/storage/mirror";
+	"browseable" = "yes";
+	"read only" = "yes";
+	"guest ok" = "yes";
+	"hide special files" = "yes";
+	"inherit acls" = "no";
+	"inherit permissions" = "no";
+	"store dos attributes" = "no";
+	"follow symlinks" = "yes";
+      };
+    };
+  };
+})

system/global.nix

@@ -12,15 +12,6 @@
 
   networking.networkmanager.enable = true;
 
-  services.flatpak.enable = true;
-  services.flatpak.packages = [
-    "com.moonlight_stream.Moonlight"
-  ];
-  services.pulseaudio.enable = false;
-  services.pipewire = {
-    enable = true;
-    pulse.enable = true;
-  };
   time.timeZone = "Australia/Brisbane";
   users.users.aly = {
     isNormalUser = true;
@@ -30,20 +21,13 @@
     extraGroups = [ "networkmanager" "wheel" ];
   };
 
-  # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
     settings = {
       X11Forwarding = true;
-      PermitRootLogin = "no"; # disable root login
+      PermitRootLogin = "no";
-      PasswordAuthentication = true; # disable password login
+      PasswordAuthentication = true;
     };
     openFirewall = true;
   };
-  # Enable the X11 windowing system.
-  services.xserver.enable = true;
-
-  # Enable the GNOME Desktop Environment.
-  services.xserver.displayManager.gdm.enable = true;
-  services.xserver.desktopManager.gnome.enable = true;
 })