diff --git a/nixos/hosts/eidola/configuration.nix b/nixos/hosts/eidola/configuration.nix index 12ff837..adf4b6c 100644 --- a/nixos/hosts/eidola/configuration.nix +++ b/nixos/hosts/eidola/configuration.nix @@ -9,10 +9,13 @@ ./mounts.nix ./secrets.nix ./nebula.nix + ./zfs.nix + ./samba.nix ]; networking.hostName = "eidola"; # Define your hostname. time.timeZone = "America/New_York"; # Set your time zone. + networking.hostId = "80f64d29"; # Define the host ID. (for ZFS) # Allow unfree packages (firmware) nixpkgs.config.allowUnfree = true; diff --git a/nixos/hosts/eidola/mounts.nix b/nixos/hosts/eidola/mounts.nix index 4816c59..3d33f4e 100644 --- a/nixos/hosts/eidola/mounts.nix +++ b/nixos/hosts/eidola/mounts.nix @@ -10,6 +10,8 @@ "/var/lib/systemd/coredump" "/var/lib/nixos" "/var/db/sudo" + + "/etc/zfs" ]; files = [ "/etc/machine-id" diff --git a/nixos/hosts/eidola/samba.nix b/nixos/hosts/eidola/samba.nix new file mode 100644 index 0000000..6b97869 --- /dev/null +++ b/nixos/hosts/eidola/samba.nix @@ -0,0 +1,34 @@ +{...}: { + users = { + users.min = { + isSystemUser = true; + group = "samba"; + }; + groups."samba" = {}; + }; + + services.samba = { + enable = true; + openFirewall = true; + + securityType = "user"; + + extraConfig = '' + browseable = yes + smb encrypt = required + + valid users = @samba + ''; + + shares = { + terra = { + "path" = "/terra"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + }; + }; + }; +} diff --git a/nixos/hosts/eidola/zfs.nix b/nixos/hosts/eidola/zfs.nix new file mode 100644 index 0000000..530f7e6 --- /dev/null +++ b/nixos/hosts/eidola/zfs.nix @@ -0,0 +1,26 @@ +{pkgs, ...}: { + boot = { + supportedFilesystems = ["zfs"]; + zfs = { + forceImportRoot = false; + extraPools = ["gaia"]; + }; + }; + services.zfs = { + autoScrub = { + enable = true; + }; + }; + + sops.secrets."terra-key" = { + neededForUsers = true; + path = "/etc/secrets/terra.key"; + }; + + fileSystems."/terra" = { + device = "gaia/terra"; + fsType = "zfs"; + }; + + environment.systemPackages = [pkgs.zfs]; +} diff --git a/secrets/eidola.yaml b/secrets/eidola.yaml index 185a226..b81255b 100644 --- a/secrets/eidola.yaml +++ b/secrets/eidola.yaml @@ -1,6 +1,7 @@ root-pw: ENC[AES256_GCM,data:g/dIT5d5w+FCAbxgGRJoMISgVTySEqXoBCV/jopu9Cgm4db9zAFWzZ7kUqOr8IQpEpCXyguYClIGExt0SztbRze8YPu9NilcUmYH7QmI+8oaEanYkvwpT5jyBU/M2eG0U9pMzcGI6hl2Ew==,iv:2HmGvFkRrnwYi5gjB4Na/ZayGoCFEsM4TDoqKlzhZUg=,tag:NLuval5PJ6AnDLvPGVvm7w==,type:str] user-pw: ENC[AES256_GCM,data:gr+Dis3c5NWLWnfJG4eJUxwt574R3n40djeK68hukMNPx0qwGRAT5a7UQ5doxtDBgafcH1uCgqrsWwEmy9H5dS6WfLMivE5Uy213EcEk3YNUwI9d5vbdcbCcXWvPsyCu6sxS3x731EVVYA==,iv:4AHzVLoJD95d2UwwEAwxWP0G2gekHahBt4hDDA9ZSx0=,tag:03L3Ql070mt3oDV5YdrETg==,type:str] nebula-key: ENC[AES256_GCM,data:YnGtqqWXbwkMYFJAKcBXmbRE+lsW9DwRnsseocTAVVIAqw84o3Qny2LO1vzoErtP7Fx9vPaI2bzvJTICNSTBw2jH4thzLR71XpHZI7mo+FSXzpZx8pxv6pfVcCW4tNK7KXx/PyvzCU21npsPDoVlM1rE/LKPxu2PLoGBd6u+,iv:g5BIpHXXrHZovSWnLURhJzTCaZC6fjVNS1QXwnSlxVs=,tag:9D/wTzaJOd5Vls/l33jZSg==,type:str] +terra-key: ENC[AES256_GCM,data:pQRlvltiRr83ndfSjX/I8n1WekS9jY2K1QyLTTcYn14TRupRVgvX47rsus1QA9QAbpT/9f0ZYld3aCrR5J0rxg==,iv:mkiu/+uLKOHG9gDjv72T7JGz6/3oaimDawAOqGs3Koo=,tag:c9Ubj3i5rDj5vaLBRpAUkQ==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: SDF1ZjBHRzBjdW1CUWFHL0pkdWpTZEkKNhQcpKiy0Wr5luzhYW3ObHg2cX7T/iKU WLEk2G8QKb52FFH/rNE3cfE64EOx97T7B2YB8nX5CEC7rDuoDN8rKg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-15T20:21:41Z" - mac: ENC[AES256_GCM,data:UFxO3wb/gAg5hiYkp4lfGeO0gZA6F5sEv6jiwI+GA6BidCkrGMAaYLQm6wvJ9sPHANdzSS72oi+7fUyoQ1M7ukpocpA+qbpC5RjGWQusxrrJK+J7khSWGfP5X8qkJTxFs+FK1D2HcfTIPcwsR4LOHwK/chWg4As4aEgGHcUIZBw=,iv:6RE/Y24jIt5PVlzc8PHIYFCgpEt0QLNeXa0uAk4vWIs=,tag:JrBltUtb7hqr2LsJr2oXRQ==,type:str] + lastmodified: "2024-12-14T07:48:40Z" + mac: ENC[AES256_GCM,data:1PUbru5HQynz5oC6AFcwreJdT7HupCZUuISsSTQkIY4fQHCeYDp5SqdNhGxjfjl9g7DeoNDCK3jCSY3HPnoz+34RfiC1Cf8lLjV139+jROHakG0gv05wrKqH2b8d52deX/OwDP5SV3mg3OFkiiDEroGF/1apAPs+FXeehnt4jQg=,iv:7E1i9ENR4ZEBYl2aSoNLBOmV7Xx3F7Fr8Ldr8SkWrlE=,tag:L0sCmeD8lCcxA/qtrHr7xg==,type:str] pgp: - created_at: "2024-11-04T02:36:41Z" enc: |-