Deploy zfs, samba

nixos/hosts/eidola/configuration.nix

@@ -9,10 +9,13 @@
     ./mounts.nix
     ./secrets.nix
     ./nebula.nix
+    ./zfs.nix
+    ./samba.nix
   ];
 
   networking.hostName = "eidola"; # Define your hostname.
   time.timeZone = "America/New_York"; # Set your time zone.
+  networking.hostId = "80f64d29"; # Define the host ID. (for ZFS)
 
   # Allow unfree packages (firmware)
   nixpkgs.config.allowUnfree = true;

nixos/hosts/eidola/mounts.nix

@@ -10,6 +10,8 @@
       "/var/lib/systemd/coredump"
       "/var/lib/nixos"
       "/var/db/sudo"
+
+      "/etc/zfs"
     ];
     files = [
       "/etc/machine-id"

nixos/hosts/eidola/samba.nix

@@ -0,0 +1,34 @@
+{...}: {
+  users = {
+    users.min = {
+      isSystemUser = true;
+      group = "samba";
+    };
+    groups."samba" = {};
+  };
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+
+    securityType = "user";
+
+    extraConfig = ''
+      browseable = yes
+      smb encrypt = required
+
+      valid users = @samba
+    '';
+
+    shares = {
+      terra = {
+        "path" = "/terra";
+        "browseable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+    };
+  };
+}

nixos/hosts/eidola/zfs.nix

@@ -0,0 +1,26 @@
+{pkgs, ...}: {
+  boot = {
+    supportedFilesystems = ["zfs"];
+    zfs = {
+      forceImportRoot = false;
+      extraPools = ["gaia"];
+    };
+  };
+  services.zfs = {
+    autoScrub = {
+      enable = true;
+    };
+  };
+
+  sops.secrets."terra-key" = {
+    neededForUsers = true;
+    path = "/etc/secrets/terra.key";
+  };
+
+  fileSystems."/terra" = {
+    device = "gaia/terra";
+    fsType = "zfs";
+  };
+
+  environment.systemPackages = [pkgs.zfs];
+}

secrets/eidola.yaml

@@ -1,6 +1,7 @@
 root-pw: ENC[AES256_GCM,data:g/dIT5d5w+FCAbxgGRJoMISgVTySEqXoBCV/jopu9Cgm4db9zAFWzZ7kUqOr8IQpEpCXyguYClIGExt0SztbRze8YPu9NilcUmYH7QmI+8oaEanYkvwpT5jyBU/M2eG0U9pMzcGI6hl2Ew==,iv:2HmGvFkRrnwYi5gjB4Na/ZayGoCFEsM4TDoqKlzhZUg=,tag:NLuval5PJ6AnDLvPGVvm7w==,type:str]
 user-pw: ENC[AES256_GCM,data:gr+Dis3c5NWLWnfJG4eJUxwt574R3n40djeK68hukMNPx0qwGRAT5a7UQ5doxtDBgafcH1uCgqrsWwEmy9H5dS6WfLMivE5Uy213EcEk3YNUwI9d5vbdcbCcXWvPsyCu6sxS3x731EVVYA==,iv:4AHzVLoJD95d2UwwEAwxWP0G2gekHahBt4hDDA9ZSx0=,tag:03L3Ql070mt3oDV5YdrETg==,type:str]
 nebula-key: ENC[AES256_GCM,data:YnGtqqWXbwkMYFJAKcBXmbRE+lsW9DwRnsseocTAVVIAqw84o3Qny2LO1vzoErtP7Fx9vPaI2bzvJTICNSTBw2jH4thzLR71XpHZI7mo+FSXzpZx8pxv6pfVcCW4tNK7KXx/PyvzCU21npsPDoVlM1rE/LKPxu2PLoGBd6u+,iv:g5BIpHXXrHZovSWnLURhJzTCaZC6fjVNS1QXwnSlxVs=,tag:9D/wTzaJOd5Vls/l33jZSg==,type:str]
+terra-key: ENC[AES256_GCM,data:pQRlvltiRr83ndfSjX/I8n1WekS9jY2K1QyLTTcYn14TRupRVgvX47rsus1QA9QAbpT/9f0ZYld3aCrR5J0rxg==,iv:mkiu/+uLKOHG9gDjv72T7JGz6/3oaimDawAOqGs3Koo=,tag:c9Ubj3i5rDj5vaLBRpAUkQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +17,8 @@ sops:
             SDF1ZjBHRzBjdW1CUWFHL0pkdWpTZEkKNhQcpKiy0Wr5luzhYW3ObHg2cX7T/iKU
             WLEk2G8QKb52FFH/rNE3cfE64EOx97T7B2YB8nX5CEC7rDuoDN8rKg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-15T20:21:41Z"
-    mac: ENC[AES256_GCM,data:UFxO3wb/gAg5hiYkp4lfGeO0gZA6F5sEv6jiwI+GA6BidCkrGMAaYLQm6wvJ9sPHANdzSS72oi+7fUyoQ1M7ukpocpA+qbpC5RjGWQusxrrJK+J7khSWGfP5X8qkJTxFs+FK1D2HcfTIPcwsR4LOHwK/chWg4As4aEgGHcUIZBw=,iv:6RE/Y24jIt5PVlzc8PHIYFCgpEt0QLNeXa0uAk4vWIs=,tag:JrBltUtb7hqr2LsJr2oXRQ==,type:str]
+    lastmodified: "2024-12-14T07:48:40Z"
+    mac: ENC[AES256_GCM,data:1PUbru5HQynz5oC6AFcwreJdT7HupCZUuISsSTQkIY4fQHCeYDp5SqdNhGxjfjl9g7DeoNDCK3jCSY3HPnoz+34RfiC1Cf8lLjV139+jROHakG0gv05wrKqH2b8d52deX/OwDP5SV3mg3OFkiiDEroGF/1apAPs+FXeehnt4jQg=,iv:7E1i9ENR4ZEBYl2aSoNLBOmV7Xx3F7Fr8Ldr8SkWrlE=,tag:L0sCmeD8lCcxA/qtrHr7xg==,type:str]
     pgp:
         - created_at: "2024-11-04T02:36:41Z"
           enc: |-