From da939346748f5b7302a6951f09f826f3be1f3641 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Sat, 22 Jul 2023 18:33:18 +0100 Subject: [PATCH] wip --- .../default.nix | 22 +++++++++++ modules/default.nix | 1 - modules/filesystems.nix | 38 +++++++++++++++++-- modules/locations.nix | 2 - modules/services/emby.nix | 17 --------- modules/users.nix | 34 +++++++++++++++++ modules/www/global.nix | 3 -- secrets/filesystems/{films.age => plex.age} | 0 secrets/filesystems/tv.age | 22 ----------- 9 files changed, 90 insertions(+), 49 deletions(-) delete mode 100644 modules/services/emby.nix rename secrets/filesystems/{films.age => plex.age} (100%) delete mode 100644 secrets/filesystems/tv.age diff --git a/hosts/tywin.storage.ts.hillion.co.uk/default.nix b/hosts/tywin.storage.ts.hillion.co.uk/default.nix index 12f70fa..e9c5457 100644 --- a/hosts/tywin.storage.ts.hillion.co.uk/default.nix +++ b/hosts/tywin.storage.ts.hillion.co.uk/default.nix @@ -47,6 +47,27 @@ fileSystems."/mnt/d1".options = [ "x-systemd.mount-timeout=3m" ]; fileSystems."/mnt/d2".options = [ "x-systemd.mount-timeout=3m" ]; + ## Network Shares + custom.filesystems.autoserve = true; + users.groups.plex.gid = config.ids.gids.plex; + users.users.plex = { + group = "plex"; + uid = config.ids.uids.plex; + extraGroups = "mediaaccess"; + }; + + services.samba = { + enable = true; + + shares = { + tv = { }; + films = { }; + }; + }; + system.activationScripts.smb = with pkgs; '' + cat | ${samba}/bin/smbpasswd -a plex -s + ''; + ## Backups ### Git age.secrets."git/git_backups_ecdsa".file = ../../secrets/git/git_backups_ecdsa.age; @@ -262,6 +283,7 @@ ## Firewall networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 80 # Caddy (restic.tywin.storage.ts.) + 445 # SMB 14002 # Storj Dashboard (zfs.) 14003 # Storj Dashboard (d0.) 14004 # Storj Dashboard (d1.) diff --git a/modules/default.nix b/modules/default.nix index 1f2e13d..9874708 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -11,7 +11,6 @@ ./locations.nix ./resilio.nix ./services/downloads.nix - ./services/emby.nix ./services/mastodon/default.nix ./services/matrix.nix ./services/plex.nix diff --git a/modules/filesystems.nix b/modules/filesystems.nix index f1c6ec6..d8465b7 100644 --- a/modules/filesystems.nix +++ b/modules/filesystems.nix @@ -5,10 +5,41 @@ let in { options.custom.filesystems = { + autoServe = lib.mkEnableOption "serve owned network shares"; + + fs = lib.mkOption { + default = { + films = { + enable = false; + path = "/media/films"; + }; + tv = { + enable = false; + path = "/media/tv"; + }; + }; + }; + + locs = lib.mkOption { + readOnly = true; + + default = { + films = { + localPath = "/data/media/films"; + remotePath = { + type = "cifs"; + share = "films"; + user = "films"; + credentials = config.age.secrets."filesystems/films".path; + }; + }; + }; + }; + films = { enable = lib.mkEnableOption "mounting films"; host = lib.mkOption { - default = "archnas.storage.ts.hillion.co.uk"; + default = "tywin.storage.ts.hillion.co.uk"; }; path = lib.mkOption { type = lib.types.str; @@ -30,7 +61,7 @@ in tv = { enable = lib.mkEnableOption "mounting tv"; host = lib.mkOption { - default = "archnas.storage.ts.hillion.co.uk"; + default = "tywin.storage.ts.hillion.co.uk"; }; localPath = lib.mkOption { default = "/data/media/tv"; @@ -52,8 +83,7 @@ in config = { age.secrets = { - "filesystems/films" = lib.mkIf cfg.tv.enable { file = ../secrets/filesystems/films.age; }; - "filesystems/tv" = lib.mkIf cfg.tv.enable { file = ../secrets/filesystems/tv.age; }; + "filesystems/plex" = lib.mkIf (cfg.tv.enable || cfg.films.enable) { file = ../secrets/filesystems/plex.age; }; }; fileSystems = { "${cfg.films.path}" = lib.mkIf cfg.films.enable (if cfg.films.host == config.networking.fqdn then { diff --git a/modules/locations.nix b/modules/locations.nix index 22df788..1aea3d3 100644 --- a/modules/locations.nix +++ b/modules/locations.nix @@ -14,7 +14,6 @@ in default = { services = { downloads = "tywin.storage.ts.hillion.co.uk"; - emby = "gendry.jakehillion-terminals.ts.hillion.co.uk"; mastodon = "vm.strangervm.ts.hillion.co.uk"; matrix = "vm.strangervm.ts.hillion.co.uk"; plex = "gendry.jakehillion-terminals.ts.hillion.co.uk"; @@ -25,7 +24,6 @@ in config = lib.mkIf cfg.autoServe { custom.services = { - emby.enable = cfg.locations.services.emby == config.networking.fqdn; mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn; matrix.enable = cfg.locations.services.matrix == config.networking.fqdn; plex.enable = cfg.locations.services.plex == config.networking.fqdn; diff --git a/modules/services/emby.nix b/modules/services/emby.nix deleted file mode 100644 index d9e6923..0000000 --- a/modules/services/emby.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, ... }: - -let - cfg = config.custom.services.emby; -in -{ - options.custom.services.emby = { - enable = lib.mkEnableOption "emby"; - }; - - config = lib.mkIf cfg.enable { - custom.filesystems = { - tv.enable = true; - films.enable = true; - }; - }; -} diff --git a/modules/users.nix b/modules/users.nix index 3c9739e..c830ec8 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,6 +1,23 @@ { config, pkgs, lib, ... }: +let + cfg = config.custom; + lazyUsers = { }; +in { + options.custom = { + users = lib.mkOption { + description = "Create a user with the correct group and a consistent uid."; + type = with lib.types; listOf str; + default = [ ]; + }; + groups = lib.mkOption { + description = "Create a group with a consistent gid."; + type = with lib.types; listOf str; + default = [ ]; + }; + }; + config = { ids.uids = { ## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix) @@ -15,5 +32,22 @@ ## Consistent Groups mediaaccess = 1200; }; + + users.groups = builtins.listToAttrs (builtins.map + (g: { + name = g; + value = { + gid = config.ids.gids.${u}; + }; + }) + cfg.groups); + users.users = builtins.listToAttrs (builtins.map + (u: { + name = u; + value = { + uid = config.ids.gids.${u}; + } // (if builtins.hasAttr u lazyUsers then lazyUsers.${u} else { group = "users"; }); + }) + cfg.users); }; } diff --git a/modules/www/global.nix b/modules/www/global.nix index a7e11fb..0a91617 100644 --- a/modules/www/global.nix +++ b/modules/www/global.nix @@ -35,9 +35,6 @@ in virtualHosts."homeassistant.hillion.co.uk".extraConfig = '' reverse_proxy http://homeassistant.homeassistant.ts.hillion.co.uk:8123 ''; - virtualHosts."emby.hillion.co.uk".extraConfig = '' - reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096 - ''; virtualHosts."matrix.hillion.co.uk".extraConfig = '' reverse_proxy http://${locations.services.matrix}:8008 ''; diff --git a/secrets/filesystems/films.age b/secrets/filesystems/plex.age similarity index 100% rename from secrets/filesystems/films.age rename to secrets/filesystems/plex.age diff --git a/secrets/filesystems/tv.age b/secrets/filesystems/tv.age deleted file mode 100644 index 6ef5a67..0000000 --- a/secrets/filesystems/tv.age +++ /dev/null @@ -1,22 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa GxPFJQ -S8LhCEjcKwVXqm9AEyHQNv8veKcEwIOpzqI8fgSnFjhVPi7XKdjYQZPMVaD4oDxM -AE7dBGy2PxoXxaqLLgnL7IGgMN9B2En6LoaazavGNrPvl07LWZFk+dUBvh/cA3Be -G8F3xl0ei7V6zsTuEIy1brVHtsTLrD9CHo2LOx3Pz3vIKIYNoi29QOB4vhfW6qM5 -xMaNfoRlweJJ+CeC7vKDinkUGbyLFF3UQQC7lJpz3TgOzpCvukRxjMXBw6767PrA -2Ua9KTtXCGJeq8qfIMXPo2OD7IEh1Ob8HGHKqqeTa+uM4gEGE+3yKLMfc32BlU6D -HaN9gJ4r9cmWSq1ZmtKTRA --> ssh-rsa K9mW1w -HPQauPQLfyfoKu4OlFLR6jZQzZRN51mycXKlPb57fffY3Jk+fAsjFNPcuiSup14u -1W0VIZcki64QA4nTdyIWWrIxMe1WpjI3KnEjUu0AaeXAhS1hHsd2imux07SfwVzm -d71c5Mkk9BjN3GnAlvSYfe8u1sfpBhTn0RgjprHRdHfZSkomu00VltB6G84WqQuJ -DlzFS/b4Q2dS4KV+aG3YForqN0iJmUXMIYRm0LCmqvsUGIXqj2ER+Kw/ov4DrgUa -8UWSgVOLC4SGMk4qZi3/GI/Vvp32U3IGmO+RbR1q36FDtWXe6Cz/XIxKZw5tDuIA -q0we6rb0OZEhmIL7nbLM/g --> ssh-ed25519 O0LMHg tI2AD8+MzZw7+5rCT6LBCtPyGKIm5728S3aoSPmdFmY -dRuUAshH/zwZ9oL2heJaLmhq1sFJPe7XonDVWgIz7hs --> hE7|6$-grease -rCFOlWXcHUh3kOzEFVh7KxkX7VlO0aQCmfuvHon6zspAzysY/UnVNICYLrnPaQvn -Xxx2/BvVQSDinUXEs/5ycuYTMS5+suKi0cSA7+ZD/YaNHL/CWnhOGJcYElQK ---- CE4gEsUZaituW2wZUrhwEtlLiCmHy+dQ4w2DWnVKATc -g5` "YHOB  0y+S`S[ЉRE۲d6QXQRn \ No newline at end of file