wip

hosts/tywin.storage.ts.hillion.co.uk/default.nix

@@ -47,6 +47,27 @@
     fileSystems."/mnt/d1".options = [ "x-systemd.mount-timeout=3m" ];
     fileSystems."/mnt/d2".options = [ "x-systemd.mount-timeout=3m" ];
 
+    ## Network Shares
+    custom.filesystems.autoserve = true;
+    users.groups.plex.gid = config.ids.gids.plex;
+    users.users.plex = {
+      group = "plex";
+      uid = config.ids.uids.plex;
+      extraGroups = "mediaaccess";
+    };
+
+    services.samba = {
+      enable = true;
+
+      shares = {
+        tv = { };
+        films = { };
+      };
+    };
+    system.activationScripts.smb = with pkgs; ''
+      cat | ${samba}/bin/smbpasswd -a plex -s
+    '';
+
     ## Backups
     ### Git
     age.secrets."git/git_backups_ecdsa".file = ../../secrets/git/git_backups_ecdsa.age;
@@ -262,6 +283,7 @@
     ## Firewall
     networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
       80 # Caddy (restic.tywin.storage.ts.)
+      445 # SMB
       14002 # Storj Dashboard (zfs.)
       14003 # Storj Dashboard (d0.)
       14004 # Storj Dashboard (d1.)

modules/default.nix

@@ -11,7 +11,6 @@
     ./locations.nix
     ./resilio.nix
     ./services/downloads.nix
-    ./services/emby.nix
     ./services/mastodon/default.nix
     ./services/matrix.nix
     ./services/plex.nix

modules/filesystems.nix

@@ -5,10 +5,41 @@ let
 in
 {
   options.custom.filesystems = {
+    autoServe = lib.mkEnableOption "serve owned network shares";
+
+    fs = lib.mkOption {
+      default = {
+        films = {
+          enable = false;
+          path = "/media/films";
+        };
+        tv = {
+          enable = false;
+          path = "/media/tv";
+        };
+      };
+    };
+
+    locs = lib.mkOption {
+      readOnly = true;
+
+      default = {
+        films = {
+          localPath = "/data/media/films";
+          remotePath = {
+            type = "cifs";
+            share = "films";
+            user = "films";
+            credentials = config.age.secrets."filesystems/films".path;
+          };
+        };
+      };
+    };
+
     films = {
       enable = lib.mkEnableOption "mounting films";
       host = lib.mkOption {
-        default = "archnas.storage.ts.hillion.co.uk";
+        default = "tywin.storage.ts.hillion.co.uk";
       };
       path = lib.mkOption {
         type = lib.types.str;
@@ -30,7 +61,7 @@ in
     tv = {
       enable = lib.mkEnableOption "mounting tv";
       host = lib.mkOption {
-        default = "archnas.storage.ts.hillion.co.uk";
+        default = "tywin.storage.ts.hillion.co.uk";
       };
       localPath = lib.mkOption {
         default = "/data/media/tv";
@@ -52,8 +83,7 @@ in
 
   config = {
     age.secrets = {
-      "filesystems/films" = lib.mkIf cfg.tv.enable { file = ../secrets/filesystems/films.age; };
+      "filesystems/plex" = lib.mkIf (cfg.tv.enable || cfg.films.enable) { file = ../secrets/filesystems/plex.age; };
-      "filesystems/tv" = lib.mkIf cfg.tv.enable { file = ../secrets/filesystems/tv.age; };
     };
     fileSystems = {
       "${cfg.films.path}" = lib.mkIf cfg.films.enable (if cfg.films.host == config.networking.fqdn then {

modules/locations.nix

@@ -14,7 +14,6 @@ in
       default = {
         services = {
           downloads = "tywin.storage.ts.hillion.co.uk";
-          emby = "gendry.jakehillion-terminals.ts.hillion.co.uk";
           mastodon = "vm.strangervm.ts.hillion.co.uk";
           matrix = "vm.strangervm.ts.hillion.co.uk";
           plex = "gendry.jakehillion-terminals.ts.hillion.co.uk";
@@ -25,7 +24,6 @@ in
 
   config = lib.mkIf cfg.autoServe {
     custom.services = {
-      emby.enable = cfg.locations.services.emby == config.networking.fqdn;
       mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn;
       matrix.enable = cfg.locations.services.matrix == config.networking.fqdn;
       plex.enable = cfg.locations.services.plex == config.networking.fqdn;

modules/services/emby.nix

@@ -1,17 +0,0 @@
-{ config, lib, ... }:
-
-let
-  cfg = config.custom.services.emby;
-in
-{
-  options.custom.services.emby = {
-    enable = lib.mkEnableOption "emby";
-  };
-
-  config = lib.mkIf cfg.enable {
-    custom.filesystems = {
-      tv.enable = true;
-      films.enable = true;
-    };
-  };
-}

modules/users.nix

@@ -1,6 +1,23 @@
 { config, pkgs, lib, ... }:
 
+let
+  cfg = config.custom;
+  lazyUsers = { };
+in
 {
+  options.custom = {
+    users = lib.mkOption {
+      description = "Create a user with the correct group and a consistent uid.";
+      type = with lib.types; listOf str;
+      default = [ ];
+    };
+    groups = lib.mkOption {
+      description = "Create a group with a consistent gid.";
+      type = with lib.types; listOf str;
+      default = [ ];
+    };
+  };
+
   config = {
     ids.uids = {
       ## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
@@ -15,5 +32,22 @@
       ## Consistent Groups
       mediaaccess = 1200;
     };
+
+    users.groups = builtins.listToAttrs (builtins.map
+      (g: {
+        name = g;
+        value = {
+          gid = config.ids.gids.${u};
+        };
+      })
+      cfg.groups);
+    users.users = builtins.listToAttrs (builtins.map
+      (u: {
+        name = u;
+        value = {
+          uid = config.ids.gids.${u};
+        } // (if builtins.hasAttr u lazyUsers then lazyUsers.${u} else { group = "users"; });
+      })
+      cfg.users);
   };
 }

modules/www/global.nix

@@ -35,9 +35,6 @@ in
       virtualHosts."homeassistant.hillion.co.uk".extraConfig = ''
         reverse_proxy http://homeassistant.homeassistant.ts.hillion.co.uk:8123
       '';
-      virtualHosts."emby.hillion.co.uk".extraConfig = ''
-        reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096
-      '';
       virtualHosts."matrix.hillion.co.uk".extraConfig = ''
         reverse_proxy http://${locations.services.matrix}:8008
       '';

secrets/filesystems/tv.age

@@ -1,22 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa GxPFJQ
-S8LhCEjcKwVXqm9AEyHQNv8veKcEwIOpzqI8fgSnFjhVPi7XKdjYQZPMVaD4oDxM
-AE7dBGy2PxoXxaqLLgnL7IGgMN9B2En6LoaazavGNrPvl07LWZFk+dUBvh/cA3Be
-G8F3xl0ei7V6zsTuEIy1brVHtsTLrD9CHo2LOx3Pz3vIKIYNoi29QOB4vhfW6qM5
-xMaNfoRlweJJ+CeC7vKDinkUGbyLFF3UQQC7lJpz3TgOzpCvukRxjMXBw6767PrA
-2Ua9KTtXCGJeq8qfIMXPo2OD7IEh1Ob8HGHKqqeTa+uM4gEGE+3yKLMfc32BlU6D
-HaN9gJ4r9cmWSq1ZmtKTRA
--> ssh-rsa K9mW1w
-HPQauPQLfyfoKu4OlFLR6jZQzZRN51mycXKlPb57fffY3Jk+fAsjFNPcuiSup14u
-1W0VIZcki64QA4nTdyIWWrIxMe1WpjI3KnEjUu0AaeXAhS1hHsd2imux07SfwVzm
-d71c5Mkk9BjN3GnAlvSYfe8u1sfpBhTn0RgjprHRdHfZSkomu00VltB6G84WqQuJ
-DlzFS/b4Q2dS4KV+aG3YForqN0iJmUXMIYRm0LCmqvsUGIXqj2ER+Kw/ov4DrgUa
-8UWSgVOLC4SGMk4qZi3/GI/Vvp32U3IGmO+RbR1q36FDtWXe6Cz/XIxKZw5tDuIA
-q0we6rb0OZEhmIL7nbLM/g
--> ssh-ed25519 O0LMHg tI2AD8+MzZw7+5rCT6LBCtPyGKIm5728S3aoSPmdFmY
-dRuUAshH/zwZ9oL2heJaLmhq1sFJPe7XonDVWgIz7hs
--> hE7|6$-grease
-rCFOlWXcHUh3kOzEFVh7KxkX7VlO0aQCmfuvHon6zspAzysY/UnVNICYLrnPaQvn
-Xxx2/BvVQSDinUXEs/5ycuYTMS5+suKi0cSA7+ZD/YaNHL/CWnhOGJcYElQK
---- CE4gEsUZaituW2wZUrhwEtlLiCmHy+dQ4w2DWnVKATc
-âºàg5`
"YH“䀆OÀBõÜ
Þñ›‹³0ÂyŸü+<2B>S`«S[ЉRê½ÛÙÉíÆEÛ²d6<64>ø«QX„QžRnâ