nas cleanup

configuration-nas.nix

@@ -131,7 +131,7 @@ in
       pulse.enable = true;
     };
 
-    # Enable Flatpak
+    # Set to enable Flatpak
     flatpak.enable = false;
 
     # Enable RDP
@@ -152,7 +152,7 @@ in
         userServices = true;
         workstation = true;
       };
-      extraServiceFiles = {
+      extraServiceFiles = { # TODO is this needed?
         smb = ''
           <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
           <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
@@ -168,10 +168,6 @@ in
     };
   };
 
-  # libnvidia-container does not support cgroups v2 (prior to 1.8.0)
-  # https://github.com/NVIDIA/nvidia-docker/issues/1447
-  systemd.enableUnifiedCgroupHierarchy = false;
-
   systemd.services.nas-mounts = {
     path = [ pkgs.zfs pkgs.bash ];
     script = ''
@@ -202,7 +198,7 @@ in
     firewall = {
       enable = true;
       allowPing = true;
-      extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+      extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; # TODO is this needed?
       allowedTCPPorts = [ 80 443 61208 ];
       allowedUDPPorts = [ 80 443 61208 ];
     };
@@ -246,37 +242,48 @@ in
   };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users."${user}" = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" ]; # Enable ‘sudo’ for the user.
-    initialHashedPassword = password;
-    shell = pkgs.fish;
-    packages = with pkgs; [
-      neofetch
-      git
-      parted
-      aspell
-      aspellDicts.en
-      aspellDicts.en-computers
-      aspellDicts.en-science
-      aha
-      papirus-icon-theme
-      firefox
-    ];
+  users = {
+    groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
+
+    # Admin account
+    users."${user}" = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" ]; # Enable ‘sudo’ for the user.
+      initialHashedPassword = password;
+      shell = pkgs.fish;
+      packages = with pkgs; [
+        neofetch
+        git
+        parted
+        aspell
+        aspellDicts.en
+        aspellDicts.en-computers
+        aspellDicts.en-science
+        aha
+        papirus-icon-theme
+        firefox
+      ];
+    };
+
+    # Nix app account
+    users.nix-apps = {
+      isNormalUser = true;
+      uid = 911;
+      extraGroups = [ "jallen-nas" "wheel" "docker" "podman" "libvirt" ]; # Enable ‘sudo’ for the user.
+      initialHashedPassword = password;
+    }; 
   };
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.mjallen = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    initialHashedPassword = password;
-    shell = pkgs.fish;
-  }; 
+  # Virtualisation
+  virtualisation = {
+    docker = {
+      enable = true;
+      enableNvidia = true;
+      enableOnBoot = true;
+    };
 
-  virtualisation.docker.enable = true;
-  virtualisation.docker.enableNvidia = true;
-  virtualisation.docker.enableOnBoot = true;
-  virtualisation.libvirtd.enable = true;
+    libvirtd.enable = true;
+  };
 
   # This option defines the first version of NixOS you have installed on this particular machine,
   # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.