temp add samba

2024-02-19 18:08:01 -06:00
parent d390d35734
commit aae49aecde
3 changed files with 120 additions and 23 deletions
--- a/configuration-nas.nix
+++ b/configuration-nas.nix
@@ -8,12 +8,12 @@ let
  password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
  hostname = "jallen-nas";
  timezone = "America/Chicago";
-  main-pool = ''"Main\ Pool"'';
 in
 {
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration-nas.nix
+      ./nas-samba/samba.nix
      ./nas-apps/swag.nix
      ./nas-apps/jellyfin.nix
      ./nas-apps/sonarr.nix
@@ -140,6 +140,32 @@ in
      defaultWindowManager = "startplasma-x11";
      openFirewall = true;
    };
+
+    avahi = {
+      enable = true;
+      nssmdns = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        domain = true;
+        hinfo = true;
+        userServices = true;
+        workstation = true;
+      };
+      extraServiceFiles = {
+        smb = ''
+          <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
+          <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+          <service-group>
+            <name replace-wildcards="yes">%h</name>
+            <service>
+              <type>_smb._tcp</type>
+              <port>445</port>
+            </service>
+          </service-group>
+        '';
+      };
+    };
  };

  # libnvidia-container does not support cgroups v2 (prior to 1.8.0)
@@ -175,8 +201,10 @@ in

    firewall = {
      enable = true;
-      allowedTCPPorts = [ 80 443 ];
-      allowedUDPPorts = [ 80 443 ];
+      allowPing = true;
+      extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+      allowedTCPPorts = [ 80 443 445 139 ];
+      allowedUDPPorts = [ 80 443 137 138 ];
    };
  };

@@ -218,7 +246,7 @@ in
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users."${user}" = {
    isNormalUser = true;
-    extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [ "wheel" "networkmanager" "docker" "podman" ]; # Enable ‘sudo’ for the user.
    initialHashedPassword = password;
    shell = pkgs.fish;
    packages = with pkgs; [
@@ -231,9 +259,18 @@ in
      aspellDicts.en-science
      aha
      papirus-icon-theme
+      ffmpeg
    ];
  };

+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.mjallen = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    initialHashedPassword = password;
+    shell = pkgs.fish;
+  }; 
+
  virtualisation.docker.enable = true;
  virtualisation.docker.enableNvidia = true;
  virtualisation.docker.enableOnBoot = true;
--- a/nas-apps/jellyfin.nix
+++ b/nas-apps/jellyfin.nix
@@ -2,24 +2,40 @@

 {
  # Jellyfin
-  virtualisation.oci-containers.containers."jellyfin" = {
-    autoStart = true;
-    image = "linuxserver/jellyfin";
-    extraOptions = [ "--runtime=nvidia" ];
-    volumes = [
-      "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config:/config"
-      "/mnt/Safe\ SSD/ssd_app_data/jellyfin/cache:/cache"
-      "/mnt/Safe\ SSD/ssd_app_data/jellyfin/log:/log"
-      "/mnt/Main\ Pool/Movies:/movies"
-      "/mnt/Main\ Pool/TV:/tv"
-    ];
-    ports = [ "8096:8096" ];
-    environment = {
-      NVIDIA_VISIBLE_DEVICES = "all";
-      NVIDIA_DRIVER_CAPABILITIES = "compute,utility";
-      JELLYFIN_LOG_DIR = "/log";
-      PUID = "911";
-      PGID = "1000";
-    };
+
+  environment.systemPackages = [
+    pkgs.jellyfin
+    pkgs.jellyfin-web
+    pkgs.jellyfin-ffmpeg
+  ];
+
+  services.jellyfin = {
+    enable = true;
+    user = "911";
+    group = "1000";
+    # dataDir = "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config"; # defaults to /var/lib/jellyfin and cannot be changed....
+    openFirewall = true;
+
  };
+
+  # virtualisation.oci-containers.containers."jellyfin" = {
+  #   autoStart = true;
+  #   image = "linuxserver/jellyfin";
+  #   cmd = [ "--gpus all" ];
+  #   volumes = [
+  #     "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config:/config"
+  #     "/mnt/Safe\ SSD/ssd_app_data/jellyfin/cache:/cache"
+  #     "/mnt/Safe\ SSD/ssd_app_data/jellyfin/log:/log"
+  #     "/mnt/Main\ Pool/Movies:/movies"
+  #     "/mnt/Main\ Pool/TV:/tv"
+  #   ];
+  #   ports = [ "8096:8096" ];
+  #   environment = {
+  #     NVIDIA_VISIBLE_DEVICES = "all";
+  #     NVIDIA_DRIVER_CAPABILITIES = "compute,utility";
+  #     JELLYFIN_LOG_DIR = "/log";
+  #     PUID = "911";
+  #     PGID = "1000";
+  #  };
+  # };
 }
--- a/nas-samba/samba.nix
+++ b/nas-samba/samba.nix
@@ -0,0 +1,44 @@
+{ config, ... }:
+{
+  services.samba-wsdd = {
+    # make shares visible for Windows clients
+    enable = true;
+    openFirewall = true;
+  };
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = smbnix
+      netbios name = smbnix
+      security = user 
+      #use sendfile = yes
+      #max protocol = smb2
+      # note: localhost is the ipv6 localhost ::1
+      hosts allow = 10.0.1 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      backup = {
+        path = "/mnt/Main\ Pool/backup";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+      isos = {
+        path = "/mnt/Main\ Pool/isos";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+      };
+    };
+  };
+}