From aae49aecde2d1c7d9671b446320812103f9163d8 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Mon, 19 Feb 2024 18:08:01 -0600 Subject: [PATCH] temp add samba --- configuration-nas.nix | 45 ++++++++++++++++++++++++++++++++---- nas-apps/jellyfin.nix | 54 ++++++++++++++++++++++++++++--------------- nas-samba/samba.nix | 44 +++++++++++++++++++++++++++++++++++ 3 files changed, 120 insertions(+), 23 deletions(-) create mode 100644 nas-samba/samba.nix diff --git a/configuration-nas.nix b/configuration-nas.nix index d4efef2..1eecf03 100644 --- a/configuration-nas.nix +++ b/configuration-nas.nix @@ -8,12 +8,12 @@ let password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; hostname = "jallen-nas"; timezone = "America/Chicago"; - main-pool = ''"Main\ Pool"''; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration-nas.nix + ./nas-samba/samba.nix ./nas-apps/swag.nix ./nas-apps/jellyfin.nix ./nas-apps/sonarr.nix @@ -140,6 +140,32 @@ in defaultWindowManager = "startplasma-x11"; openFirewall = true; }; + + avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + smb = '' + + + + %h + + _smb._tcp + 445 + + + ''; + }; + }; }; # libnvidia-container does not support cgroups v2 (prior to 1.8.0) @@ -175,8 +201,10 @@ in firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; - allowedUDPPorts = [ 80 443 ]; + allowPing = true; + extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; + allowedTCPPorts = [ 80 443 445 139 ]; + allowedUDPPorts = [ 80 443 137 138 ]; }; }; @@ -218,7 +246,7 @@ in # Define a user account. Don't forget to set a password with ‘passwd’. users.users."${user}" = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. + extraGroups = [ "wheel" "networkmanager" "docker" "podman" ]; # Enable ‘sudo’ for the user. initialHashedPassword = password; shell = pkgs.fish; packages = with pkgs; [ @@ -231,9 +259,18 @@ in aspellDicts.en-science aha papirus-icon-theme + ffmpeg ]; }; + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.mjallen = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + initialHashedPassword = password; + shell = pkgs.fish; + }; + virtualisation.docker.enable = true; virtualisation.docker.enableNvidia = true; virtualisation.docker.enableOnBoot = true; diff --git a/nas-apps/jellyfin.nix b/nas-apps/jellyfin.nix index 349e061..010ff90 100644 --- a/nas-apps/jellyfin.nix +++ b/nas-apps/jellyfin.nix @@ -2,24 +2,40 @@ { # Jellyfin - virtualisation.oci-containers.containers."jellyfin" = { - autoStart = true; - image = "linuxserver/jellyfin"; - extraOptions = [ "--runtime=nvidia" ]; - volumes = [ - "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config:/config" - "/mnt/Safe\ SSD/ssd_app_data/jellyfin/cache:/cache" - "/mnt/Safe\ SSD/ssd_app_data/jellyfin/log:/log" - "/mnt/Main\ Pool/Movies:/movies" - "/mnt/Main\ Pool/TV:/tv" - ]; - ports = [ "8096:8096" ]; - environment = { - NVIDIA_VISIBLE_DEVICES = "all"; - NVIDIA_DRIVER_CAPABILITIES = "compute,utility"; - JELLYFIN_LOG_DIR = "/log"; - PUID = "911"; - PGID = "1000"; - }; + + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; + + services.jellyfin = { + enable = true; + user = "911"; + group = "1000"; + # dataDir = "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config"; # defaults to /var/lib/jellyfin and cannot be changed.... + openFirewall = true; + }; + + # virtualisation.oci-containers.containers."jellyfin" = { + # autoStart = true; + # image = "linuxserver/jellyfin"; + # cmd = [ "--gpus all" ]; + # volumes = [ + # "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config:/config" + # "/mnt/Safe\ SSD/ssd_app_data/jellyfin/cache:/cache" + # "/mnt/Safe\ SSD/ssd_app_data/jellyfin/log:/log" + # "/mnt/Main\ Pool/Movies:/movies" + # "/mnt/Main\ Pool/TV:/tv" + # ]; + # ports = [ "8096:8096" ]; + # environment = { + # NVIDIA_VISIBLE_DEVICES = "all"; + # NVIDIA_DRIVER_CAPABILITIES = "compute,utility"; + # JELLYFIN_LOG_DIR = "/log"; + # PUID = "911"; + # PGID = "1000"; + # }; + # }; } diff --git a/nas-samba/samba.nix b/nas-samba/samba.nix new file mode 100644 index 0000000..b0ae0a2 --- /dev/null +++ b/nas-samba/samba.nix @@ -0,0 +1,44 @@ +{ config, ... }: +{ + services.samba-wsdd = { + # make shares visible for Windows clients + enable = true; + openFirewall = true; + }; + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + extraConfig = '' + workgroup = WORKGROUP + server string = smbnix + netbios name = smbnix + security = user + #use sendfile = yes + #max protocol = smb2 + # note: localhost is the ipv6 localhost ::1 + hosts allow = 10.0.1 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + backup = { + path = "/mnt/Main\ Pool/backup"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + }; + isos = { + path = "/mnt/Main\ Pool/isos"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + }; + }; + }; +}