Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- { lib, pkgs, config, inputs, specialArgs, ... }:
- let
- system = "x86_64-linux";
- kodiEnabled = false;
- in
- {
- boot.initrd.systemd.enable = true;
- boot.initrd.systemd.emergencyAccess = true;
- boot.initrd.availableKernelModules = [ "loop" "squashfs" ];
- boot.initrd.kernelModules = [ "loop" "squashfs" ];
- netsecrets = {
- server = {
- enable = true;
- ip = "192.168.0.36";
- port = "8080";
- verbose = true;
- };
- client = {
- enable = true;
- enableInitrd = true;
- server = "192.168.0.22";
- port = 8080;
- password = "your_password";
- verbose = true;
- request_secrets = [
- "keys"
- "passwordHash"
- ];
- fallbacks = [];
- };
- };
- secrets = {
- keys_txt = {
- file = "/var/lib/netsecrets/keys.txt";
- };
- passwordHash = {
- file = "/run/secrets/passwordHash";
- };
- };
- users = {
- groups = lib.mkIf kodiEnabled {
- kodi = {};
- };
- users = {
- root = {
- hashedPasswordFile = "/run/secrets/passwordHash";
- };
- tempuser = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
- password = "test123";
- openssh.authorizedKeys.keys = [
- (builtins.readFile ./id_rsa.pub)
- (builtins.readFile ./id_ed25519.pub)
- ];
- };
- spiderunderurbed = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
- openssh.authorizedKeys.keys = [
- (builtins.readFile ./id_rsa.pub)
- (builtins.readFile ./id_ed25519.pub)
- ];
- };
- } // lib.mkIf kodiEnabled {
- kodi = {
- isNormalUser = true;
- group = "kodi";
- };
- };
- };
- services.openssh = {
- enable = true;
- ports = [ 3060 ];
- openFirewall = true;
- settings = {
- PermitRootLogin = lib.mkForce "no";
- PasswordAuthentication = false;
- PubkeyAuthentication = true;
- };
- };
- services.xserver.displayManager.lightdm.enable = kodiEnabled;
- services.xserver.enable = kodiEnabled;
- services.xserver.desktopManager.kodi.enable = kodiEnabled;
- services.displayManager.autoLogin.user = if kodiEnabled then "kodi" else null;
- services.xserver.displayManager.lightdm.greeter.enable = false;
- services.proxmox-ve = {
- enable = true;
- ipAddress = "192.168.0.36";
- };
- nixpkgs.overlays = [
- inputs.proxmox-nixos.overlays.${system}
- ];
- services.samba = {
- enable = true;
- openFirewall = true;
- settings = {
- global = {
- workgroup = "WORKGROUP";
- serverString = "Samba Server";
- netbiosName = config.networking.hostName;
- security = "user";
- mapToGuest = "bad user";
- dnsProxy = "no";
- };
- shared = {
- path = "/path/to/your/shared/folder";
- browseable = true;
- writable = true;
- guestOk = true;
- readOnly = false;
- };
- };
- };
- services.tailscale = {
- enable = true;
- package = pkgs.tailscale-custom;
- useRoutingFeatures = "both";
- };
- systemd.services.tailscale-autoconnect = {
- enable = false;
- description = "Automatic connection to Tailscale";
- after = [ "network-pre.target" "tailscale.service" ];
- wants = [ "network-pre.target" "tailscale.service" ];
- wantedBy = [ "multi-user.target" ];
- serviceConfig.Type = "oneshot";
- script = with pkgs; ''
- sleep 2
- status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
- if [ $status = "Running" ]; then
- exit 0
- fi
- ${tailscale}/bin/tailscale up --login-server=http://headscale.spidershomelab.xyz -authkey tskey-examplekeyhere
- '';
- };
- services.avahi = {
- enable = true;
- nssmdns4 = true;
- publish = {
- enable = true;
- addresses = true;
- domain = true;
- userServices = true;
- };
- };
- environment.etc."smbpasswd" = {
- target = "/home/john/smbpasswd";
- source = pkgs.writeText "smbpasswd" ''
- spiderunderurbed:$6$bAY9OVPvmIbpcZlz$c39tOLmdSMvfNoRfiljGCiWuhPpmlRbOaPwlO8sOwVZ9qHRrQHOVTQIy.cHnLE.Euo2Y5/e5673/meXgBL7J30:1001:100::/home/spiderunderurbed:/bin/bash
- '';
- mode = "0600";
- };
- system.activationScripts = {
- sambaUserSetup = {
- text = ''
- PATH=$PATH:${lib.makeBinPath [ pkgs.samba ]}
- pdbedit -i smbpasswd:/home/john/smbpasswd -e tdbsam:/var/lib/samba/private/passdb.tdb
- '';
- deps = [ ];
- };
- stdio = lib.mkForce {
- text = ''
- echo "Ran successfully"
- '';
- };
- };
- networking = {
- nameservers = [ "8.8.8.8" "8.8.4.4" ];
- defaultGateway = {
- address = "192.168.0.1";
- interface = "vmbr0";
- };
- interfaces = {
- eth0 = {
- useDHCP = false;
- };
- vmbr0 = {
- ipv4.addresses = [
- {
- address = "192.168.0.36";
- prefixLength = 24;
- }
- ];
- };
- };
- bridges = {
- vmbr0 = {
- interfaces = [ "eth0" ];
- };
- };
- hostName = "hostnuc";
- };
- environment.systemPackages = [
- pkgs.transmission_4
- pkgs.tailscale-custom
- specialArgs.netsecrets
- #specialArgs.netsecrets.packages.${system}.netsecrets
- pkgs.python3
- pkgs.htop
- pkgs.localsend
- pkgs.gdu
- ];
- systemd.tmpfiles.rules = [
- "d /home/spiderunderurbed/hdd 0770 spiderunderurbed users -"
- ];
- nix.settings.experimental-features = [ "nix-command" "flakes" ];
- }
Advertisement
Add Comment
Please, Sign In to add comment