API tools faq
paste
Guest User

Untitled

a guest
Jul 29th, 2025
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.45 KB | None | 0 0
raw download clone embed print report
  1. { lib, pkgs, config, inputs, specialArgs, ... }:
  2.  
  3. let
  4. system = "x86_64-linux";
  5. kodiEnabled = false;
  6. in
  7. {
  8. boot.initrd.systemd.enable = true;
  9. boot.initrd.systemd.emergencyAccess = true;
  10.  
  11. boot.initrd.availableKernelModules = [ "loop" "squashfs" ];
  12. boot.initrd.kernelModules = [ "loop" "squashfs" ];
  13.  
  14. netsecrets = {
  15. server = {
  16. enable = true;
  17. ip = "192.168.0.36";
  18. port = "8080";
  19. verbose = true;
  20. };
  21. client = {
  22. enable = true;
  23. enableInitrd = true;
  24. server = "192.168.0.22";
  25. port = 8080;
  26. password = "your_password";
  27. verbose = true;
  28.  
  29. request_secrets = [
  30. "keys"
  31. "passwordHash"
  32. ];
  33.  
  34. fallbacks = [];
  35. };
  36. };
  37.  
  38. secrets = {
  39. keys_txt = {
  40. file = "/var/lib/netsecrets/keys.txt";
  41. };
  42. passwordHash = {
  43. file = "/run/secrets/passwordHash";
  44. };
  45. };
  46.  
  47. users = {
  48. groups = lib.mkIf kodiEnabled {
  49. kodi = {};
  50. };
  51. users = {
  52. root = {
  53. hashedPasswordFile = "/run/secrets/passwordHash";
  54. };
  55. tempuser = {
  56. isNormalUser = true;
  57. extraGroups = [ "wheel" ];
  58. password = "test123";
  59. openssh.authorizedKeys.keys = [
  60. (builtins.readFile ./id_rsa.pub)
  61. (builtins.readFile ./id_ed25519.pub)
  62. ];
  63. };
  64. spiderunderurbed = {
  65. isNormalUser = true;
  66. extraGroups = [ "wheel" ];
  67. openssh.authorizedKeys.keys = [
  68. (builtins.readFile ./id_rsa.pub)
  69. (builtins.readFile ./id_ed25519.pub)
  70. ];
  71. };
  72. } // lib.mkIf kodiEnabled {
  73. kodi = {
  74. isNormalUser = true;
  75. group = "kodi";
  76. };
  77. };
  78. };
  79.  
  80. services.openssh = {
  81. enable = true;
  82. ports = [ 3060 ];
  83. openFirewall = true;
  84. settings = {
  85. PermitRootLogin = lib.mkForce "no";
  86. PasswordAuthentication = false;
  87. PubkeyAuthentication = true;
  88. };
  89. };
  90.  
  91. services.xserver.displayManager.lightdm.enable = kodiEnabled;
  92. services.xserver.enable = kodiEnabled;
  93. services.xserver.desktopManager.kodi.enable = kodiEnabled;
  94. services.displayManager.autoLogin.user = if kodiEnabled then "kodi" else null;
  95. services.xserver.displayManager.lightdm.greeter.enable = false;
  96.  
  97. services.proxmox-ve = {
  98. enable = true;
  99. ipAddress = "192.168.0.36";
  100. };
  101.  
  102. nixpkgs.overlays = [
  103. inputs.proxmox-nixos.overlays.${system}
  104. ];
  105.  
  106. services.samba = {
  107. enable = true;
  108. openFirewall = true;
  109. settings = {
  110. global = {
  111. workgroup = "WORKGROUP";
  112. serverString = "Samba Server";
  113. netbiosName = config.networking.hostName;
  114. security = "user";
  115. mapToGuest = "bad user";
  116. dnsProxy = "no";
  117. };
  118. shared = {
  119. path = "/path/to/your/shared/folder";
  120. browseable = true;
  121. writable = true;
  122. guestOk = true;
  123. readOnly = false;
  124. };
  125. };
  126. };
  127.  
  128.  
  129.  
  130. services.tailscale = {
  131. enable = true;
  132. package = pkgs.tailscale-custom;
  133. useRoutingFeatures = "both";
  134. };
  135.  
  136. systemd.services.tailscale-autoconnect = {
  137. enable = false;
  138. description = "Automatic connection to Tailscale";
  139. after = [ "network-pre.target" "tailscale.service" ];
  140. wants = [ "network-pre.target" "tailscale.service" ];
  141. wantedBy = [ "multi-user.target" ];
  142. serviceConfig.Type = "oneshot";
  143. script = with pkgs; ''
  144. sleep 2
  145. status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
  146. if [ $status = "Running" ]; then
  147. exit 0
  148. fi
  149. ${tailscale}/bin/tailscale up --login-server=http://headscale.spidershomelab.xyz -authkey tskey-examplekeyhere
  150. '';
  151. };
  152.  
  153. services.avahi = {
  154. enable = true;
  155. nssmdns4 = true;
  156. publish = {
  157. enable = true;
  158. addresses = true;
  159. domain = true;
  160. userServices = true;
  161. };
  162. };
  163.  
  164. environment.etc."smbpasswd" = {
  165. target = "/home/john/smbpasswd";
  166. source = pkgs.writeText "smbpasswd" ''
  167. spiderunderurbed:$6$bAY9OVPvmIbpcZlz$c39tOLmdSMvfNoRfiljGCiWuhPpmlRbOaPwlO8sOwVZ9qHRrQHOVTQIy.cHnLE.Euo2Y5/e5673/meXgBL7J30:1001:100::/home/spiderunderurbed:/bin/bash
  168. '';
  169. mode = "0600";
  170. };
  171.  
  172. system.activationScripts = {
  173. sambaUserSetup = {
  174. text = ''
  175. PATH=$PATH:${lib.makeBinPath [ pkgs.samba ]}
  176. pdbedit -i smbpasswd:/home/john/smbpasswd -e tdbsam:/var/lib/samba/private/passdb.tdb
  177. '';
  178. deps = [ ];
  179. };
  180. stdio = lib.mkForce {
  181. text = ''
  182. echo "Ran successfully"
  183. '';
  184. };
  185. };
  186.  
  187. networking = {
  188. nameservers = [ "8.8.8.8" "8.8.4.4" ];
  189. defaultGateway = {
  190. address = "192.168.0.1";
  191. interface = "vmbr0";
  192. };
  193. interfaces = {
  194. eth0 = {
  195. useDHCP = false;
  196. };
  197. vmbr0 = {
  198. ipv4.addresses = [
  199. {
  200. address = "192.168.0.36";
  201. prefixLength = 24;
  202. }
  203. ];
  204. };
  205. };
  206. bridges = {
  207. vmbr0 = {
  208. interfaces = [ "eth0" ];
  209. };
  210. };
  211. hostName = "hostnuc";
  212. };
  213.  
  214. environment.systemPackages = [
  215. pkgs.transmission_4
  216. pkgs.tailscale-custom
  217. specialArgs.netsecrets
  218. #specialArgs.netsecrets.packages.${system}.netsecrets
  219. pkgs.python3
  220. pkgs.htop
  221. pkgs.localsend
  222. pkgs.gdu
  223. ];
  224.  
  225. systemd.tmpfiles.rules = [
  226. "d /home/spiderunderurbed/hdd 0770 spiderunderurbed users -"
  227. ];
  228.  
  229. nix.settings.experimental-features = [ "nix-command" "flakes" ];
  230. }
  231.  
  232.  
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!