Guest User

Untitled

a guest
Jul 29th, 2025
51
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.45 KB | None | 0 0
  1. { lib, pkgs, config, inputs, specialArgs, ... }:
  2.  
  3. let
  4. system = "x86_64-linux";
  5. kodiEnabled = false;
  6. in
  7. {
  8. boot.initrd.systemd.enable = true;
  9. boot.initrd.systemd.emergencyAccess = true;
  10.  
  11. boot.initrd.availableKernelModules = [ "loop" "squashfs" ];
  12. boot.initrd.kernelModules = [ "loop" "squashfs" ];
  13.  
  14. netsecrets = {
  15. server = {
  16. enable = true;
  17. ip = "192.168.0.36";
  18. port = "8080";
  19. verbose = true;
  20. };
  21. client = {
  22. enable = true;
  23. enableInitrd = true;
  24. server = "192.168.0.22";
  25. port = 8080;
  26. password = "your_password";
  27. verbose = true;
  28.  
  29. request_secrets = [
  30. "keys"
  31. "passwordHash"
  32. ];
  33.  
  34. fallbacks = [];
  35. };
  36. };
  37.  
  38. secrets = {
  39. keys_txt = {
  40. file = "/var/lib/netsecrets/keys.txt";
  41. };
  42. passwordHash = {
  43. file = "/run/secrets/passwordHash";
  44. };
  45. };
  46.  
  47. users = {
  48. groups = lib.mkIf kodiEnabled {
  49. kodi = {};
  50. };
  51. users = {
  52. root = {
  53. hashedPasswordFile = "/run/secrets/passwordHash";
  54. };
  55. tempuser = {
  56. isNormalUser = true;
  57. extraGroups = [ "wheel" ];
  58. password = "test123";
  59. openssh.authorizedKeys.keys = [
  60. (builtins.readFile ./id_rsa.pub)
  61. (builtins.readFile ./id_ed25519.pub)
  62. ];
  63. };
  64. spiderunderurbed = {
  65. isNormalUser = true;
  66. extraGroups = [ "wheel" ];
  67. openssh.authorizedKeys.keys = [
  68. (builtins.readFile ./id_rsa.pub)
  69. (builtins.readFile ./id_ed25519.pub)
  70. ];
  71. };
  72. } // lib.mkIf kodiEnabled {
  73. kodi = {
  74. isNormalUser = true;
  75. group = "kodi";
  76. };
  77. };
  78. };
  79.  
  80. services.openssh = {
  81. enable = true;
  82. ports = [ 3060 ];
  83. openFirewall = true;
  84. settings = {
  85. PermitRootLogin = lib.mkForce "no";
  86. PasswordAuthentication = false;
  87. PubkeyAuthentication = true;
  88. };
  89. };
  90.  
  91. services.xserver.displayManager.lightdm.enable = kodiEnabled;
  92. services.xserver.enable = kodiEnabled;
  93. services.xserver.desktopManager.kodi.enable = kodiEnabled;
  94. services.displayManager.autoLogin.user = if kodiEnabled then "kodi" else null;
  95. services.xserver.displayManager.lightdm.greeter.enable = false;
  96.  
  97. services.proxmox-ve = {
  98. enable = true;
  99. ipAddress = "192.168.0.36";
  100. };
  101.  
  102. nixpkgs.overlays = [
  103. inputs.proxmox-nixos.overlays.${system}
  104. ];
  105.  
  106. services.samba = {
  107. enable = true;
  108. openFirewall = true;
  109. settings = {
  110. global = {
  111. workgroup = "WORKGROUP";
  112. serverString = "Samba Server";
  113. netbiosName = config.networking.hostName;
  114. security = "user";
  115. mapToGuest = "bad user";
  116. dnsProxy = "no";
  117. };
  118. shared = {
  119. path = "/path/to/your/shared/folder";
  120. browseable = true;
  121. writable = true;
  122. guestOk = true;
  123. readOnly = false;
  124. };
  125. };
  126. };
  127.  
  128.  
  129.  
  130. services.tailscale = {
  131. enable = true;
  132. package = pkgs.tailscale-custom;
  133. useRoutingFeatures = "both";
  134. };
  135.  
  136. systemd.services.tailscale-autoconnect = {
  137. enable = false;
  138. description = "Automatic connection to Tailscale";
  139. after = [ "network-pre.target" "tailscale.service" ];
  140. wants = [ "network-pre.target" "tailscale.service" ];
  141. wantedBy = [ "multi-user.target" ];
  142. serviceConfig.Type = "oneshot";
  143. script = with pkgs; ''
  144. sleep 2
  145. status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
  146. if [ $status = "Running" ]; then
  147. exit 0
  148. fi
  149. ${tailscale}/bin/tailscale up --login-server=http://headscale.spidershomelab.xyz -authkey tskey-examplekeyhere
  150. '';
  151. };
  152.  
  153. services.avahi = {
  154. enable = true;
  155. nssmdns4 = true;
  156. publish = {
  157. enable = true;
  158. addresses = true;
  159. domain = true;
  160. userServices = true;
  161. };
  162. };
  163.  
  164. environment.etc."smbpasswd" = {
  165. target = "/home/john/smbpasswd";
  166. source = pkgs.writeText "smbpasswd" ''
  167. spiderunderurbed:$6$bAY9OVPvmIbpcZlz$c39tOLmdSMvfNoRfiljGCiWuhPpmlRbOaPwlO8sOwVZ9qHRrQHOVTQIy.cHnLE.Euo2Y5/e5673/meXgBL7J30:1001:100::/home/spiderunderurbed:/bin/bash
  168. '';
  169. mode = "0600";
  170. };
  171.  
  172. system.activationScripts = {
  173. sambaUserSetup = {
  174. text = ''
  175. PATH=$PATH:${lib.makeBinPath [ pkgs.samba ]}
  176. pdbedit -i smbpasswd:/home/john/smbpasswd -e tdbsam:/var/lib/samba/private/passdb.tdb
  177. '';
  178. deps = [ ];
  179. };
  180. stdio = lib.mkForce {
  181. text = ''
  182. echo "Ran successfully"
  183. '';
  184. };
  185. };
  186.  
  187. networking = {
  188. nameservers = [ "8.8.8.8" "8.8.4.4" ];
  189. defaultGateway = {
  190. address = "192.168.0.1";
  191. interface = "vmbr0";
  192. };
  193. interfaces = {
  194. eth0 = {
  195. useDHCP = false;
  196. };
  197. vmbr0 = {
  198. ipv4.addresses = [
  199. {
  200. address = "192.168.0.36";
  201. prefixLength = 24;
  202. }
  203. ];
  204. };
  205. };
  206. bridges = {
  207. vmbr0 = {
  208. interfaces = [ "eth0" ];
  209. };
  210. };
  211. hostName = "hostnuc";
  212. };
  213.  
  214. environment.systemPackages = [
  215. pkgs.transmission_4
  216. pkgs.tailscale-custom
  217. specialArgs.netsecrets
  218. #specialArgs.netsecrets.packages.${system}.netsecrets
  219. pkgs.python3
  220. pkgs.htop
  221. pkgs.localsend
  222. pkgs.gdu
  223. ];
  224.  
  225. systemd.tmpfiles.rules = [
  226. "d /home/spiderunderurbed/hdd 0770 spiderunderurbed users -"
  227. ];
  228.  
  229. nix.settings.experimental-features = [ "nix-command" "flakes" ];
  230. }
  231.  
  232.  
Advertisement
Add Comment
Please, Sign In to add comment