From 24201d0db61b54ab594216823c6a742919d65908 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 21 Nov 2024 10:09:26 +0100 Subject: [PATCH 1/5] Install `attic` on `sisko` --- hosts/default.nix | 2 + hosts/sisko/default.nix | 1 + modules/atticd/default.nix | 52 +++++++++++++++++++++++ secrets/secrets.nix | 5 +++ secrets/sisko-attic-environment-file.age | Bin 0 -> 5999 bytes 5 files changed, 60 insertions(+) create mode 100644 modules/atticd/default.nix create mode 100644 secrets/sisko-attic-environment-file.age diff --git a/hosts/default.nix b/hosts/default.nix index 5636017..f86454b 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -110,11 +110,13 @@ "cloudflare-dyndns-api-token" = { }; "restic-hetzner-password" = { }; "hass-ssh-key".owner = "hass"; + "sisko-attic-environment-file".owner = "atticd"; "autistici-password" = { # FIXME terrible, should create a third ad-hoc group owner = "grafana"; group = "forgejo"; }; + }; }; }; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index ba45c12..969f4e4 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -30,6 +30,7 @@ "immich" "paperless" "syncthing" + "atticd" ] ++ [ ./disko.nix diff --git a/modules/atticd/default.nix b/modules/atticd/default.nix new file mode 100644 index 0000000..507ba59 --- /dev/null +++ b/modules/atticd/default.nix @@ -0,0 +1,52 @@ +{ config, lib, ... }: +{ + services.atticd = { + enable = true; + settings = { + listen = "0.0.0.0:8081"; + allowed-hosts = [ ]; # Allow all hosts + # api-endpoint = "https://cache.staging.mlabs.city/"; + soft-delete-caches = false; + require-proof-of-possession = true; + + database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc"; + + storage = { + type = "local"; + path = "/mnt/hd/atticd"; + }; + + compression = { + level = 8; + type = "zstd"; + }; + + chunking = { + nar-size-threshold = 64 * 1024; # 64 KiB + min-size = 16 * 1024; # 16 KiB + avg-size = 64 * 1024; # 64 KiB + max-size = 256 * 1024; # 256 KiB + }; + }; + environmentFile = config.age.secrets.sisko-attic-environment-file.path; + }; + + systemd.services.atticd = { + serviceConfig = { + DynamicUser = lib.mkForce false; + }; + }; + + systemd.tmpfiles.rules = [ + "d config.services.atticd.settings.storage.path 770 atticd atticd" + ]; + + users = { + groups.atticd = { }; + users.atticd = { + group = "atticd"; + home = config.services.atticd.settings.storage.path; + isSystemUser = true; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e5e95f4..52a3217 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -161,6 +161,11 @@ with keys.users; ccr-gpg sisko ]; + "sisko-attic-environment-file.age".publicKeys = [ + ccr-ssh + ccr-gpg + sisko + ]; # WireGuard "picard-wireguard-private-key.age".publicKeys = [ diff --git a/secrets/sisko-attic-environment-file.age b/secrets/sisko-attic-environment-file.age new file mode 100644 index 0000000000000000000000000000000000000000..97274634192fa829b29883ed306a7d3b1f4fd675 GIT binary patch literal 5999 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!*`Do#|;cT7xoD(7;`b;`}Da4anJ zF!2k@2+zsN3CSr)4a*8K3-ihdPN^s_$?`PMDvL-rcZ@P|wakvt4zSeENDs+%DNpit z4RYtQNYpkh_bT;@$TZ1FN{Ngxb;(NAPIigRD-3iijVkfUaH~iT@F@%S*0!iD_slTN z_sYm9wbW1b4fG8z&J4@tDz1v~uX6S>uE>chEU5A_)6dKHEsjbtEXoOX&#H9H)^`bw zNJ)zD@{aJTa!O7LGj;YTC`_u-E(+Cmvn<|@w33vzKcEcK2uNiRvNOv?8QcFfBO z2@3Wp4suMg&=2%hcGouW@=wb3t&A*kN%gAA&owDA)OQKbDRJ^BEAe;CtaJ%; zEeH+qNY@Te%JeNrHa89AD#|J`PxtV34st9k&MuE|GfPejOD_w}%C8Fc3e0x$(>BaE zNy+p|@{Y*M@rjDab`J~)GfE4{HZ}=%Hr6lJ<}!^)cQ1%CGR#S`EO+uyjtgOgGZD zaI@qJEH^In3Nm+$@~J8*3Ul*M@(d^m&ri!JuhLI84K6A*Om!{D4|c8eO0CRwbSVq< z&`$Sq&#wwFc6Sc;Oft>nN-}V%aC8ka4lK{DuyD^TH!z4WiOjDIFmNre@Xd7$%J!`E zGS5kKD^E^FPRD^BMaKG$Tpp37iGHSm9tNIXK88icsfHF7-Udl#dEo`+?pelOhCTto zE(SgUjz;E=B}S&H!KI#A`XN>6&iUq!#)T%8kz7@w0q)+31qE&asVOB!DV1)iM#kCx zfu-5bQN|t_&aM&q?tww!rUr(20luXbuBBeC#g#t(MJZKzg_XG;X3ks&Nx21iNiL2# zxlu-@X_-Mr*&&r?E;)XlW*&Zy>51Nc!DXo_F6Ay>m6>L~KKfBb;b~dfDM5va;ei#Y zCZSneA?5}7L1rdNDMpb6WfrA{9?4;r1?Db6Q9fD0AtlabX-2uGCZ5I?Nx??JrvBMU zZej?Pi#z7|Oq`lVi# zg+UdSerZ|yCWV2Hj?Q^L0Vb8jZcb&v=E1&(fm~6kWx2uW&PExL<%JOeg`WCRet8z< zMp+(yzMiH|B_0_8M#1HgQCaEU1xa~HmcC&|ey&ErZYe3DMj44gMX6i{#-3jO!TC<+ z8QvN0{uLFGg_S;OW|koV25y<|VXnSj8IC1s!9m5Y>0Zeh;fd}=5!$KFK~Y{+CLaDl z?#XFfg_eaz8Hr&gsrh~d-USARQDJ^nE4{+`>E#9il@3a5 z7G7yyDV1q?8O44BX*m`Jsh$RYUP-2@2IlUbUd{&jfoYKzS=q33oSI@}YHDbypk0;{l;^0B zYwnTm=T(+ek?&uoUs>huXq2905#g1Xo$FN?;p&m$7UCG>=3e3IomI}|;$Ko2Sx{&h zmZG1n9qR68>EcmX?CPEGn5FNP8IhV81tk49_$oh>KB<( z>6T^aWn^lctM6iw6yTkc8f6xd6zZv8nwabsni9yxFk`LC#%$iXpH-f4ge=`Y!$jy@ zZ@=B#_UM}(EV=hr$uBkHm*3HN;UeQ2i%P|Q9;Iy=99K6S{<%0NJt}X>$w0My@qSi!~u9$hStle#YSNGj%ij%auW1c%pJ!(|b6x_Ec{F2o4`lg<}Uz$Je(r^F& z@7%vd6`jcq@dA0QC)po-6UcgM_E;~IY4`s_3Q0%5YXq(2`*GUQ?ZT^|SOYen>8g=8 zTxvgOhC8jBw{`?Ox7%xLW?CdPG5HMO&I z_buAmx4hxk-DFYA>jPI+3a9-X~$=KsSL=9$x6rnU2A zujE}9B(w5fpu8^on>L?SoS#eO4@{S0pP2C5$M+{=M`rbwE1ixn4{7cf)_X9E|5I~W zCA--a*HZnoM=u!T{)rwsay9sLl+OEoZ@ID;=(^8;toth}CUDB3lX8{^Qp>NrPg%{f zi}epz-?uf_w*L^wzIfP3s8X@-8H$AwIz-B;=3pAU-!B8mr`rVnz>x(UmZ_%%|86%$YGOd zH7u^XZck{h&pA@Ur4V7ATlZrA#0hgPwbvv+o%1G3*Z9t?B^kZ973Xi=a(}-`zHsel z$vR!0*IMdsQF>QGkNuRp%D#SuqDjPg{pVVGpV=L|{H*m1mN!c)Y&jKia(fZO!~eSu zr=Lr>b@1G_g}!SPq^3>TE_h)@R^s`9uTQ#Pzuo@PaPGSu!f6$(pRV(texbm#-sF1F z$?1Uy$~NW7`aXS@IIrv-x7gk1`VUwq1lP+kKev?G`SY)utKL$L)wd5^dcJK&gq*Hs z&vyG6bCRN$cj-;saQwcxtk=6lh7UWoF0d6ZoKQMZ-#n=>H(^DW?xu%_KBziw7E?W# zsI0|!VcO24Tl23?KgRRw$&Ls8^_tfneN|Nd$eiEty3|~z`j4$F<{A`SZQm zm&IE)^UA7aKD>18UqwCh3;(zF54W2vs0lrDi1};2m{+NUbcXC6)A)Xm3{KG+m#o>_ z3Up7Fz0yl}7goNtRCfM>xlh)J>|Da#9?p2z=x4*dQl zyXh5AyQueh$M}-|+<@2}`Q^>u!{5u6t}t%P(^ClMPUU0XJwGV#Vfpieoh@=-tPkrg z=HA??JS*|C`Q%+nDHR*ygW1JPKSwQDnJTc)ZyRHM1#4j5u|%0pnfvBSd$%#~XZXLO zk)?e@?%Ex1#P8MYoYbi}`3tYPYUZ-U+-*z?HtX}4TdF>|F7MOA?_bXQzg}Tk_@UO< zXRdslA+$-!dcxJ7CWDBXpFggvv|Rr-*I@Z^QSJ7_H2koShauG`BiPpkaU&Nij3_O4I zrczdksPA^|%L#K^=lf&}UW+)m=-Nu(T~Bv!PIij^$KcB>7O*t)>*St}>-~!&1ZEX1 zPhEJWBS>{>!Q5x+ikBxlsLgDix$H=sXU>^BGR!%P15e1C-nBAgTc)Pi^}zKJqpb7O zA4ZBB)|}q)uIrWI-KfU-9f?^d?y9i8{P;;;N1}>ldj2!B4DUT+3wyU1EV`gzztr-G z`(7gs_iF;NU+g~VYREkZyl>PL9Q}^rna^XFTMM6VN?s@*#HBRf{T<8v?r-AaHrJ)| zjC%g{{n|D~tz_r!c+(aBzPC;9l&fw(^jqRo!in6q+WT5f3|W8uUa>IB;FZrFBj(*@ zk6-*LT~XW|TdF;Ey8Ty1<5$x!_WkLsYo7VvK-M5fROs@`t5Nd{)@~^)y%;TguJ7gf z%Q-%+e4+jti@tiPeecWNmXk8=WcmFLvn=B!ajpxS{%LkdJH)+KQr-OQa@dZN;L`WT z9Yyc@I+Q)?O<&(@=3gSPI{w|g#W;XG2H#`2GwtXNw zYp(GnuII%ye7ojcn(tg~_l*72cb6G$7p9mVmb1O-nEz5DB*XjS<~PEUJx|U@KgtPT zpkpQ45ODeY*{2@Oe%;%jGx}8?TQP6Pp%E$8_Zk+ z9p0~)F-6E*Ln7@_%gnt;{yQjLx7qR`<%Gem-PaaI`b@}3y%LZo)Y(6C{$Bl6dz3|c z9+#9}Dg1W2p!4hT>4L0(m5Zh$Pt&R1Ry?bHpq2TbZCOxbv@h4w4h^_y(SpCeI&*k>b50*$?nELcY z|CU3aWM&0O?lGG2JosL+vW9u@pHq9kYowj{#dlN7?fXL&xZnI;vZK!M*KBci zxkXDm=SEunoMoYD_K{)kmuvy&e8s9&tj#}*m~V)!3)e_;s*f$+qgG*Mr8NKkyE8vM z`~K?QF8c2lacpo|FEw%QXF1 zJH7qFCAN2!y>&f*g$tLLt>OMDQ^aAj?N<6m^Sbqn57+{HOH5C2Pyf1E#D(q1{uUXr z)rE5owVaqQIQ6;FhaMsMM^k<&u$0s+&DK#+KfZEubm-$3K!YkJ? zQTnLqe_`E1H~HjmIt_EJ-_FUGxiDS*&|1e-vrf5o-sUTF_XR}W+It@l}+6 z{w%gp>+>i}dZv`m_c6(nbH<#~r>bXF4!d6PQ{?U2cffMtk7Y}R=Wk%RbbN!CbkPLS zA6phViJAPAzWDUU8Ig$>OvG$`k6SCOb-sU0eo5qs^Ysz8y*@2`XOvbw}Mf1s< zg-cG<8=m3a6DX}W*KJ|W|E>Jp#|urR)sB5j{P`%w+UxGD=G&d#H^my(y2zR(h;>=2 z%j-+jDj1&KSIM9CZBg0JzWA2y8RlCiXerI){$-$P>(O5;5pYE2tJI1m;jPkl_wKXK zdz8_Xvith|jf?l}Tdtdy$?+me*J{m7rNf+0rDxTR2N$qkEvycG;8qn$3s94@9>84Y_`@GB|9$9$V9vhy!aMzW-^zuC5MOl zc?of^;xp&YSlxdwD!bynzye#zq$a0}KIO6pz1nm6gr@R>_Hb3%P>_%C`&{+NlZ%q|_f#X+^+hnyv%0{09^UCM)_RCI^Pqr5mXnyB&_8RZZm+yT$PacvxeSq^rlSx?K z7jYhurNv=lMw_Mc16cmWHnK;4JR-i*qOx&ytNL0G@7sJ_^Ack-SVOvAdl)1NIeEp3 z&rE!8=j0tC`)GE=@1i>1{NK!XOFk|Tvn|y-x9Qoni_ZE64=Vr9(%({jt2m~$c*h}2 z*3;_?&gjRr>tA3pXbJX_-S;{FD!b=rm!}pbsk^m0Rr>p0%yHpcKb1$w;or~Z)9=%x zK6!nTb9%M+d}~CAdzs3z_&WiXzQtoYIC!=$uIZld(Fzl3laKHG z_bdzAu(+K|^i-8|=Y>)ei;2er*G*ZV+E}vS*t3o;J0i}UnmlQx_KDZakH7x+c;<_? zOX?>cU5}kIVb?GDvn<7%-RsueH&A`&xBL28`-+K|*T|~Hu4$iD@#IJLp7KAL-^x`3 z+x{3h&byqlmn%d4+2_7a{_CD4H@m*C{l(Am!L=oH^Wqs-os8@+IR0L1T-6!qe#Rp? zZOT)JtzX~0T>1A6&!_ulerETt?{=(OD7-N$(T_mwM3eMeos{kfv8>Y2-^ zc|)$?`yvUy2-(*;-Yi#d-ebI|JGs=cvXocXXdg?yrbv%P#r2o^m42mjJ3?xHxyz(I sP53oqnpptz4j$fP{ACu85=w#&#TyFouI1eIQ6eDD)sOvyV9mQ50L`hIlK=n! literal 0 HcmV?d00001 From 312d1801f0b6321eb24205f600e1d29566bf5936 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 21 Nov 2024 10:10:06 +0100 Subject: [PATCH 2/5] Add `attic-client` to the Forgejo runner --- modules/forgejo-runners/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/forgejo-runners/default.nix b/modules/forgejo-runners/default.nix index 1d88c82..e9b52b9 100644 --- a/modules/forgejo-runners/default.nix +++ b/modules/forgejo-runners/default.nix @@ -23,6 +23,7 @@ let nix-fast-build curl tea + attic-client ] }; do for bin in "$dir"/bin/*; do From 0610fc96e90e33cefb0e26327c5ceeb315006820 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 21 Nov 2024 10:10:38 +0100 Subject: [PATCH 3/5] Use `nix-fast-build` from flake (it supports native attic pushing) --- flake.lock | 73 ++++++++++++++++++++++++++++++++++++++--- flake.nix | 4 +++ modules/nix/default.nix | 6 ++++ 3 files changed, 79 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index e48dcf3..9457803 100644 --- a/flake.lock +++ b/flake.lock @@ -223,6 +223,27 @@ } }, "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nix-fast-build", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -240,7 +261,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nixThePlanet", @@ -398,7 +419,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": "nixpkgs_6" }, "locked": { @@ -622,6 +643,28 @@ "type": "github" } }, + "nix-fast-build": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1730278911, + "narHash": "sha256-CrbqsC+lEA3w6gLfpqfDMDEKoEta2sl4sbQK6Z/gXak=", + "owner": "Mic92", + "repo": "nix-fast-build", + "rev": "8e7c9d76979381441facb8888f21408312cf177a", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "nix-fast-build", + "type": "github" + } + }, "nix-formatter-pack": { "inputs": { "nixpkgs": [ @@ -712,7 +755,7 @@ }, "nixThePlanet": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": [ "nixpkgs" @@ -1119,12 +1162,13 @@ "lix-eval-jobs": "lix-eval-jobs", "lix-module": "lix-module", "mobile-nixos": "mobile-nixos", + "nix-fast-build": "nix-fast-build", "nix-on-droid": "nix-on-droid", "nixDarwin": "nixDarwin", "nixThePlanet": "nixThePlanet", "nixosHardware": "nixosHardware", "nixpkgs": "nixpkgs_7", - "treefmt-nix": "treefmt-nix_2", + "treefmt-nix": "treefmt-nix_3", "vscode-server": "vscode-server" } }, @@ -1254,6 +1298,27 @@ } }, "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nix-fast-build", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723808491, + "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_3": { "inputs": { "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index de2ff34..e42bff9 100644 --- a/flake.nix +++ b/flake.nix @@ -62,6 +62,10 @@ }; catppuccin.url = "github:catppuccin/nix"; emacs-overlay.url = "github:nix-community/emacs-overlay"; + nix-fast-build = { + url = "github:Mic92/nix-fast-build"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 84e36c4..a46e84e 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -2,17 +2,23 @@ config, lib, fleetFlake, + pkgs, ... }: { nixpkgs.overlays = [ (final: _: { + nix-fast-build = fleetFlake.inputs.nix-fast-build.packages.${final.system}.nix-fast-build // { + nix = final.nix; + }; nix-eval-job = fleetFlake.inputs.lix-eval-jobs.packages.${final.system}.nix-eval-jobs // { nix = final.nix; }; }) ]; + environment.systemPackages = [ pkgs.nix-fast-build ]; + nix = { optimise.automatic = true; From 0fc04a3b18896cdce9e9d3dd1b22bb7e3a6cd017 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 21 Nov 2024 10:11:40 +0100 Subject: [PATCH 4/5] Clean `home-assistant` configuration --- modules/home-assistant/default.nix | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index cebc663..9cde4b4 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -70,15 +70,6 @@ in "::1" ]; }; - # ffmpeg = {}; - # camera = [ - # { - # name = "EyeToy"; - # platform = "ffmpeg"; - # input = "/dev/video1"; - # extra_arguments = "-vcodec h264"; - # } - # ]; homeassistant = { unit_system = "metric"; time_zone = "Europe/Rome"; @@ -87,17 +78,6 @@ in internal_url = "http://rock5b.fleet:8123"; }; logger.default = "WARNING"; - # backup = {}; - # media_player = [{ - # platform = "webostv"; - # host = "10.1.1.213"; - # name = "TV"; - # timeout = "5"; - # turn_on_action = { - # service = "wake_on_lan.send_magic_packet"; - # data.mac = "20:28:bc:74:14:c2"; - # }; - # }]; wake_on_lan = { }; switch = [ { @@ -109,7 +89,6 @@ in } ]; shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"''; - # shell_command.turn_off_picard = ''whoami''; prometheus = { namespace = "hass"; }; From f4364c6398d5815c99ecd4942e5716b4c69396e7 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Thu, 21 Nov 2024 10:14:58 +0100 Subject: [PATCH 5/5] Enable `webdav` in LAN for Kodi on the TV --- hosts/sisko/default.nix | 2 +- modules/sisko-nfs/default.nix | 20 ----------------- modules/sisko-share/default.nix | 39 +++++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 21 deletions(-) delete mode 100644 modules/sisko-nfs/default.nix create mode 100644 modules/sisko-share/default.nix diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 969f4e4..65c5e0b 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -18,7 +18,7 @@ "sisko-proxy" "invidious" "searx" - "sisko-nfs" + "sisko-share" "forgejo" "prometheus" "grafana" diff --git a/modules/sisko-nfs/default.nix b/modules/sisko-nfs/default.nix deleted file mode 100644 index 7e9b82b..0000000 --- a/modules/sisko-nfs/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /export 770 nobody nogroup" - ]; - - fileSystems."/export/hd" = { - device = "/mnt/hd"; - options = [ "bind" ]; - }; - - services.nfs.server = { - enable = true; - exports = '' - /export 10.100.0.1/24(rw,fsid=0,no_subtree_check) - /export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash) - ''; - }; - - networking.firewall.allowedTCPPorts = [ 2049 ]; -} diff --git a/modules/sisko-share/default.nix b/modules/sisko-share/default.nix new file mode 100644 index 0000000..41ea29b --- /dev/null +++ b/modules/sisko-share/default.nix @@ -0,0 +1,39 @@ +{ + systemd.tmpfiles.rules = [ + "d /export 770 nobody nogroup" + ]; + + fileSystems."/export/hd" = { + device = "/mnt/hd"; + options = [ "bind" ]; + }; + + services.nfs.server = { + enable = true; + exports = '' + /export 10.100.0.1/24(rw,fsid=0,no_subtree_check) + /export/hd 10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash) + ''; + }; + + services.webdav = { + enable = true; + + settings = { + address = "10.1.1.2"; # accessible only in LAN, used by Kodi installed on the TV + port = 9999; + scope = "/mnt/hd/torrent"; + modify = false; + auth = false; # TODO should we enable authentication? It's only reachable in LAN + debug = true; + users = [ ]; + }; + }; + + users.users.webdav.extraGroups = [ "transmission" ]; + + networking.firewall.allowedTCPPorts = [ + 2049 + 9999 + ]; +}