From c47c07d4274dfcf2cfe82bc087e2eace2a4b62b3 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 8 Jan 2016 03:37:38 +0100 Subject: ma 1 omo: add sabnzbd; --- makefu/1systems/omo.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'makefu/1systems/omo.nix') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e19205a9..3daa74cf 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -30,7 +30,14 @@ in { ../3modules ]; krebs.build.host = config.krebs.hosts.omo; + + # copy config from to /var/lib/sabnzbd/ + services.sabnzbd.enable = true; + systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + + # HDD Array stuff services.smartd.devices = builtins.map (x: { device = x; }) allDisks; + makefu.snapraid = let toMapper = id: "/media/crypt${builtins.toString id}"; in { @@ -38,7 +45,6 @@ in { disks = map toMapper [ 0 1 ]; parity = toMapper 2; }; - # AMD E350 fileSystems = let cryptMount = name: { "/media/${name}" = { device = "/dev/mapper/${name}"; fsType = "xfs"; };}; @@ -56,6 +62,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -B 127 ${disk} ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + boot = { initrd.luks = { devices = let @@ -87,10 +94,13 @@ in { }; networking.firewall.allowedUDPPorts = [ 655 ]; + # 8080: sabnzbd + networking.firewall.allowedTCPPorts = [ 655 8080 ]; + hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; - #zramSwap.enable = true; + zramSwap.enable = true; zramSwap.numDevices = 2; } -- cgit v1.2.3 From 1e845f7b765c4039f7541fb3542ba2bf76bb323c Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 14 Jan 2016 12:42:52 +0100 Subject: ma 1 omo: use sftp share --- makefu/1systems/omo.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'makefu/1systems/omo.nix') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 3daa74cf..2a657995 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -27,9 +27,12 @@ in { ../2configs/exim-retiolum.nix ../2configs/smart-monitor.nix ../2configs/mail-client.nix + ../2configs/share-user-sftp.nix ../3modules ]; + # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -103,4 +106,5 @@ in { zramSwap.enable = true; zramSwap.numDevices = 2; + } -- cgit v1.2.3 From 2ef651f78d0b8e2bf19f9bdbbfa982a0a5991c22 Mon Sep 17 00:00:00 2001 From: makefu Date: Sat, 16 Jan 2016 01:30:37 +0100 Subject: ma 2 default: useroaming no, omo: provide share --- makefu/1systems/omo.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'makefu/1systems/omo.nix') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 2a657995..e11665fb 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -28,11 +28,11 @@ in { ../2configs/smart-monitor.nix ../2configs/mail-client.nix ../2configs/share-user-sftp.nix + ../2configs/nginx/omo-share.nix ../3modules ]; # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; - # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; @@ -98,7 +98,7 @@ in { networking.firewall.allowedUDPPorts = [ 655 ]; # 8080: sabnzbd - networking.firewall.allowedTCPPorts = [ 655 8080 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; -- cgit v1.2.3 From 908149206b4680c951487d9ddded6636b35cd4d9 Mon Sep 17 00:00:00 2001 From: makefu Date: Sun, 17 Jan 2016 00:40:26 +0100 Subject: ma 1 omo: bump to unstable@2016-01-13 --- makefu/1systems/omo.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'makefu/1systems/omo.nix') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index e11665fb..552af4e4 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -33,6 +33,7 @@ in { ]; # services.openssh.allowSFTP = false; krebs.build.host = config.krebs.hosts.omo; + krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; -- cgit v1.2.3 From d1a371f48b95140279528c2a2ff619d39c177a7c Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Jan 2016 22:00:50 +0100 Subject: ma 1 omo: add samba share --- makefu/1systems/omo.nix | 49 ++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) (limited to 'makefu/1systems/omo.nix') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 552af4e4..9162f2ed 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -32,9 +32,35 @@ in { ../3modules ]; # services.openssh.allowSFTP = false; - krebs.build.host = config.krebs.hosts.omo; krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; + # samba share /media/crypt1/share + users.extraUsers.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/var/empty"; + }; + services.samba = { + enable = true; + shares = { + winshare = { + path = "/media/crypt1/share"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -97,9 +123,22 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ 655 ]; - # 8080: sabnzbd - networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + networking.firewall.allowedUDPPorts = [ + # tinc + 655 + # samba + 137 138 + ]; + networking.firewall.allowedTCPPorts = [ + # nginx + 80 + # tinc + 655 + # samba + 445 139 + # sabnzbd + 8080 + ]; hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; @@ -107,5 +146,5 @@ in { zramSwap.enable = true; zramSwap.numDevices = 2; - + krebs.build.host = config.krebs.hosts.omo; } -- cgit v1.2.3 From f6a3c1f3d6b013641b077baf8ddb3a78e75d8b95 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 27 Jan 2016 22:20:32 +0100 Subject: ma 1 omo: cleanup, fix firewalling --- makefu/1systems/omo.nix | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) (limited to 'makefu/1systems/omo.nix') diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix index 9162f2ed..19183fea 100644 --- a/makefu/1systems/omo.nix +++ b/makefu/1systems/omo.nix @@ -31,11 +31,19 @@ in { ../2configs/nginx/omo-share.nix ../3modules ]; + networking.firewall.trustedInterfaces = [ "enp3s0" ]; + # udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net + # tcp:80 - nginx for sharing files + # tcp:655 udp:655 - tinc + # tcp:8080 - sabnzbd + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 80 655 8080 ]; + # services.openssh.allowSFTP = false; krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce"; # samba share /media/crypt1/share - users.extraUsers.smbguest = { + users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; @@ -61,6 +69,7 @@ in { disable spoolss = yes ''; }; + # copy config from to /var/lib/sabnzbd/ services.sabnzbd.enable = true; systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; @@ -93,6 +102,7 @@ in { ${pkgs.hdparm}/sbin/hdparm -y ${disk} '') allDisks); + # crypto unlocking boot = { initrd.luks = { devices = let @@ -123,23 +133,6 @@ in { extraModulePackages = [ ]; }; - networking.firewall.allowedUDPPorts = [ - # tinc - 655 - # samba - 137 138 - ]; - networking.firewall.allowedTCPPorts = [ - # nginx - 80 - # tinc - 655 - # samba - 445 139 - # sabnzbd - 8080 - ]; - hardware.enableAllFirmware = true; hardware.cpu.amd.updateMicrocode = true; -- cgit v1.2.3