From 46e563dde1dea83c462565f04ac32c3354823383 Mon Sep 17 00:00:00 2001 From: Kaybee Date: Tue, 10 Jun 2025 19:55:05 +0200 Subject: [PATCH] Configured SMB Shares --- .../nixos/services/traefik-proxy/default.nix | 2 - modules/nixos/suites/nas/default.nix | 94 ++++++++++++++++--- modules/nixos/suites/nas/jellyfin.nix | 41 -------- modules/nixos/suites/nas/kavita.nix | 42 --------- systems/x86_64-linux/mow0m/default.nix | 7 ++ 5 files changed, 88 insertions(+), 98 deletions(-) delete mode 100644 modules/nixos/suites/nas/jellyfin.nix delete mode 100644 modules/nixos/suites/nas/kavita.nix diff --git a/modules/nixos/services/traefik-proxy/default.nix b/modules/nixos/services/traefik-proxy/default.nix index e4e6f7e..95f7694 100644 --- a/modules/nixos/services/traefik-proxy/default.nix +++ b/modules/nixos/services/traefik-proxy/default.nix @@ -32,7 +32,6 @@ in websecure = { address = ":443"; asDefault = true; - http.tls.certResolver = "letsencrypt"; }; }; }; @@ -42,7 +41,6 @@ in # Configure Letsencrypt services.traefik.staticConfigOptions = { certificatesResolvers.letsencrypt.acme = { - email = "kb01@kb-one.de"; tlsChallenge = {}; storage = "/var/secrets/traefik/acme.json"; }; diff --git a/modules/nixos/suites/nas/default.nix b/modules/nixos/suites/nas/default.nix index f6ab990..70cbaf4 100644 --- a/modules/nixos/suites/nas/default.nix +++ b/modules/nixos/suites/nas/default.nix @@ -10,10 +10,12 @@ let cfg = config.suites.nas; in { - imports = [ - ./jellyfin.nix - ./kavita.nix - ]; + # imports = [ + # ]; + + ########### + # Options # + ########### options.suites.nas.enable = lib.mkOption { type = with lib.types; uniq bool; default = false; @@ -31,18 +33,22 @@ in }; options.suites.nas.media.folder = lib.mkOption { type = with lib.types; str; - default = "/home/media/media"; + default = "/home/media"; description = "Media Root Directory"; }; + options.suites.nas.media.servers.enable = lib.mkOption { + type = with lib.types; uniq bool; + default = true; + description = "Enable Preconfigured Media Servers"; + }; - # Media Config - config = lib.mkIf (cfg.enable && cfg.media.enable) { - # Media Defaults - suites.nas.media.jellyfin.enable = true; - suites.nas.media.kavita.enable = false; + # NAS Config + config = lib.mkIf (cfg.enable) { - # Create Media User + ######### + # Users # + ######### users.groups.media = {}; users.users.media = { isSystemUser = true; @@ -52,8 +58,70 @@ in home = "/home/media"; }; + ################## + # Network Drives # + ################## + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + # Discorvery + "workgroup" = "WORKGROUP"; + "netbios name" = "mow0m"; + "netbios aliases" = ""; + "server string" = "mow0m Server"; + # Guest Access + #"restrict anonymous" = "0"; # Default 0 + "guest account" = "nobody"; + "map to guest" = "Bad User"; + # Security + "local master" = "True"; + "create mask" = "0664"; + "directory mask" = "0775"; + #"ntlm auth" = "False"; + security = "user"; + "invalid users" = [ "root" ]; + "passwd program" = "/run/wrappers/bin/passwd %u"; + # Networking + "winbind request timeout" = "2"; + }; + media = { + comment = "Public Media Share"; + browsable = "yes"; + "guest ok" = "yes"; # same as public = true + "writable" = "yes"; + path = "/laowu/media"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "media"; + "force group" = "media"; + }; + }; + }; + services.samba-wsdd = { # Web Service Discorvery Daemon + enable = true; + openFirewall = true; + }; + networking.firewall.allowPing = true; + + + ################# + # Media Servers # + ################# + # Jellyfin + services.jellyfin.enable = cfg.media.servers.enable; + services.jellyfin.user = "media"; + services.traefik.dynamicConfigOptions = { + http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; + http.routers.jellyfin.entrypoints = "websecure"; + http.routers.jellyfin.tls = true; + #http.routers.jellyfin.tls.certresolver = "letsencrypt"; + http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)"; + http.routers.jellyfin.service = "jellyfin"; + }; + + }; - } - diff --git a/modules/nixos/suites/nas/jellyfin.nix b/modules/nixos/suites/nas/jellyfin.nix deleted file mode 100644 index 8537137..0000000 --- a/modules/nixos/suites/nas/jellyfin.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.nas.media.jellyfin; -in -{ - options.suites.nas.media.jellyfin.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Preconfigured Jellyfin Config"; - }; - options.suites.nas.media.jellyfin.subdomain = lib.mkOption { - type = with lib.types; string; - default = "watch"; - description = "Subdomain for Jellyfin Server"; - }; - - config = lib.mkIf (cfg.enable) { - - services.jellyfin.enable = true; - services.jellyfin.user = "media"; - - # Configure Reverse-Proxy - services.traefik.dynamicConfigOptions = { - http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; - http.routers.jellyfin.entrypoints = "websecure"; - http.routers.jellyfin.tls = true; - #http.routers.jellyfin.tls.certresolver = "letsencrypt"; - http.routers.jellyfin.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)"; - http.routers.jellyfin.service = "jellyfin"; - }; - - }; -} - diff --git a/modules/nixos/suites/nas/kavita.nix b/modules/nixos/suites/nas/kavita.nix deleted file mode 100644 index d6d9a24..0000000 --- a/modules/nixos/suites/nas/kavita.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.nas.media.kavita; -in -{ - options.suites.nas.media.kavita.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Preconfigured kavita Config"; - }; - options.suites.nas.media.kavita.subdomain = lib.mkOption { - type = with lib.types; string; - default = "read"; - description = "Kavita Subdomain"; - }; - - config = lib.mkIf (cfg.enable) { - - services.kavita.enable = true; - services.kavita.user = "media"; - services.kavita.tokenKeyFile = "/home/media/secrets/kavita-secret"; - - # Configure Reverse-Proxy - services.traefik.dynamicConfigOptions = { - http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ]; - http.routers.kavita.entrypoints = "websecure"; - http.routers.kavita.tls = true; - #http.routers.kavita.tls.certresolver = "letsencrypt"; - http.routers.kavita.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)"; - http.routers.kavita.service = "kavita"; - }; - - }; -} - diff --git a/systems/x86_64-linux/mow0m/default.nix b/systems/x86_64-linux/mow0m/default.nix index e5dc6fa..cd7928c 100644 --- a/systems/x86_64-linux/mow0m/default.nix +++ b/systems/x86_64-linux/mow0m/default.nix @@ -73,6 +73,13 @@ services.asterisk-phony.enable = true; + # Enable NAS Suite + suites.nas.enable = true; + suites.nas.domain = "mow0m.lan"; + suites.nas.media.enable = true; + suites.nas.media.folder = "/laowu/media"; + suites.nas.media.servers.enable = false; + # Firewall # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];