From 31d8f7ed6508c54b7f0526e09162e3c96135729f Mon Sep 17 00:00:00 2001
From: kat witch <kat@kittywit.ch>
Date: Sat, 5 Dec 2020 18:49:04 +0000
Subject: [PATCH] Ran nixfmt again. Added nginx to be able to access my media
 share over HTTP. Torrenting service rework.

---
 configuration/hosts/samhain/configuration.nix | 44 +-----------
 .../hosts/samhain/hardware-configuration.nix  | 63 +++++++++--------
 .../hosts/samhain/services/nginx.nix          | 23 +++++++
 .../hosts/samhain/services/torrenting.nix     | 67 +++++++++++++++++++
 configuration/profiles/common/default.nix     |  4 +-
 configuration/profiles/desktop/default.nix    | 10 ++-
 .../profiles/development/default.nix          |  2 +
 configuration/profiles/gnome/default.nix      |  2 +
 configuration/profiles/xfce/default.nix       | 19 +++---
 9 files changed, 148 insertions(+), 86 deletions(-)
 create mode 100644 configuration/hosts/samhain/services/nginx.nix
 create mode 100644 configuration/hosts/samhain/services/torrenting.nix

diff --git a/configuration/hosts/samhain/configuration.nix b/configuration/hosts/samhain/configuration.nix
index 84bb76c4..15ce935c 100644
--- a/configuration/hosts/samhain/configuration.nix
+++ b/configuration/hosts/samhain/configuration.nix
@@ -6,10 +6,13 @@
     ../../profiles/common
     ../../profiles/desktop
     ../../profiles/gnome
+    ../../profiles/xfce
     ../../profiles/gaming
     ../../profiles/development
     ../../profiles/network
     ../../profiles/yubikey
+    ./services/nginx.nix
+    ./services/torrenting.nix
   ];
 
   boot.loader.systemd-boot.enable = true;
@@ -25,47 +28,6 @@
   networking.firewall.allowedTCPPorts = [ 445 139 9091 ];
   networking.firewall.allowedUDPPorts = [ 137 138 ];
 
-  services.transmission = {
-    enable = true;
-    home = "/disk/pool-raw/transmission";
-    settings = {
-      download-dir = "/disks/pool-raw/Public/Media/";
-      incomplete-dir = "/disks/pool-raw/Public/Media/.incomplete";
-      incomplete-dir-enabled = true;
-      rpc-bind-address = "0.0.0.0";
-      rpc-whitelist = "127.0.0.1,192.168.1.*";
-    };
-  };
-
-  services.samba = {
-    enable = true;
-    securityType = "user";
-    extraConfig = ''
-      workgroup = WORKGROUP
-      server string = samhain
-      netbios name = samhain
-      security = user 
-      #use sendfile = yes
-      #max protocol = smb2
-      hosts allow = 192.168.1. localhost
-      hosts deny = 0.0.0.0/0
-      guest account = nobody
-      map to guest = bad user
-    '';
-    shares = {
-      media = {
-        path = "/disks/pool-raw/Public/Media";
-        browseable = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "transmission";
-        "force group" = "transmission";
-      };
-    };
-  };
-
   system.stateVersion = "20.09";
 
 }
diff --git a/configuration/hosts/samhain/hardware-configuration.nix b/configuration/hosts/samhain/hardware-configuration.nix
index e9d67b2a..230044c4 100644
--- a/configuration/hosts/samhain/hardware-configuration.nix
+++ b/configuration/hosts/samhain/hardware-configuration.nix
@@ -4,52 +4,49 @@
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "zroot/safe/root";
-      fsType = "zfs";
-    };
+  fileSystems."/" = {
+    device = "zroot/safe/root";
+    fsType = "zfs";
+  };
 
-  fileSystems."/home" =
-    { device = "zroot/safe/home";
-      fsType = "zfs";
-    };
+  fileSystems."/home" = {
+    device = "zroot/safe/home";
+    fsType = "zfs";
+  };
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/50C3-BE99";
-      fsType = "vfat";
-    };
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/50C3-BE99";
+    fsType = "vfat";
+  };
 
-  fileSystems."/disks/pool-protect" =
-    { device = "zstore/protect";
-      fsType = "zfs";
-    };
+  fileSystems."/disks/pool-protect" = {
+    device = "zstore/protect";
+    fsType = "zfs";
+  };
 
-  fileSystems."/disks/pool-raw" =
-    { device = "zstore/raw";
-      fsType = "zfs";
-    };
+  fileSystems."/disks/pool-raw" = {
+    device = "zstore/raw";
+    fsType = "zfs";
+  };
 
-  fileSystems."/disks/pool-compress" =
-    { device = "zstore/compress";
-      fsType = "zfs";
-    };
+  fileSystems."/disks/pool-compress" = {
+    device = "zstore/compress";
+    fsType = "zfs";
+  };
 
-  fileSystems."/disks/excess" =
-    { device = "/dev/disk/by-uuid/0af88a48-ccfd-4e54-9652-a5ae7f74e21d";
-      fsType = "xfs";
-    };
+  fileSystems."/disks/excess" = {
+    device = "/dev/disk/by-uuid/0af88a48-ccfd-4e54-9652-a5ae7f74e21d";
+    fsType = "xfs";
+  };
 
   swapDevices =
-    [ { device = "/dev/disk/by-uuid/88595373-9566-401b-8c9b-03bbc8314f1b"; }
-    ];
+    [{ device = "/dev/disk/by-uuid/88595373-9566-401b-8c9b-03bbc8314f1b"; }];
 
 }
diff --git a/configuration/hosts/samhain/services/nginx.nix b/configuration/hosts/samhain/services/nginx.nix
new file mode 100644
index 00000000..27921d32
--- /dev/null
+++ b/configuration/hosts/samhain/services/nginx.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+    services.nginx = {
+        enable = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        commonHttpConfig = ''
+        map $scheme $hsts_header {
+            https   "max-age=31536000; includeSubdomains; preload";
+        }
+        add_header Strict-Transport-Security $hsts_header;
+        #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+        add_header 'Referrer-Policy' 'origin-when-cross-origin';
+        #add_header X-Frame-Options DENY;
+        #add_header X-Content-Type-Options nosniff;
+        #add_header X-XSS-Protection "1; mode=block";
+        #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+        '';
+    };
+}
\ No newline at end of file
diff --git a/configuration/hosts/samhain/services/torrenting.nix b/configuration/hosts/samhain/services/torrenting.nix
new file mode 100644
index 00000000..ab5c254d
--- /dev/null
+++ b/configuration/hosts/samhain/services/torrenting.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+{
+    services.transmission = let transmission-done-script = pkgs.writeScriptBin "script" ''
+          #!${pkgs.bash}/bin/bash
+          set -e
+          if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
+             cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
+             if [ ! -z "*.rar" ]; then
+                ${pkgs.unrar}/bin/unrar x "*.rar"
+             fi
+             chmod ugo=rwX .
+          fi'';
+      in {
+    enable = true;
+    home = "/disks/pool-raw/transmission";
+    downloadDirPermissions = "755";
+    settings = {
+      download-dir = "/disks/pool-raw/Public/Media/";
+      incomplete-dir = "/disks/pool-raw/Public/Media/.incomplete";
+      incomplete-dir-enabled = true;
+      rpc-bind-address = "0.0.0.0";
+      rpc-whitelist = "127.0.0.1,192.168.1.*";
+      script-torrent-done-enabled = true;
+      script-torrent-done-filename = "${transmission-done-script}/bin/script";
+      umask = 0;
+    };
+  };
+
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = samhain
+      netbios name = samhain
+      security = user 
+      #use sendfile = yes
+      #max protocol = smb2
+      hosts allow = 192.168.1. localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      media = {
+        path = "/disks/pool-raw/Public/Media";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "transmission";
+        "force group" = "transmission";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts = {
+      "192.168.1.135" = {
+          locations."/share/" = {
+              alias = "/disks/pool-raw/Public/Media/";
+              extraConfig = "autoindex on;";
+          };
+      };
+   };
+}
\ No newline at end of file
diff --git a/configuration/profiles/common/default.nix b/configuration/profiles/common/default.nix
index 48401235..5b27aea4 100644
--- a/configuration/profiles/common/default.nix
+++ b/configuration/profiles/common/default.nix
@@ -7,8 +7,8 @@ let
   };
   nixpkgs-master = import
     (fetchTarball "https://github.com/NixOS/nixpkgs/archive/master.tar.gz") {
-     config.allowUnfree = true;
-   };
+      config.allowUnfree = true;
+    };
 in {
   imports = [ ../../../modules "${home-manager}/nixos" ./pbb.nix ./users.nix ];
 
diff --git a/configuration/profiles/desktop/default.nix b/configuration/profiles/desktop/default.nix
index a3e06084..5b286eb1 100644
--- a/configuration/profiles/desktop/default.nix
+++ b/configuration/profiles/desktop/default.nix
@@ -8,6 +8,8 @@ let
 in {
   nixpkgs.config = { mumble.speechdSupport = true; };
 
+  environment.systemPackages = [ pkgs.redshift ];
+
   home-manager.users.kat = {
     home.packages = [
       pkgs._1password
@@ -47,6 +49,12 @@ in {
       indicator = true;
     };
 
+    services.redshift = {
+      enable = true;
+      latitude = "51.5074";
+      longitude = "0.1278";
+    };
+
     gtk = {
       enable = true;
       iconTheme = {
@@ -54,7 +62,7 @@ in {
         package = pkgs.numix-icon-theme-square;
       };
       theme = {
-        name = "Arc-Dark";
+        name = "Arc";
         package = pkgs.arc-theme;
       };
     };
diff --git a/configuration/profiles/development/default.nix b/configuration/profiles/development/default.nix
index c75b3e0f..fb831d0b 100644
--- a/configuration/profiles/development/default.nix
+++ b/configuration/profiles/development/default.nix
@@ -2,6 +2,8 @@
   environment.systemPackages = [ pkgs.php pkgs.php74Packages.composer2 ];
 
   home-manager.users.kat = {
+    programs.go.enable = true;
+
     home.packages = [
       pkgs.jetbrains.clion
       pkgs.jetbrains.idea-ultimate
diff --git a/configuration/profiles/gnome/default.nix b/configuration/profiles/gnome/default.nix
index 9a02c5d6..0509acf4 100644
--- a/configuration/profiles/gnome/default.nix
+++ b/configuration/profiles/gnome/default.nix
@@ -13,7 +13,9 @@
       pkgs.gnomeExtensions.appindicator
       pkgs.gnomeExtensions.dash-to-dock
       pkgs.gnomeExtensions.arc-menu
+      pkgs.pcmanfm
       pkgs.xfce.thunar
+      pkgs.xfce.thunar-volman
     ];
   };
 
diff --git a/configuration/profiles/xfce/default.nix b/configuration/profiles/xfce/default.nix
index 55be1c63..5f55f3ad 100644
--- a/configuration/profiles/xfce/default.nix
+++ b/configuration/profiles/xfce/default.nix
@@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }: {
   services.xserver.enable = true;
-  services.xserver.displayManager.lightdm.enable = true;
+  #services.xserver.displayManager.lightdm.enable = true;
   services.xserver.desktopManager.xfce.enable = true;
   services.gvfs = {
     enable = true;
@@ -8,13 +8,14 @@
   };
 
   environment.systemPackages = [
-      pkgs.xfce.xfce4-terminal
-      pkgs.xfce.thunar
-      pkgs.xfce.orage
-      pkgs.xfce.xfce4-battery-plugin
-      pkgs.xfce.xfce4-sensors-plugin
-      pkgs.xfce.xfce4-pulseaudio-plugin
-      pkgs.xfce.xfce4-whiskermenu-plugin
-      pkgs.xfce.xfce4-screenshooter
+    pkgs.xfce.xfce4-terminal
+    pkgs.xfce.thunar
+    pkgs.xfce.orage
+    pkgs.xfce.xfce4-battery-plugin
+    pkgs.xfce.xfce4-sensors-plugin
+    pkgs.xfce.xfce4-pulseaudio-plugin
+    pkgs.xfce.xfce4-whiskermenu-plugin
+    pkgs.xfce.xfce4-screenshooter
+    pkgs.xfce.thunar-volman
   ];
 }