Ran nixfmt again. Added nginx to be able to access my media share over HTTP. Torrenting service rework.

2026-02-09 12:29:19 -08:00 · 2020-12-05 18:49:04 +00:00 · 2020-12-05 18:49:04 +00:00 · 31d8f7ed65
commit 31d8f7ed65
parent bfcc1c74e1
9 changed files with 148 additions and 86 deletions
--- a/configuration/hosts/samhain/configuration.nix
+++ b/configuration/hosts/samhain/configuration.nix
@ -6,10 +6,13 @@
    ../../profiles/common
    ../../profiles/desktop
    ../../profiles/gnome
+    ../../profiles/xfce
    ../../profiles/gaming
    ../../profiles/development
    ../../profiles/network
    ../../profiles/yubikey
+    ./services/nginx.nix
+    ./services/torrenting.nix
  ];

  boot.loader.systemd-boot.enable = true;
@ -25,47 +28,6 @@
  networking.firewall.allowedTCPPorts = [ 445 139 9091 ];
  networking.firewall.allowedUDPPorts = [ 137 138 ];

-  services.transmission = {
-    enable = true;
-    home = "/disk/pool-raw/transmission";
-    settings = {
-      download-dir = "/disks/pool-raw/Public/Media/";
-      incomplete-dir = "/disks/pool-raw/Public/Media/.incomplete";
-      incomplete-dir-enabled = true;
-      rpc-bind-address = "0.0.0.0";
-      rpc-whitelist = "127.0.0.1,192.168.1.*";
-    };
-  };
-
-  services.samba = {
-    enable = true;
-    securityType = "user";
-    extraConfig = ''
-      workgroup = WORKGROUP
-      server string = samhain
-      netbios name = samhain
-      security = user 
-      #use sendfile = yes
-      #max protocol = smb2
-      hosts allow = 192.168.1. localhost
-      hosts deny = 0.0.0.0/0
-      guest account = nobody
-      map to guest = bad user
-    '';
-    shares = {
-      media = {
-        path = "/disks/pool-raw/Public/Media";
-        browseable = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "transmission";
-        "force group" = "transmission";
-      };
-    };
-  };
-
  system.stateVersion = "20.09";

 }
--- a/configuration/hosts/samhain/hardware-configuration.nix
+++ b/configuration/hosts/samhain/hardware-configuration.nix
@ -4,52 +4,49 @@
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" =
-    { device = "zroot/safe/root";
+  fileSystems."/" = {
+    device = "zroot/safe/root";
    fsType = "zfs";
  };

-  fileSystems."/home" =
-    { device = "zroot/safe/home";
+  fileSystems."/home" = {
+    device = "zroot/safe/home";
    fsType = "zfs";
  };

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/50C3-BE99";
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/50C3-BE99";
    fsType = "vfat";
  };

-  fileSystems."/disks/pool-protect" =
-    { device = "zstore/protect";
+  fileSystems."/disks/pool-protect" = {
+    device = "zstore/protect";
    fsType = "zfs";
  };

-  fileSystems."/disks/pool-raw" =
-    { device = "zstore/raw";
+  fileSystems."/disks/pool-raw" = {
+    device = "zstore/raw";
    fsType = "zfs";
  };

-  fileSystems."/disks/pool-compress" =
-    { device = "zstore/compress";
+  fileSystems."/disks/pool-compress" = {
+    device = "zstore/compress";
    fsType = "zfs";
  };

-  fileSystems."/disks/excess" =
-    { device = "/dev/disk/by-uuid/0af88a48-ccfd-4e54-9652-a5ae7f74e21d";
+  fileSystems."/disks/excess" = {
+    device = "/dev/disk/by-uuid/0af88a48-ccfd-4e54-9652-a5ae7f74e21d";
    fsType = "xfs";
  };

  swapDevices =
-    [ { device = "/dev/disk/by-uuid/88595373-9566-401b-8c9b-03bbc8314f1b"; }
-    ];
+    [{ device = "/dev/disk/by-uuid/88595373-9566-401b-8c9b-03bbc8314f1b"; }];

 }
--- a/configuration/hosts/samhain/services/nginx.nix
+++ b/configuration/hosts/samhain/services/nginx.nix
@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+    services.nginx = {
+        enable = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        commonHttpConfig = ''
+        map $scheme $hsts_header {
+            https   "max-age=31536000; includeSubdomains; preload";
+        }
+        add_header Strict-Transport-Security $hsts_header;
+        #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+        add_header 'Referrer-Policy' 'origin-when-cross-origin';
+        #add_header X-Frame-Options DENY;
+        #add_header X-Content-Type-Options nosniff;
+        #add_header X-XSS-Protection "1; mode=block";
+        #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+        '';
+    };
+}
--- a/configuration/hosts/samhain/services/torrenting.nix
+++ b/configuration/hosts/samhain/services/torrenting.nix
@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+{
+    services.transmission = let transmission-done-script = pkgs.writeScriptBin "script" ''
+          #!${pkgs.bash}/bin/bash
+          set -e
+          if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
+             cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
+             if [ ! -z "*.rar" ]; then
+                ${pkgs.unrar}/bin/unrar x "*.rar"
+             fi
+             chmod ugo=rwX .
+          fi'';
+      in {
+    enable = true;
+    home = "/disks/pool-raw/transmission";
+    downloadDirPermissions = "755";
+    settings = {
+      download-dir = "/disks/pool-raw/Public/Media/";
+      incomplete-dir = "/disks/pool-raw/Public/Media/.incomplete";
+      incomplete-dir-enabled = true;
+      rpc-bind-address = "0.0.0.0";
+      rpc-whitelist = "127.0.0.1,192.168.1.*";
+      script-torrent-done-enabled = true;
+      script-torrent-done-filename = "${transmission-done-script}/bin/script";
+      umask = 0;
+    };
+  };
+
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = samhain
+      netbios name = samhain
+      security = user 
+      #use sendfile = yes
+      #max protocol = smb2
+      hosts allow = 192.168.1. localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      media = {
+        path = "/disks/pool-raw/Public/Media";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "transmission";
+        "force group" = "transmission";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts = {
+      "192.168.1.135" = {
+          locations."/share/" = {
+              alias = "/disks/pool-raw/Public/Media/";
+              extraConfig = "autoindex on;";
+          };
+      };
+   };
+}
--- a/configuration/profiles/desktop/default.nix
+++ b/configuration/profiles/desktop/default.nix
@ -8,6 +8,8 @@ let
 in {
  nixpkgs.config = { mumble.speechdSupport = true; };

+  environment.systemPackages = [ pkgs.redshift ];
+
  home-manager.users.kat = {
    home.packages = [
      pkgs._1password
@ -47,6 +49,12 @@ in {
      indicator = true;
    };

+    services.redshift = {
+      enable = true;
+      latitude = "51.5074";
+      longitude = "0.1278";
+    };
+
    gtk = {
      enable = true;
      iconTheme = {
@ -54,7 +62,7 @@ in {
        package = pkgs.numix-icon-theme-square;
      };
      theme = {
-        name = "Arc-Dark";
+        name = "Arc";
        package = pkgs.arc-theme;
      };
    };
--- a/configuration/profiles/development/default.nix
+++ b/configuration/profiles/development/default.nix
@ -2,6 +2,8 @@
  environment.systemPackages = [ pkgs.php pkgs.php74Packages.composer2 ];

  home-manager.users.kat = {
+    programs.go.enable = true;
+
    home.packages = [
      pkgs.jetbrains.clion
      pkgs.jetbrains.idea-ultimate
--- a/configuration/profiles/gnome/default.nix
+++ b/configuration/profiles/gnome/default.nix
@ -13,7 +13,9 @@
      pkgs.gnomeExtensions.appindicator
      pkgs.gnomeExtensions.dash-to-dock
      pkgs.gnomeExtensions.arc-menu
+      pkgs.pcmanfm
      pkgs.xfce.thunar
+      pkgs.xfce.thunar-volman
    ];
  };

--- a/configuration/profiles/xfce/default.nix
+++ b/configuration/profiles/xfce/default.nix
@ -1,6 +1,6 @@
 { config, lib, pkgs, ... }: {
  services.xserver.enable = true;
-  services.xserver.displayManager.lightdm.enable = true;
+  #services.xserver.displayManager.lightdm.enable = true;
  services.xserver.desktopManager.xfce.enable = true;
  services.gvfs = {
    enable = true;
@ -16,5 +16,6 @@
    pkgs.xfce.xfce4-pulseaudio-plugin
    pkgs.xfce.xfce4-whiskermenu-plugin
    pkgs.xfce.xfce4-screenshooter
+    pkgs.xfce.thunar-volman
  ];
 }