From 8342f5a72b5351a4fe420691b223f3f991232bfd Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Sat, 14 Dec 2024 23:07:48 +0100 Subject: [PATCH 01/12] igor: disable mysql due to startup issues --- hosts/igor/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 0517cbf..81b4421 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -97,7 +97,7 @@ config.services.libinput.enable = true; config.services.mysql = { - enable = true; + enable = false; package = pkgs.mariadb; ensureUsers = [ { From 499ff0ef62c766f42f8574f29f03b47778273766 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Sun, 15 Dec 2024 21:43:15 +0100 Subject: [PATCH 02/12] igor: Enable mysql port --- hosts/igor/default.nix | 13 ++++-- hosts/igor/hardware-configuration.nix | 58 +++++++++++++-------------- 2 files changed, 39 insertions(+), 32 deletions(-) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 81b4421..0adfa87 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -1,6 +1,7 @@ { inputs, pkgs, + config, ... }: @@ -24,7 +25,7 @@ config.boot.loader.grub.efiInstallAsRemovable = true; #config.boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. - config.boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only + config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only config.security.sudo.wheelNeedsPassword = false; @@ -51,6 +52,9 @@ ]; firewall.enable = true; + firewall.allowedTCPPorts = [ + config.services.mysql.settings.mysqld.port + ]; }; config.security.sudo = { @@ -97,16 +101,18 @@ config.services.libinput.enable = true; config.services.mysql = { - enable = false; + enable = true; package = pkgs.mariadb; ensureUsers = [ { name = "mediathekview"; ensurePermissions = { - "mediathekview.*" = "ALL PERMISSIONS"; + "mediathekview.*" = "ALL PRIVILEGES"; }; } ]; + + ensureDatabases = [ "mediathekview" ]; }; config.programs.firefox.enable = true; @@ -126,6 +132,7 @@ waybar hyprpaper wofi + tmux ]; config.programs.hyprland = { diff --git a/hosts/igor/hardware-configuration.nix b/hosts/igor/hardware-configuration.nix index 57ea11e..9e0001b 100644 --- a/hosts/igor/hardware-configuration.nix +++ b/hosts/igor/hardware-configuration.nix @@ -26,35 +26,35 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - # fileSystems."/" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=rootfs" ]; - # }; - - # fileSystems."/.swapvol" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=swap" ]; - # }; - - # fileSystems."/boot" = - # { device = "/dev/disk/by-uuid/2EDA-47FD"; - # fsType = "vfat"; - # options = [ "fmask=0022" "dmask=0022" ]; - # }; - - # fileSystems."/home" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=home" ]; - # }; - - # fileSystems."/nix" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=nix" ]; - # }; +# fileSystems."/" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=rootfs" ]; +# }; +# +# fileSystems."/.swapvol" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=swap" ]; +# }; +# +# fileSystems."/boot" = +# { device = "/dev/disk/by-uuid/2EDA-47FD"; +# fsType = "vfat"; +# options = [ "fmask=0022" "dmask=0022" ]; +# }; +# +# fileSystems."/home" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=home" ]; +# }; +# +# fileSystems."/nix" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=nix" ]; +# }; swapDevices = [ ]; From d214fb8aa0420b484f65e93f418bc2f5da831cc5 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Mon, 16 Dec 2024 08:53:31 +0100 Subject: [PATCH 03/12] vsftpd: Switch to virtual users --- modules/vsftpd/default.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/vsftpd/default.nix b/modules/vsftpd/default.nix index 0d82f67..5d07f21 100644 --- a/modules/vsftpd/default.nix +++ b/modules/vsftpd/default.nix @@ -6,11 +6,10 @@ writeEnable = true; chrootlocalUser = true; allowWriteableChroot = true; - userlist = [ "scan" ]; - }; - - config.users.users.scan = { - isNormalUser = true; + userDbPath = "/etc/vsftpd/users"; + enableVirtualUsers = true; + virtualUseLocalPrivs = true; + localRoot = "/var/lib/vsftpd"; }; config.networking.firewall.allowedTCPPorts = [ 21 ]; From 2a931e3cc63d7f332043444d0fb0ef234afe0617 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Mon, 16 Dec 2024 23:53:34 +0100 Subject: [PATCH 04/12] igor: Configure wifi declaratively --- hosts/igor/default.nix | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 0adfa87..2312b77 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -32,24 +32,20 @@ config.networking = { hostName = "igor"; domain = "failco.de"; - wireless.enable = false; - useDHCP = false; - enableIPv6 = false; - networkmanager.enable = true; - interfaces.enp0s25 = { - ipv4.addresses = [ - { - address = "192.168.178.2"; - prefixLength = 24; - } - ]; + + wireless = { + enable = true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + secretsFile = "/etc/wireless.conf"; + networks = { + Prapsschnalinen.pskRaw = "ext:home"; + }; }; - defaultGateway = "192.168.178.1"; - nameservers = [ - "192.168.178.1" - "1.1.1.1" - "8.8.8.8" - ]; + + useDHCP = true; + enableIPv6 = true; + networkmanager.enable = false; firewall.enable = true; firewall.allowedTCPPorts = [ From 93890cb591b11e65277eff972a23bd5b64cc3636 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Mon, 16 Dec 2024 23:58:28 +0100 Subject: [PATCH 05/12] igor: do not create db and user --- hosts/igor/default.nix | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 2312b77..c0f9549 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -99,16 +99,6 @@ config.services.mysql = { enable = true; package = pkgs.mariadb; - ensureUsers = [ - { - name = "mediathekview"; - ensurePermissions = { - "mediathekview.*" = "ALL PRIVILEGES"; - }; - } - ]; - - ensureDatabases = [ "mediathekview" ]; }; config.programs.firefox.enable = true; From 9cc0f071de120e55178386f70359f7fd832b9d15 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Tue, 17 Dec 2024 02:08:12 +0100 Subject: [PATCH 06/12] igor: Enable direnv --- hosts/igor/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index c0f9549..ffbbc50 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -121,6 +121,11 @@ tmux ]; + config.programs.direnv = { + enable = true; + silent = true; + }; + config.programs.hyprland = { enable = true; withUWSM = true; From 01f8ccd84ebc1a685b88d2c23cb30b83e3aeb7b3 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Tue, 17 Dec 2024 02:09:52 +0100 Subject: [PATCH 07/12] vsftpd: Add port 20 to firewall rules --- modules/vsftpd/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/vsftpd/default.nix b/modules/vsftpd/default.nix index 5d07f21..770f214 100644 --- a/modules/vsftpd/default.nix +++ b/modules/vsftpd/default.nix @@ -12,5 +12,5 @@ localRoot = "/var/lib/vsftpd"; }; - config.networking.firewall.allowedTCPPorts = [ 21 ]; + config.networking.firewall.allowedTCPPorts = [ 20 21 ]; } From 65e8138c066e20c3b89be04a5263eaa103ccfcaf Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Tue, 17 Dec 2024 02:49:45 +0100 Subject: [PATCH 08/12] igor: Install lftp --- hosts/igor/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index ffbbc50..b2f834c 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -119,6 +119,7 @@ hyprpaper wofi tmux + lftp ]; config.programs.direnv = { From c256cf8f02ee492d41b1f25dbb7e9881a1f3ba7e Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Tue, 17 Dec 2024 02:50:50 +0100 Subject: [PATCH 09/12] vsftpd: Move ftp dir into subdir of home --- modules/vsftpd/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/vsftpd/default.nix b/modules/vsftpd/default.nix index 770f214..cc801ef 100644 --- a/modules/vsftpd/default.nix +++ b/modules/vsftpd/default.nix @@ -5,11 +5,10 @@ localUsers = true; writeEnable = true; chrootlocalUser = true; - allowWriteableChroot = true; userDbPath = "/etc/vsftpd/users"; enableVirtualUsers = true; virtualUseLocalPrivs = true; - localRoot = "/var/lib/vsftpd"; + localRoot = "/var/lib/vsftpd/data"; }; config.networking.firewall.allowedTCPPorts = [ 20 21 ]; From 0fb9ad732a2acee0983b895f2aae5344d7704a04 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Wed, 18 Dec 2024 00:27:42 +0100 Subject: [PATCH 10/12] vsftpd: Set umask so that paperless may read --- hosts/igor/syncthing.nix | 27 +++++++++++++++++++++++++++ modules/vsftpd/default.nix | 1 + 2 files changed, 28 insertions(+) create mode 100644 hosts/igor/syncthing.nix diff --git a/hosts/igor/syncthing.nix b/hosts/igor/syncthing.nix new file mode 100644 index 0000000..4e18d38 --- /dev/null +++ b/hosts/igor/syncthing.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: +{ + config.services.syncthing = { + enable = true; + + user = "vsftpd"; + group = "vsftpd"; + + devices = { + thrall = { + id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF"; + addresses = [ "tcp://195.90.211.228:22000" ]; + }; + }; + + folders = { + "/var/lib/vsftpd/data/upload" = { + id = "paperless"; + devices = [ "thrall" ]; + versioning = { + type = "trashcan"; + params.cleanoutDays = "90"; + }; + }; + }; + }; +} diff --git a/modules/vsftpd/default.nix b/modules/vsftpd/default.nix index cc801ef..02c1065 100644 --- a/modules/vsftpd/default.nix +++ b/modules/vsftpd/default.nix @@ -9,6 +9,7 @@ enableVirtualUsers = true; virtualUseLocalPrivs = true; localRoot = "/var/lib/vsftpd/data"; + extraConfig = "local_umask=002"; }; config.networking.firewall.allowedTCPPorts = [ 20 21 ]; From 5e47764aefc2ac3b5e5c30c0d541480521bf8023 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Wed, 18 Dec 2024 00:30:06 +0100 Subject: [PATCH 11/12] igor: Setup syncthing --- hosts/igor/default.nix | 1 + hosts/igor/syncthing.nix | 10 ++++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index b2f834c..3b29162 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -10,6 +10,7 @@ inputs.disko.nixosModules.disko ./hardware-configuration.nix ./disko-config.nix + ./syncthing.nix ../../modules/security.nix ../../modules/nix-config.nix ../../modules/timezone.nix diff --git a/hosts/igor/syncthing.nix b/hosts/igor/syncthing.nix index 4e18d38..9656614 100644 --- a/hosts/igor/syncthing.nix +++ b/hosts/igor/syncthing.nix @@ -6,16 +6,18 @@ user = "vsftpd"; group = "vsftpd"; - devices = { + dataDir = "/var/lib/vsftpd"; + + settings.devices = { thrall = { id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF"; addresses = [ "tcp://195.90.211.228:22000" ]; }; }; - folders = { - "/var/lib/vsftpd/data/upload" = { - id = "paperless"; + settings.folders = { + paperless = { + path = "${config.services.vsftpd.localRoot}/scan"; devices = [ "thrall" ]; versioning = { type = "trashcan"; From e09392238880f5f9821ee6efd082b2136c588ecc Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Wed, 18 Dec 2024 10:16:04 +0100 Subject: [PATCH 12/12] igor: Install devenv --- hosts/igor/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 3b29162..826ed59 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -111,6 +111,7 @@ isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; + packages = [ pkgs.devenv ]; }; config.environment.systemPackages = with pkgs; [