diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix index 957e52c..579bdfe 100644 --- a/systems/x86_64-linux/sgx/default.nix +++ b/systems/x86_64-linux/sgx/default.nix @@ -1,6 +1,8 @@ { pkgs, lib, config, ... }: -with lib; -with lib.plusultra; +let + backup_new_path = "/mnt/raid/backup/hoyer/new/"; + restic_repo = "/mnt/backup/restic-repo"; +in { imports = [ ./hardware-configuration.nix ]; @@ -32,8 +34,6 @@ with lib.plusultra; security.tpm2.enable = false; security.tpm2.abrmd.enable = false; - networking.wireless.enable = false; # Enables wireless support via wpa_supplicant. - # services.aesmd.enable = true; services.pcscd.enable = true; @@ -53,4 +53,192 @@ with lib.plusultra; "local_cache_only": false } ''; + + services.netatalk = { + enable = true; + settings = { + Homes = { + "basedir regex" = "/home"; + path = "Public"; + }; + time-machine = { + path = "/mnt/backup/tm_share"; + "valid users" = "harald"; + "time machine" = true; + }; + Qmultimedia = { + path = "/mnt/raid/Qmultimedia"; + }; + }; + }; + + services.avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + userServices = true; + }; + }; + + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + read raw = Yes + write raw = Yes + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 + min receivefile size = 16384 + use sendfile = true + aio read size = 16384 + aio write size = 16384 + workgroup = WORKGROUP + server string = smbnix + netbios name = smbnix + security = user + #max protocol = smb2 + # note: localhost is the ipv6 localhost ::1 + hosts allow = 192.168.178. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + # public = { + # path = "/mnt/Shares/Public"; + # browseable = "yes"; + # "read only" = "no"; + # "guest ok" = "yes"; + # "create mask" = "0644"; + # "directory mask" = "0755"; + # "force user" = "username"; + # "force group" = "groupname"; + # }; + Qmultimedia = { + path = "/mnt/raid/Qmultimedia"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "harald"; + "force group" = "users"; + }; + }; + }; + + services.restic.backups.hoyer_new = { + repository = restic_repo; + passwordFile = config.sops.secrets.backup-pw.path; + timerConfig = { + OnCalendar = "daily"; + FixedRandomDelay = true; + RandomizedDelaySec = "4h"; + Persistent = true; + }; + paths = [ backup_new_path ]; + pruneOpts = [ + "-g host,paths" + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + "--keep-yearly 1" + ]; + backupPrepareCommand = '' + HOME=/root ${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh" --exclude-from /root/excludelist --no-specials --no-devices --numeric-ids --delete-after --partial -axz backup@mx.surfsite.org:/{etc,var,home,root} ${backup_new_path} + ''; + }; + + services.restic.backups.self = { + repository = restic_repo; + #repository = "s3:nas2a6e8f.myqnapcloud.com:8081/backup"; + passwordFile = config.sops.secrets.backup-pw.path; + timerConfig = { + OnCalendar = "daily"; + FixedRandomDelay = true; + RandomizedDelaySec = "4h"; + Persistent = true; + }; + paths = [ + "/etc" + "/var" + "/home" + "/root" + "/persist" + config.services.samba.shares.Qmultimedia.path + ]; + extraBackupArgs = + let + ignorePatterns = [ + "/mnt/raid/backup" + "/mnt/backup" + "/mnt/snap" + "/var/cache" + "/home/*/.local/share/Trash" + "/home/*/.cache" + "/home/*/Downloads" + "/home/*/.npm" + "/home/*/.local/share/containers" + ".cache" + ".tmp" + ".log" + ".Trash" + ]; + ignoreFile = builtins.toFile "ignore" + (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns); + in + [ "--exclude-file=${ignoreFile}" ]; + pruneOpts = [ + "-g host,paths" + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + "--keep-yearly 1" + ]; + }; + + systemd.services.libvirt-guests.after = [ "network-online.target" ]; + virtualisation.libvirtd.enable = true; + + networking.hostName = "sgx"; # Define your hostname. + networking.useDHCP = false; + + #networking.domain = "fritz.box"; + networking.wireless.enable = false; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = false; # use networkd + networking.dhcpcd.enable = false; # use networkd + # services.nscd.enableNsncd = false; + + # systemd-networkd + systemd.network.enable = true; + #systemd.network.wait-online.anyInterface = true; + #systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; + + systemd.network.networks."10-br0" = { + matchConfig.Name = "br0"; + DHCP = "yes"; + linkConfig.RequiredForOnline = "routable"; + linkConfig.RequiredFamilyForOnline = "both"; + }; + + systemd.network.netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + MACAddress = "00:a1:2f:68:07:ea"; + }; + }; + + systemd.network.networks."11-en" = { + linkConfig.RequiredForOnline = "enslaved"; + matchConfig.Name = "enp3s0"; + networkConfig = { + Bridge = "br0"; + }; + }; + + #networking.firewall.allowedTCPPorts = [ 80 443 1883 548 ]; + networking.firewall.allowPing = true; + services.samba.openFirewall = true; + } diff --git a/systems/x86_64-linux/sgx/hardware-configuration.nix b/systems/x86_64-linux/sgx/hardware-configuration.nix index 8e01add..d4fce2a 100644 --- a/systems/x86_64-linux/sgx/hardware-configuration.nix +++ b/systems/x86_64-linux/sgx/hardware-configuration.nix @@ -23,6 +23,7 @@ device = "/dev/disk/by-uuid/7aa17b01-785e-41c6-9723-79195af906c6"; fsType = "btrfs"; options = [ "subvol=@" ]; + neededForBoot = true; }; "/boot" = { @@ -59,39 +60,38 @@ description = "Set to idle"; wantedBy = [ "multi-user.target" ]; after = [ - "dev-sdb.device" - "dev-sdc.device" - "dev-sdd.device" - "dev-sde.device" - "dev-sdf.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C01\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C02\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C03\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C04\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C05\\x2d0:0.device" ]; bindsTo = [ - "dev-sdb.device" - "dev-sdc.device" - "dev-sdd.device" - "dev-sde.device" - "dev-sdf.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C01\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C02\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C03\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C04\\x2d0:0.device" + "dev-disk-by\\x2did-usb\\x2dASMT_ASM235CM_915000000C05\\x2d0:0.device" ]; serviceConfig = { Type = "oneshot"; - ExecStart = "${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdb /dev/sdc /dev/sdd /dev/sde /dev/sdf"; + ExecStart = "${pkgs.hdparm}/sbin/hdparm -S 60 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C01-0:0 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C02-0:0 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C03-0:0 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C04-0:0 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C05-0:0"; }; }; powerManagement.powerUpCommands = '' - ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdb - ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdc - ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdd - ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sde - ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/sdf + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C01-0:0 + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C02-0:0 + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C03-0:0 + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C04-0:0 + ${pkgs.hdparm}/sbin/hdparm -S 60 /dev/disk/by-id/usb-ASMT_ASM235CM_915000000C05-0:0 ''; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + #networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;