nixos-server/services/media.nix

{ pkgs, lib, ... }: 
{
  name = "media";
  config = {
    services.openssh = {
      enable = true;
      ports = [ 22 ];
      settings = {
        AllowUsers = [ "media" "guest" ];
      };
      extraConfig = ''
      Match Group media
        ChrootDirectory /media
        ForceCommand internal-sftp
        AllowTcpForwarding no
        X11Forwarding no
      '';
    };
    users.users.media = {
      isSystemUser = true;
      group = "media";
      openssh.authorizedKeys.keyFiles = [ ../secrets/id_ed25519.pub ];
    };
    users.users.guest = {
      isSystemUser = true;
      group = "media";
      hashedPassword = pkgs.lib.removeSuffix "\n" 
        (builtins.readFile ../secrets/guest_password);
    };
    users.groups.media = {};
    systemd.tmpfiles.settings.media-dir = 
      let mode = {
        group = "media";
        mode = "0750";
        user = "media";
      }; in {
      "/media/series".d = mode;
      "/media/movies".d = mode;
      "/media/music".d = mode;
    };
  };
  ports = {
    tcp = [ ];
    udp = [ ];
    http = null;
    forward = [
      { container = 22;  host = 2222;  proto = "tcp"; }
    ];
  };
  hosts = [];
  volumes = [{
    name = "media";
    mountPoint = "/media/";
    readOnly = false;
    backup = false;
  }];
}
media server thingy 2024-06-20 18:36:45 +02:00			`{ pkgs, lib, ... }:`
			`{`
			`name = "media";`
			`config = {`
			`services.openssh = {`
			`enable = true;`
			`ports = [ 22 ];`
			`settings = {`
			`AllowUsers = [ "media" "guest" ];`
			`};`
			`extraConfig = ''`
			`Match Group media`
			`ChrootDirectory /media`
			`ForceCommand internal-sftp`
			`AllowTcpForwarding no`
			`X11Forwarding no`
			`'';`
			`};`
			`users.users.media = {`
			`isSystemUser = true;`
			`group = "media";`
			`openssh.authorizedKeys.keyFiles = [ ../secrets/id_ed25519.pub ];`
			`};`
			`users.users.guest = {`
			`isSystemUser = true;`
			`group = "media";`
			`hashedPassword = pkgs.lib.removeSuffix "\n"`
			`(builtins.readFile ../secrets/guest_password);`
			`};`
			`users.groups.media = {};`
			`systemd.tmpfiles.settings.media-dir =`
			`let mode = {`
			`group = "media";`
			`mode = "0750";`
			`user = "media";`
			`}; in {`
			`"/media/series".d = mode;`
			`"/media/movies".d = mode;`
			`"/media/music".d = mode;`
			`};`
			`};`
			`ports = {`
			`tcp = [ ];`
			`udp = [ ];`
			`http = null;`
			`forward = [`
			`{ container = 22; host = 2222; proto = "tcp"; }`
			`];`
			`};`
			`hosts = [];`
			`volumes = [{`
			`name = "media";`
			`mountPoint = "/media/";`
			`readOnly = false;`
			`backup = false;`
			`}];`
			`}`