From 7744efa70a827505e41110fff013d6b5d590d66a Mon Sep 17 00:00:00 2001
From: Rachel Lambda Samuelsson <depsterr@protonmail.com>
Date: Thu, 20 Jun 2024 18:36:45 +0200
Subject: [PATCH] media server thingy

---
 flake.nix              |   1 +
 secrets/guest_password | Bin 0 -> 129 bytes
 services/media.nix     |  57 +++++++++++++++++++++++++++++++++++++++++
 services/smb.nix       |  24 -----------------
 4 files changed, 58 insertions(+), 24 deletions(-)
 create mode 100644 secrets/guest_password
 create mode 100644 services/media.nix
 delete mode 100644 services/smb.nix

diff --git a/flake.nix b/flake.nix
index 3f5381e..2c869a4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,7 @@
               { from = "host"; host.port = 8080;  guest.port = 80;  }
               { from = "host"; host.port = 2222;  guest.port = 22;  }
               { from = "host"; host.port = 22222; guest.port = 222; }
+              { from = "host"; host.port = 2223; guest.port = 2222; }
             ];
           };
         };
diff --git a/secrets/guest_password b/secrets/guest_password
new file mode 100644
index 0000000000000000000000000000000000000000..c0e8ab9053f6c334578b26a420f075685310dafa
GIT binary patch
literal 129
zcmV-{0Dk`fM@dveQdv+`036AvtGWeDNNWEft3Z{bOOaN2v|8^)vxVx|+CTkG&8r)d
zUL4+SB%*3l9a9qyzw45Npe>7|)<lsKm@8mc4I91epI57+c~AkbtA2b&A*tCE<f%3@
jb`l`;Of+kw!X)jRV0SbK{zU)vq>nQn_MFS=Y)(_ex#K*H

literal 0
HcmV?d00001

diff --git a/services/media.nix b/services/media.nix
new file mode 100644
index 0000000..352342a
--- /dev/null
+++ b/services/media.nix
@@ -0,0 +1,57 @@
+{ pkgs, lib, ... }: 
+{
+  name = "media";
+  config = {
+    services.openssh = {
+      enable = true;
+      ports = [ 22 ];
+      settings = {
+        AllowUsers = [ "media" "guest" ];
+      };
+      extraConfig = ''
+      Match Group media
+        ChrootDirectory /media
+        ForceCommand internal-sftp
+        AllowTcpForwarding no
+        X11Forwarding no
+      '';
+    };
+    users.users.media = {
+      isSystemUser = true;
+      group = "media";
+      openssh.authorizedKeys.keyFiles = [ ../secrets/id_ed25519.pub ];
+    };
+    users.users.guest = {
+      isSystemUser = true;
+      group = "media";
+      hashedPassword = pkgs.lib.removeSuffix "\n" 
+        (builtins.readFile ../secrets/guest_password);
+    };
+    users.groups.media = {};
+    systemd.tmpfiles.settings.media-dir = 
+      let mode = {
+        group = "media";
+        mode = "0750";
+        user = "media";
+      }; in {
+      "/media/series".d = mode;
+      "/media/movies".d = mode;
+      "/media/music".d = mode;
+    };
+  };
+  ports = {
+    tcp = [ ];
+    udp = [ ];
+    http = null;
+    forward = [
+      { container = 22;  host = 2222;  proto = "tcp"; }
+    ];
+  };
+  hosts = [];
+  volumes = [{
+    name = "media";
+    mountPoint = "/media/";
+    readOnly = false;
+    backup = false;
+  }];
+}
diff --git a/services/smb.nix b/services/smb.nix
deleted file mode 100644
index d660185..0000000
--- a/services/smb.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ pkgs, lib, ... }: 
-{
-  name = "smb";
-  config = {
-  };
-  ports = {
-    tcp = [ 111 2049 ];
-    udp = [ 111 2049 ];
-    http = null;
-    forward = [
-      { container = 111;  host = 111;  proto = "tcp"; }
-      { container = 111;  host = 111;  proto = "udp"; }
-      { container = 2049; host = 2049; proto = "tcp"; }
-      { container = 2049; host = 2049; proto = "udp"; }
-    ];
-  };
-  hosts = [];
-  volumes = [{
-    name = "smb";
-    mountPoint = "/srv/smb/";
-    readOnly = false;
-    backup = false;
-  }];
-}