rachel/nixos-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rachel:7744efa70a827505e41110fff013d6b5d590d66a
Branches Tags
rachel:master
..
compare: rachel:ef7e407c8528efc251f181229c0f4f8de52529a2
Branches Tags
rachel:master

No commits in common. "7744efa70a827505e41110fff013d6b5d590d66a" and "ef7e407c8528efc251f181229c0f4f8de52529a2" have entirely different histories.
7744efa70a ... ef7e407c85

5 changed files with 24 additions and 60 deletions
Show Stats Expand all files Collapse all files

1
flake.nix
View File

@ -24,7 +24,6 @@
{ from = "host"; host.port = 8080; guest.port = 80; } { from = "host"; host.port = 8080; guest.port = 80; }
{ from = "host"; host.port = 2222; guest.port = 22; } { from = "host"; host.port = 2222; guest.port = 22; }
{ from = "host"; host.port = 22222; guest.port = 222; } { from = "host"; host.port = 22222; guest.port = 222; }
{ from = "host"; host.port = 2223; guest.port = 2222; }
]; ];
}; };
}; };

2
host.nix
View File

@ -53,8 +53,6 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
firewall.allowedUDPPorts = ports.udp; firewall.allowedUDPPorts = ports.udp;
}; };
security.sudo.enable = false;
system.stateVersion = state-version; system.stateVersion = state-version;
}; };
}; };

BIN
secrets/guest_password
View File

Binary file not shown.

57
services/media.nix
View File

@ -1,57 +0,0 @@
{ pkgs, lib, ... }:
{
name = "media";
config = {
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
AllowUsers = [ "media" "guest" ];
};
extraConfig = ''
Match Group media
ChrootDirectory /media
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
'';
};
users.users.media = {
isSystemUser = true;
group = "media";
openssh.authorizedKeys.keyFiles = [ ../secrets/id_ed25519.pub ];
};
users.users.guest = {
isSystemUser = true;
group = "media";
hashedPassword = pkgs.lib.removeSuffix "\n"
(builtins.readFile ../secrets/guest_password);
};
users.groups.media = {};
systemd.tmpfiles.settings.media-dir =
let mode = {
group = "media";
mode = "0750";
user = "media";
}; in {
"/media/series".d = mode;
"/media/movies".d = mode;
"/media/music".d = mode;
};
};
ports = {
tcp = [ ];
udp = [ ];
http = null;
forward = [
{ container = 22; host = 2222; proto = "tcp"; }
];
};
hosts = [];
volumes = [{
name = "media";
mountPoint = "/media/";
readOnly = false;
backup = false;
}];
}

24
services/smb.nix Normal file
View File

@ -0,0 +1,24 @@
{ pkgs, lib, ... }:
{
name = "smb";
config = {
};
ports = {
tcp = [ 111 2049 ];
udp = [ 111 2049 ];
http = null;
forward = [
{ container = 111; host = 111; proto = "tcp"; }
{ container = 111; host = 111; proto = "udp"; }
{ container = 2049; host = 2049; proto = "tcp"; }
{ container = 2049; host = 2049; proto = "udp"; }
];
};
hosts = [];
volumes = [{
name = "smb";
mountPoint = "/srv/smb/";
readOnly = false;
backup = false;
}];
}