More server prep

2024-12-22 22:02:10 -05:00 · 2024-12-22 22:02:10 -05:00 · 5f6e8ef364
commit 5f6e8ef364
parent 829459865c
17 changed files with 103 additions and 124 deletions
--- a/modules/system/accounts/groups/nfsShare/default.nix
+++ b/modules/system/accounts/groups/nfsShare/default.nix
@ -1,6 +1,4 @@
 { ... }:
 {
-  users.groups.nfsShare = {
-    gid = 983;
-  };
+  users.groups.nfsShare.gid = 983;
 }
--- a/modules/system/devices/boot/lanzaboote/default.nix
+++ b/modules/system/devices/boot/lanzaboote/default.nix
@ -12,13 +12,11 @@
  config = lib.mkIf config.system.lanzaboote.enable {
    boot = {
      loader.systemd-boot.enable = lib.mkForce false;
-
      lanzaboote = {
        enable = true;
        pkiBundle = "/etc/secureboot";
      };
    };
-
    environment.systemPackages = with pkgs; [ sbctl ];
  };
 }
--- a/modules/system/devices/default.nix
+++ b/modules/system/devices/default.nix
@ -5,7 +5,6 @@
    ./bluetooth
    ./boot
    ./disks
-    ./firmware
    ./networking
    ./printing
    ./udev
--- a/modules/system/devices/firmware/default.nix
+++ b/modules/system/devices/firmware/default.nix
@ -1,4 +0,0 @@
-{ ... }:
-{
-  hardware.enableRedistributableFirmware = true;
-}
--- a/modules/system/devices/udev/default.nix
+++ b/modules/system/devices/udev/default.nix
@ -1,7 +1,17 @@
-{ ... }:
+{ pkgs, ... }:
 {
-  imports = [
-    ./oculus
-    ./pdp
-  ];
+  services.udev = {
+    packages = [ 
+      (pkgs.writeTextFile {
+        name = "10-oculus.rules";
+        text = ''KERNEL=="hidraw*", ATTRS{idVendor}=="0e6f", ATTRS{idProduct}=="0184", MODE="0660", TAG+="uaccess"'';
+        destination = "/etc/udev/rules.d/10-oculus.rules";
+      })
+      (pkgs.writeTextFile {
+        name = "10-pdp.rules";
+        text = ''SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666"'';
+        destination = "/etc/udev/rules.d/10-pdp.rules";
+      })
+    ];
+  };
 }
--- a/modules/system/devices/udev/oculus/default.nix
+++ b/modules/system/devices/udev/oculus/default.nix
@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
-  services.udev = {
-    packages = [ 
-      (pkgs.writeTextFile {
-        name = "10-oculus.rules";
-        text = ''KERNEL=="hidraw*", ATTRS{idVendor}=="0e6f", ATTRS{idProduct}=="0184", MODE="0660", TAG+="uaccess"'';
-        destination = "/etc/udev/rules.d/10-oculus.rules";
-      })
-    ];
-  };
-}
--- a/modules/system/devices/udev/pdp/default.nix
+++ b/modules/system/devices/udev/pdp/default.nix
@ -1,12 +0,0 @@
-{ pkgs, ... }:
-{
-  services.udev = {
-    packages = [
-      (pkgs.writeTextFile {
-        name = "10-pdp.rules";
-        text = ''SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666"'';
-        destination = "/etc/udev/rules.d/10-pdp.rules";
-      })
-    ];
-  };
-}
--- a/modules/system/programs/gaming/default.nix
+++ b/modules/system/programs/gaming/default.nix
@ -6,6 +6,6 @@
      settings.general.renice = 10;
    };

-    hardware.steam-hardware.enable = config.system.desktop.enable;
+    hardware.steam-hardware.enable = true;
  };
 }
--- a/modules/system/services/server/fileserver/local/samba/default.nix
+++ b/modules/system/services/server/fileserver/local/samba/default.nix
@ -1,8 +1,8 @@
-{ config, ... }:
+{ config, lib, ... }:
 {
-  services = {
+  services = lib.mkIf config.system.server.enable {
    samba = {
-      enable = config.system.server.enable;
+      enable = true;
      securityType = "user";
      openFirewall = true;
      settings = {
@ -20,7 +20,7 @@

    # Advertise to Windows
    samba-wsdd = {
-      enable = config.services.samba.enable;
+      enable = true;
      openFirewall = true;
    };
  };
--- a/modules/system/services/server/icecast/liquidsoap/jimbops/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/jimbops/default.nix
@ -1,30 +1,32 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
 {
-  services.liquidsoap.streams.jimbops = pkgs.writeText "liquidstream1" ''
-    settings.log.stdout.set(true)
-    settings.init.allow_root.set(true)
-    settings.scheduler.fast_queues.set(2)
-    
-    jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/JimBops"))
-    jimbops_fallback = fallback([jimbops, jimbops])
-    
-    output.icecast(
-      %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
-      host="127.0.0.1",
-      port=265,
-      password="${config.secrets.castSourcePass}",
-      encoding = "UTF-8",
+  services.liquidsoap.streams = lib.mkIf config.services.icecast.enable {
+    jimbops = pkgs.writeText "liquidstream1" ''
+      settings.log.stdout.set(true)
+      settings.init.allow_root.set(true)
+      settings.scheduler.fast_queues.set(2)
+      
+      jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/JimBops"))
+      jimbops_fallback = fallback([jimbops, jimbops])
+      
+      output.icecast(
+        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+        host="127.0.0.1",
+        port=265,
+        password="${config.secrets.castSourcePass}",
+        encoding = "UTF-8",

-      radio="JimBops Radio",
-      genre = "Anything",
-      description="Music gathered by me, Jimbo.",
-      website="https://icecast.${config.domains.jim1}",
-      url="https://icecast.${config.domains.jim1}/jimbops.opus",
-      mount="jimbops.opus",
-      icy_metadata=["artist", "title"],
-      public=true,
+        radio="JimBops Radio",
+        genre = "Anything",
+        description="Music gathered by me, Jimbo.",
+        website="https://icecast.${config.domains.jim1}",
+        url="https://icecast.${config.domains.jim1}/jimbops.opus",
+        mount="jimbops.opus",
+        icy_metadata=["artist", "title"],
+        public=true,

-      jimbops_fallback
-    )
-  '';
+        jimbops_fallback
+      )
+    '';
+  };
 }
--- a/modules/system/services/server/icecast/liquidsoap/jimscrapped/default.nix
+++ b/modules/system/services/server/icecast/liquidsoap/jimscrapped/default.nix
@ -1,30 +1,32 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
 {
-  services.liquidsoap.streams.jimscrapped = pkgs.writeText "liquidstream2" ''
-    settings.log.stdout.set(true)
-    settings.init.allow_root.set(true)
-    settings.scheduler.fast_queues.set(2)
-    
-    jimscrapped = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/JimScrapped"))
-    jimscrapped_fallback = fallback([jimscrapped, jimscrapped])
-    
-    output.icecast(
-      %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
-      host="127.0.0.1",
-      port=265,
-      password="${config.secrets.castSourcePass}",
-      encoding = "UTF-8",
+  services.liquidsoap.streams = lib.mkIf config.services.icecast.enable {
+    jimscrapped = pkgs.writeText "liquidstream2" ''
+      settings.log.stdout.set(true)
+      settings.init.allow_root.set(true)
+      settings.scheduler.fast_queues.set(2)
+      
+      jimscrapped = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/JimScrapped"))
+      jimscrapped_fallback = fallback([jimscrapped, jimscrapped])
+      
+      output.icecast(
+        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+        host="127.0.0.1",
+        port=265,
+        password="${config.secrets.castSourcePass}",
+        encoding = "UTF-8",

-      radio="Jimbo's Scrap",
-      genre = "Scrapped",
-      description="Music canned from the main radio.",
-      website="https://icecast.${config.domains.jim1}",
-      url="https://icecast.${config.domains.jim1}/jimscrapped.opus",
-      mount="jimscrapped.opus",
-      icy_metadata=["artist", "title"],
-      public=true,
+        radio="Jimbo's Scrap",
+        genre = "Scrapped",
+        description="Music canned from the main radio.",
+        website="https://icecast.${config.domains.jim1}",
+        url="https://icecast.${config.domains.jim1}/jimscrapped.opus",
+        mount="jimscrapped.opus",
+        icy_metadata=["artist", "title"],
+        public=true,

-      jimscrapped_fallback
-    )
-  '';
+        jimscrapped_fallback
+      )
+    '';
+  };
 }
--- a/modules/system/services/server/mailserver/simplenix/default.nix
+++ b/modules/system/services/server/mailserver/simplenix/default.nix
@ -6,7 +6,7 @@
  ];

  mailserver = rec {
-    enable = true;
+    enable = config.system.mailserver.enable;
    domains = [
      "${config.domains.jim1}"
      "${config.domains.jim2}"
@ -25,7 +25,7 @@
      organizationName = "Jimbo's Files";
    };
        
-    # Passwords generated with 'mkpasswd -sm bcrypt'
+    # Passwords made with 'mkpasswd -sm bcrypt'
    loginAccounts = {
      "noreply@${config.domains.jim1}" = {
        hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
--- a/modules/system/services/server/mailserver/simplenix/nginx/default.nix
+++ b/modules/system/services/server/mailserver/simplenix/nginx/default.nix
@ -1,6 +1,6 @@
 { pkgs, config, ... }: 
 {
-  services.nginx.virtualHosts."mx.${config.domains.jim1}" =  {
+  services.nginx.virtualHosts."mx.${config.domains.jim1}" = lib.mkIf config.mailserver.enable {
    enableACME = true;
    forceSSL = true;
    locations."/" = {