I think my flake needs a complete rewrite

2024-10-12 17:35:52 -04:00 · 2024-10-12 17:35:52 -04:00 · 65f90a0bf3
commit 65f90a0bf3
parent 87fbcda3d3
65 changed files with 110 additions and 125 deletions
--- a/modules/system/services/server/fileserver/default.nix
+++ b/modules/system/services/server/fileserver/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./local
+    ./public
+  ];
+}
--- a/modules/system/services/server/fileserver/local/default.nix
+++ b/modules/system/services/server/fileserver/local/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./nfs
+    ./samba
+  ];
+}
--- a/modules/system/services/server/fileserver/local/nfs/default.nix
+++ b/modules/system/services/server/fileserver/local/nfs/default.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /export/JimboNFS *(rw,no_subtree_check)
+    '';
+  };
+}
--- a/modules/system/services/server/fileserver/local/samba/default.nix
+++ b/modules/system/services/server/fileserver/local/samba/default.nix
@ -0,0 +1,36 @@
+{ outputs, ... }:
+{
+  services = {
+    samba = {
+      enable = true;
+      securityType = "user";
+      openFirewall = true;
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = JimSMB
+        security = user 
+        hosts allow = ${outputs.ips.localSpan}. 127.0.0.1 localhost
+        hosts deny = 0.0.0.0/0
+        guest account = nobody
+        map to guest = bad user
+      '';
+      shares = {
+        roms = {
+          comment = "Samba share with my ROMs";
+          path = "/export/JimboNFS/Downloads/GameFiles/ROMS";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "no";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+        };
+      };
+    };
+
+    # Advertise to Windows
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}
--- a/modules/system/services/server/fileserver/public/default.nix
+++ b/modules/system/services/server/fileserver/public/default.nix
@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./nextcloud
+    ./photoprism
+  ];
+}
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@ -0,0 +1,45 @@
+{ pkgs, outputs, ... }:
+{
+  services = {
+    nextcloud = {
+      enable = true;
+      package = pkgs.nextcloud29;
+      hostName = "cloud.${outputs.secrets.jimDomain}";
+      datadir = "/mnt/nextcloud";
+      https = true;
+      config = {
+        adminuser = "jimbo";
+        adminpassFile = "/mnt/nextcloud/password.txt";
+      };
+      settings = {
+        trusted_proxies = [ "127.0.0.1" ];
+        trusted_domains = [ "cloud.${outputs.secrets.jimDomain}" ];
+        overwriteprotocol = "https";
+        mail_smtphost = "mx.${outputs.secrets.jimDomain}";
+        mail_domain = "${outputs.secrets.jimDomain}";
+        mail_from_address = "noreply";
+        mail_smtpauth = "true";
+        mail_smtpname = "noreply@${outputs.secrets.jimDomain}";
+        mail_smtppassword = outputs.secrets.noreplyPassword;
+        mail_smtpmode = "smtp";
+        mail_smtpport = 587;
+      };
+    };
+
+    nginx.virtualHosts."cloud.${outputs.secrets.jimDomain}" =  {
+      enableACME = true;
+      addSSL = true;
+      locations."/" = {
+        proxyWebsockets = true;
+        extraConfig = "
+         location /.well-known/carddav {
+            return 301 $scheme://$host/remote.php/dav;
+          }
+          location /.well-known/caldav {
+            return 301 $scheme://$host/remote.php/dav;
+          }
+       ";
+      };
+    };
+  };
+}
--- a/modules/system/services/server/fileserver/public/photoprism/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/default.nix
@ -0,0 +1,30 @@
+{ outputs, ... }:
+{
+  services = {
+    photoprism = {
+      enable = true;
+      port = 2342;
+      originalsPath = "/var/lib/private/photoprism/originals";
+      address = "0.0.0.0";
+      settings = {
+        PHOTOPRISM_ADMIN_USER = "jimbo";
+        PHOTOPRISM_ADMIN_PASSWORD = "${outputs.secrets.prismAdminPass}";
+        PHOTOPRISM_DEFAULT_LOCALE = "en";
+        PHOTOPRISM_DATABASE_DRIVER = "mysql";
+        PHOTOPRISM_DATABASE_NAME = "photoprism";
+        PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
+        PHOTOPRISM_DATABASE_USER = "photoprism";
+        PHOTOPRISM_SITE_URL = "https://gallery.${outputs.secrets.jimDomain}";
+        PHOTOPRISM_SITE_TITLE = "Jimbo's PhotoPrism";
+      };
+    };
+    nginx.virtualHosts."gallery.${outputs.secrets.jimDomain}" =  {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:2342";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}