diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-23 08:56:02 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-23 08:56:02 -0800 |
| commit | eefbe7a7f37bebbf82611ed0c48ee32a44d8f308 (patch) | |
| tree | ed8b952a0744ffc848dbd21549eb1ba13e25eb97 | |
| parent | re-configure bree as the remote builder for now (diff) | |
| download | infra-eefbe7a7f37bebbf82611ed0c48ee32a44d8f308.tar.gz | |
don't run samba on rivendell
| -rw-r--r-- | machines/rivendell.nix | 8 | ||||
| -rw-r--r-- | profiles/storage-media.nix | 99 |
2 files changed, 7 insertions, 100 deletions
diff --git a/machines/rivendell.nix b/machines/rivendell.nix index 32ec964..d697734 100644 --- a/machines/rivendell.nix +++ b/machines/rivendell.nix @@ -2,6 +2,7 @@ adminUser, lib, config, + pkgs, ... }: { @@ -47,7 +48,6 @@ ../profiles/remote-unlock.nix ../profiles/restic-backup.nix ../profiles/server.nix - ../profiles/storage-media.nix ../profiles/users/admin-user.nix ../profiles/users/builder.nix ../profiles/users/home-manager.nix @@ -83,5 +83,11 @@ imports = [ ../home/profiles/minimal.nix ]; + home.packages = with pkgs; [ + ffmpeg + imagemagick + makemkv + mkvtoolnix-cli + ]; }; } diff --git a/profiles/storage-media.nix b/profiles/storage-media.nix deleted file mode 100644 index 9acb007..0000000 --- a/profiles/storage-media.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ pkgs, config, ... }: -let - syncJobs = [ - { - name = "movies"; - source = "/data/media/movies/"; - destination = "/volume1/media/movies/"; - } - { - name = "videos"; - source = "/data/media/videos/"; - destination = "/volume1/media/videos/"; - } - ]; - remoteHost = "192.168.1.68"; - remoteUser = "nas"; -in -{ - environment.systemPackages = with pkgs; [ - ffmpeg - imagemagick - makemkv - mkvtoolnix-cli - ]; - - services.samba = { - enable = true; - openFirewall = true; - settings = { - global = { - security = "user"; - workgroup = "WORKGROUP"; - "server string" = config.networking.hostName; - "netbios name" = config.networking.hostName; - "hosts allow" = "192.168.1.0/24 10.100.0.0/24 localhost"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - "use sendfile" = true; - "load printers" = false; - "vfs objects" = "fruit streams_xattr"; - "fruit:metadata" = "stream"; - "mangled names" = false; - }; - media = { - path = "/data/media"; - browseable = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - }; - }; - }; - - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - systemd.timers = pkgs.lib.listToAttrs ( - map (job: { - name = "rsync-backup-${job.name}"; - value = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - RandomizedDelaySec = "1h"; - }; - }; - }) syncJobs - ); - - systemd.services = pkgs.lib.listToAttrs ( - map (job: { - name = "rsync-backup-${job.name}"; - value = { - description = "Rsync backup for ${job.name}"; - - serviceConfig = { - Type = "oneshot"; - DynamicUser = true; - LoadCredential = "ssh-key:${config.age.secrets.rsync-ssh-key.path}"; - PrivateTmp = true; - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - - ExecStart = pkgs.writeShellScript "rsync-backup-${job.name}" '' - ${pkgs.rsync}/bin/rsync \ - -avz \ - -e "${pkgs.openssh}/bin/ssh -i ''${CREDENTIALS_DIRECTORY}/ssh-key -o StrictHostKeyChecking=accept-new" \ - ${job.source} \ - ${remoteUser}@${remoteHost}:${job.destination} - ''; - }; - }; - }) syncJobs - ); -} |