kioku: fully configure smart usb host

author: Fuwn <[email protected]> 2024-10-28 06:26:30 -0700
committer: Fuwn <[email protected]> 2024-10-28 06:26:30 -0700
commit: 6403c368ad4aa52baebc32f20eccabdd10a799e0 (patch)
tree: 06ff709ed388de2216e70eb24d6e5275d2f388cb /hosts
parent: lock: tsutsumi (diff)
download: nixos-config-6403c368ad4aa52baebc32f20eccabdd10a799e0.tar.xz
nixos-config-6403c368ad4aa52baebc32f20eccabdd10a799e0.zip
2 files changed, 117 insertions, 42 deletions
diff --git a/hosts/kioku/configuration.nix b/hosts/kioku/configuration.nix
index 38e3640..6dec934 100644
--- a/hosts/kioku/configuration.nix
+++ b/hosts/kioku/configuration.nix
@@ -1,42 +1,53 @@
 {
+  lib,
   pkgs,
   secrets,
   ...
 }:
+let
+  primaryUser = "ebisu";
+in
 {
   time.timeZone = secrets.i18n.timezone;
-  environment.systemPackages = [ pkgs.fastfetch ];
   system.stateVersion = "24.05";
   raspberry-pi-nix.kernel-version = "v6_10_12";
 
-  boot.kernelModules = [
-    "i2c-dev"
-    "dwc2"
+  environment.systemPackages = with pkgs; [
+    fastfetch
+    htop
   ];
 
-  users.users.root = {
-    initialHashedPassword = secrets.initial_hashed_password;
-    openssh.authorizedKeys.keys = [ secrets.kioku_openssh_public_key ];
+  users = {
+    groups.${primaryUser} = { };
+
+    users =
+      let
+        defaultOptions = {
+          initialHashedPassword = secrets.initial_hashed_password;
+          openssh.authorizedKeys.keys = [ secrets.kioku_openssh_public_key ];
+        };
+      in
+      {
+        root = defaultOptions;
+
+        ${primaryUser} = defaultOptions // {
+          group = primaryUser;
+          isNormalUser = true;
+        };
+      };
   };
 
   zramSwap = {
     enable = true;
-    algorithm = "zstd";
-  };
-
-  services = {
-    sshd.enable = true;
-    timesyncd.enable = true;
+    priority = 100;
+    memoryMax = 268435456;
+    algorithm = "lz4";
+    memoryPercent = 50;
   };
 
   networking = {
     hostName = "kioku";
-    useDHCP = false;
-
-    interfaces = {
-      wlan0.useDHCP = true;
-      eth0.useDHCP = true;
-    };
+    useDHCP = lib.mkDefault true;
 
     wireless =
       let
@@ -48,4 +59,54 @@
         networks."${network.ssid}".psk = network.psk;
       };
   };
+
+  services = {
+    timesyncd.enable = true;
+
+    openssh = {
+      enable = true;
+      settings.PermitRootLogin = "prohibit-password";
+    };
+
+    samba = {
+      enable = true;
+      openFirewall = true;
+
+      settings = {
+        usb = {
+          browseable = "yes";
+          path = "/mnt/usb_share";
+          "guest ok" = "no";
+          "read only" = "no";
+          "create mask" = "777";
+          "directory mask" = "777";
+          "valid users" = primaryUser;
+        };
+      };
+    };
+
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+
+  systemd.services.usbshare = {
+    description = "USB Share Watchdog";
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig =
+      let
+        usb_share_script = pkgs.fetchurl {
+          url = "https://gist.githubusercontent.com/davidhoness/0f45ef6a41bac6311614f109acbf92db/raw/970badd0ae4b097e3af8d5142e65c34b21f5cfab/usb_share.py";
+          sha256 = "sha256-Z8HoOmzK3UjZac6hB3297fCDrbLwiFFNwxhqzr1WMSo";
+        };
+      in
+      {
+        ExecStart = "${pkgs.python3.withPackages (ps: [ ps.watchdog ])}/bin/python3 ${usb_share_script}";
+        Restart = "always";
+        Type = "simple";
+        Environment = "PATH=${pkgs.kmod}/bin:${pkgs.coreutils}/bin";
+      };
+  };
 }
diff --git a/hosts/kioku/hardware-configuration.nix b/hosts/kioku/hardware-configuration.nix
index 796cee0..47498ff 100644
--- a/hosts/kioku/hardware-configuration.nix
+++ b/hosts/kioku/hardware-configuration.nix
@@ -1,29 +1,43 @@
+{ lib, ... }:
 {
   raspberry-pi-nix.board = "bcm2711";
 
-  hardware.raspberry-pi.config.all = {
-    base-dt-params = {
-      BOOT_UART = {
-        value = 1;
-        enable = true;
-      };
+  fileSystems."/mnt/usb_share" = {
+    device = "/piusb.bin";
+    fsType = "exfat";
 
-      uart_2ndstage = {
-        value = 1;
-        enable = true;
-      };
-    };
-
-    dt-overlays = {
-      disable-bt = {
-        enable = true;
-        params = { };
-      };
-
-      dwc2 = {
-        enable = true;
-        params = { };
-      };
-    };
+    options = [
+      "loop"
+      "noatime"
+      "nofail"
+      "rw"
+      "umask=000"
+      "users"
+    ];
   };
+
+  hardware.raspberry-pi.config.all.dt-overlays =
+    (
+      overlays:
+      lib.attrsets.mapAttrs
+        (_name: _value: {
+          enable = true;
+          params = { };
+        })
+        (
+          lib.listToAttrs (
+            map (overlay: {
+              name = overlay;
+              value = { };
+            }) overlays
+          )
+        )
+    )
+      [
+        "disable-bt"
+        "dwc2"
+        "usb_power"
+        "ramlog"
+        "hdmi_blanking"
+      ];
 }
author	Fuwn <[email protected]>	2024-10-28 06:26:30 -0700
committer	Fuwn <[email protected]>	2024-10-28 06:26:30 -0700
commit	6403c368ad4aa52baebc32f20eccabdd10a799e0 (patch)
tree	06ff709ed388de2216e70eb24d6e5275d2f388cb /hosts
parent	lock: tsutsumi (diff)
download	nixos-config-6403c368ad4aa52baebc32f20eccabdd10a799e0.tar.xz nixos-config-6403c368ad4aa52baebc32f20eccabdd10a799e0.zip