kioku: move primary modules to modules

author: Fuwn <[email protected]> 2024-10-28 09:58:10 -0700
committer: Fuwn <[email protected]> 2024-10-28 09:58:10 -0700
commit: 2fb6e0ffc7448602a28a57aec1f26127e1a05c6d (patch)
tree: ca8a7d3e0395353edca7da5f2f5e9a411c0b9da5 /modules/usb
parent: core: move simple programs to core (diff)
download: nixos-config-2fb6e0ffc7448602a28a57aec1f26127e1a05c6d.tar.xz
nixos-config-2fb6e0ffc7448602a28a57aec1f26127e1a05c6d.zip
5 files changed, 95 insertions, 0 deletions
diff --git a/modules/usb/default.nix b/modules/usb/default.nix
new file mode 100644
index 0000000..b255eba
--- /dev/null
+++ b/modules/usb/default.nix
@@ -0,0 +1,17 @@
+{
+  lib,
+  secrets,
+  ...
+}:
+{
+  imports = [
+    ./samba.nix
+    ./users.nix
+    ./watchdog.nix
+    ./zram.nix
+  ];
+
+  time.timeZone = secrets.i18n.timezone;
+  services.openssh.settings.PermitRootLogin = "prohibit-password";
+  networking.firewall.enable = lib.mkForce false;
+}
diff --git a/modules/usb/samba.nix b/modules/usb/samba.nix
new file mode 100644
index 0000000..2c2a980
--- /dev/null
+++ b/modules/usb/samba.nix
@@ -0,0 +1,26 @@
+{ config, ... }:
+{
+  services = {
+    samba = {
+      enable = true;
+      openFirewall = true;
+
+      settings = {
+        usb = {
+          browseable = "yes";
+          path = "/mnt/usb_share";
+          "guest ok" = "no";
+          "read only" = "no";
+          "create mask" = "777";
+          "directory mask" = "777";
+          "valid users" = config.modules.primaryUser;
+        };
+      };
+    };
+
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}
diff --git a/modules/usb/users.nix b/modules/usb/users.nix
new file mode 100644
index 0000000..eb96893
--- /dev/null
+++ b/modules/usb/users.nix
@@ -0,0 +1,22 @@
+{ config, secrets, ... }:
+{
+  users = {
+    groups.${config.modules.primaryUser} = { };
+
+    users =
+      let
+        defaultOptions = {
+          initialHashedPassword = secrets.initial_hashed_password;
+          openssh.authorizedKeys.keys = [ secrets.kioku_openssh_public_key ];
+        };
+      in
+      {
+        root = defaultOptions;
+
+        ${config.modules.primaryUser} = defaultOptions // {
+          group = config.modules.primaryUser;
+          isNormalUser = true;
+        };
+      };
+  };
+}
diff --git a/modules/usb/watchdog.nix b/modules/usb/watchdog.nix
new file mode 100644
index 0000000..1a84034
--- /dev/null
+++ b/modules/usb/watchdog.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  systemd.services.usbshare = {
+    description = "USB Share Watchdog";
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig =
+      let
+        usb_share_script = pkgs.fetchurl {
+          url = "https://gist.githubusercontent.com/davidhoness/0f45ef6a41bac6311614f109acbf92db/raw/970badd0ae4b097e3af8d5142e65c34b21f5cfab/usb_share.py";
+          sha256 = "sha256-Z8HoOmzK3UjZac6hB3297fCDrbLwiFFNwxhqzr1WMSo";
+        };
+      in
+      {
+        ExecStart = "${pkgs.python3.withPackages (ps: [ ps.watchdog ])}/bin/python3 ${usb_share_script}";
+        Restart = "always";
+        Type = "simple";
+        Environment = "PATH=${pkgs.kmod}/bin:${pkgs.coreutils}/bin";
+      };
+  };
+}
diff --git a/modules/usb/zram.nix b/modules/usb/zram.nix
new file mode 100644
index 0000000..d9df0a9
--- /dev/null
+++ b/modules/usb/zram.nix
@@ -0,0 +1,9 @@
+{
+  zramSwap = {
+    enable = true;
+    priority = 100;
+    memoryMax = 268435456;
+    algorithm = "lz4";
+    memoryPercent = 50;
+  };
+}
author	Fuwn <[email protected]>	2024-10-28 09:58:10 -0700
committer	Fuwn <[email protected]>	2024-10-28 09:58:10 -0700
commit	2fb6e0ffc7448602a28a57aec1f26127e1a05c6d (patch)
tree	ca8a7d3e0395353edca7da5f2f5e9a411c0b9da5 /modules/usb
parent	core: move simple programs to core (diff)
download	nixos-config-2fb6e0ffc7448602a28a57aec1f26127e1a05c6d.tar.xz nixos-config-2fb6e0ffc7448602a28a57aec1f26127e1a05c6d.zip