patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: avahi zeroconfig

Browse source 
fix: printer smb
This commit is contained in:
Patrick 2025-01-06 19:57:05 +01:00
parent 987a988332
commit 0a11ac5c48
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
5 changed files with 12 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config/services/homeassistant.nix
View file

@ -2,7 +2,6 @@
config, config,
nodes, nodes,
lib, lib,
pkgs,
... ...
}: }:
{ {
@ -83,15 +82,15 @@
owner = "hass"; owner = "hass";
}; };
systemd.services.home-assistant = { systemd.services.home-assistant = {
# Update influxdb token
# We don't use -i because it would require chown with is a @privileged syscall
# INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
# ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
preStart = lib.mkBefore '' preStart = lib.mkBefore ''
if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
rm ${config.services.home-assistant.configDir}/secrets.yaml rm ${config.services.home-assistant.configDir}/secrets.yaml
fi fi
# Update influxdb token
# We don't use -i because it would require chown with is a @privileged syscall
# INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
# ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
cat ${ cat ${
config.age.secrets."home-assistant-secrets.yaml".path config.age.secrets."home-assistant-secrets.yaml".path
} > ${config.services.home-assistant.configDir}/secrets.yaml } > ${config.services.home-assistant.configDir}/secrets.yaml

5
config/services/samba.nix
View file

@ -119,7 +119,8 @@ in
# clients hardcode the host and share names. # clients hardcode the host and share names.
"disable netbios" = "yes"; "disable netbios" = "yes";
# Allow access to local network # Allow access to local network
"hosts allow" = "10.99.10. localhost"; # Also allow printer access
"hosts allow" = "10.99.10. ${lib.net.cidr.host 32 globals.net.vlans.devices.cidrv4} localhost";
"guest account" = "nobody"; "guest account" = "nobody";
"map to guest" = "bad user"; "map to guest" = "bad user";
@ -176,8 +177,6 @@ in
group = "printer"; group = "printer";
} }
{ {
# Also allow printer access
"hosts allow" = "10.99.10. ${lib.net.cidr.host 32 globals.net.vlans.home.cidrv4} localhost";
} }
) )
(mkShare { (mkShare {

2
config/support/secureboot.nix
View file

@ -16,8 +16,8 @@ lib.optionalAttrs (!minimal) {
text = '' text = ''
rm -r /var/lib/sbctl || true rm -r /var/lib/sbctl || true
mkdir -p /var/lib/sbctl mkdir -p /var/lib/sbctl
chmod 700 /var/lib/sbctl
${pkgs.gnutar}/bin/tar xf ${config.age.secrets.secureboot.path} -C /var/lib/sbctl || true ${pkgs.gnutar}/bin/tar xf ${config.age.secrets.secureboot.path} -C /var/lib/sbctl || true
chmod 700 /var/lib/sbctl
''; '';
deps = [ "agenix" ]; deps = [ "agenix" ];
}; };

1
hosts/elisabeth/secrets/homeassistant/host.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs0YXOrMxHFly+lpB0NtZWuuz1JwRKU2ZCOe4Xhz1T5

5
hosts/nucnix/net.nix
View file

@ -29,6 +29,9 @@ in
printer.ipv4Addresses = [ printer.ipv4Addresses = [
(lib.net.cidr.host 32 globals.net.vlans.devices.cidrv4) (lib.net.cidr.host 32 globals.net.vlans.devices.cidrv4)
]; ];
smb.ipv4Addresses = [
(lib.net.cidr.host globals.services.samba.ip globals.net.vlans.home.cidrv4)
];
adguard.ipv4Addresses = [ adguard.ipv4Addresses = [
(lib.net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4) (lib.net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4)
]; ];
@ -170,7 +173,7 @@ in
"printer" "printer"
]; ];
to = [ "smb" ]; to = [ "smb" ];
allowedUDPPorts = [ 445 ]; allowedTCPPorts = [ 445 ];
}; };
ssh = { ssh = {
from = [ from = [