feat: avahi zeroconfig

fix: printer smb
2025-01-06 19:57:05 +01:00 · 2025-01-06 19:57:05 +01:00 · 0a11ac5c48
parent 987a988332
commit 0a11ac5c48
5 changed files with 12 additions and 10 deletions
--- a/config/services/homeassistant.nix
+++ b/config/services/homeassistant.nix
@ -2,7 +2,6 @@
  config,
  nodes,
  lib,
-  pkgs,
  ...
 }:
 {
@ -83,15 +82,15 @@
    owner = "hass";
  };
  systemd.services.home-assistant = {
+    # Update influxdb token
+    # We don't use -i because it would require chown with is a @privileged syscall
+    # INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
+    #   ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
    preStart = lib.mkBefore ''
      if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
        rm ${config.services.home-assistant.configDir}/secrets.yaml
      fi

-      # Update influxdb token
-      # We don't use -i because it would require chown with is a @privileged syscall
-      # INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
-      #   ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
        cat ${
          config.age.secrets."home-assistant-secrets.yaml".path
        } > ${config.services.home-assistant.configDir}/secrets.yaml
--- a/config/services/samba.nix
+++ b/config/services/samba.nix
@ -119,7 +119,8 @@ in
            # clients hardcode the host and share names.
            "disable netbios" = "yes";
            # Allow access to local network
-            "hosts allow" = "10.99.10. localhost";
+            # Also allow printer access
+            "hosts allow" = "10.99.10. ${lib.net.cidr.host 32 globals.net.vlans.devices.cidrv4} localhost";

            "guest account" = "nobody";
            "map to guest" = "bad user";
@ -176,8 +177,6 @@ in
            group = "printer";
          }
          {
-            # Also allow printer access
-            "hosts allow" = "10.99.10. ${lib.net.cidr.host 32 globals.net.vlans.home.cidrv4} localhost";
          }
        )
        (mkShare {
--- a/config/support/secureboot.nix
+++ b/config/support/secureboot.nix
@ -16,8 +16,8 @@ lib.optionalAttrs (!minimal) {
    text = ''
      rm -r /var/lib/sbctl || true
      mkdir -p /var/lib/sbctl
-      chmod 700 /var/lib/sbctl
      ${pkgs.gnutar}/bin/tar xf ${config.age.secrets.secureboot.path} -C /var/lib/sbctl || true
+      chmod 700 /var/lib/sbctl
    '';
    deps = [ "agenix" ];
  };
--- a/hosts/elisabeth/secrets/homeassistant/host.pub
+++ b/hosts/elisabeth/secrets/homeassistant/host.pub
@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs0YXOrMxHFly+lpB0NtZWuuz1JwRKU2ZCOe4Xhz1T5
--- a/hosts/nucnix/net.nix
+++ b/hosts/nucnix/net.nix
@ -29,6 +29,9 @@ in
      printer.ipv4Addresses = [
        (lib.net.cidr.host 32 globals.net.vlans.devices.cidrv4)
      ];
+      smb.ipv4Addresses = [
+        (lib.net.cidr.host globals.services.samba.ip globals.net.vlans.home.cidrv4)
+      ];
      adguard.ipv4Addresses = [
        (lib.net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4)
      ];
@ -170,7 +173,7 @@ in
          "printer"
        ];
        to = [ "smb" ];
-        allowedUDPPorts = [ 445 ];
+        allowedTCPPorts = [ 445 ];
      };
      ssh = {
        from = [
				`@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs0YXOrMxHFly+lpB0NtZWuuz1JwRKU2ZCOe4Xhz1T5`