diff --git a/systems/linux/bosephus.nix b/systems/linux/bosephus.nix index 719111e..6c277dc 100644 --- a/systems/linux/bosephus.nix +++ b/systems/linux/bosephus.nix @@ -95,7 +95,17 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ neovim git borgbackup ]; + environment.systemPackages = with pkgs; [ + neovim + git + borgbackup + # Add a script for users to trigger system updates + (pkgs.writeScriptBin "update-nixos" '' + #!${pkgs.bash}/bin/bash + echo "Requesting system update..." + ${pkgs.systemd}/bin/systemctl start nixos-update.service + '') + ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. @@ -139,6 +149,66 @@ options = [ "defaults" "compress=zstd" ]; }; + # Samba server + services.samba = { + enable = true; + package = pkgs.sambaFull; + securityType = "user"; + openFirewall = true; + settings = { + global = { + workgroup = "SAMBA"; + security = "user"; + "passdb backend" = "tdbsam"; + printing = "cups"; + "printcap name" = "cups"; + "load printers" = "yes"; + }; + + homes = { + comment = "Home Directories"; + "valid users" = "%S, %D%w%S"; + browseable = "No"; + "read only" = "No"; + "inherit acls" = "Yes"; + }; + + printers = { + comment = "All Printers"; + path = "/var/spool/samba"; + printable = "Yes"; + "create mode" = "0700"; + browseable = "No"; + }; + + mybookduo = { + comment = "My Book Duo RAID system"; + path = "/media/my-book-duo"; + writable = "yes"; + browseable = "yes"; + public = "no"; + "valid users" = "@mixstudios"; + "create mask" = "0660"; + "directory mask" = "0770"; + "force group" = "+mixstudios"; + }; + + gdrive = { + comment = "G-DRIVE media drive"; + path = "/media/g-drive"; + writable = "yes"; + browseable = "yes"; + public = "no"; + "valid users" = "@mixstudios"; + "create mask" = "0660"; + "directory mask" = "0770"; + "force group" = "+mixstudios"; + }; + }; + }; + + systemd.tmpfiles.rules = [ "d /var/spool/samba 1777 root root -" ]; + systemd.services."fix-mount-permissions" = { wantedBy = [ "local-fs.target" ]; after = [ "local-fs.target" ]; @@ -158,4 +228,54 @@ }; }; + # Service to update NixOS configuration from git repo + systemd.services."nixos-update" = { + description = "Update NixOS configuration from git repository"; + path = with pkgs; [ git coreutils ]; + script = '' + # Ensure the directory exists + mkdir -p /srv/config + + # Clone/pull the repository + if [ -d "/srv/config/.git" ]; then + cd /srv/config + git fetch origin + git reset --hard origin/master + else + rm -rf /srv/config + git clone https://code.millironx.com/millironx/nix-dotfiles.git /srv/config + fi + + # Rebuild the system + ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake /srv/config#bosephus + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + + # Timer to run the update service daily at 3am + systemd.timers."nixos-update" = { + wantedBy = [ "timers.target" ]; + description = "Run NixOS update daily at 3am"; + timerConfig = { + OnCalendar = "3:00"; + Persistent = true; + Unit = "nixos-update.service"; + }; + }; + + # Polkit rule to allow non-root users to trigger the update + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.systemd1.manage-units" && + action.lookup("unit") == "nixos-update.service" && + action.lookup("verb") == "start" && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } + }); + ''; + }