From cbb712821808abe055ff8ac9d45e799c956d35dd Mon Sep 17 00:00:00 2001 From: Nick Date: Wed, 9 Oct 2024 23:26:43 -0500 Subject: [PATCH] feat: updated magic values --- config/device.nix | 57 +++++++++++++++----------------- config/instance.nix | 2 +- nixos/modules/services/acme.nix | 12 +++---- nixos/modules/services/samba.nix | 2 +- profiles/user0/default.nix | 8 ++--- systems/desktop/filesystem.nix | 29 ++++++++-------- systems/fallaryn/filesystem.nix | 4 +-- systems/laptop/filesystem.nix | 8 ++--- 8 files changed, 60 insertions(+), 62 deletions(-) diff --git a/config/device.nix b/config/device.nix index 914608e..e33bfeb 100755 --- a/config/device.nix +++ b/config/device.nix @@ -1,11 +1,11 @@ let - perms22 = ["fmask=0022" "dmask=0022"]; - perms77 = ["fmask=0077" "dmask=0077"]; - permsRW = ["rw"]; - permsSmb = ["rw" "gid=100" "vers=3.0" "x-systemd.automount" "x-systemd.requires=network-online.target"]; - permsFm = ["file_mode=0644" "dir_mode=0755"]; - uid0 = ["uid=1000"]; - uid1 = ["uid=1001"]; + ownerWriteOthersReadMask = ["fmask=0022" "dmask=0022"]; + ownerExclusiveReadWriteMask = ["fmask=0077" "dmask=0077"]; + readWritePermissions = ["rw"]; + sambaPermissions = ["rw" "gid=100" "vers=3.0" "x-systemd.automount" "x-systemd.requires=network-online.target"]; + fileModeAndDirMode = ["file_mode=0644" "dir_mode=0755"]; + userIdForUser0 = ["uid=1000"]; + userIdForUser1 = ["uid=1001"]; in { device = { # Desktop @@ -17,17 +17,17 @@ in { address0 = "192.168.50.196"; }; boot = { - options = perms22; + options = ownerWriteOthersReadMask; }; storage0 = { mount = "/mnt/media/games"; device = "/dev/disk/by-label/Games"; - options = permsRW; + options = readWritePermissions; }; storage1 = { mount = "/mnt/media/storage"; device = "/dev/disk/by-label/Storage"; - options = permsRW; + options = readWritePermissions; }; }; @@ -41,7 +41,7 @@ in { address0 = "192.168.50.142"; }; boot = { - options = perms22; + options = ownerWriteOthersReadMask; }; }; @@ -50,6 +50,7 @@ in { server = let serverName = "server"; serverIP = "192.168.50.140"; + nasPath = "NAS1"; in { label = "Server"; name = serverName; @@ -57,21 +58,17 @@ in { address0 = serverIP; }; boot = { - options = perms77; + options = ownerExclusiveReadWriteMask; }; - storage0 = let - nasPath = "NAS1"; - in { + storage0 = { mount = "/mnt/media/${nasPath}"; device = "/dev/disk/by-label/${nasPath}"; - options = permsRW; + options = readWritePermissions; }; - samba0 = let - share0Name = "media"; - in { - mount = "/mnt/media/${serverName}/${share0Name}"; - device = "//${serverIP}/${share0Name}"; - options = permsSmb ++ permsFm ++ uid0; + samba0 = { + mount = "/mnt/media/${serverName}"; + device = "//${serverIP}"; + options = sambaPermissions ++ fileModeAndDirMode ++ userIdForUser0; }; }; @@ -99,31 +96,31 @@ in { folder0 = { mount = "/mnt/media/${nasName}/${user0}"; device = "//${nasIP}/homes/${user0Name}"; - options = permsSmb ++ uid0; + options = sambaPermissions ++ userIdForUser0; }; # Garnet Home Folder folder1 = { mount = "/mnt/media/${nasName}/${user1}"; device = "//${nasIP}/homes/${user1Name}"; - options = permsSmb ++ uid1; + options = sambaPermissions ++ userIdForUser1; }; # Fallaryn Home Folder folder2 = { mount = "/mnt/media/${nasName}/${user2}"; device = "//${nasIP}/homes/${user2Name}"; - options = permsSmb ++ uid0; + options = sambaPermissions ++ userIdForUser0; }; # Denise Home Folder folder3 = { mount = "/mnt/media/${nasName}/${user3}"; device = "//${nasIP}/homes/${user3Name}"; - options = permsSmb ++ uid0; + options = sambaPermissions ++ userIdForUser0; }; # Minecraft Worlds folder4 = { mount = "/home/${user1}/.local/share/PrismLauncher/instances/1.21/.minecraft/saves"; device = "//${nasIP}/homes/${user1Name}/Minecraft"; - options = permsSmb ++ uid1; + options = sambaPermissions ++ userIdForUser1; }; }; @@ -136,17 +133,17 @@ in { address0 = ""; }; boot = { - options = perms22; + options = ownerWriteOthersReadMask; }; storage0 = { mount = "/run/media/games"; device = "/dev/disk/by-label/Games"; - options = permsRW; + options = readWritePermissions; }; storage1 = { mount = "/run/media/entertainment"; device = "/dev/disk/by-label/Entertainment"; - options = permsRW; + options = readWritePermissions; }; }; diff --git a/config/instance.nix b/config/instance.nix index 4fe9a65..b0cc262 100755 --- a/config/instance.nix +++ b/config/instance.nix @@ -260,7 +260,7 @@ in { }; paths = { path0 = "${servicePath}/${jellyfinLabel}"; - path1 = ""; + path1 = jellyfinName; path2 = ""; }; ports = { diff --git a/nixos/modules/services/acme.nix b/nixos/modules/services/acme.nix index ade27b3..6c3f4d6 100755 --- a/nixos/modules/services/acme.nix +++ b/nixos/modules/services/acme.nix @@ -15,7 +15,7 @@ instanceName = service: (instance.${service}.subdomain); - domain0Services = [ + domain0ServiceNames = [ "nextcloud" "jellyfin" "minecraft" @@ -24,7 +24,7 @@ "vaultwarden" ]; - domain1Services = [ + domain1ServiceNames = [ "nextcloud" "castopod" "forgejo" @@ -33,8 +33,8 @@ "writefreely" ]; - domain0Sub = map instanceName domain0Services; - domain1Sub = map instanceName domain1Services; + domain0Subdomains = map instanceName domain0ServiceNames; + domain1Subdomains = map instanceName domain1ServiceNames; domainRoot = [ domain.url0 @@ -52,12 +52,12 @@ in { name = "${prefix}.${domain.url0}"; value = dnsConfig; }) - domain0Sub) + domain0Subdomains) ++ (map (prefix: { name = "${prefix}.${domain.url1}"; value = dnsConfig; }) - domain1Sub) + domain1Subdomains) ++ (map (name: { name = name; value = dnsConfig; diff --git a/nixos/modules/services/samba.nix b/nixos/modules/services/samba.nix index 1b3db56..c34b042 100755 --- a/nixos/modules/services/samba.nix +++ b/nixos/modules/services/samba.nix @@ -13,7 +13,7 @@ in { enable = true; openFirewall = true; settings = { - media = { + ${samba.paths.path1} = { path = jellyfin.paths.path0; writable = "true"; }; diff --git a/profiles/user0/default.nix b/profiles/user0/default.nix index 9271678..3002c1f 100755 --- a/profiles/user0/default.nix +++ b/profiles/user0/default.nix @@ -68,7 +68,7 @@ in { }; }; systemd.tmpfiles = let - createDir = [ + directoriesAddedToHome = [ "Downloads/Nicotine" "Downloads/Nicotine/Downloads" "Downloads/Nicotine/Incomplete" @@ -82,7 +82,7 @@ in { "Files/Games" ]; - removeDir = [ + directoriesRemovedFromHome = [ "Desktop" "Documents" "Music" @@ -94,7 +94,7 @@ in { in { rules = ["d ${git.path0} 0755 ${user0} users -"] - ++ (map (path: "d /home/${user0}/${path} 0755 ${user0} users -") createDir) - ++ (map (path: "R /home/${user0}/${path} 0755 ${user0} users - -") removeDir); + ++ (map (path: "d /home/${user0}/${path} 0755 ${user0} users -") directoriesAddedToHome) + ++ (map (path: "R /home/${user0}/${path} 0755 ${user0} users - -") directoriesRemovedFromHome); }; } diff --git a/systems/desktop/filesystem.nix b/systems/desktop/filesystem.nix index 3fda671..502f5c3 100755 --- a/systems/desktop/filesystem.nix +++ b/systems/desktop/filesystem.nix @@ -5,8 +5,9 @@ }: let inherit (flake.config.people) user0 user1; inherit (flake.config.system.device) desktop server nas; - secrets0 = config.sops.secrets."network/synology".path; - secrets1 = config.sops.secrets."network/server".path; + inherit (flake.config.instance) samba; + synologySecrets = config.sops.secrets."network/synology".path; + serverSecrets = config.sops.secrets."network/server".path; in { fileSystems = let synologyDrives = [ @@ -25,30 +26,30 @@ in { "samba0" ]; - synologyMounts = folder: { - name = "${nas.${folder}.mount}"; + synologyMounts = synologyDrive: { + name = "${nas.${synologyDrive}.mount}"; value = { - device = nas.${folder}.device; + device = nas.${synologyDrive}.device; fsType = "cifs"; - options = nas.${folder}.options ++ ["credentials=${secrets0}"]; + options = nas.${synologyDrive}.options ++ ["credentials=${synologySecrets}"]; }; }; - storageMounts = storage: { - name = "${desktop.${storage}.mount}"; + storageMounts = storageDrive: { + name = "${desktop.${storageDrive}.mount}"; value = { - device = desktop.${storage}.device; + device = desktop.${storageDrive}.device; fsType = "ext4"; - options = desktop.${storage}.options; + options = desktop.${storageDrive}.options; }; }; - sambaMounts = samba: { - name = "${server.${samba}.mount}"; + sambaMounts = sambaDrive: { + name = "${server.${sambaDrive}.mount}/${samba.paths.path1}"; value = { - device = server.${samba}.device; + device = "${server.${sambaDrive}.device}/${samba.paths.path1}"; fsType = "cifs"; - options = server.${samba}.options ++ ["credentials=${secrets1}"]; + options = server.${sambaDrive}.options ++ ["credentials=${serverSecrets}"]; }; }; in diff --git a/systems/fallaryn/filesystem.nix b/systems/fallaryn/filesystem.nix index 3a8484a..8648aa2 100755 --- a/systems/fallaryn/filesystem.nix +++ b/systems/fallaryn/filesystem.nix @@ -5,7 +5,7 @@ }: let inherit (flake.config.people) user2; inherit (flake.config.system.device) fallaryn nas; - secrets0 = config.sops.secrets."network/fallaryn".path; + synologySecrets = config.sops.secrets."network/fallaryn".path; in { imports = []; @@ -24,7 +24,7 @@ in { value = { device = nas.${folder}.device; fsType = "cifs"; - options = nas.${folder}.options ++ ["credentials=${secrets0}"]; + options = nas.${folder}.options ++ ["credentials=${synologySecrets}"]; }; }; diff --git a/systems/laptop/filesystem.nix b/systems/laptop/filesystem.nix index e9283b9..8567e5b 100755 --- a/systems/laptop/filesystem.nix +++ b/systems/laptop/filesystem.nix @@ -6,8 +6,8 @@ inherit (flake.config.people) user0 user1 user2; inherit (flake.config.system.device) laptop nas server; - secrets0 = config.sops.secrets."network/synology".path; - secrets1 = config.sops.secrets."network/server".path; + synologySecrets = config.sops.secrets."network/synology".path; + serverSecrets = config.sops.secrets."network/server".path; in { fileSystems = let synologyDrives = [ @@ -25,7 +25,7 @@ in { value = { device = nas.${folder}.device; fsType = "cifs"; - options = nas.${folder}.options ++ ["credentials=${secrets0}"]; + options = nas.${folder}.options ++ ["credentials=${synologySecrets}"]; }; }; @@ -34,7 +34,7 @@ in { value = { device = server.${samba}.device; fsType = "cifs"; - options = server.${samba}.options ++ ["credentials=${secrets1}"]; + options = server.${samba}.options ++ ["credentials=${serverSecrets}"]; }; }; in