updating system_tools

got unifi connected
deleted duckdns.nix
2026-04-21 06:39:09 -04:00 · 2025-05-17 14:46:05 -04:00 · 2025-05-14 19:26:12 -04:00 · 2025-05-13 19:10:14 -04:00 · 2025-05-13 19:06:12 -04:00
7 changed files with 119 additions and 119 deletions
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -274,6 +274,7 @@
    "ublock",
    "uiprotect",
    "uitour",
+    "unifi",
    "unrar",
    "unsubmitted",
    "uptimekuma",
--- a/flake.lock
+++ b/flake.lock
@@ -22,24 +22,6 @@
        "type": "gitlab"
      }
    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -60,28 +42,6 @@
        "type": "github"
      }
    },
-    "nix-github-actions": {
-      "inputs": {
-        "nixpkgs": [
-          "system_tools",
-          "poetry2nix",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729742964,
-        "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nix-github-actions",
-        "type": "github"
-      }
-    },
    "nixos-hardware": {
      "locked": {
        "lastModified": 1747083103,
@@ -146,31 +106,53 @@
        "type": "github"
      }
    },
-    "poetry2nix": {
+    "pyproject-build-systems": {
      "inputs": {
-        "flake-utils": [
-          "system_tools",
-          "flake-utils"
-        ],
-        "nix-github-actions": "nix-github-actions",
        "nixpkgs": [
          "system_tools",
          "nixpkgs"
        ],
-        "systems": "systems_2",
-        "treefmt-nix": "treefmt-nix"
+        "pyproject-nix": [
+          "system_tools",
+          "pyproject-nix"
+        ],
+        "uv2nix": [
+          "system_tools",
+          "uv2nix"
+        ]
      },
      "locked": {
-        "lastModified": 1736884309,
-        "narHash": "sha256-eiCqmKl0BIRiYk5/ZhZozwn4/7Km9CWTbc15Cv+VX5k=",
-        "owner": "nix-community",
-        "repo": "poetry2nix",
-        "rev": "75d0515332b7ca269f6d7abfd2c44c47a7cbca7b",
+        "lastModified": 1744599653,
+        "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
+        "owner": "pyproject-nix",
+        "repo": "build-system-pkgs",
+        "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
        "type": "github"
      },
      "original": {
-        "owner": "nix-community",
-        "repo": "poetry2nix",
+        "owner": "pyproject-nix",
+        "repo": "build-system-pkgs",
+        "type": "github"
+      }
+    },
+    "pyproject-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "system_tools",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1746540146,
+        "narHash": "sha256-QxdHGNpbicIrw5t6U3x+ZxeY/7IEJ6lYbvsjXmcxFIM=",
+        "owner": "pyproject-nix",
+        "repo": "pyproject.nix",
+        "rev": "e09c10c24ebb955125fda449939bfba664c467fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "pyproject-nix",
+        "repo": "pyproject.nix",
        "type": "github"
      }
    },
@@ -184,7 +166,7 @@
        "nixpkgs-stable": "nixpkgs-stable",
        "sops-nix": "sops-nix",
        "system_tools": "system_tools",
-        "systems": "systems_3"
+        "systems": "systems"
      }
    },
    "sops-nix": {
@@ -209,18 +191,19 @@
    },
    "system_tools": {
      "inputs": {
-        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ],
-        "poetry2nix": "poetry2nix"
+        "pyproject-build-systems": "pyproject-build-systems",
+        "pyproject-nix": "pyproject-nix",
+        "uv2nix": "uv2nix"
      },
      "locked": {
-        "lastModified": 1741571944,
-        "narHash": "sha256-PM7dz99nb6dDiw/3naRGB/dUl5U7dJVspR9uevhW3xo=",
+        "lastModified": 1747501237,
+        "narHash": "sha256-woyaUwmZurfNTXBEFM6M7ueSd/Udixs+4DUInhL835c=",
        "owner": "RichieCahill",
        "repo": "system_tools",
-        "rev": "c9979e045bca52ec85a0dc560b238f3e5ae2f01c",
+        "rev": "68ab5d1c17ac3fe2487f73dbbb4848bd2291139e",
        "type": "github"
      },
      "original": {
@@ -230,36 +213,6 @@
      }
    },
    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_3": {
      "locked": {
        "lastModified": 1689347949,
        "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -274,25 +227,28 @@
        "type": "github"
      }
    },
-    "treefmt-nix": {
+    "uv2nix": {
      "inputs": {
        "nixpkgs": [
          "system_tools",
-          "poetry2nix",
          "nixpkgs"
+        ],
+        "pyproject-nix": [
+          "system_tools",
+          "pyproject-nix"
        ]
      },
      "locked": {
-        "lastModified": 1730120726,
-        "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
+        "lastModified": 1747441483,
+        "narHash": "sha256-W8BFXk5R0TuJcjIhcGoMpSOaIufGXpizK0pm+uTqynA=",
+        "owner": "pyproject-nix",
+        "repo": "uv2nix",
+        "rev": "582024dc64663e9f88d467c2f7f7b20d278349de",
        "type": "github"
      },
      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
+        "owner": "pyproject-nix",
+        "repo": "uv2nix",
        "type": "github"
      }
    }
--- a/systems/jeeves/default.nix
+++ b/systems/jeeves/default.nix
@@ -7,12 +7,13 @@
    ../../common/optional/syncthing_base.nix
    ../../common/optional/zerotier.nix
    ./docker
-    ./services
    ./hardware.nix
    ./networking.nix
    ./nvidia.nix
    ./programs.nix
    ./runners
+    ./services
+    ./services_accounts.nix
    ./syncthing.nix
  ];

--- a/systems/jeeves/services/duckdns.nix
+++ b/systems/jeeves/services/duckdns.nix
@@ -1,10 +0,0 @@
-let
-  vars = import ../vars.nix;
-in
-{
-  services.duckdns = {
-    enable = true;
-    tokenFile = "${vars.secrets}/services/duckdns/token";
-    domainsFile = "${vars.secrets}/services/duckdns/domains";
-  };
-}
--- a/systems/jeeves/services/samba.nix
+++ b/systems/jeeves/services/samba.nix
@@ -0,0 +1,34 @@
+{
+  services = {
+    samba = {
+      enable = true;
+      openFirewall = true;
+      settings = {
+        global = {
+          "workgroup" = "WORKGROUP";
+          "server string" = "smbnix";
+          "netbios name" = "smbnix";
+          "security" = "user";
+          "hosts allow" = "192.168.95. 127.0.0.1 localhost";
+          "hosts deny" = "0.0.0.0/0";
+          "guest account" = "nobody";
+          "map to guest" = "bad user";
+        };
+        "unifi" = {
+          "path" = "/zfs/storage/main/unifi";
+          "browseable" = "yes";
+          "read only" = "no";
+          "guest ok" = "no";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+          "force user" = "unifi";
+          "force group" = "unifi";
+        };
+      };
+    };
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}
--- a/systems/jeeves/services_accounts.nix
+++ b/systems/jeeves/services_accounts.nix
@@ -0,0 +1,22 @@
+{
+  config,
+  ...
+}:
+{
+
+  sops.secrets.unifi_password = {
+    sopsFile = ../../users/secrets.yaml;
+    neededForUsers = true;
+  };
+
+  users = {
+
+    users.unifi = {
+      isSystemUser = true;
+      group = "unifi";
+      extraGroups = [ "samba" ];
+      hashedPasswordFile = "${config.sops.secrets.unifi_password.path}";
+    };
+    groups.unifi = { };
+  };
+}
--- a/users/secrets.yaml
+++ b/users/secrets.yaml
@@ -1,10 +1,7 @@
 richie_password: ENC[AES256_GCM,data:DMi3M8aqrQ60APIofr8wJMh+VZ14hLRxz6jWZgzswr0pV/QVSX53ShBFr90ruO3mucOLYv0l+bI31covfqMAhXWBJp9wUgtC2Q==,iv:qgtn30hZfIL4dBnQSLkjbo7zPJA4m9TR0f52sTFc0v4=,tag:ydLbcGyXjv0fE+4b5ECX5w==,type:str]
 gaming_password: ENC[AES256_GCM,data:i692UsQaCOjE4V1y9d8yYDlK+TRMIprCHJkhl1UBZRMqe9a2LTUtmbbn/xlCYQd2tADJvn+dkx1jLfV4CqaqWOj5YSUFfpgsEw==,iv:3Y7hXQcmpzNN7hF+BDvO52uFB4o5D0dHvxemJ0ZoSIM=,tag:zzLGNDVAMCs2GPMqXp2BtQ==,type:str]
+unifi_password: ENC[AES256_GCM,data:mFEaXMiVoZtHn3R9fBSpdqUC1DJ1g5jkdQVeQVrCZ+KtFOSGlZRIGI7SiItVZnaQBKFhOecJoXbu0ZQHCyCK0dUImUkBnqZ+4g==,iv:Gzyx5OAKTpXuOCmZnj/lA/o9rl6XDyHdL8YL7x8sGCk=,tag:zwwQgNXEoJUPv7XkRB07gA==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
    age:
        - recipient: age1u8zj599elqqvcmhxn8zuwrufsz8w8w366d3ayrljjejljt2q45kq8mxw9c
          enc: |
@@ -51,8 +48,7 @@ sops:
            UzQzWEFtSDJwR201cmZoeXh5T0RmSk0KWLOpw5cWbtnfVP/ISa7n1vZchoD+nxmn
            7yr7igpEIro0Sd238KinOQYswVaT0NHB9p1dSW/mN+aGQliSNLzkDQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-07T20:13:43Z"
-    mac: ENC[AES256_GCM,data:Q5fmv+MRVYGUQ4j+28CcGWHmgT1178N+haVS9xa0c99OKuPZdfSndAG0QVDhh/jYq+7zXs6zzLtBjB+egkoDfxJXfJOmg3E46UMO3vDHaEcIZD16ZbWJaz4Z/+yabqhDURKtgfGiu4xPv3OtGbwcP5kud17WcHNfY/LT+Y+LSD8=,iv:y3K3kCroIh+RTplUe4tM8B9rbLgIHCbE6FJawngam8Q=,tag:2VTIWlLp4cOwm18BfIlz5g==,type:str]
-    pgp: []
+    lastmodified: "2025-05-13T23:15:05Z"
+    mac: ENC[AES256_GCM,data:MRYYpSCaSkZhF1ew6hmzTfwWNSzaRrhrcaUiXSvfftzTjbHD+k7P1/jpcwA7iK8haXlqiH4YtanQmzY0t/Ygmh1T2GQebvotzLIF0pJ7Bi8yLfWpt0vYrR15oHBIiyM4/ito8dkff+abjMYQuARxAfr6Iq9JyJWQbvM9coehYkE=,iv:0pX2+jBKh14Bm3L4PgtA8H+P1mPyW9u3PAYe8m4wpHk=,tag:EtY1EckmbtPje9BiAO6BoQ==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.10.2
Author	SHA1	Message	Date
Richie Cahill	df9df5b216	updating system_tools	2025-05-17 14:46:05 -04:00
Richie Cahill	55726b54cf	got unifi connected	2025-05-14 19:26:12 -04:00
Richie Cahill	d441f065c6	deleted duckdns.nix	2025-05-13 19:10:14 -04:00
Richie Cahill	ceb3bf4efd	adding samba services	2025-05-13 19:06:12 -04:00