bigbird: Add initial nas configuration

bigbird/Makefile

@@ -0,0 +1,21 @@
+# https://stackoverflow.com/a/23324703
+current_dir:=$(shell dirname $(realpath $(firstword $(MAKEFILE_LIST))))
+
+.PHONY: remote-deploy
+remote-deploy:
+	rsync -av $(current_dir)/ root@bigbird:config/
+	ssh root@bigbird nixos-rebuild switch --fast -I nixos-config=/root/config/configuration.nix
+
+## This probably doesn't work, since architectures are different?
+# .PHONY: deploy
+# deploy:
+# 	nixos-rebuild switch --fast -I nixos-config=./configuration.nix --build-host root@animal.chandlerswift.com --target-host root@animal.chandlerswift.com
+
+.PHONY: remote-deploy-upgrade
+remote-deploy-upgrade:
+	rsync -avz $(current_dir)/ root@animal.chandlerswift.com:config/
+	ssh root@animal.chandlerswift.com nixos-rebuild switch --upgrade-all --fast -I nixos-config=/root/config/configuration.nix
+
+# TODO: build an SD card?
+#sd-image:
+#	nix-build '<nixpkgs/nixos>'

bigbird/configuration.nix

@@ -0,0 +1,63 @@
+{ config, lib, pkgs, ... }:
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      # <nixpkgs/nixos/modules/installer/sd-card/sd-image-aarch64.nix>
+      ./hardware-configuration.nix
+      ./kathe.nix
+      ./smb.nix
+    ];
+
+  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
+  boot.loader.grub.enable = false;
+  # Enables the generation of /boot/extlinux/extlinux.conf
+  boot.loader.generic-extlinux-compatible.enable = true;
+
+  networking.hostName = "bigbird"; # Define your hostname.
+  networking.networkmanager.enable = true;
+
+  # Enable ZFS: https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.forceImportRoot = false;
+  boot.zfs.extraPools = [ "nas" ];
+
+  networking.hostId = "66abd088"; # `openssl rand -hex 4`
+
+  time.timeZone = "America/Chicago";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  environment.systemPackages = with pkgs; [
+    vim
+    rsync
+  ];
+
+  services.openssh.enable = true;
+  services.openssh.settings.PasswordAuthentication = false;
+  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEhPyyqS3BGYor3zLbjc8hZuhem3mS8TNmvWogXcnz/b chandler@chandlerswift.com'' ];
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "24.05"; # Did you read the comment?
+}

bigbird/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

bigbird/kathe.nix

@@ -0,0 +1,12 @@
+{
+  users.users.kathe = {
+    isNormalUser = true;
+    description = "Käthe Swift";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMJFkFEKuT9v9B9ynAf5QfLZF54jWhzEnQIeW2kQWKJ+ kathe.t.swift@gmail.com"
+    ];
+    packages = with pkgs; [
+      #
+    ];
+  };
+}

bigbird/smb.nix

@@ -0,0 +1,48 @@
+{
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    ## Switch to structured config with NixOS 24.11
+    # settings = {
+    #   global = {
+    #     "workgroup" = "WORKGROUP";
+    #     "hosts allow" = "192.168.";
+    #     "hosts deny" = "0.0.0.0/0";
+    #     "guest account" = "nobody";
+    #     "map to guest" = "bad user";
+    #   };
+    #   "public" = {
+    #     "path" = "/nas/chandler/Public";
+    #     "browseable" = "yes";
+    #     "read only" = "yes";
+    #     "guest ok" = "yes"; # aka "public = yes"
+    #   };
+    #   # "private" = {
+    #   #   "path" = "/mnt/Shares/Private";
+    #   #   "browseable" = "yes";
+    #   #   "read only" = "no";
+    #   #   "guest ok" = "no";
+    #   #   "create mask" = "0644";
+    #   #   "directory mask" = "0755";
+    #   #   "force user" = "username";
+    #   #   "force group" = "groupname";
+    #   # };
+    # };
+    extraConfig = ''
+      workgroup = WORKGROUP
+      hosts allow = 192.168.
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      "public" = {
+        "path" = "/nas/chandler/public";
+        "browseable" = "yes";
+        "read only" = "yes";
+        "guest ok" = "yes"; # aka "public = yes"
+      };
+    };
+  };
+}