...

2025-03-27 11:17:34 +01:00
parent ff78b4ecb3
commit dfaa2b6248
23 changed files with 380 additions and 85 deletions
--- a/hosts/fusu.nix
+++ b/hosts/fusu.nix
@@ -1,7 +1,10 @@

 { inputs, pkgs, secretsDir, ... }:
 {
+
+  #disabledModules = [ "services/databases/couchdb.nix" ];
 	imports = [
+    #"${inputs.nixpkgs-unstable}/nixos/modules/services/databases/couchdb.nix"
 		../common/all.nix
 		../common/nixos.nix
    ../common/building.nix
@@ -10,6 +13,7 @@
    ../users/me/headless.nix
    ../users/root/default.nix
    ../users/files/headless.nix
+    ../users/server/headless.nix
 	];

  # mac address for wakeonlan: 00:19:99:fd:28:23
@@ -29,8 +33,17 @@
    #}
  #];

+  


+  services.tailscale.enable = true;
+  services.resilio = {
+    # TODO: add the config for the share to here
+    enable = true;
+    enableWebUI = true;
+    httpListenAddr = "100.70.54.18";
+  };
+

  boot.supportedFilesystems = [ "zfs" ];
  boot.zfs.package = pkgs.zfs_unstable;
@@ -83,6 +96,12 @@
 	networking.firewall.allowPing = true;
 	networking.firewall.enable = true;

+  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 
+    443 # couchdb for obsidian live sync https
+    44444 # resilio sync
+    9000 # resilio webui
+  ];
+
 	services.samba.openFirewall = true;

 	networking.firewall.allowedTCPPorts = [
@@ -154,6 +173,14 @@
 	};


+
+  ############################ couchdb for Obsidian Live sync
+  #services.couchdb.enable = true;
+  #services.couchdb.extraConfigFiles = [ "/home/files/storage/files/stuff/obsidian-live-sync/local.ini" ];
+  #services.couchdb.databaseDir = "/home/files/storage/files/stuff/obsidian-live-sync/data";
+
+
+
  ############################ update ip service

  systemd.services.update-ip = 
@@ -240,16 +267,16 @@
 	services.samba = {
    enable = true;
    securityType = "user";
-    extraConfig = ''
-      server role = standalone server
-      map to guest = bad user
-      usershare allow guests = yes
-      hosts allow = 192.168.0.0/16
-      hosts deny = 0.0.0.0
-      workgroup = WORKGROUP
-      security = user
-    '';
-    shares = {
+    settings = {
+      global = {
+        "server role" = "standalone server";
+        "map to guest" = "bad user";
+        "usershare allow guests" = "yes";
+        # "hosts allow" = "192.168.1 127.0.0.1 localhost";
+        # "hosts deny" = "0.0.0.0/0";
+        "workgroup" = "WORKGROUP";
+        "security" = "user";
+      };
      files = {
        "valid users" = "files";
        "comment" = "all my files";