fix rsync command

add backup cron job
disable visibility for homes
2026-03-19 23:09:02 +01:00 · 2026-03-19 22:25:38 +01:00 · 2026-03-19 22:05:36 +01:00 · 2026-03-19 22:00:51 +01:00 · 2026-03-19 21:40:24 +01:00 · 2026-03-19 21:29:54 +01:00
10 changed files with 225 additions and 40 deletions
--- a/devices/conv.nix
+++ b/devices/conv.nix
@@ -10,7 +10,7 @@

  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelModules = [ "kvm-amd sg" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
--- a/devices/desk.nix
+++ b/devices/desk.nix
@@ -13,6 +13,7 @@
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" "sg" ];
  boot.extraModulePackages = [ ];
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

  fileSystems."/" =
    { device = "NIX_DESK_POOL/root";
--- a/devices/nas.nix
+++ b/devices/nas.nix
@@ -14,8 +14,10 @@
  boot.kernelModules = [ ];    
  boot.extraModulePackages = [ ];

+  security.sudo.wheelNeedsPassword = false;
+
  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/05da5ea5-180f-41a3-a81c-5e3325a4c866";
+    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
      fsType = "ext4";
    };
  
@@ -24,15 +26,15 @@
  #    fsType = "ext4";
  #  };

-  #fileSystems."/srv/dev-disk-by-uuid-18333f38-626c-4c22-af29-314a87282809" =
-  #  { device = "/dev/mapper/base--storage-ShatteredMINT";
-  #    fsType = "ext4";
-  #  };
+  fileSystems."/srv/private" =
+   { device = "/dev/mapper/base--storage-ShatteredMINT";
+     fsType = "ext4";
+   };

-  #fileSystems."/srv/dev-disk-by-uuid-98570615-8eda-4a45-8a20-3c58b50e3d79" =
-  #  { device = "/dev/mapper/base--storage-NAS";
-  #    fsType = "ext4";
-  #  };
+  fileSystems."/srv/shared" =
+   { device = "/dev/mapper/base--storage-NAS";
+     fsType = "ext4";
+   };

  #fileSystems."/export/ShatteredMINT" =
  #  { device = "/srv/dev-disk-by-uuid-18333f38-626c-4c22-af29-314a87282809";
@@ -71,4 +73,11 @@
  networking.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+
+  services.cron = {
+   enable = true;
+   systemCronJobs = [
+     "* 20 * * *     root rsync -Pav -e 'ssh -i /root/.ssh/backup' /srv backup@192.168.178.24:/ 1>> /root/backup.log 2>> /root/backup.err"
+   ];
+  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -40,6 +40,21 @@
        "type": "github"
      }
    },
+    "nix-flatpak": {
+      "locked": {
+        "lastModified": 1768656715,
+        "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=",
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "gmodena",
+        "repo": "nix-flatpak",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1772773019,
@@ -60,6 +75,7 @@
      "inputs": {
        "friendlyelecCM3588": "friendlyelecCM3588",
        "home-manager": "home-manager",
+        "nix-flatpak": "nix-flatpak",
        "nixpkgs": "nixpkgs"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,7 @@
      url = "github:YayaADev/nixos-friendlyelec-cm3588";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    nix-flatpak.url = "github:gmodena/nix-flatpak";
  };

  outputs = {self, nixpkgs, home-manager, ... }@inputs: 
@@ -30,12 +31,13 @@

 	      ./configuration.nix 
 	      ./plasma.nix
+          ./software/default-graphical.nix
          ./network-shares.nix

          ./backup-target.nix

 	      ./users/shatteredmint.nix
-          ./qemu-bridges.nix
+          # ./qemu-bridges.nix
 	];
      };

@@ -49,6 +51,7 @@
          ./configuration.nix

          ./plasma.nix
+          ./software/default-graphical.nix
          ./users/shatteredmint.nix
          ./network-shares.nix
        ];
@@ -59,10 +62,12 @@

        modules = [
          inputs.friendlyelecCM3588.nixosModules.cm3588  # board + kernel support
+          ./devices/nas.nix

          ./configuration.nix

          ./users/shatteredmint.nix
+          ./software/samba.nix
        ];
      };
    };
--- a/network-shares.nix
+++ b/network-shares.nix
@@ -1,17 +1,37 @@
 { config, lib, pkgs, ... }:

 { 
-  # mount network shares
-  fileSystems."/mnt/nas/private" = {
-    device = "dashboard.omv:/ShatteredMINT";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
+  environment.systemPackages = [ pkgs.cifs-utils ];
+  fileSystems."/mnt/share/private" = {
+    device = "//192.168.178.108/shatteredmint";
+    fsType = "cifs";
+    options = let
+      # this line prevents hanging on network split
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

+    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=${toString config.users.users.shatteredmint.uid},gid=${toString config.users.groups.users.gid}"];
  };
-  fileSystems."/mnt/nas/shared" = {
-    device = "dashboard.omv:/default-nas";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
+  fileSystems."/mnt/share/shared" = {
+    device = "//192.168.178.108/shared";
+    fsType = "cifs";
+    options = let
+      # this line prevents hanging on network split
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

+    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=${toString config.users.users.shatteredmint.uid},gid=${toString config.users.groups.users.gid}"];
  };
+
+  # # mount network shares
+  # fileSystems."/mnt/nas/private" = {
+  #   device = "dashboard.omv:/ShatteredMINT";
+  #   fsType = "nfs";
+  #   options = [ "x-systemd.automount" "noauto" ];
+  #
+  # };
+  # fileSystems."/mnt/nas/shared" = {
+  #   device = "dashboard.omv:/default-nas";
+  #   fsType = "nfs";
+  #   options = [ "x-systemd.automount" "noauto" ];
+  #
+  # };
 }
--- a/plasma.nix
+++ b/plasma.nix
@@ -12,12 +12,54 @@
    pkgs.kdePackages.elisa
  ];

-  # enable flatpak
-  services.flatpak.enable = true;

  # Enable sound.
  services.pipewire = {
    enable = true;
    pulse.enable = true;
  };
+
+  system.fsPackages = [ pkgs.bindfs ];
+  fileSystems = let
+    mkRoSymBind = path: {
+      device = path;
+      fsType = "fuse.bindfs";
+      options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
+    };
+    fontsPkgs = config.fonts.packages;
+    x11Fonts = pkgs.runCommand "X11-fonts"
+      {
+        preferLocalBuild = true;
+        nativeBuildInputs = with pkgs; [
+          gzip
+          mkfontscale
+          mkfontdir
+        ];
+      }
+      (''
+        mkdir -p "$out/share/fonts"
+        font_regexp='.*\.\(ttf\|ttc\|otb\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
+      ''
+      + (builtins.concatStringsSep "\n" (builtins.map (pkg: ''
+          find ${toString pkg} -regex "$font_regexp" \
+            -exec ln -sf -t "$out/share/fonts" '{}' \;
+        '') fontsPkgs
+        ))
+      + ''
+        cd "$out/share/fonts"
+        mkfontscale
+        mkfontdir
+        cat $(find ${pkgs.font-alias}/ -name fonts.alias) >fonts.alias
+      '');
+    aggregatedIcons = pkgs.buildEnv {
+      name = "system-icons";
+      paths = fontsPkgs;
+      pathsToLink = [
+        "/share/icons"
+      ];
+    };
+  in {
+    "/usr/share/icons" = mkRoSymBind (aggregatedIcons + "/share/icons");
+    "/usr/share/fonts" = mkRoSymBind (x11Fonts + "/share/fonts");
+  };
 }
--- a/software/default-graphical.nix
+++ b/software/default-graphical.nix
@@ -0,0 +1,53 @@
+
+{ config, lib, pkgs, home-manager, ... }@inputs:
+{
+  imports = [home-manager.nixosModules.home-manager];
+  home-manager.users.shatteredmint = {
+    home.packages = with pkgs; [
+      thunderbird
+      firefox
+      lazygit
+      veracrypt
+      keepassxc
+      kdePackages.yakuake
+      cargo
+      zig
+      clang
+      nil
+      wl-clipboard
+      makemkv
+    ];
+  };
+  # enable flatpak
+  services.flatpak.enable = true;
+  home-manager.users.shatteredmint.imports = [
+    inputs.nix-flatpak.homeManagerModules.nix-flatpak 
+    {
+        services.flatpak = {
+          update.onActivation = true;
+          packages = [
+            "com.atlauncher.ATLauncher"
+            "com.discordapp.Discord"
+            "com.github.k4zmu2a.spacecadetpinball"
+            "com.heroicgameslauncher.hgl"
+            "com.obsproject.Studio"
+            "com.revolutionarygamesstudio.ThriveLauncher"
+            "com.spotify.Client"
+            # "com.teamspeak.TeamSpeak"
+            # "com.teamspeak.TeamSpeak3"
+            "com.usebottles.bottles"
+            "com.valvesoftware.Steam"
+            # "md.obsidian.Obsidian"
+            "org.kde.neochat"
+            "org.kicad.KiCad"
+            "org.libreoffice.LibreOffice"
+            # "org.pipewire.Helvum"
+            # "org.rncbc.qpwgraph"
+            "org.telegram.desktop"
+          ];
+        };
+    }
+  ];
+
+
+}
--- a/software/samba.nix
+++ b/software/samba.nix
@@ -0,0 +1,49 @@
+{config, pkgs, ...} : {
+  services = {
+    samba = {
+      enable = true;
+      package = pkgs.samba4Full;
+      openFirewall = true;
+
+      settings = {
+        global = {
+          "server smb encrypt" = "required";
+          "server min protocol" = "SMB3_00";
+          "workgroup" = "WORKGROUP";
+          "security" = "user";
+          "browseable" = "yes";
+        };
+
+        # "private-shatteredmint" = {
+        #   "path" = "/srv/shatteredmint";
+        #   "writable" = "yes";
+        #   "comment" = "private share for shatteredmint";
+        #   "browseable" = "yes";
+        # };
+        "homes" = {
+          "path" = "/srv/private/%S";
+          "valid users" = "%S";
+          "writable" = "yes";
+          "comment" = "homes share";
+          "browseable" = "no";
+          "create mask" = "0700";
+          "directory mask" = "0700";
+        };
+
+        "shared" = {
+          "path" = "/srv/shared";
+          "writable" = "yes";
+          "comment" = "homes share";
+          "browseable" = "yes";
+          "create mask" = "0700";
+          "directory mask" = "0700";
+          "force user" = "shatteredmint";
+        };
+      };
+    };
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}
--- a/users/shatteredmint.nix
+++ b/users/shatteredmint.nix
@@ -11,20 +11,23 @@
    openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT9u43WNMlu3gnu5z9Twt1vkdNdpf6REfEK/OT4qxjK shatteredmint"
    ];
+    uid = 1000;
  };

  
-  home-manager.users.shatteredmint = {
+  home-manager.users.shatteredmint = {config, ...}: {
    home.stateVersion = "24.11";

    home.username = "shatteredmint";
    home.homeDirectory = "/home/shatteredmint";

    programs.zsh = {
+
+      dotDir = "${config.xdg.configHome}/zsh";
      enable = true;
      autosuggestion = {
        enable = true;
-	highlight = "fg=white,bg=green,bold";
+	    highlight = "fg=white,bg=green,bold";
      };
      defaultKeymap = "viins";

@@ -63,23 +66,10 @@
      ];
    };

-    home.packages = with pkgs; [
-      thunderbird
-      firefox
-      lazygit
-      veracrypt
-      keepassxc
-      kdePackages.yakuake
-      cargo
-      zig
-      clang
-      nil
-      wl-clipboard
-      makemkv
-    ];

    home.sessionPath = [
      "$HOME/scripts"
    ];
+
  };
 }
Author	SHA1	Message	Date
ShatteredMINT	2644e7f843	fix rsync command	2026-03-19 23:09:02 +01:00
ShatteredMINT	4ba0830997	add backup cron job	2026-03-19 22:25:38 +01:00
ShatteredMINT	1b3257fbf2	disable visibility for homes	2026-03-19 22:05:36 +01:00
ShatteredMINT	7a484976f8	add share share to mounts	2026-03-19 22:00:51 +01:00
ShatteredMINT	e27b5206e7	add shared share	2026-03-19 21:40:24 +01:00
ShatteredMINT	103a5f3b2d	fix user permissions on smb mount	2026-03-19 21:29:54 +01:00
ShatteredMINT	4ff36b1000	update samba configuration	2026-03-19 20:36:56 +01:00
ShatteredMINT	ae5f6f1fc4	test samba configuration for nas	2026-03-19 20:10:29 +01:00
ShatteredMINT	abf0583f17	bring zsh config path up to date	2026-03-19 11:10:53 +01:00
ShatteredMINT	a546181bb5	remove deprecated xorg package	2026-03-19 11:00:02 +01:00
ShatteredMINT	26854fd54f	temporarily disable qemu-bridges due to weird issues	2026-03-19 10:54:48 +01:00
ShatteredMINT	9a1b33c125	manage flatpaks from nix	2026-03-19 10:21:39 +01:00
ShatteredMINT	5617e7f081	add kernel module for makemkv to conv	2026-03-18 20:53:05 +01:00
ShatteredMINT	03df47b6f5	fix fonts for flatpaks	2026-03-18 08:46:11 +01:00
ShatteredMINT	9de8e3133f	allow passwordless sudo on servers	2026-03-14 00:42:19 +01:00
ShatteredMINT	401d01c746	seperate out graphical apps	2026-03-13 16:48:14 +01:00
ShatteredMINT	3186073c18	copy device configuration for sd card	2026-03-13 16:38:13 +01:00
ShatteredMINT	6d3da6cba5	add binfmt wrapper for cross compilation	2026-03-13 16:08:47 +01:00