diff --git a/README.md b/README.md index d55fc62..b85fb0a 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,8 @@ https://nixos.org/manual/nixos/stable/ ### install sudo nixos-rebuild switch +sudo /etc/nixos/setup-smb-credentials.sh + ### cleanup sudo nix-collect-garbage -d ### optimize & cleanup diff --git a/config/common.nix b/config/common.nix index a878eb0..6567f1d 100644 --- a/config/common.nix +++ b/config/common.nix @@ -59,7 +59,6 @@ # Sound services.pulseaudio.enable = false; - security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; @@ -67,6 +66,8 @@ pulse.enable = true; }; + security.rtkit.enable = true; + # 32-bit Support für Steam hardware.graphics.enable32Bit = true; services.pulseaudio.support32Bit = true; diff --git a/config/configuration.nix b/config/configuration.nix index f82bb4f..41565eb 100644 --- a/config/configuration.nix +++ b/config/configuration.nix @@ -4,6 +4,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./common.nix + ./mounts.nix ./services.nix ./users/sebastian.nix # ./vm-guest.nix diff --git a/config/mounts.nix b/config/mounts.nix new file mode 100644 index 0000000..abeda84 --- /dev/null +++ b/config/mounts.nix @@ -0,0 +1,114 @@ +# /etc/nixos/mounts.nix +{ config, pkgs, ... }: + +{ + # Credentials-Datei als Template erstellen + environment.etc."nixos/setup-smb-credentials.sh" = { + text = '' + #!/bin/sh + CREDS_FILE="/etc/nixos/secrets/truenas2.local" + + if [ -f "$CREDS_FILE" ]; then + echo "Credentials file already exists: $CREDS_FILE" + exit 0 + fi + + echo "Creating SMB credentials file..." + mkdir -p /etc/nixos/secrets + + # Username aus Config oder abfragen + read -p "Enter SMB username: " username + read -sp "Enter SMB password: " password + echo + + cat > "$CREDS_FILE" << EOF + username=$username + password=$password + domain=WORKGROUP + EOF + + chmod 640 "$CREDS_FILE" + chown root:users "$CREDS_FILE" + + echo "Credentials file created: $CREDS_FILE" + ''; + mode = "0755"; + }; + + # Mount-Verzeichnisse erstellen + systemd.tmpfiles.rules = [ + "d /mnt/betrieb 0755 sebastian users - -" + "d /mnt/familie 0755 sebastian users - -" + "d /mnt/medien 0755 sebastian users - -" + "d /mnt/home 0755 sebastian users - -" + ]; + + # CIFS/SMB Mounts + fileSystems."/mnt/betrieb" = { + device = "//truenas2.local.fischer.im/Betrieb"; + fsType = "cifs"; + options = [ + "noauto" + "credentials=/etc/nixos/secrets/truenas2.local" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + "x-systemd.device-timeout=10" + "uid=sebastian" + "gid=users" + "file_mode=0644" + "dir_mode=0755" + "vers=3.0" + ]; + }; + + fileSystems."/mnt/familie" = { + device = "//truenas2.local.fischer.im/Familie"; + fsType = "cifs"; + options = [ + "noauto" + "credentials=/etc/nixos/secrets/truenas2.local" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + "x-systemd.device-timeout=10" + "uid=sebastian" + "gid=users" + "file_mode=0644" + "dir_mode=0755" + "vers=3.0" + ]; + }; + + fileSystems."/mnt/medien" = { + device = "//truenas2.local.fischer.im/Medien"; + fsType = "cifs"; + options = [ + "noauto" + "credentials=/etc/nixos/secrets/truenas2.local" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + "x-systemd.device-timeout=10" + "uid=sebastian" + "gid=users" + "file_mode=0644" + "dir_mode=0755" + "vers=3.0" + ]; + }; + + fileSystems."/mnt/home" = { + device = "//truenas2.local.fischer.im/sebastian"; + fsType = "cifs"; + options = [ + "noauto" + "credentials=/etc/nixos/secrets/truenas2.local" + "x-systemd.automount" + "x-systemd.idle-timeout=60" + "x-systemd.device-timeout=10" + "uid=sebastian" + "gid=users" + "file_mode=0644" + "dir_mode=0755" + "vers=3.0" + ]; + }; +}