diff --git a/flake.lock b/flake.lock index 53bf642..74bba3f 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -30,11 +30,11 @@ ] }, "locked": { - "lastModified": 1699064794, - "narHash": "sha256-deAjEXut+1RAHlNbSBxcL6K/NJ2jrvxDTd0IqY/KtZ4=", + "lastModified": 1731106059, + "narHash": "sha256-GlQIRbFNzkGXkrIyW8qCgGQjE974zuWJcXST9HQ40/s=", "owner": "vikanezrimaya", "repo": "bootspec-secureboot", - "rev": "bf4a70ed69b8ba7675d5ca5c8436f2f724e40205", + "rev": "f9136ae18ec947d897db21c10885e072e85b900f", "type": "github" }, "original": { @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1724895876, - "narHash": "sha256-GSqAwa00+vRuHbq9O/yRv7Ov7W/pcMLis3HmeHv8a+Q=", + "lastModified": 1731274291, + "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", "owner": "nix-community", "repo": "disko", - "rev": "511388d837178979de66d14ca4a2ebd5f7991cd3", + "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1710062421, - "narHash": "sha256-FiCNRfyUgJOLYIokLiFsfI7B+Zn9HDnOzFR3uVr5qsQ=", + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "owner": "nix-community", "repo": "home-manager", - "rev": "36f873dfc8e2b6b89936ff3e2b74803d50447e0a", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1709771483, - "narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=", + "lastModified": 1731454423, + "narHash": "sha256-TtwvgFxUa0wyptLhQbKaixgNW1UXf3+TDqfX3Kp63oM=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6", + "rev": "6c71c49e2448e51ad830ed211024e6d0edc50116", "type": "github" }, "original": { @@ -190,11 +190,11 @@ ] }, "locked": { - "lastModified": 1713668931, - "narHash": "sha256-rVlwWQlgFGGK3aPVcKmtYqWgjYnPah5FOIsYAqrMN2w=", + "lastModified": 1731209121, + "narHash": "sha256-BF7FBh1hIYPDihdUlImHGsQzaJZVLLfYqfDx41wjuF0=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "07ece11b22217b8459df589f858e92212b74f1a1", + "rev": "896019f04b22ce5db4c0ee4f89978694f44345c3", "type": "github" }, "original": { @@ -205,11 +205,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709961763, - "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -221,11 +221,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1710420202, - "narHash": "sha256-MvFKESbq4rUWuaf2RKPNYENaSZEw/jaCLo2gU6oREcM=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "878ef7d9721bee9f81f8a80819f9211ad1f993da", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -314,11 +314,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1713958148, - "narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=", + "lastModified": 1729422940, + "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=", "owner": "nix-community", "repo": "nixos-vscode-server", - "rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc", + "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f", "type": "github" }, "original": { diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix index c1a4d1b..922a012 100755 --- a/hosts/koi/configuration.nix +++ b/hosts/koi/configuration.nix @@ -101,6 +101,7 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.kernelParams = [ "efi_pstore.pstore_disable=0" ]; + boot.kernelPackages = pkgs.linuxPackages_latest; services.desu-deploy = { enable = true; diff --git a/hosts/koi/containers/sftpgo/samba.nix b/hosts/koi/containers/sftpgo/samba.nix index 615243c..8629743 100644 --- a/hosts/koi/containers/sftpgo/samba.nix +++ b/hosts/koi/containers/sftpgo/samba.nix @@ -46,57 +46,54 @@ in ''; }; - services.samba = { + services.samba = let + common = { + browseable = "yes"; + "read only" = "yes"; + "guest ok" = "yes"; + }; + in { enable = true; openFirewall = true; - securityType = "user"; - extraConfig = '' - workgroup = WORKGROUP - server string = puffer - netbios name = puffer - security = user - guest account = smb-guest - map to guest = bad user - hosts allow = 10.0.0.0/8 - hosts deny = 0.0.0.0/0 - inherit permissions = yes + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "puffer"; + "netbios name" = "puffer"; + "security" = "user"; + "guest account" = "smb-guest"; + "map to guest" = "bad user"; + "hosts allow" = "10.0.0.0/8"; + "hosts deny" = "0.0.0.0/0"; + "inherit permissions" = "yes"; - # Performance - socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 - read raw = yes - write raw = yes - server signing = no - strict locking = no - min receivefile size = 16384 - use sendfile = Yes - aio read size = 16384 - aio write size = 16384 + # Performance + "socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072"; + "read raw" = "yes"; + "write raw" = "yes"; + "server signing" = "no"; + "strict locking" = "no"; + "min receivefile size" = "16384"; + "use sendfile" = "Yes"; + "aio read size" = "16384"; + "aio write size" = "16384"; - # Fruit global config - fruit:aapl = yes - fruit:nfs_aces = no - fruit:copyfile = no - fruit:model = MacSamba - ''; - - shares = - let - common = { - browseable = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - }; - in - { - Downloads = common // { - path = "/mnt/puffer/Downloads"; - }; - - Public = common // { - path = "/mnt/puffer/Public"; - }; + # Fruit global config + "fruit:aapl" = "yes"; + "fruit:nfs_aces" = "no"; + "fruit:copyfile" = "no"; + "fruit:model" = "MacSamba"; }; + + Downloads = common // { + path = "/mnt/puffer/Downloads"; + }; + + Public = common // { + path = "/mnt/puffer/Public"; + }; + }; }; }; diff --git a/hosts/koi/services/coredns.nix b/hosts/koi/services/coredns.nix index 4339b30..4a3b090 100644 --- a/hosts/koi/services/coredns.nix +++ b/hosts/koi/services/coredns.nix @@ -57,6 +57,12 @@ in } docker:53 { + header { + response set ra # https://github.com/coredns/coredns/issues/3690#issuecomment-1573865953 + } + template ANY AAAA { + rcode NOERROR + } import local_only docker { domain docker