yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Separate host-specific samba and disk health config

Browse source
This commit is contained in:
Yan Lin 2025-09-09 11:54:43 +02:00
parent 16cd2e5cbf
commit 617ab047a9
3 changed files with 182 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

132
modules/disk-health.nix
View file

@ -1,132 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Simplified disk health monitoring configuration
# Focus on smartd real-time monitoring + simple daily SMART reports
# Package requirements
environment.systemPackages = with pkgs; [
smartmontools
curl # For Gotify notifications
];
# Enhanced smartd configuration for real-time monitoring
services.smartd = {
enable = true;
autodetect = false; # We'll configure devices explicitly
# Global smartd options
extraOptions = [ "-A /var/log/smartd/" "-i 600" ];
# Device-specific monitoring configurations
devices = [
# ZFS Mirror drives (NVMe SSDs) - more frequent monitoring
{
device = "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431J4R";
options = "-d auto -a -o on -S on -s (S/../.././02|L/../../6/03) -m exec=/home/yanlin/.config/nix/scripts/disk-health-smartd-alert.sh";
}
{
device = "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431KEG";
options = "-d auto -a -o on -S on -s (S/../.././02|L/../../6/03) -m exec=/home/yanlin/.config/nix/scripts/disk-health-smartd-alert.sh";
}
# Data drives (12TB HDDs) - standard monitoring
{
device = "/dev/disk/by-id/ata-HGST_HUH721212ALE604_5PK2N4GB";
options = "-d auto -a -o on -S on -s (S/../.././02|L/../../7/03) -W 4,45,55 -m exec=/home/yanlin/.config/nix/scripts/disk-health-smartd-alert.sh";
}
{
device = "/dev/disk/by-id/ata-HGST_HUH721212ALE604_5PJ7Z3LE";
options = "-d auto -a -o on -S on -s (S/../.././02|L/../../7/03) -W 4,45,55 -m exec=/home/yanlin/.config/nix/scripts/disk-health-smartd-alert.sh";
}
# Parity drive (16TB HDD) - enhanced monitoring due to criticality
{
device = "/dev/disk/by-id/ata-ST16000NM000J-2TW103_WRS0F8BE";
options = "-d auto -a -o on -S on -s (S/../.././02|L/../../1/03) -W 2,45,55 -m exec=/home/yanlin/.config/nix/scripts/disk-health-smartd-alert.sh";
}
];
};
# Simple systemd service for daily SMART reports
systemd.services = {
# Daily SMART report service - simplified and reliable
daily-smart-report = {
description = "Daily SMART Health Report";
after = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash /home/yanlin/.config/nix/scripts/daily-smart-report.sh";
User = "root";
StandardOutput = "journal";
StandardError = "journal";
# Add timeout to prevent hanging
TimeoutStartSec = "300"; # 5 minutes max
# Set PATH to include system binaries for smartctl and curl
Environment = "PATH=/run/current-system/sw/bin";
# Allow access to block devices for SMART commands
DeviceAllow = [ "/dev/disk/by-id/* rw" "/dev/sd* rw" "/dev/nvme* rw" "char-* rw" "block-* rw" ];
DevicePolicy = "closed";
};
};
};
# Simple systemd timer for daily SMART reports
systemd.timers = {
# Daily SMART report at 8:00 AM
daily-smart-report = {
description = "Daily SMART Report Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "08:00:00";
Persistent = true;
RandomizedDelaySec = "5m";
};
};
};
# Ensure log directories exist with proper permissions
systemd.tmpfiles.rules = [
"d /var/log 0755 root root -"
"f /var/log/daily-smart-report.log 0644 root root -"
"f /var/log/smartd-alerts.log 0644 root root -"
"d /var/log/smartd 0755 root root -"
];
# Enable the timer
systemd.targets.timers.wants = [
"daily-smart-report.timer"
];
# Create a logrotate configuration for the logs
services.logrotate = {
enable = true;
settings = {
"/var/log/daily-smart-report.log" = {
frequency = "weekly";
rotate = 4;
compress = true;
delaycompress = true;
missingok = true;
notifempty = true;
create = "644 root root";
};
"/var/log/smartd-alerts.log" = {
frequency = "weekly";
rotate = 4;
compress = true;
delaycompress = true;
missingok = true;
notifempty = true;
create = "644 root root";
};
};
};
# Ensure scripts are executable and in the right location
system.activationScripts.disk-health-scripts = ''
chmod +x /home/yanlin/.config/nix/scripts/gotify-notify.sh
chmod +x /home/yanlin/.config/nix/scripts/disk-health-smartd-alert.sh
chmod +x /home/yanlin/.config/nix/scripts/daily-smart-report.sh
'';
}

215
modules/samba.nix
View file

@ -1,63 +1,164 @@
{ config, pkgs, lib, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.samba-custom;
in
{
# Enable Samba service
services.samba = {
enable = true;
# Enable SMB protocol versions
package = pkgs.samba4Full;
# Modern Samba configuration using settings
settings = {
global = {
# Server identification
workgroup = "WORKGROUP";
"server string" = "hs NAS Server";
# Security settings
security = "user";
"map to guest" = "never";
# Performance optimizations
"socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288";
deadtime = "30";
"use sendfile" = "yes";
# Logging
"log file" = "/var/log/samba/log.%m";
"max log size" = "1000";
"log level" = "0";
# Disable printer sharing
"load printers" = "no";
printing = "bsd";
"printcap name" = "/dev/null";
"disable spoolss" = "yes";
};
# Define shares
Media = {
path = "/mnt/storage/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "yanlin";
"force group" = "users";
"valid users" = "yanlin";
comment = "Media Storage";
};
options.services.samba-custom = {
enable = mkEnableOption "Samba file sharing service";
workgroup = mkOption {
type = types.str;
default = "WORKGROUP";
description = "SMB workgroup name";
};
serverString = mkOption {
type = types.str;
default = "NixOS Samba Server";
description = "Server description string";
};
shares = mkOption {
type = types.attrsOf (types.submodule {
options = {
path = mkOption {
type = types.str;
description = "Path to the shared directory";
};
comment = mkOption {
type = types.str;
default = "";
description = "Share description comment";
};
browseable = mkOption {
type = types.bool;
default = true;
description = "Whether share is browseable";
};
readOnly = mkOption {
type = types.bool;
default = false;
description = "Whether share is read-only";
};
guestOk = mkOption {
type = types.bool;
default = false;
description = "Allow guest access";
};
createMask = mkOption {
type = types.str;
default = "0644";
description = "File creation mask";
};
directoryMask = mkOption {
type = types.str;
default = "0755";
description = "Directory creation mask";
};
forceUser = mkOption {
type = types.nullOr types.str;
default = null;
description = "Force files to be owned by this user";
};
forceGroup = mkOption {
type = types.nullOr types.str;
default = null;
description = "Force files to be owned by this group";
};
validUsers = mkOption {
type = types.listOf types.str;
default = [];
description = "List of valid users for this share";
};
};
});
default = {};
description = "Samba share definitions";
};
enableWSDD = mkOption {
type = types.bool;
default = true;
description = "Enable Web Service Discovery (WSD) for SMB discovery";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open firewall ports for Samba";
};
};
# Enable SMB discovery
services.samba-wsdd = {
enable = true;
openFirewall = false; # Keep firewall closed as requested
config = mkIf cfg.enable {
# Enable Samba service
services.samba = {
enable = true;
# Enable SMB protocol versions
package = pkgs.samba4Full;
# Modern Samba configuration using settings
settings = {
global = {
# Server identification
workgroup = cfg.workgroup;
"server string" = cfg.serverString;
# Security settings
security = "user";
"map to guest" = "never";
# Performance optimizations
"socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288";
deadtime = "30";
"use sendfile" = "yes";
# Logging
"log file" = "/var/log/samba/log.%m";
"max log size" = "1000";
"log level" = "0";
# Disable printer sharing
"load printers" = "no";
printing = "bsd";
"printcap name" = "/dev/null";
"disable spoolss" = "yes";
};
# Generate share configurations
} // (mapAttrs (name: share: {
path = share.path;
browseable = if share.browseable then "yes" else "no";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"valid users" = concatStringsSep " " share.validUsers;
comment = share.comment;
} // (optionalAttrs (share.forceUser != null) {
"force user" = share.forceUser;
}) // (optionalAttrs (share.forceGroup != null) {
"force group" = share.forceGroup;
})) cfg.shares);
};
# Enable SMB discovery
services.samba-wsdd = mkIf cfg.enableWSDD {
enable = true;
openFirewall = cfg.openFirewall;
};
};
# Configure SMB users - requires manual setup after deployment
# Run: sudo smbpasswd -a yanlin
}