diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix
index 8fb75e9..f0231c3 100644
--- a/enviroments/common/default.nix
+++ b/enviroments/common/default.nix
@@ -5,6 +5,7 @@
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.trusted-users = [ "leyla" ];
# Enable networking
networking.networkmanager.enable = true;
diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index b705068..1608e4a 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -11,10 +11,6 @@
../../enviroments/server
];
- # home.sessionVariables = {
- # SOPS_AGE_KEY_FILE = "${config.home.homeDirectory}/.config/sops-nix/key.txt";
- # };
-
users.leyla.isThinUser = true;
boot.loader.grub = {
@@ -22,14 +18,11 @@
zfsSupport = true;
efiSupport = true;
efiInstallAsRemovable = true;
- # devices = [ "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0-part2" ];
- # mirroredBoots = [
- # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB-part1" ]; path = "/boot1"; efiSysMountPoint = "/boot"; }
- # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC-part1" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; }
- # { devices = [ "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH-part1" ]; path = "/boot3"; efiSysMountPoint = "/boot3"; }
- # ];
};
+ virtualisation.docker.enable = true;
+ users.extraGroups.docker.members = [ "leyla" ];
+
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.extraPools = [ "zroot" ];
@@ -72,6 +65,41 @@
};
};
+ fileSystems."/srv/nfs4/docker" = {
+ device = "/home/docker";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/srv/nfs4/users" = {
+ device = "/home/users";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/srv/nfs4/leyla" = {
+ device = "/home/leyla";
+ options = [ "bind" ];
+ };
+
+ fileSystems."/srv/nfs4/eve" = {
+ device = "/home/eve";
+ options = [ "bind" ];
+ };
+
+ services.nfs.server.enable = true;
+ services.nfs.server.exports = ''
+ /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check)
+
+ /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide)
+ /srv/nfs4/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+ /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+
+ # /export 192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check)
+ # /export/kotomi 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
+ # /export/mafuyu 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
+ # /export/sen 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
+ # /export/tomoyo 192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
+ '';
+
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix
index 9eae057..230a83e 100644
--- a/hosts/horizon/configuration.nix
+++ b/hosts/horizon/configuration.nix
@@ -23,6 +23,7 @@
setSocketVariable = true;
};
};
+ users.extraGroups.docker.members = [ "leyla" ];
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
diff --git a/users/leyla/default.nix b/users/leyla/default.nix
index 5e39f80..d0a9a96 100644
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@@ -37,7 +37,7 @@ in
if (cfg.isFullUser || cfg.isThinUser) then {
isNormalUser = true;
extraGroups = lib.mkMerge [
- ["networkmanager" "wheel" "docker" "users"]
+ ["networkmanager" "wheel" "users"]
(
lib.mkIf (!cfg.isThinUser) [ "adbusers" ]
)