Rebase to flake parts #10

2026-05-15 00:24:13 -03:00
parent f02606902c
commit fba5a7a2aa
24 changed files with 565 additions and 83 deletions
@@ -0,0 +1,37 @@
+{ config, ... }:
+{
+  # cockpit-file-sharing expects a live Samba stack: /etc/samba/smb.conf, smbd, and
+  # `include = registry` in [global] for net registry share management.
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    winbindd.enable = false;
+    settings.global = {
+      workgroup = "WORKGROUP";
+      "server string" = config.networking.hostName;
+      include = "registry";
+    };
+  };
+
+  services.nfs.server = {
+    enable = true;
+    mountdPort = 4000;
+    lockdPort = 4001;
+    statdPort = 4002;
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    111
+    2049
+    4000
+    4001
+    4002
+  ];
+  networking.firewall.allowedUDPPorts = [
+    111
+    2049
+    4000
+    4001
+    4002
+  ];
+}
@@ -0,0 +1,60 @@
+{
+  acl,
+  bash,
+  coreutils,
+  dpkg,
+  fetchurl,
+  findutils,
+  hostname,
+  iproute2,
+  jq,
+  lib,
+  nfs-utils,
+  python3Packages,
+  samba,
+  stdenv,
+  systemd,
+}:
+
+stdenv.mkDerivation {
+  pname = "cockpit-file-sharing";
+  version = "4.5.6-1";
+
+  src = fetchurl {
+    url = "https://github.com/45Drives/cockpit-file-sharing/releases/download/v4.5.6-1/cockpit-file-sharing_4.5.6-1jammy_all.deb";
+    hash = "sha256-ViTdhiCmqwuBvAfzT8hr2kqZqyWkV9OZ9FEPD10ajF8=";
+  };
+
+  nativeBuildInputs = [ dpkg ];
+
+  unpackPhase = "dpkg-deb -x $src source";
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/share/cockpit
+    cp -r source/usr/share/cockpit/file-sharing $out/share/cockpit/
+    runHook postInstall
+  '';
+
+  passthru.cockpitPath = [
+    acl
+    bash
+    coreutils
+    findutils
+    hostname
+    iproute2
+    jq
+    nfs-utils
+    python3Packages.botocore
+    samba
+    systemd
+  ];
+
+  meta = {
+    description = "Cockpit plugin to manage Samba and NFS file sharing (45Drives)";
+    homepage = "https://github.com/45Drives/cockpit-file-sharing";
+    license = lib.licenses.gpl3Plus;
+    platforms = lib.platforms.linux;
+    sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
+  };
+}
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+let
+  cockpitFileSharing = pkgs.callPackage ./cockpit-file-sharing/package.nix { };
+in
+{
+  imports = [ ./cockpit-file-sharing-services.nix ];
+
+  services.cockpit = {
+    enable = true;
+    openFirewall = true;
+    allowed-origins = [
+      "https://${config.networking.hostName}:${toString config.services.cockpit.port}"
+      "https://192.168.2.60:${toString config.services.cockpit.port}"
+    ];
+    plugins = with pkgs; [
+      cockpit-files
+      cockpit-machines
+      cockpit-podman
+      cockpitFileSharing
+    ];
+  };
+}
@@ -0,0 +1,35 @@
+# Pi 5 / CM5 onboard Wi-Fi (brcmfmac). Without a regulatory domain the driver scans
+# disallowed channels and spams: brcmf_set_channel: set chanspec … fail, reason -52
+# (open raspberrypi/linux#6049). Wi-Fi often still works; logs and scans are noisy.
+{ pkgs, ... }:
+let
+  wifiCountry = "CA"; # change if you are not in Canada
+in
+{
+  boot.kernelParams = [
+    "cfg80211.ieee80211_regdom=${wifiCountry}"
+  ];
+
+  # Firmware country code (config.txt) — picked up before userspace regdom.
+  hardware.raspberry-pi.extra-config = ''
+    country=${wifiCountry}
+  '';
+
+  # Apply regdom before NetworkManager starts scanning.
+  systemd.services.wifi-regulatory-domain = {
+    description = "Set Wi-Fi regulatory domain for brcmfmac";
+    wantedBy = [ "multi-user.target" ];
+    before = [ "NetworkManager.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      ${pkgs.iw}/bin/iw reg set ${wifiCountry}
+    '';
+  };
+
+  networking.networkmanager.wifi.powersave = false;
+  networking.networkmanager.wifi.scanRandMacAddress = false;
+  networking.networkmanager.connectionConfig."wifi.bgscan" = "0";
+}
@@ -29,7 +29,9 @@

        self.nixosModules."client-services"
        ./_private/platform.nix
+        ./_private/wifi-brcmfmac.nix
        ./_private/services.nix
+        ./_private/cockpit.nix
        ./_private/activation.nix
        ./_private/4g/default.nix
      ];