attempt to use pkgs for unfree predicate

still not working

docs/restore-calibre.md

@@ -0,0 +1,23 @@
+# Restoring Calibre From Backup
+
+The `metadata.db` holds the library and `app.db` and `gdrive.db` contain the
+web/account information.
+
+Place books directories in `/data/books/`.
+
+Place `metadata.db` in `/var/lib/calibre-web-db/`.
+
+Symlink `metadata.db` to the library:
+
+```
+sudo ln -s /var/lib/calibre-web-db/metadata.db /data/books/metadata.db
+```
+
+Place `app.db` and `gdrive.db` in `/var/lib/calibre-web/`.
+
+Restart Calibre:
+
+```
+sudo systemctl restart calibre-web.service
+```
+

docs/restore-nextcloud.md

@@ -0,0 +1,43 @@
+# Restoring Nextcloud From Backup
+
+Install the `litestream` package.
+
+```
+nix-shell --run fish -p litestream
+```
+
+Set the S3 credentials:
+
+```
+set -x AWS_ACCESS_KEY_ID (read)
+set -x AWS_SECRET_ACCESS_KEY (read)
+```
+
+Restore from S3:
+
+```
+litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
+```
+
+Install Nextcloud. Then copy DB:
+
+```
+sudo rm /data/nextcloud/data/nextcloud.db*
+sudo mv nextcloud.db /data/nextcloud/data/
+sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
+sudo chmod 770 /data/nextcloud/data/nextcloud.db
+```
+
+Restart Nextcloud:
+
+```
+sudo systemctl restart phpfpm-nextcloud.service
+```
+
+Adjust Permissions and Directories:
+
+```
+sudo mkdir /data/nextcloud/data/noah/files
+sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
+```
+

flake.lock

@@ -94,11 +94,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1675471726,
-        "narHash": "sha256-526iHwidfdtZZ7aAU9od1/zbyfSFBEailBTet+Gvfqg=",
+        "lastModified": 1676854489,
+        "narHash": "sha256-hWmx3JFLNPGMtflyjgEn5GZydbLW3msjXvarS1NsBDM=",
         "owner": "bandithedoge",
         "repo": "nixpkgs-firefox-darwin",
-        "rev": "813d55a3e3b3c0423eb5d1fcb4bf82197c9f7796",
+        "rev": "6a5cca0ea8dfab4718e1e43e243c80ba110c2364",
         "type": "github"
       },
       "original": {
@@ -176,11 +176,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1675935446,
-        "narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=",
+        "lastModified": 1678271387,
+        "narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2dce7f1a55e785a22d61668516df62899278c9e4",
+        "rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
         "type": "github"
       },
       "original": {
@@ -301,11 +301,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1676973346,
-        "narHash": "sha256-rft8oGMocTAhUVqG3LW6I8K/Fo9ICGmNjRqaWTJwav0=",
+        "lastModified": 1676885936,
+        "narHash": "sha256-ZRKb6zBfTvdCOXI7nGC1L9UWSU5ay2ltxg+f5UIzBOU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d0d55259081f0b97c828f38559cad899d351cad1",
+        "rev": "b69883faca9542d135fa6bab7928ff1b233c167f",
         "type": "github"
       },
       "original": {
@@ -510,11 +510,11 @@
     },
     "utils": {
       "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "lastModified": 1676283394,
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
         "type": "github"
       },
       "original": {

hosts/lookingglass/default.nix

@@ -44,6 +44,7 @@ darwin.lib.darwinSystem {
       lua.enable = true;
       kubernetes.enable = true;
       _1password.enable = true;
+      slack.enable = true;
     }
   ];
 }

hosts/swan/default.nix

@@ -40,6 +40,8 @@ nixpkgs.lib.nixosSystem {
       neovim.enable = true;
       caddy.enable = true;
       streamServer = "stream.masu.rs";
+      nextcloudServer = "cloud.masu.rs";
+      bookServer = "books.masu.rs";
       samba.enable = true;
 
       backup.s3 = {

hosts/tempest/default.nix

@@ -49,6 +49,7 @@ nixpkgs.lib.nixosSystem {
       # mullvad.enable = true;
       nixlang.enable = true;
       dotfiles.enable = true;
+      yt-dlp.enable = true;
 
       gaming = {
         enable = true;

modules/common/applications/1password.nix

@@ -11,7 +11,7 @@
 
   config = lib.mkIf
     (config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
-      unfreePackages = [ "1password" "_1password-gui" ];
+      unfreePackages = with pkgs; [ _1password _1password-gui ];
       home-manager.users.${config.user} = {
         home.packages = with pkgs; [ _1password-gui ];
       };

modules/common/applications/default.nix

@@ -7,9 +7,11 @@
     ./firefox.nix
     ./kitty.nix
     ./media.nix
+    ./nautilus.nix
     ./obsidian.nix
     ./qbittorrent.nix
-    ./nautilus.nix
+    ./slack.nix
+    ./yt-dlp.nix
   ];
 
 }

modules/common/applications/discord.nix

@@ -10,7 +10,7 @@
   };
 
   config = lib.mkIf (config.gui.enable && config.discord.enable) {
-    unfreePackages = [ "discord" ];
+    unfreePackages = [ pkgs.discord ];
     home-manager.users.${config.user} = {
       home.packages = with pkgs; [ discord ];
       xdg.configFile."discord/settings.json".text = ''

modules/common/applications/firefox.nix

@@ -13,9 +13,9 @@
 
   config = lib.mkIf (config.gui.enable && config.firefox.enable) {
 
-    unfreePackages = [
-      (lib.mkIf config._1password.enable "onepassword-password-manager")
-      "okta-browser-plugin"
+    unfreePackages = with pkgs.nur.repos.rycee.firefox-addons; [
+      (lib.mkIf config._1password.enable onepassword-password-manager)
+      okta-browser-plugin
     ];
 
     home-manager.users.${config.user} = {

modules/common/applications/media.nix

@@ -19,9 +19,17 @@
       ];
 
       # Set default for opening PDFs
-      xdg.mimeApps.defaultApplications."application/pdf" =
-        [ "zathura.desktop" ];
-      xdg.mimeApps.defaultApplications."image/*" = [ "sxiv.desktop" ];
+      xdg.mimeApps = {
+        associations.added = {
+          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
+          "image/*" = [ "sxiv.desktop" ];
+        };
+        associations.removed = { "application/pdf" = [ "mupdf.desktop" ]; };
+        defaultApplications = {
+          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
+          "image/*" = [ "sxiv.desktop" ];
+        };
+      };
 
     };
 

modules/common/applications/nautilus.nix

@@ -29,9 +29,6 @@
       };
     };
 
-    # Allow browsing Samba shares
-    services.gvfs.enable = true;
-
   };
 
 }

modules/common/applications/obsidian.nix

@@ -10,7 +10,7 @@
   };
 
   config = lib.mkIf (config.gui.enable && config.obsidian.enable) {
-    unfreePackages = [ "obsidian" ];
+    unfreePackages = [ pkgs.obsidian ];
     home-manager.users.${config.user} = {
       home.packages = with pkgs; [ obsidian ];
     };

modules/common/applications/slack.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }: {
+
+  options = {
+    slack = {
+      enable = lib.mkEnableOption {
+        description = "Enable Slack.";
+        default = false;
+      };
+    };
+  };
+
+  config = lib.mkIf (config.gui.enable && config.slack.enable) {
+    unfreePackages = [ pkgs.slack ];
+    home-manager.users.${config.user} = {
+      home.packages = with pkgs; [ slack ];
+    };
+  };
+
+}

modules/common/applications/yt-dlp.nix

@@ -0,0 +1,35 @@
+{ config, pkgs, lib, ... }: {
+
+  options = {
+    yt-dlp = {
+      enable = lib.mkEnableOption {
+        description = "Enable YouTube downloader.";
+        default = false;
+      };
+    };
+  };
+
+  config = lib.mkIf (config.yt-dlp.enable) {
+    home-manager.users.${config.user} = {
+      programs.yt-dlp = {
+        enable = true;
+        extraConfig = "";
+        settings = {
+          no-continue = true; # Always re-download each fragment
+          no-overwrites = true; # Don't overwrite existing files
+          download-archive = "archive.log"; # Log of archives
+          embed-metadata = true;
+          embed-thumbnail = true;
+          embed-subs = true;
+          sub-langs = "en.*";
+          concurrent-fragments = 4; # Parallel download chunks
+        };
+      };
+
+      programs.fish.shellAbbrs.yt = "yt-dlp";
+
+    };
+
+  };
+
+}

modules/common/default.nix

@@ -68,7 +68,7 @@
       description = "Link to dotfiles repository.";
     };
     unfreePackages = lib.mkOption {
-      type = lib.types.listOf lib.types.str;
+      type = lib.types.listOf lib.types.package;
       description = "List of unfree packages to allow.";
       default = [ ];
     };
@@ -77,12 +77,30 @@
   config = let stateVersion = "23.05";
   in {
 
+    nix = {
+
       # Enable features in Nix commands
-    nix.extraOptions = ''
+      extraOptions = ''
         experimental-features = nix-command flakes
         warn-dirty = false
       '';
 
+      settings = {
+
+        # Add community Cachix to binary cache
+        substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
+          [ "https://nix-community.cachix.org" ];
+        trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
+          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        ];
+
+        # Scans and hard links identical files in the store
+        auto-optimise-store = true;
+
+      };
+
+    };
+
     # Basic common system packages for all devices
     environment.systemPackages = with pkgs; [ git vim wget curl ];
 
@@ -95,8 +113,10 @@
 
     # Allow specified unfree packages (identified elsewhere)
     # Retrieves package object based on string name
+    # Idea: https://discourse.nixos.org/t/how-to-use-packages-directly-in-allowunfreepredicate/22455/6
     nixpkgs.config.allowUnfreePredicate = pkg:
-      builtins.elem (lib.getName pkg) config.unfreePackages;
+      builtins.elem (pkg.name or (builtins.parseDrvName pkg.pname).name)
+      (map lib.getName config.unfreePackages);
 
     # Pin a state version to prevent warnings
     home-manager.users.${config.user}.home.stateVersion = stateVersion;

modules/common/mail/default.nix

@@ -67,7 +67,7 @@
             notmuch.enable = false;
             passwordCommand =
               "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
-                builtins.toString ../../private/mailpass.age
+                builtins.toString ../../../private/mailpass.age
               }";
             smtp = {
               host = "smtp.purelymail.com";

modules/common/neovim/config/align.nix

@@ -0,0 +1,9 @@
+{ pkgs, ... }: {
+  plugins = [ pkgs.vimPlugins.tabular ];
+  lua = ''
+    -- Align
+    vim.keymap.set("", "<Leader>ta", ":Tabularize /")
+    vim.keymap.set("", "<Leader>t#", ":Tabularize /#<CR>")
+    vim.keymap.set("", "<Leader>tl", ":Tabularize /---<CR>")
+  '';
+}

modules/common/neovim/default.nix

@@ -34,6 +34,14 @@ in {
         programs.kitty.settings.scrollback_pager = lib.mkForce ''
           ${neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
 
+        xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
+          name = "Neovim wrapper";
+          exec = "kitty nvim %F";
+        };
+        xdg.mimeApps = lib.mkIf pkgs.stdenv.isLinux {
+          defaultApplications."text/markdown" = [ "nvim.desktop" ];
+        };
+
       };
 
     # # Used for icons in Vim

modules/common/neovim/package/default.nix

@@ -31,6 +31,7 @@
 pkgs.neovimBuilder {
   package = pkgs.neovim-unwrapped;
   imports = [
+    ../config/align.nix
     ../config/bufferline.nix
     ../config/completion.nix
     ../config/gitsigns.nix

modules/common/shell/direnv.nix

@@ -6,4 +6,10 @@
     config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
   };
 
+  # Prevent garbage collection
+  nix.extraOptions = ''
+    keep-outputs = true
+    keep-derivations = true
+  '';
+
 }

modules/common/shell/fish/default.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, lib, ... }: {
 
   users.users.${config.user}.shell = pkgs.fish;
   programs.fish.enable =
@@ -11,7 +11,10 @@
 
     programs.fish = {
       enable = true;
-      shellAliases = { ls = "exa"; };
+      shellAliases = {
+        ls = "exa";
+        trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put";
+      };
       functions = {
         commandline-git-commits = {
           description = "Insert commit into commandline";
@@ -90,6 +93,7 @@
         sc = "systemctl";
         scs = "systemctl status";
         m = "make";
+        t = "trash";
 
         # Vim (overwritten by Neovim)
         v = "vim";

modules/common/shell/utilities.nix

@@ -17,20 +17,6 @@ in {
 
     home-manager.users.${config.user} = {
 
-      # Fix: age won't build
-      nixpkgs.overlays = [
-        (_final: prev: {
-          age = prev.age.overrideAttrs (_old: {
-            src = prev.fetchFromGitHub {
-              owner = "FiloSottile";
-              repo = "age";
-              rev = "7354aa0d08a06eac42c635670a55f858bd23c943";
-              sha256 = "H80mNTgZmExDMgubONIXP7jmLBvNMVqXee6NiZJhPFY=";
-            };
-          });
-        })
-      ];
-
       home.packages = with pkgs; [
         unzip # Extract zips
         rsync # Copy folders

modules/darwin/hammerspoon.nix

@@ -16,6 +16,7 @@
           firefox = "${pkgs.firefox-bin}/Applications/Firefox.app";
           discord = "${pkgs.discord}/Applications/Discord.app";
           kitty = "${pkgs.kitty}/Applications/kitty.app";
+          slack = "${pkgs.slack}/Applications/Slack.app";
         };
       xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source =
         ./hammerspoon/Spoons/MoveWindow.spoon;

modules/darwin/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications.applescript

@@ -0,0 +1,21 @@
+# Credit: https://github.com/Ptujec/LaunchBar/blob/f7b5a0dba9919c2fec879513f68a044f78748539/Notifications/Dismiss%20all%20notifications.lbaction/Contents/Scripts/default.applescript
+
+tell application "System Events"
+	try
+		set _groups to groups of UI element 1 of scroll area 1 of group 1 of window "Notification Center" of application process "NotificationCenter"
+		
+		repeat with _group in _groups
+			
+			set _actions to actions of _group
+			
+			repeat with _action in _actions
+				if description of _action is in {"Schlie§en", "Alle entfernen", "Close", "Clear All"} then
+					perform _action
+					
+				end if
+			end repeat
+			
+		end repeat
+		
+	end try
+end tell

modules/darwin/hammerspoon/Spoons/DismissAlerts.spoon/init.lua

@@ -10,7 +10,7 @@ obj.license = "MIT - https://opensource.org/licenses/MIT"
 
 function obj:init()
     hs.hotkey.bind({ "cmd", "alt", "ctrl" }, "k", function()
-        hs.osascript.javascriptFromFile("Spoons/DismissAlerts.spoon/close_notifications_applescript.js")
+        hs.osascript.applescriptFromFile("Spoons/DismissAlerts.spoon/close_notifications.applescript")
     end)
 end
 

modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua

@@ -8,44 +8,44 @@ obj.name = "Launcher"
 obj.version = "0.1"
 obj.license = "MIT - https://opensource.org/licenses/MIT"
 
-function DrawSwitcher()
-    -- Drawing
-    local width = hs.screen.mainScreen():fullFrame().w
-    local switcherWidth = 500
-    local canv = hs.canvas.new({
+local width = hs.screen.mainScreen():fullFrame().w
+local switcherWidth = 500
+obj.canvas = hs.canvas.new({
     x = width / 2 - switcherWidth / 2,
     y = 1,
     h = 3,
     w = switcherWidth,
-    })
-    canv[#canv + 1] = {
+})
+-- Draw switcher
+obj.canvas[#obj.canvas + 1] = {
     action = "build",
     type = "rectangle",
-    }
-    canv[#canv + 1] = {
+}
+obj.canvas[#obj.canvas + 1] = {
     type = "rectangle",
     fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
     action = "fill",
-    }
-    return canv:show()
-end
+}
 
 function obj:init()
     -- Begin launcher mode
     if self.launcher == nil then
         self.launcher = hs.hotkey.modal.new("ctrl", "space")
+
+        print(self.canvas)
+        print(obj.canvas)
     end
 
     -- Behaviors on enter
     function self.launcher:entered()
         -- hs.alert("Entered mode")
-        self.canv = DrawSwitcher()
+        obj.canvas:show()
     end
 
     -- Behaviors on exit
     function self.launcher:exited()
         -- hs.alert("Exited mode")
-        self.canv:hide()
+        obj.canvas:hide()
     end
 
     -- Use escape to exit launcher mode
@@ -54,7 +54,8 @@ function obj:init()
     end)
 
     -- Launcher shortcuts
-    self.launcher:bind("ctrl", "space", function() end)
+    self.launcher:bind("ctrl", "space", function()
+    end)
     self.launcher:bind("", "return", function()
         self:switch("@kitty@")
     end)
@@ -92,7 +93,7 @@ function obj:init()
         hs.reload()
     end)
     self.launcher:bind("", "S", function()
-        self:switch("Slack.app")
+        self:switch("@slack@")
     end)
     self.launcher:bind("", "Z", function()
         self:switch("zoom.us.app")

modules/darwin/homebrew.nix

@@ -45,12 +45,6 @@
       ];
     };
 
-    home-manager.users.${config.user} = {
-
-      programs.fish.shellAbbrs.t = "trash";
-
-    };
-
   };
 
 }

modules/darwin/system.nix

@@ -166,7 +166,7 @@
         echo "Choose and order dock icons"
         defaults write com.apple.dock persistent-apps -array \
             "$(__dock_item /Applications/1Password.app)" \
-            "$(__dock_item /Applications/Slack.app)" \
+            "$(__dock_item ${pkgs.slack}/Applications/Slack.app)" \
             "$(__dock_item /System/Applications/Calendar.app)" \
             "$(__dock_item ${pkgs.firefox-bin}/Applications/Firefox.app)" \
             "$(__dock_item /System/Applications/Messages.app)" \

modules/nixos/gaming/minecraft-server.nix

@@ -14,7 +14,7 @@ in {
 
   config = lib.mkIf config.gaming.minecraft-server.enable {
 
-    unfreePackages = [ "minecraft-server" ];
+    unfreePackages = [ pkgs.minecraft-server ];
 
     services.minecraft-server = {
       enable = true;

modules/nixos/gaming/steam.nix

@@ -4,16 +4,21 @@
 
   config = lib.mkIf (config.gaming.steam.enable && pkgs.stdenv.isLinux) {
     hardware.steam-hardware.enable = true;
-    unfreePackages = [ "steam" "steam-original" "steamcmd" "steam-run" ];
-    environment.systemPackages = with pkgs; [
+    unfreePackages = with pkgs; [ steam steamcmd steam-run ];
 
-      steam
+    programs.steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+    };
+
+    environment.systemPackages = with pkgs; [
 
       # Enable terminal interaction
       steamPackages.steamcmd
       steam-tui
 
     ];
+
   };
 
 }

modules/nixos/hardware/boot.nix

@@ -13,6 +13,9 @@
       # Attempt to display GRUB on widescreen monitor
       gfxmodeEfi = "1920x1080";
 
+      # Limit the total number of configurations to rollback
+      configurationLimit = 25;
+
       # Install GRUB onto the boot disk
       # device = config.fileSystems."/boot".device;
 

modules/nixos/hardware/default.nix

@@ -3,6 +3,7 @@
   imports = [
     ./audio.nix
     ./boot.nix
+    ./disk.nix
     ./keyboard.nix
     ./monitors.nix
     ./mouse.nix

modules/nixos/hardware/disk.nix

@@ -0,0 +1,7 @@
+{ config, pkgs, lib, ... }: {
+
+  # Enable fstrim, which tracks free space on SSDs for garbage collection
+  # More info: https://www.reddit.com/r/NixOS/comments/rbzhb1/if_you_have_a_ssd_dont_forget_to_enable_fstrim/
+  services.fstrim.enable = true;
+
+}

modules/nixos/hardware/networking.nix

@@ -9,6 +9,12 @@
     networking.interfaces.enp5s0.useDHCP = true;
     networking.interfaces.wlp4s0.useDHCP = true;
 
+    networking.firewall.allowPing = lib.mkIf config.server true;
+    networking.hosts = {
+      "192.168.0.120" = [ "tempest" ];
+      "192.168.0.218" = [ "swan" ];
+    };
+
   };
 
 }

modules/nixos/services/calibre.nix

@@ -1,4 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, lib, ... }:
+
+let
+
+  libraryPath = "/data/books";
+
+in {
 
   options = {
     bookServer = lib.mkOption {
@@ -6,6 +12,11 @@
       description = "Hostname for Calibre library";
       default = null;
     };
+    backups.calibre = lib.mkOption {
+      type = lib.types.bool;
+      description = "Whether to backup Calibre library";
+      default = true;
+    };
   };
 
   config = lib.mkIf (config.bookServer != null) {
@@ -17,6 +28,7 @@
         reverseProxyAuth.enable = false;
         enableBookConversion = true;
         enableBookUploading = true;
+        calibreLibrary = libraryPath;
       };
     };
 
@@ -30,7 +42,7 @@
     }];
 
     # Run a backup on a schedule
-    systemd.timers.calibre-backup = {
+    systemd.timers.calibre-backup = lib.mkIf config.backups.calibre {
       timerConfig = {
         OnCalendar = "*-*-* 00:00:00"; # Once per day
         Unit = "calibre-backup.service";
@@ -39,9 +51,7 @@
     };
 
     # Backup Calibre data to object storage
-    systemd.services.calibre-backup =
-      let libraryPath = "/var/lib/calibre-web"; # Default location
-      in {
+    systemd.services.calibre-backup = lib.mkIf config.backups.calibre {
       description = "Backup Calibre data";
       environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
       serviceConfig = {

modules/nixos/services/nextcloud.nix

@@ -15,6 +15,7 @@
     services.nextcloud = {
       enable = true;
       package = pkgs.nextcloud25; # Required to specify
+      datadir = "/data/nextcloud";
       https = true;
       hostName = "localhost";
       maxUploadSize = "50G";
@@ -41,7 +42,7 @@
 
     # Create credentials file for nextcloud
     secrets.nextcloud = {
-      source = ../../private/nextcloud.age;
+      source = ../../../private/nextcloud.age;
       dest = "${config.secretsDirectory}/nextcloud";
       owner = "nextcloud";
       group = "nextcloud";
@@ -52,6 +53,9 @@
       before = [ "nextcloud-setup.service" ];
     };
 
+    # Grant user access to Nextcloud directories
+    users.users.${config.user}.extraGroups = [ "nextcloud" ];
+
     ## Backup config
 
     # Open to groups, allowing for backups

modules/nixos/services/samba.nix

@@ -1,19 +1,37 @@
-{ config, lib, ... }: {
+{ config, pkgs, lib, ... }: {
 
   options = { samba.enable = lib.mkEnableOption "Enable Samba sharing."; };
 
-  config = lib.mkIf (config.samba.enable) {
+  config = {
 
-    services.samba.enable = true;
-    services.samba.shares.video = {
-      path = "/data/video";
+    services.samba = lib.mkIf (config.samba.enable) {
+      enable = true;
+      openFirewall = true;
+      shares.data = {
+        path = "/data";
         browseable = "yes";
         "read only" = "no";
         "guest ok" = "no";
         "force user" = config.user;
         "force group" = config.user;
-      comment = "Movies and TV";
+        comment = "NAS";
       };
+    };
+
+    # Allows Windows clients to discover server
+    services.samba-wsdd.enable = true;
+    networking.firewall.allowedTCPPorts = [ 5357 ];
+    networking.firewall.allowedUDPPorts = [ 3702 ];
+
+    # Allow client browsing Samba and virtual filesystem shares
+    services.gvfs =
+      lib.mkIf (config.gui.enable && config.nautilus.enable) { enable = true; };
+
+    # # Permissions required to mount Samba with GVFS, if not using desktop environment
+    # environment.systemPackages = lib.mkIf (config.gui.enable
+    #   && config.nautilus.enable
+    #   && config.services.xserver.windowManager.i3.enable)
+    #   [ pkgs.lxqt.lxqt-policykit ];
 
   };
 

modules/nixos/system/user.nix

@@ -32,6 +32,11 @@
     };
 
     home-manager.users.${config.user}.xdg = {
+
+      # Allow Nix to manage the default applications list
+      mimeApps.enable = true;
+
+      # Set directories for application defaults
       userDirs = {
         enable = true;
         createDirectories = true;