From de5c6f0063c32fba13cb0447140a0e96a64897be Mon Sep 17 00:00:00 2001
From: alex <alex@thelio-76.cable.rcn.com>
Date: Tue, 6 Feb 2024 21:50:30 -0500
Subject: [PATCH] add domain name to k3s tls-san

---
 atauno/configuration.nix          | 168 +++++++++++-------------------
 atauno/hardware-configuration.nix |  11 +-
 2 files changed, 67 insertions(+), 112 deletions(-)

diff --git a/atauno/configuration.nix b/atauno/configuration.nix
index 6c897b6..5663f5b 100644
--- a/atauno/configuration.nix
+++ b/atauno/configuration.nix
@@ -6,7 +6,8 @@
 
 {
   imports =
-    [ # Include the results of the hardware scan.
+    [
+      # Include the results of the hardware scan.
       ./hardware-configuration.nix
     ];
 
@@ -17,126 +18,77 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.zfs.extraPools = [ "alex1" ];
+  boot.zfs.forceImportRoot = false;
+
   networking.hostName = "atauno"; # Define your hostname.
-  # Pick only one of the below networking options.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+  networking.hostId = "ae3574b1"; # for zfs importing pools during boot
 
   # Set your time zone.
   time.timeZone = "America/New_York";
 
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-boot.supportedFilesystems = [ "zfs" ];
-boot.zfs.forceImportRoot = false;
-networking.hostId = "ae3574b1";
-
-boot.zfs.extraPools = [ "alex1" ];
-
-services.k3s.enable = true;
-  services.k3s.role = "server";
-  services.k3s.extraFlags = toString [
-    # "--kubelet-arg=v=4" # Optionally add additional args to k3s
-  ];
-
-services.samba-wsdd = {
-  # maKe shares visible for Windows clients
-  enable = true;
-  openFirewall = true;
-};
-services.samba = {
-  enable = true;
-  securityType = "user";
-  extraConfig = ''
-    workgroup = WORKGROUP
-    server string = atauno
-    netbios name = atauno
-    security = user 
-    #use sendfile = yes
-    #max protocol = smb2
-    # note: localhost is the ipv6 localhost ::1
-    hosts allow = 192.168.1. 127.0.0.1 localhost
-    hosts deny = 0.0.0.0/0
-    guest account = nobody
-    map to guest = bad user
-  '';
-  shares = {
-    family = {
-	path = "/zfs/family";
-	browseable = "yes";
-	"read only" = "no";
-	"guest ok" = "no";
-        "force create mode" = 774;
-	"force user" = "matson";
-        "force group" = "users";
-};
-  };
-};
-
-  # Select internationalisation properties.
-  # i18n.defaultLocale = "en_US.UTF-8";
-  # console = {
-  #   font = "Lat2-Terminus16";
-  #   keyMap = "us";
-  #   useXkbConfig = true; # use xkb.options in tty.
-  # };
-
-  # Enable the X11 windowing system.
-  # services.xserver.enable = true;
-
-
-  
-
-  # Configure keymap in X11
-  # services.xserver.xkb.layout = "us";
-  # services.xserver.xkb.options = "eurosign:e,caps:escape";
-
-  # Enable CUPS to print documents.
-  # services.printing.enable = true;
-
-  # Enable sound.
-  # sound.enable = true;
-  # hardware.pulseaudio.enable = true;
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-     services.openiscsi.enable = true;
-	services.openiscsi.name = "openiscsi-atauno";
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.alex = {
-    isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-    packages = with pkgs; [
-    ];
+  users.users = {
+    alex = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+      packages = with pkgs; [ git ];
+    };
+    matson = {
+      isNormalUser = true;
+      extraGroups = [ ];
+    };
   };
 
-users.users.matson = {
-	isNormalUser = true;
-	extraGroups = [ ];
-};
-
-users.users.family = {
-	isNormalUser = true;
-	extraGroups = [ ];
-};
-
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    vim
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
   # List services that you want to enable:
+  services.k3s.enable = true;
+  services.k3s.role = "server";
+  services.k3s.extraFlags = toString [
+    # "--kubelet-arg=v=4" # Optionally add additional args to k3s
+    "--tls-san=atauno.com"
+  ];
+
+  services.samba-wsdd = {
+    # make shares visible for Windows clients
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = atauno
+      netbios name = atauno
+      security = user 
+      #use sendfile = yes
+      #max protocol = smb2
+      # note: localhost is the ipv6 localhost ::1
+      hosts allow = 192.168.1. 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      family = {
+        path = "/zfs/family";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "force create mode" = 774;
+        "force user" = "matson";
+        "force group" = "users";
+      };
+    };
+  };
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
@@ -171,4 +123,4 @@ users.users.family = {
   # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
   system.stateVersion = "24.05"; # Did you read the comment?
 
-}
\ No newline at end of file
+}
diff --git a/atauno/hardware-configuration.nix b/atauno/hardware-configuration.nix
index affc2de..dc98523 100644
--- a/atauno/hardware-configuration.nix
+++ b/atauno/hardware-configuration.nix
@@ -5,7 +5,8 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,12 +15,14 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/50d2d351-846c-432d-8470-f004d9f0b186";
+    {
+      device = "/dev/disk/by-uuid/50d2d351-846c-432d-8470-f004d9f0b186";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/51D9-C3A6";
+    {
+      device = "/dev/disk/by-uuid/51D9-C3A6";
       fsType = "vfat";
     };
 
@@ -34,4 +37,4 @@
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
\ No newline at end of file
+}