update kurogeek thinkpad zerotier id

inventories/default.nix

@@ -1,19 +1,7 @@
-{
-  inputs,
-  self,
-  lib,
-  pkgs,
-  ...
-}:
 {
   clan = {
     inventory = {
 
-      machines = {
-        rigel.deploy.targetHost = "root@rigel.local";
-        vega.deploy.targetHost = "root@vega.local";
-      };
-
       tags = {
         glom = [ "vega" ];
         b4l = [ "rigel" ];
@@ -73,7 +61,6 @@
             input = "self";
           };
           roles.default.machines.b4l = { };
-          roles.default.machines.vega = { };
         };
         stirling-pdf = {
           module = {

machines/rigel/configuration.nix

@@ -1,13 +1,15 @@
+{ config, ... }:
 {
   imports = [
     (import ../../lib/auto-accept-zerotier-members.nix {
       memberIds = [
         "dbe44c0287" # Alex-gateway
-        "1b495eede9" # kurogeek-thinkpad
+        "2bd36db8cc" # kurogeek-thinkpad
       ];
     })
   ];
 
   system.stateVersion = "25.11";
   clan.core.sops.defaultGroups = [ "admins" ];
+  clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
 }

machines/vega/configuration.nix

@@ -10,12 +10,13 @@
     (import ../../lib/auto-accept-zerotier-members.nix {
       memberIds = [
         "dbe44c0287" # Alex-gateway
-        "1b495eede9" # kurogeek-thinkpad
+        "2bd36db8cc" # kurogeek-thinkpad
       ];
     })
   ];
 
   clan.core.sops.defaultGroups = [ "admins" ];
+  clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]";
 
   nixpkgs.hostPlatform = {
     system = "x86_64-linux";

machines/vega/services/nextcloud.nix

@@ -1,34 +0,0 @@
-{ config, pkgs, ... }:
-let
-  # ncDomain = "${config.clan.core.vars.generators.vega-nextcloud.files.subdomain.value}.${config.networking.fqdn}";
-  ncDomain = "${config.networking.fqdn}";
-in
-{
-  clan.core.vars.generators.vega-nextcloud = {
-    files.subdomain.secret = false;
-
-    prompts = {
-      subdomain = {
-        persist = true;
-        type = "line";
-        description = "Sub-domain for Nextcloud app. Default:(cloud)";
-      };
-    };
-
-    script = ''cat $prompts/subdomain || echo -n "cloud" > $out/subdomain'';
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  services.nextcloud = {
-    hostName = ncDomain;
-    package = pkgs.nextcloud31;
-  };
-  # services.nginx.virtualHosts."${ncDomain}" = {
-  #   # useACMEHost = "${config.networking.fqdn}";
-  #   # forceSSL = true;
-  # };
-}

machines/vega/services/samba.nix

@@ -0,0 +1,93 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  sambaUser = lib.filterAttrs (
+    name: user: user.isNormalUser && builtins.elem "samba" user.extraGroups
+  ) config.users.users;
+
+  sharedFolders = {
+    GLOM.users = [
+      "w"
+      "kurogeek"
+      "berwn"
+    ];
+  };
+in
+{
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        security = "user";
+        workgroup = "WORKGROUP";
+        "server string" = "Glom Vega";
+        interfaces = "eth* en*";
+        "max log size" = "50";
+        "dns proxy" = false;
+        "syslog only" = true;
+        "map to guest" = "Bad User";
+        "guest account" = "nobody";
+      };
+    }
+    // lib.mapAttrs (share: opts: {
+      path = "/mnt/hdd/samba/${share}";
+      comment = share;
+      "force user" = share;
+      "force group" = share;
+      public = "yes";
+      "guest ok" = "yes";
+      "create mask" = "0640";
+      "directory mask" = "0750";
+      writable = "no";
+      browseable = "yes";
+      printable = "no";
+      # TODO
+      # "valid users" = toString opts.users;
+    }) sharedFolders;
+  };
+
+  users.users = lib.mapAttrs (share: opts: {
+    isSystemUser = true;
+    group = share;
+  }) sharedFolders;
+
+  users.groups = lib.mapAttrs (share: opts: { }) sharedFolders;
+
+  systemd.services.samba-smbd.postStart =
+    lib.concatMapStrings (
+      user:
+      let
+        password = config.clan.core.vars.generators."${user}-smb-password".files.password.path;
+      in
+      ''
+        mkdir -p /mnt/hdd/samba/${user}
+        chown ${user}:users /mnt/hdd/samba/${user}
+        # if a password is unchanged, this will error
+        (echo $(<${password}); echo $(<${password})) | ${config.services.samba.package}/bin/smbpasswd -s -a ${user}
+      ''
+    ) (lib.attrNames sambaUser)
+    + lib.concatMapStrings (share: ''
+      mkdir -p /mnt/hdd/samba/${share}
+      chown ${share}:${share} /mnt/hdd/samba/${share}
+    '') (lib.attrNames sharedFolders);
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.avahi = {
+    publish.enable = true;
+    publish.userServices = true;
+    # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
+    nssmdns4 = true;
+    # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
+    enable = true;
+    openFirewall = true;
+  };
+}