refactor samba to a proper module

The list of public share is configurable too.

4 files changed, 61 insertions, 35 deletions

diff --git a/hosts/common/server/samba.nix b/hosts/common/server/samba.nix
deleted file mode 100644
index 7df989d..0000000
--- a/hosts/common/server/samba.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.samba = {
-    enable = true;
-    securityType = "user";
-    extraConfig = ''
-      workgroup = WORKGROUP
-      server string = tahoe
-      netbios name = tahoe
-      security = user
-      guest account = nobody
-      mangled names = no
-      client min protocol = SMB2
-      map to guest = bad user
-      ntlm auth = true
-    '';
-    shares = {
-      music = {
-        path = "/data/fast/music";
-        browseable = "yes";
-        "read only" = "yes";
-        "guest ok" = "yes";
-      };
-      videos = {
-        path = "/data/fast/videos";
-        browseable = "yes";
-        "read only" = "yes";
-        "guest ok" = "yes";
-      };
-    };
-  };
-}
diff --git a/hosts/profiles/nas.nix b/hosts/profiles/nas.nix
index 6585766..dcc73e2 100644
--- a/hosts/profiles/nas.nix
+++ b/hosts/profiles/nas.nix
@@ -2,7 +2,6 @@
   imports = [
     # other profiles
     ./server.nix
-    ../common/server/samba.nix
     ../common/server/prometheus.nix
     ../common/server/grafana.nix
     ../common/server/traefik.nix
@@ -20,6 +19,11 @@
     isSystemUser = true;
   };
 
+  my.services.samba = {
+    enable = true;
+    publicShares = [ "/data/fast/music" "/data/fast/videos" ];
+  };
+
   services.restic.backups = {
     media = {
       paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ];
diff --git a/modules/services/default.nix b/modules/services/default.nix
index a919d04..251498d 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -1 +1,5 @@
-{ ... }: { imports = [ ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ]; }
+{ ... }:
+
+{
+  imports = [ ./samba ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ];
+}
diff --git a/modules/services/samba/default.nix b/modules/services/samba/default.nix
new file mode 100644
index 0000000..b5d150d
--- /dev/null
+++ b/modules/services/samba/default.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.services.samba;
+  makePublicShare = path: {
+    name = builtins.baseNameOf path;
+    value = {
+      inherit path;
+      browseable = "yes";
+      writeable = "no";
+      "guest ok" = "yes";
+      "guest only" = "yes";
+      "force user" = "nobody";
+    };
+  };
+in {
+  options.my.services.samba = with lib; {
+    enable = mkEnableOption "Samba";
+    publicShares = mkOption {
+      type = with types; listOf str;
+      default = [ ];
+      example = literalExample ''
+        [
+          "/data/fast/music"
+        ]
+      '';
+      description = "Which directories to share publicly";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.samba = {
+      enable = true;
+      securityType = "user";
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = tahoe
+        netbios name = tahoe
+        security = user
+        guest account = nobody
+        mangled names = no
+        client min protocol = SMB2
+        map to guest = bad user
+        ntlm auth = true
+      '';
+      shares = with lib; (listToAttrs (map makePublicShare cfg.publicShares));
+    };
+
+    networking.firewall.allowedTCPPorts = [ 445 139 ];
+    networking.firewall.allowedUDPPorts = [ 137 138 ];
+  };
+}