diff options
author | Franck Cuny <franck@fcuny.net> | 2022-04-06 07:20:19 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2022-04-06 07:20:19 -0700 |
commit | e02aa9651bba1683877b29920d1d021aca8bcd13 (patch) | |
tree | 7c545b9f23f9f7fcddfeb21f1a753ba30fa713c5 | |
parent | refactor boot configuration to a module (diff) | |
download | world-e02aa9651bba1683877b29920d1d021aca8bcd13.tar.gz |
refactor samba to a proper module
The list of public share is configurable too.
-rw-r--r-- | hosts/common/server/samba.nix | 33 | ||||
-rw-r--r-- | hosts/profiles/nas.nix | 6 | ||||
-rw-r--r-- | modules/services/default.nix | 6 | ||||
-rw-r--r-- | modules/services/samba/default.nix | 51 |
4 files changed, 61 insertions, 35 deletions
diff --git a/hosts/common/server/samba.nix b/hosts/common/server/samba.nix deleted file mode 100644 index 7df989d..0000000 --- a/hosts/common/server/samba.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.samba = { - enable = true; - securityType = "user"; - extraConfig = '' - workgroup = WORKGROUP - server string = tahoe - netbios name = tahoe - security = user - guest account = nobody - mangled names = no - client min protocol = SMB2 - map to guest = bad user - ntlm auth = true - ''; - shares = { - music = { - path = "/data/fast/music"; - browseable = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - }; - videos = { - path = "/data/fast/videos"; - browseable = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - }; - }; - }; -} diff --git a/hosts/profiles/nas.nix b/hosts/profiles/nas.nix index 6585766..dcc73e2 100644 --- a/hosts/profiles/nas.nix +++ b/hosts/profiles/nas.nix @@ -2,7 +2,6 @@ imports = [ # other profiles ./server.nix - ../common/server/samba.nix ../common/server/prometheus.nix ../common/server/grafana.nix ../common/server/traefik.nix @@ -20,6 +19,11 @@ isSystemUser = true; }; + my.services.samba = { + enable = true; + publicShares = [ "/data/fast/music" "/data/fast/videos" ]; + }; + services.restic.backups = { media = { paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ]; diff --git a/modules/services/default.nix b/modules/services/default.nix index a919d04..251498d 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -1 +1,5 @@ -{ ... }: { imports = [ ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ]; } +{ ... }: + +{ + imports = [ ./samba ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ]; +} diff --git a/modules/services/samba/default.nix b/modules/services/samba/default.nix new file mode 100644 index 0000000..b5d150d --- /dev/null +++ b/modules/services/samba/default.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.services.samba; + makePublicShare = path: { + name = builtins.baseNameOf path; + value = { + inherit path; + browseable = "yes"; + writeable = "no"; + "guest ok" = "yes"; + "guest only" = "yes"; + "force user" = "nobody"; + }; + }; +in { + options.my.services.samba = with lib; { + enable = mkEnableOption "Samba"; + publicShares = mkOption { + type = with types; listOf str; + default = [ ]; + example = literalExample '' + [ + "/data/fast/music" + ] + ''; + description = "Which directories to share publicly"; + }; + }; + + config = lib.mkIf cfg.enable { + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + workgroup = WORKGROUP + server string = tahoe + netbios name = tahoe + security = user + guest account = nobody + mangled names = no + client min protocol = SMB2 + map to guest = bad user + ntlm auth = true + ''; + shares = with lib; (listToAttrs (map makePublicShare cfg.publicShares)); + }; + + networking.firewall.allowedTCPPorts = [ 445 139 ]; + networking.firewall.allowedUDPPorts = [ 137 138 ]; + }; +} |