From e02aa9651bba1683877b29920d1d021aca8bcd13 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Wed, 6 Apr 2022 07:20:19 -0700 Subject: refactor samba to a proper module The list of public share is configurable too. --- hosts/common/server/samba.nix | 33 ------------------------ hosts/profiles/nas.nix | 6 ++++- modules/services/default.nix | 6 ++++- modules/services/samba/default.nix | 51 ++++++++++++++++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 35 deletions(-) delete mode 100644 hosts/common/server/samba.nix create mode 100644 modules/services/samba/default.nix diff --git a/hosts/common/server/samba.nix b/hosts/common/server/samba.nix deleted file mode 100644 index 7df989d..0000000 --- a/hosts/common/server/samba.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - services.samba = { - enable = true; - securityType = "user"; - extraConfig = '' - workgroup = WORKGROUP - server string = tahoe - netbios name = tahoe - security = user - guest account = nobody - mangled names = no - client min protocol = SMB2 - map to guest = bad user - ntlm auth = true - ''; - shares = { - music = { - path = "/data/fast/music"; - browseable = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - }; - videos = { - path = "/data/fast/videos"; - browseable = "yes"; - "read only" = "yes"; - "guest ok" = "yes"; - }; - }; - }; -} diff --git a/hosts/profiles/nas.nix b/hosts/profiles/nas.nix index 6585766..dcc73e2 100644 --- a/hosts/profiles/nas.nix +++ b/hosts/profiles/nas.nix @@ -2,7 +2,6 @@ imports = [ # other profiles ./server.nix - ../common/server/samba.nix ../common/server/prometheus.nix ../common/server/grafana.nix ../common/server/traefik.nix @@ -20,6 +19,11 @@ isSystemUser = true; }; + my.services.samba = { + enable = true; + publicShares = [ "/data/fast/music" "/data/fast/videos" ]; + }; + services.restic.backups = { media = { paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ]; diff --git a/modules/services/default.nix b/modules/services/default.nix index a919d04..251498d 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -1 +1,5 @@ -{ ... }: { imports = [ ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ]; } +{ ... }: + +{ + imports = [ ./samba ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ]; +} diff --git a/modules/services/samba/default.nix b/modules/services/samba/default.nix new file mode 100644 index 0000000..b5d150d --- /dev/null +++ b/modules/services/samba/default.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.my.services.samba; + makePublicShare = path: { + name = builtins.baseNameOf path; + value = { + inherit path; + browseable = "yes"; + writeable = "no"; + "guest ok" = "yes"; + "guest only" = "yes"; + "force user" = "nobody"; + }; + }; +in { + options.my.services.samba = with lib; { + enable = mkEnableOption "Samba"; + publicShares = mkOption { + type = with types; listOf str; + default = [ ]; + example = literalExample '' + [ + "/data/fast/music" + ] + ''; + description = "Which directories to share publicly"; + }; + }; + + config = lib.mkIf cfg.enable { + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + workgroup = WORKGROUP + server string = tahoe + netbios name = tahoe + security = user + guest account = nobody + mangled names = no + client min protocol = SMB2 + map to guest = bad user + ntlm auth = true + ''; + shares = with lib; (listToAttrs (map makePublicShare cfg.publicShares)); + }; + + networking.firewall.allowedTCPPorts = [ 445 139 ]; + networking.firewall.allowedUDPPorts = [ 137 138 ]; + }; +} -- cgit 1.4.1