From 2834b43d6607eb0f2405cee7fd72991765133b0d Mon Sep 17 00:00:00 2001 From: kurogeek Date: Wed, 11 Feb 2026 17:01:51 +0700 Subject: [PATCH] clanService/samba: samba service --- inventories/default.nix | 8 + .../clan/samba/.null-ls_491179_default.nix | 215 +++++++++++++++ modules/clan/samba/default.nix | 258 ++++++++++++++++++ modules/clan/samba/flake-module.nix | 20 ++ modules/clan/samba/tests/vm/default.nix | 86 ++++++ .../tests/vm/sops/machines/server/key.json | 6 + .../vm/sops/secrets/server-age.key/secret | 14 + .../sops/secrets/server-age.key/users/admin | 1 + .../samba/tests/vm/sops/users/admin/key.json | 4 + .../password/machines/server | 1 + .../guser1-smb-password/password/secret | 18 ++ .../guser1-smb-password/password/users/admin | 1 + .../server/state-version/version/value | 1 + .../password/machines/server | 1 + .../u1share1-smb-password/password/secret | 18 ++ .../password/users/admin | 1 + .../password/machines/server | 1 + .../u1share2-smb-password/password/secret | 18 ++ .../password/users/admin | 1 + .../password/machines/server | 1 + .../u2share1-smb-password/password/secret | 18 ++ .../password/users/admin | 1 + .../password/machines/server | 1 + .../u2share2-smb-password/password/secret | 18 ++ .../password/users/admin | 1 + 25 files changed, 713 insertions(+) create mode 100644 modules/clan/samba/.null-ls_491179_default.nix create mode 100644 modules/clan/samba/default.nix create mode 100644 modules/clan/samba/flake-module.nix create mode 100644 modules/clan/samba/tests/vm/default.nix create mode 100755 modules/clan/samba/tests/vm/sops/machines/server/key.json create mode 100644 modules/clan/samba/tests/vm/sops/secrets/server-age.key/secret create mode 120000 modules/clan/samba/tests/vm/sops/secrets/server-age.key/users/admin create mode 100644 modules/clan/samba/tests/vm/sops/users/admin/key.json create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/machines/server create mode 100644 modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/secret create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/users/admin create mode 100644 modules/clan/samba/tests/vm/vars/per-machine/server/state-version/version/value create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/machines/server create mode 100644 modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/secret create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/users/admin create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/machines/server create mode 100644 modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/secret create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/users/admin create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/machines/server create mode 100644 modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/secret create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/users/admin create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/machines/server create mode 100644 modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/secret create mode 120000 modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/users/admin diff --git a/inventories/default.nix b/inventories/default.nix index e25480d..a1b71c5 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -261,6 +261,14 @@ }; }; }; + + samba = { + module = { + name = "samba"; + input = "self"; + }; + + }; }; }; }; diff --git a/modules/clan/samba/.null-ls_491179_default.nix b/modules/clan/samba/.null-ls_491179_default.nix new file mode 100644 index 0000000..c48f714 --- /dev/null +++ b/modules/clan/samba/.null-ls_491179_default.nix @@ -0,0 +1,215 @@ +{ lib, ... }: +{ + _class = "clan.service"; + manifest.name = "samba"; + manifest.description = "Samba configuration for NAS"; + manifest.readme = "Samba configuration for NAS"; + manifest.categories = [ "System" ]; + + roles.server = { + description = "A server role that host files"; + + interface = + { lib, ... }: + let + userOptions = { + readPerm = lib.mkOption { + type = with lib.types; bool; + description = "Permission to read"; + default = false; + }; + writePerm = lib.mkOption { + type = with lib.types; bool; + description = "Permission to write"; + default = false; + }; + }; + in + { + options = { + + globalUsers = lib.mkOption { + type = + with lib.types; + attrsOf (submodule { + options = userOptions; + }); + description = "List of global users with permissions, this will be applied to all the folders."; + default = [ + { + username = "admin"; + readPerm = true; + writePerm = true; + } + ]; + }; + + sharedFolders = lib.mkOption { + type = + with lib.types; + attrsOf (submodule { + options = { + users = lib.mkOption { + type = + with lib.types; + listOf (submodule { + options = userOptions; + }); + description = "List of users with permissions, this will only applied to this particular folder."; + default = [ ]; + }; + allowedGuest = lib.mkOption { + type = with lib.types; bool; + description = "Whether to allow guest access to this folder."; + default = false; + }; + }; + }); + description = "List of folders with users permissions."; + default = [ + { + name = "DEFAULT"; + } + ]; + + }; + + dataDir = lib.mkOption { + type = + with lib.types; + oneOf [ + str + path + ]; + description = "A directory where all samba folders will be."; + }; + + }; + }; + perInstance = + { settings, ... }: + let + allUsernameList = lib.uniqueStrings (lib.attrNames) #TODO; + in + { + nixosModule = + { + lib, + config, + pkgs, + ... + }: + { + + users.users = builtins.listToAttrs ( + map ( + username: + lib.nameValuePair username { + isSystemUser = true; + group = username; + } + ) allUsernameList + ); + + users.groups = builtins.listToAttrs ( + map (username: lib.nameValuePair username { }) allUsernameList + ); + + clan.core.vars.generators = builtins.listToAttrs ( + map ( + username: + lib.nameValuePair "${username}-smb-password" { + files.password = { }; + runtimeInputs = with pkgs; [ + coreutils + xkcdpass + mkpasswd + ]; + script = '' + xkcdpass --numwords 3 --delimiter - --count 1 > $out/password + ''; + } + ) allUsernameList + ); + + systemd.services.samba-smbd.postStart = + lib.concatMapStrings ( + user: + let + passwordPath = config.clan.core.vars.generators."${user}-smb-password".files.password.path; + userDir = "${settings.dataDir}/${user}"; + in + '' + mkdir -p ${userDir} + chown ${user}:users ${userDir} + # if a password is unchanged, this will error + (echo $(<${passwordPath}); echo $(<${passwordPath})) | ${config.services.samba.package}/bin/smbpasswd -s -a ${user} + '' + ) allUsernameList + + lib.concatMapStrings ( + share: + let + shareDir = "${settings.dataDir}/${share}"; + in + '' + mkdir -p ${shareDir} + chown ${share}:${share} ${shareDir} + '' + ) (map (folder: folder.name) settings.folders); + + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + security = "user"; + workgroup = "WORKGROUP"; + "server string" = "WhiteHouse NAS"; + "max log size" = "50"; + "dns proxy" = false; + "syslog only" = true; + "map to guest" = "Bad User"; + "guest account" = "nobody"; + }; + } + // lib.mapAttrs ( + name: value: + { + path = "${settings.dataDir}/${name}"; + comment = name; + "force user" = name; + "force group" = "users"; + "create mask" = "0640"; + "directory mask" = "0750"; + "read only" = "yes"; + browseable = "yes"; + printable = "no"; + "write list" = lib.concatStringsSep " " ( + lib.uniqueStrings (map (user: user.username) (value.users ++ settings.globalUsers)) + ); + } + // lib.optionalAttrs (value.allowedGuest) { + public = "yes"; + "guest ok" = "yes"; + } + ) settings.folders; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` + nssmdns4 = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + openFirewall = true; + }; + }; + }; + }; +} diff --git a/modules/clan/samba/default.nix b/modules/clan/samba/default.nix new file mode 100644 index 0000000..cabea32 --- /dev/null +++ b/modules/clan/samba/default.nix @@ -0,0 +1,258 @@ +{ lib, ... }: +{ + _class = "clan.service"; + manifest.name = "samba"; + manifest.description = "Samba configuration for NAS"; + manifest.readme = "Samba configuration for NAS"; + manifest.categories = [ "System" ]; + + roles.server = { + description = "A server role that host files"; + + interface = + { lib, ... }: + let + userOptions = { + readPerm = lib.mkOption { + type = with lib.types; bool; + description = "Permission to read"; + default = false; + }; + writePerm = lib.mkOption { + type = with lib.types; bool; + description = "Permission to write"; + default = false; + }; + }; + in + { + options = { + + globalUsers = lib.mkOption { + type = + with lib.types; + attrsOf (submodule { + options = userOptions; + }); + description = "List of global users with permissions, this will be applied to all the folders."; + default = { + admin = { + readPerm = true; + writePerm = true; + }; + }; + }; + + sharedFolders = lib.mkOption { + type = + with lib.types; + attrsOf (submodule { + options = { + users = lib.mkOption { + type = + with lib.types; + attrsOf (submodule { + options = userOptions; + }); + description = "List of users with permissions, this will only applied to this particular folder."; + default = { }; + }; + allowedGuest = lib.mkOption { + type = with lib.types; bool; + description = "Whether to allow guest access to this folder."; + default = false; + }; + }; + }); + description = "List of folders with users permissions."; + default = [ + { + name = "DEFAULT"; + } + ]; + + }; + + dataDir = lib.mkOption { + type = + with lib.types; + oneOf [ + str + path + ]; + description = "A directory where all samba folders will be."; + }; + + }; + }; + perInstance = + { settings, ... }: + let + allUsernameList = lib.uniqueStrings ( + lib.flatten ( + (lib.mapAttrsToList (name: share: builtins.attrNames share.users) settings.sharedFolders) + ++ builtins.attrNames settings.globalUsers + ) + ); + in + { + nixosModule = + { + lib, + config, + pkgs, + ... + }: + { + + users.users = builtins.listToAttrs ( + map ( + username: + lib.nameValuePair username { + isSystemUser = true; + group = username; + } + ) (allUsernameList ++ builtins.attrNames settings.sharedFolders) + ); + + users.groups = builtins.listToAttrs ( + map (username: lib.nameValuePair username { }) ( + allUsernameList ++ builtins.attrNames settings.sharedFolders + ) + ); + + clan.core.vars.generators = builtins.listToAttrs ( + map ( + username: + lib.nameValuePair "${username}-smb-password" { + files.password = { }; + runtimeInputs = with pkgs; [ + coreutils + xkcdpass + mkpasswd + ]; + script = '' + xkcdpass --numwords 3 --delimiter - --count 1 > $out/password + ''; + } + ) allUsernameList + ); + + systemd.services.samba-smbd.postStart = + lib.concatMapStrings ( + user: + let + passwordPath = config.clan.core.vars.generators."${user}-smb-password".files.password.path; + userDir = "${settings.dataDir}/${user}"; + in + '' + mkdir -p ${userDir} + chown ${user}:users ${userDir} + # if a password is unchanged, this will error + (echo $(<${passwordPath}); echo $(<${passwordPath})) | ${config.services.samba.package}/bin/smbpasswd -s -a ${user} + '' + ) allUsernameList + + lib.concatMapStrings ( + share: + let + shareDir = "${settings.dataDir}/${share}"; + in + '' + mkdir -p ${shareDir} + chown ${share}:${share} ${shareDir} + '' + ) (builtins.attrNames settings.sharedFolders); + + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + security = "user"; + workgroup = "WORKGROUP"; + "server string" = "WhiteHouse NAS"; + "max log size" = "50"; + "dns proxy" = false; + "syslog only" = true; + "map to guest" = "Bad User"; + "guest account" = "nobody"; + }; + } + // lib.mapAttrs ( + shareName: value: + { + path = "${settings.dataDir}/${shareName}"; + comment = shareName; + "force user" = shareName; + "force group" = shareName; + "create mask" = "0640"; + "directory mask" = "0750"; + "read only" = "yes"; + browseable = "yes"; + printable = "no"; + "read list" = lib.concatStringsSep " " ( + lib.uniqueStrings ( + lib.flatten ( + (builtins.attrNames (lib.filterAttrs (n: v: v.readPerm) value.users)) + ++ (builtins.attrNames (lib.filterAttrs (n: v: v.readPerm) settings.globalUsers)) + ) + ) + ); + "write list" = lib.concatStringsSep " " ( + lib.uniqueStrings ( + lib.flatten ( + (builtins.attrNames (lib.filterAttrs (n: v: v.writePerm) value.users)) + ++ (builtins.attrNames (lib.filterAttrs (n: v: v.writePerm) settings.globalUsers)) + ) + ) + ); + "valid users" = lib.concatStringsSep " " ( + lib.uniqueStrings ( + lib.flatten ((builtins.attrNames (value.users)) ++ (builtins.attrNames (settings.globalUsers))) + ) + ); + } + // lib.optionalAttrs (value.allowedGuest) { + public = "yes"; + "guest ok" = "yes"; + } + ) settings.sharedFolders + // builtins.listToAttrs ( + map ( + user: + lib.nameValuePair user { + comment = user; + path = "${settings.dataDir}/${user}"; + "force user" = user; + "force group" = "users"; + public = "yes"; + "guest ok" = "no"; + "create mask" = "0640"; + "directory mask" = "0750"; + writable = "yes"; + browseable = "yes"; + printable = "no"; + "valid users" = user; + } + ) allUsernameList + ); + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` + nssmdns4 = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + openFirewall = true; + }; + }; + }; + }; +} diff --git a/modules/clan/samba/flake-module.nix b/modules/clan/samba/flake-module.nix new file mode 100644 index 0000000..9690f39 --- /dev/null +++ b/modules/clan/samba/flake-module.nix @@ -0,0 +1,20 @@ +{ inputs, self, ... }: +let + module = ./default.nix; +in +{ + clan.modules = { + samba = module; + }; + + perSystem = + { ... }: + { + clan.nixosTests.service-samba = { + imports = [ ./tests/vm/default.nix ]; + _module.args = { inherit self inputs; }; + + clan.modules."@clan/samba" = module; + }; + }; +} diff --git a/modules/clan/samba/tests/vm/default.nix b/modules/clan/samba/tests/vm/default.nix new file mode 100644 index 0000000..cca73f4 --- /dev/null +++ b/modules/clan/samba/tests/vm/default.nix @@ -0,0 +1,86 @@ +{ + lib, + self, + config, + hostPkgs, + ... +}: +let + testDir = "/mnt/hdd/samba"; +in +{ + name = "service-samba"; + result.update-vars = + let + relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory); + in + hostPkgs.writeShellScriptBin "update-vars" '' + set -x + export PRJ_ROOT=$(git rev-parse --show-toplevel) + ${ + self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli + }/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name} + ''; + + clan = { + directory = ./.; + inventory = { + machines.server = { }; + + instances = { + samba-test = { + module.name = "@clan/samba"; + module.input = "self"; + roles.server.machines."server".settings = { + dataDir = testDir; + globalUsers = { + guser1 = { + readPerm = true; + writePerm = true; + }; + }; + sharedFolders = { + "share1" = { + users = { + "u1share1" = { }; + "u2share1" = { }; + }; + }; + "share2" = { + users = { + "u1share2" = { }; + "u2share2" = { }; + }; + }; + "share3" = { }; + }; + }; + }; + }; + }; + }; + + nodes = { + server = { }; + }; + + testScript = '' + start_all() + + server.wait_for_unit("samba-smbd") + + server.succeed("systemctl status samba-smbd") + + server.succeed("test -d ${testDir}/guser1") + server.succeed("test -d ${testDir}/u1share1") + server.succeed("test -d ${testDir}/u2share1") + server.succeed("test -d ${testDir}/u1share2") + server.succeed("test -d ${testDir}/u2share2") + server.succeed("test -d ${testDir}/share1") + server.succeed("test -d ${testDir}/share2") + + server.succeed("runuser -u guser1 -- test -r ${testDir}/share1") + server.succeed("runuser -u guser1 -- test -r ${testDir}/share1") + server.succeed("runuser -u u1share1 -- test -r ${testDir}/share1") + ''; +} diff --git a/modules/clan/samba/tests/vm/sops/machines/server/key.json b/modules/clan/samba/tests/vm/sops/machines/server/key.json new file mode 100755 index 0000000..e1e0e39 --- /dev/null +++ b/modules/clan/samba/tests/vm/sops/machines/server/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1jked5ykp2ch5k4030cewmgqr44jc9e7cxsyrfek4v3j4g3fydcxs4jk8jn", + "type": "age" + } +] \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/sops/secrets/server-age.key/secret b/modules/clan/samba/tests/vm/sops/secrets/server-age.key/secret new file mode 100644 index 0000000..6599659 --- /dev/null +++ b/modules/clan/samba/tests/vm/sops/secrets/server-age.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:EH+rEfBdg4O7dEsk0o95T7xBQK/7duVCnLpdFOC1rWVbwdt/qYzEobZCo9awzvmh6YlC9Ld/OKv5wIBJJJI8PpTII2jdlWMG778=,iv:nhswri4dJ+Yj/1zarXzvLUhfJPSlWCGjVYOP6sYOT3w=,tag:WKFP6xhiSAfuDY880tEyAw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheUV1blJCMFFoQmxVaGdK\nUmpsZHRkWDJXczFRaDdqWVRXeXYzSVZhdFUwCmY1Ym1uVWF2akJlc2JScWZWUUtI\nbXgvTFYvS0d1aXVSVkFUakJNSVdrZUEKLS0tIFA5WllweEhrK2hwYkFMaTRYeGJT\nU3YxY1ZIblhYdlJZaERodWVsSW1yYmsK5ow3QIvOt7nelW+aiBo1Z08SCqXTThTb\nAimCwnhqBhW08ipZ5hmQFqZc4cfoDapmemOBqW9Q6NPyNB0Mr2EIdg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-02-11T02:53:23Z", + "mac": "ENC[AES256_GCM,data:TxoCasCZ4fRLU4gFWSDl4oi5YUIFSKirYV1kI5oMJcFqSFUZ0ZXCbuBX4i5UA/VWkY0/Th4scRqgvVCFcr/sO8DGh+oi14Ayu1o70Pjf/f0u6S3ROa84f5nBybq8oVQTzP23+a0OkpJTB2vS+ELB2Q7GOeQ7MIrya58XB+40QCg=,iv:9H+0luICB18332YyuUnF+d8sYDWYWakiIK95dmqOZVA=,tag:ldPbuLykRCp9sqI+vHoO3w==,type:str]", + "version": "3.11.0" + } +} diff --git a/modules/clan/samba/tests/vm/sops/secrets/server-age.key/users/admin b/modules/clan/samba/tests/vm/sops/secrets/server-age.key/users/admin new file mode 120000 index 0000000..9e21a99 --- /dev/null +++ b/modules/clan/samba/tests/vm/sops/secrets/server-age.key/users/admin @@ -0,0 +1 @@ +../../../users/admin \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/sops/users/admin/key.json b/modules/clan/samba/tests/vm/sops/users/admin/key.json new file mode 100644 index 0000000..e408aa9 --- /dev/null +++ b/modules/clan/samba/tests/vm/sops/users/admin/key.json @@ -0,0 +1,4 @@ +{ + "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "type": "age" +} diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/machines/server b/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/secret b/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/secret new file mode 100644 index 0000000..e6cf70a --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:WU0RGh0P17GqEfENAZO9/orLxtU8wpc=,iv:yFINf8UCfkSKmWSghHB1wsrsgMcgAxjXbuSbtQY7WhI=,tag:sugSGytBTks5EYk5gZUw/Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jked5ykp2ch5k4030cewmgqr44jc9e7cxsyrfek4v3j4g3fydcxs4jk8jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBER2VuTUVpTnRDNzVKcW5I\nMTZ3NW5JVEJSVnB4UTBJQ2g5S3ZRdnZBaTFRCmZWTUwyckZwL1RhdXJaZUkyL1lH\nODdienVFWENrb0VDWENOK0hseFBKLzgKLS0tIHMrWDd3ZW9UM3lWZU9Vb2JYUC91\nZGhTTVBmSURPVmNITVlIM2swNXAxUW8K2/88jwpUI+gZ8B289I/AvxtXpQHRabcy\nS2tK1rww6umRYmEvN8X3Ek5cz7XeulgY3gMlS+IbtScjXCGySw5tTg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRlFGV0FveEpkZVNhbjE0\nZ0c2cWtYTEVVTWlkeFMvT2twQVF1ZkRQcVJjCkVLRUpUY0RBQW54dU5McjUzbGQv\nSEorSFpXM3J3ZFgveUg3WDdMOVlwZWsKLS0tIHR2bXRVMnkxNThtNE5McmhzWWRE\ncHAyYW5FZXJ5T2piREhHY1F5WXpsQ0UKFyeMvgOogS9n8puvB0/0lq5+sOSq8yfZ\nSIGlqE0KTmFryNpPUINiJj5SpvdXvUeVqahoCB1QOGbodX1vKiwdgA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-02-11T02:53:23Z", + "mac": "ENC[AES256_GCM,data:gRxnr9F8mT7OuooHRVgtNLut1BAEQiWpVr9iw7oN2mKlbZxq0X09K8jYZu0/dEMijbRfDoZ2bUmW7VIcqAZXwAZqLoqx3vzBqOGAQFcxyVFk0yRqPzR6odMYBdOeLFufN9l1IXOKiH4wZZB1kHean7XBlLzNUCTts12l+wInisY=,iv:zz7g/VcsBkY0kCELIIOBByLOj9bfXVOkw7JdTnlKRWc=,tag:FcGO6rsv+fBTHt+ymL6c0A==,type:str]", + "version": "3.11.0" + } +} diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/users/admin b/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/guser1-smb-password/password/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/state-version/version/value b/modules/clan/samba/tests/vm/vars/per-machine/server/state-version/version/value new file mode 100644 index 0000000..5d86a5f --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/state-version/version/value @@ -0,0 +1 @@ +26.05 \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/machines/server b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/secret b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/secret new file mode 100644 index 0000000..b20041d --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:bgmzK6ERM6e6uJMW8Cqfgo1ktvM6l83LxNJV,iv:aYAYbWvBLZZx9zdUUZ/K29heR/yKXRDeR48g8rhKIQY=,tag:ZhXGRovVumEa0lpT8P8KaQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jked5ykp2ch5k4030cewmgqr44jc9e7cxsyrfek4v3j4g3fydcxs4jk8jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTG4yRFM5T1B1SWdzWWYv\nQTd0M2RjVTVKNy9rNUM1TmtvcEZsTVZ1U0JFCjNTOS95alh6MVZubXhOTGRwakUz\nZDBFck8rUVhYay9iRTRHY0pCZDJsSEEKLS0tIHJPUXpOVnMxMk9aSjYrTEFvSEJo\ndTd1MmNabVI1YkkwbVhkMnJLRzZzYjQKP6ehM8PTOrPVMgViUPGsXTyOdr9k5OAO\npf0faZpfH/GHiVBT7vaLrE/BLOhxLNkltldqyS1IUy19iXG9wEjbOQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVDVZM3U4b0JveXVQL3BS\nR2x0SnlyK3FHMGdPL0hsb3lLOWt6aHBRbWdBClpzYWxEWUJHOGxzM0ZrUWhEa2hv\ncnFmOElUUkw5NEtEMmV3VDdiUGkyWlkKLS0tIHVtUlN0VTR1Y3ZxQ3JyRjA4ZzNk\nZWthMDJ5K1Z4Uzc0dVdWY2xWQUgzYkkKE0WIA/a1ZJXDS+qZyqadNYPRg7ixB8fU\n/mqsnJ6imb4+436LDfAd+ZknhS38IKe+56Tj27/frHFvcM4XIdBOuQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-02-11T02:53:27Z", + "mac": "ENC[AES256_GCM,data:rTA80/5n6DcTQns0UfuIJ61700exGeY/9zZaFA29bPFVzjuWz7EF4kQB8c3Qt1NcgGECn39pI/cT8SO1fWvz5mMRpBuoPthG8vzHGtjpqYYQhvOXh4CPmPA2EpWsC5Yz+ixSNF5BsrQqr+nnHLncmqVtdwKNx5WHZ+cHGHscqlk=,iv:ve7d0esVdq74ABai4NnS/W2hcLTmEf4QpxoJ24dLMNw=,tag:u99X2k0L7/iWSIJoTBR3KQ==,type:str]", + "version": "3.11.0" + } +} diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/users/admin b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share1-smb-password/password/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/machines/server b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/secret b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/secret new file mode 100644 index 0000000..2e9acf4 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:WgDWZkhHWOV+ziaXtaeTWQicasUPRXE=,iv:Mwgc7cohAOLNsN77fEMBuOQaeQYAUL2CpEE1WaXm0lk=,tag:05Xxc/rJg1bt1PF79MLd/g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jked5ykp2ch5k4030cewmgqr44jc9e7cxsyrfek4v3j4g3fydcxs4jk8jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpWThaNElOVmhxbWFuTkJR\nQlJYMkVNTW5oRUNqRlowK2RLelhqb2hwSldFCjMycUpGelo1M2N1QWsxT3BCYktR\nUlpTYTUxTnVGMVZoelU3ZUlvQ1pMcTQKLS0tIGNmd1NQSlROR3lzQ2JQdkF0elkz\nNkN0Y2Z2T0Q2QUk0d0kzQmwrcVZEOVEKiM3Y/uGy4dB/5rGKAjjZM95y8INx+e+q\nxU9TUfGQBgYVzZtloLz3O7mlwhlamk1BvPvHttU+35paw26IbUlIoA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWczZZWk5OTGtCTUw3b1c3\ncU9UaE1RaHNMS01NeXNmYVVqVHhJOXdmUmxvClh4R0ZtZjVmblZCWjlBb2VEaUlE\nUDBmWTV5Wnhpa2tnTWo3bEhOYXlYRFkKLS0tIE5jV1Ivdzdxc0R6V1ZiZU5NWFNL\ndnNsK0dhTElVWDVMRUZiTG5kMnJVSlkKVXmgoqF2bdwia9VDlOOKA6DTZCqpl9DP\n2ClATf3YXnKQ/uBNpfWrKoqJDL2y+26rEeoisPUrkrgYbpr3hq6Nqg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-02-11T02:53:29Z", + "mac": "ENC[AES256_GCM,data:Yf5hFEEQ+yYH6OOjI7GLBahLL8UPuLIhIIdYkRoj6cSHgqm/ZpQGcd8MlHLGq0dpUcGOYJV9CM9pBqX0MjpABiK4XdTpoTn80EOV+mI2k6idE5N0doDecymI5A9ueB+5lO187HP57j5blJIn9aW+xO6MI9kYRYOz3sroAPq/JX0=,iv:yH1mB6DD+h869bsmovywJQm2ccd1PmqA7sZ9DGQ2+W4=,tag:sqLDW7JjT+K0JeWr8cUAQg==,type:str]", + "version": "3.11.0" + } +} diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/users/admin b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u1share2-smb-password/password/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/machines/server b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/secret b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/secret new file mode 100644 index 0000000..7a37f24 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:LgIGB2KkRtTiqyy97uHI87jzaWTn2oCiV+Jx,iv:fUBJ6d9svCfwS+nDcIxezV3Eevlyq6r81D4h10T7Tw8=,tag:jPTOtbwjYEZc2eyMAKBrkA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jked5ykp2ch5k4030cewmgqr44jc9e7cxsyrfek4v3j4g3fydcxs4jk8jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyekpXT3lVSWErbWZBZW9l\nalBMVTB2M3Y2czZQWFR0Y3NWMlVLT0o0eWg0CmJWZmlHWFUwelI3ei9wTm5SZ2JC\nODRoYVRoVDFTRC8vcWgxaXd0ODB2TEkKLS0tIEhZL25mR1ZMY1Z1anBCTnltYjlr\nL2h4M0lieDFWS2lCMDY3MERORDZBS3MK3onTR08r0s8KA3qRC9xymVRhHQ9I6XjL\n/7bDzOR72fIHtCG8h+KTvN2v5H/YgHTVf6GzDw9FRRByuQ6YrP5lHQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIT1prVStXZnBTajNYeFNh\nL1BMNWxuM2RYRENPQ2JKVWJjZ0w2M1RodkRFCmFWU2hmbDBNZ0tOM0tGRlZaMkpL\nY3JtNnl0NXVsNnJUZThidXRuMlhNRTQKLS0tIHZMaUVZa0RBRHJoaSt4dDNyUGk5\nQ2hIUXJKTkFpR0szb1BWRi9FZ2MvK2cKzSfNN4PPx/AeyavqTMrpIOxQrdOi1Pt5\nrXrMYf1flYJ0xy0qjiBOSQlTlbq98A9sdB6OvfHFIMZU5Gq6jrnieQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-02-11T02:53:32Z", + "mac": "ENC[AES256_GCM,data:0jinh78IsYiqCEAjxk2gE9KP1vMmWT7XCgODdwT0tpQwlJ3T3aym2QCuC2fSFSpjqFrLBeclMOMH1Yz6dU873ZeRYX3uVovTYzOBJCYip/8PIUslum8Rafq7P/R0am1gZ6fwGkuY7kjIwaSxNc38mwx4TvIBZKNRdmkdnN9ZmnA=,iv:XpJAlFi/KSDaoZiMS6cc8RSwAw8MhikzAy1VlHFW6ig=,tag:i6ydBPpn/hvY/2AGaVkxZw==,type:str]", + "version": "3.11.0" + } +} diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/users/admin b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share1-smb-password/password/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/machines/server b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/secret b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/secret new file mode 100644 index 0000000..b8f3b7b --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:n7e3+g4+mB7eB9fs6RShr8Weh/N58vuRTg==,iv:64jgKcVY4kJlL88hZujnN0w4Bd3BAvnx7qcL7jviaIs=,tag:qE0pNorMKPsQnguqSciiGQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jked5ykp2ch5k4030cewmgqr44jc9e7cxsyrfek4v3j4g3fydcxs4jk8jn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRXFnb3RMV0srYUUzSkg5\nQUo5cWl3RlRoYnRWV0N0VzU3aE9MUUlHdUgwCjRha0VwY2ljSk43b0UyUWtic2g4\nRFhWbmhBOWRpc2pDRlVMRnhObXJCMjgKLS0tIE1jM0hBeWd4eTNKanV6V2ZOUW0w\nNVFnMzNpR01tSU5HUHY1cW1SOWk3NUUK9PT0IV210rjorKWcdfP324IPojJqdFfn\nGAL2mbI96jat2nyqkg1uRfighvVzGlGJWkLpToAUpqJTWu5tRbMrXg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUWVub0ZzMW8vWVJmK0pC\nUHMyNjFXZkhPV3BrUElwd1dFUzBRVFBhSUU0Cjh4NUV4L3F3RjYrclk3d0RWS1hv\nTEdlZUY5ZFYyQ2VkOG5xNUc2SFphU3cKLS0tIFc2MG9IVFJWbHBYWnJEMkJTZnZL\nMms2eUk2Nm03aURJYWJGclNJMk8wZUUKFz49E5sp23YLlewDHbjApgRxS2BZjBTk\nk4SVJYvvIoZiPdRTNzZ6HYZGD7p036WhYg43lduqUrq8AtCnEHPdbw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-02-11T02:53:34Z", + "mac": "ENC[AES256_GCM,data:0XlREuaKL02o1KlUm5K/xM9cFZP1APpO9152Bl3328Pm/a/j4XoAu70keSUjE26UG5TLcxAkT7m5bOW5Clo/zxzPORAMMv9NTho4gwkfOABwymcR0giNFjpZ10a3PBHgxMm5AaXR0mfehFE+NV32oKfe2htpOSKin5kFe+0kmLQ=,iv:qXE5c8hRLM2lALo5JbDA9YoCDjc4A0OxmWkXocUDHBs=,tag:AXZjnULGKuIMdDkywa3PqA==,type:str]", + "version": "3.11.0" + } +} diff --git a/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/users/admin b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/samba/tests/vm/vars/per-machine/server/u2share2-smb-password/password/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file