samba for vega
This commit is contained in:
93
machines/vega/services/samba.nix
Normal file
93
machines/vega/services/samba.nix
Normal file
@@ -0,0 +1,93 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
sambaUser = lib.filterAttrs (
|
||||
name: user: user.isNormalUser && builtins.elem "samba" user.extraGroups
|
||||
) config.users.users;
|
||||
|
||||
sharedFolders = {
|
||||
GLOM.users = [
|
||||
"w"
|
||||
"kurogeek"
|
||||
"berwn"
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
|
||||
services.samba = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
global = {
|
||||
security = "user";
|
||||
workgroup = "WORKGROUP";
|
||||
"server string" = "Glom Vega";
|
||||
interfaces = "eth* en*";
|
||||
"max log size" = "50";
|
||||
"dns proxy" = false;
|
||||
"syslog only" = true;
|
||||
"map to guest" = "Bad User";
|
||||
"guest account" = "nobody";
|
||||
};
|
||||
}
|
||||
// lib.mapAttrs (share: opts: {
|
||||
path = "/mnt/hdd/samba/${share}";
|
||||
comment = share;
|
||||
"force user" = share;
|
||||
"force group" = share;
|
||||
public = "yes";
|
||||
"guest ok" = "yes";
|
||||
"create mask" = "0640";
|
||||
"directory mask" = "0750";
|
||||
writable = "yes";
|
||||
browseable = "yes";
|
||||
printable = "no";
|
||||
# TODO
|
||||
# "valid users" = toString opts.users;
|
||||
}) sharedFolders;
|
||||
};
|
||||
|
||||
users.users = lib.mapAttrs (share: opts: {
|
||||
isSystemUser = true;
|
||||
group = share;
|
||||
}) sharedFolders;
|
||||
|
||||
users.groups = lib.mapAttrs (share: opts: { }) sharedFolders;
|
||||
|
||||
systemd.services.samba-smbd.postStart =
|
||||
lib.concatMapStrings (
|
||||
user:
|
||||
let
|
||||
password = config.clan.core.vars.generators."${user}-smb-password".files.password.path;
|
||||
in
|
||||
''
|
||||
mkdir -p /mnt/hdd/samba/${user}
|
||||
chown ${user}:users /mnt/hdd/samba/${user}
|
||||
# if a password is unchanged, this will error
|
||||
(echo $(<${password}); echo $(<${password})) | ${config.services.samba.package}/bin/smbpasswd -s -a ${user}
|
||||
''
|
||||
) (lib.attrNames sambaUser)
|
||||
+ lib.concatMapStrings (share: ''
|
||||
mkdir -p /mnt/hdd/samba/${share}
|
||||
chown ${share}:${share} /mnt/hdd/samba/${share}
|
||||
'') (lib.attrNames sharedFolders);
|
||||
|
||||
services.samba-wsdd = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
publish.enable = true;
|
||||
publish.userServices = true;
|
||||
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
|
||||
nssmdns4 = true;
|
||||
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user