rm unrelated file
This commit is contained in:
@@ -1,215 +0,0 @@
|
||||
{ lib, ... }:
|
||||
{
|
||||
_class = "clan.service";
|
||||
manifest.name = "samba";
|
||||
manifest.description = "Samba configuration for NAS";
|
||||
manifest.readme = "Samba configuration for NAS";
|
||||
manifest.categories = [ "System" ];
|
||||
|
||||
roles.server = {
|
||||
description = "A server role that host files";
|
||||
|
||||
interface =
|
||||
{ lib, ... }:
|
||||
let
|
||||
userOptions = {
|
||||
readPerm = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = "Permission to read";
|
||||
default = false;
|
||||
};
|
||||
writePerm = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = "Permission to write";
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
||||
globalUsers = lib.mkOption {
|
||||
type =
|
||||
with lib.types;
|
||||
attrsOf (submodule {
|
||||
options = userOptions;
|
||||
});
|
||||
description = "List of global users with permissions, this will be applied to all the folders.";
|
||||
default = [
|
||||
{
|
||||
username = "admin";
|
||||
readPerm = true;
|
||||
writePerm = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
sharedFolders = lib.mkOption {
|
||||
type =
|
||||
with lib.types;
|
||||
attrsOf (submodule {
|
||||
options = {
|
||||
users = lib.mkOption {
|
||||
type =
|
||||
with lib.types;
|
||||
listOf (submodule {
|
||||
options = userOptions;
|
||||
});
|
||||
description = "List of users with permissions, this will only applied to this particular folder.";
|
||||
default = [ ];
|
||||
};
|
||||
allowedGuest = lib.mkOption {
|
||||
type = with lib.types; bool;
|
||||
description = "Whether to allow guest access to this folder.";
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
});
|
||||
description = "List of folders with users permissions.";
|
||||
default = [
|
||||
{
|
||||
name = "DEFAULT";
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
dataDir = lib.mkOption {
|
||||
type =
|
||||
with lib.types;
|
||||
oneOf [
|
||||
str
|
||||
path
|
||||
];
|
||||
description = "A directory where all samba folders will be.";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
perInstance =
|
||||
{ settings, ... }:
|
||||
let
|
||||
allUsernameList = lib.uniqueStrings (lib.attrNames) #TODO;
|
||||
in
|
||||
{
|
||||
nixosModule =
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
users.users = builtins.listToAttrs (
|
||||
map (
|
||||
username:
|
||||
lib.nameValuePair username {
|
||||
isSystemUser = true;
|
||||
group = username;
|
||||
}
|
||||
) allUsernameList
|
||||
);
|
||||
|
||||
users.groups = builtins.listToAttrs (
|
||||
map (username: lib.nameValuePair username { }) allUsernameList
|
||||
);
|
||||
|
||||
clan.core.vars.generators = builtins.listToAttrs (
|
||||
map (
|
||||
username:
|
||||
lib.nameValuePair "${username}-smb-password" {
|
||||
files.password = { };
|
||||
runtimeInputs = with pkgs; [
|
||||
coreutils
|
||||
xkcdpass
|
||||
mkpasswd
|
||||
];
|
||||
script = ''
|
||||
xkcdpass --numwords 3 --delimiter - --count 1 > $out/password
|
||||
'';
|
||||
}
|
||||
) allUsernameList
|
||||
);
|
||||
|
||||
systemd.services.samba-smbd.postStart =
|
||||
lib.concatMapStrings (
|
||||
user:
|
||||
let
|
||||
passwordPath = config.clan.core.vars.generators."${user}-smb-password".files.password.path;
|
||||
userDir = "${settings.dataDir}/${user}";
|
||||
in
|
||||
''
|
||||
mkdir -p ${userDir}
|
||||
chown ${user}:users ${userDir}
|
||||
# if a password is unchanged, this will error
|
||||
(echo $(<${passwordPath}); echo $(<${passwordPath})) | ${config.services.samba.package}/bin/smbpasswd -s -a ${user}
|
||||
''
|
||||
) allUsernameList
|
||||
+ lib.concatMapStrings (
|
||||
share:
|
||||
let
|
||||
shareDir = "${settings.dataDir}/${share}";
|
||||
in
|
||||
''
|
||||
mkdir -p ${shareDir}
|
||||
chown ${share}:${share} ${shareDir}
|
||||
''
|
||||
) (map (folder: folder.name) settings.folders);
|
||||
|
||||
services.samba = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
global = {
|
||||
security = "user";
|
||||
workgroup = "WORKGROUP";
|
||||
"server string" = "WhiteHouse NAS";
|
||||
"max log size" = "50";
|
||||
"dns proxy" = false;
|
||||
"syslog only" = true;
|
||||
"map to guest" = "Bad User";
|
||||
"guest account" = "nobody";
|
||||
};
|
||||
}
|
||||
// lib.mapAttrs (
|
||||
name: value:
|
||||
{
|
||||
path = "${settings.dataDir}/${name}";
|
||||
comment = name;
|
||||
"force user" = name;
|
||||
"force group" = "users";
|
||||
"create mask" = "0640";
|
||||
"directory mask" = "0750";
|
||||
"read only" = "yes";
|
||||
browseable = "yes";
|
||||
printable = "no";
|
||||
"write list" = lib.concatStringsSep " " (
|
||||
lib.uniqueStrings (map (user: user.username) (value.users ++ settings.globalUsers))
|
||||
);
|
||||
}
|
||||
// lib.optionalAttrs (value.allowedGuest) {
|
||||
public = "yes";
|
||||
"guest ok" = "yes";
|
||||
}
|
||||
) settings.folders;
|
||||
};
|
||||
|
||||
services.samba-wsdd = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
publish.enable = true;
|
||||
publish.userServices = true;
|
||||
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
|
||||
nssmdns4 = true;
|
||||
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user