Compare commits
	
		
			6 Commits
		
	
	
		
			noreply-ma
			...
			04fafa32d3
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 04fafa32d3 | |||
| ed4e045ffc | |||
| fd6edd83c2 | |||
| 65faa70fa3 | |||
| 377b63437c | |||
| 43e8252459 | 
| @@ -1,19 +1,7 @@ | ||||
| { | ||||
|   inputs, | ||||
|   self, | ||||
|   lib, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| { | ||||
|   clan = { | ||||
|     inventory = { | ||||
|  | ||||
|       machines = { | ||||
|         rigel.deploy.targetHost = "root@rigel.local"; | ||||
|         vega.deploy.targetHost = "root@vega.local"; | ||||
|       }; | ||||
|  | ||||
|       tags = { | ||||
|         glom = [ "vega" ]; | ||||
|         b4l = [ "rigel" ]; | ||||
| @@ -73,7 +61,6 @@ | ||||
|             input = "self"; | ||||
|           }; | ||||
|           roles.default.machines.b4l = { }; | ||||
|           roles.default.machines.vega = { }; | ||||
|         }; | ||||
|         stirling-pdf = { | ||||
|           module = { | ||||
|   | ||||
| @@ -1,13 +1,15 @@ | ||||
| { config, ... }: | ||||
| { | ||||
|   imports = [ | ||||
|     (import ../../lib/auto-accept-zerotier-members.nix { | ||||
|       memberIds = [ | ||||
|         "dbe44c0287" # Alex-gateway | ||||
|         "1b495eede9" # kurogeek-thinkpad | ||||
|         "2bd36db8cc" # kurogeek-thinkpad | ||||
|       ]; | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   system.stateVersion = "25.11"; | ||||
|   clan.core.sops.defaultGroups = [ "admins" ]; | ||||
|   clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; | ||||
| } | ||||
|   | ||||
| @@ -10,12 +10,13 @@ | ||||
|     (import ../../lib/auto-accept-zerotier-members.nix { | ||||
|       memberIds = [ | ||||
|         "dbe44c0287" # Alex-gateway | ||||
|         "1b495eede9" # kurogeek-thinkpad | ||||
|         "2bd36db8cc" # kurogeek-thinkpad | ||||
|       ]; | ||||
|     }) | ||||
|   ]; | ||||
|  | ||||
|   clan.core.sops.defaultGroups = [ "admins" ]; | ||||
|   clan.core.networking.targetHost = "root@[${config.clan.core.vars.generators.zerotier.files.zerotier-ip.value}]"; | ||||
|  | ||||
|   nixpkgs.hostPlatform = { | ||||
|     system = "x86_64-linux"; | ||||
|   | ||||
| @@ -1,34 +0,0 @@ | ||||
| { config, pkgs, ... }: | ||||
| let | ||||
|   # ncDomain = "${config.clan.core.vars.generators.vega-nextcloud.files.subdomain.value}.${config.networking.fqdn}"; | ||||
|   ncDomain = "${config.networking.fqdn}"; | ||||
| in | ||||
| { | ||||
|   clan.core.vars.generators.vega-nextcloud = { | ||||
|     files.subdomain.secret = false; | ||||
|  | ||||
|     prompts = { | ||||
|       subdomain = { | ||||
|         persist = true; | ||||
|         type = "line"; | ||||
|         description = "Sub-domain for Nextcloud app. Default:(cloud)"; | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     script = ''cat $prompts/subdomain || echo -n "cloud" > $out/subdomain''; | ||||
|   }; | ||||
|  | ||||
|   networking.firewall.allowedTCPPorts = [ | ||||
|     80 | ||||
|     443 | ||||
|   ]; | ||||
|  | ||||
|   services.nextcloud = { | ||||
|     hostName = ncDomain; | ||||
|     package = pkgs.nextcloud31; | ||||
|   }; | ||||
|   # services.nginx.virtualHosts."${ncDomain}" = { | ||||
|   #   # useACMEHost = "${config.networking.fqdn}"; | ||||
|   #   # forceSSL = true; | ||||
|   # }; | ||||
| } | ||||
							
								
								
									
										93
									
								
								machines/vega/services/samba.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										93
									
								
								machines/vega/services/samba.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,93 @@ | ||||
| { | ||||
|   config, | ||||
|   lib, | ||||
|   ... | ||||
| }: | ||||
| let | ||||
|   sambaUser = lib.filterAttrs ( | ||||
|     name: user: user.isNormalUser && builtins.elem "samba" user.extraGroups | ||||
|   ) config.users.users; | ||||
|  | ||||
|   sharedFolders = { | ||||
|     GLOM.users = [ | ||||
|       "w" | ||||
|       "kurogeek" | ||||
|       "berwn" | ||||
|     ]; | ||||
|   }; | ||||
| in | ||||
| { | ||||
|  | ||||
|   services.samba = { | ||||
|     enable = true; | ||||
|     openFirewall = true; | ||||
|     settings = { | ||||
|       global = { | ||||
|         security = "user"; | ||||
|         workgroup = "WORKGROUP"; | ||||
|         "server string" = "Glom Vega"; | ||||
|         interfaces = "eth* en*"; | ||||
|         "max log size" = "50"; | ||||
|         "dns proxy" = false; | ||||
|         "syslog only" = true; | ||||
|         "map to guest" = "Bad User"; | ||||
|         "guest account" = "nobody"; | ||||
|       }; | ||||
|     } | ||||
|     // lib.mapAttrs (share: opts: { | ||||
|       path = "/mnt/hdd/samba/${share}"; | ||||
|       comment = share; | ||||
|       "force user" = share; | ||||
|       "force group" = share; | ||||
|       public = "yes"; | ||||
|       "guest ok" = "yes"; | ||||
|       "create mask" = "0640"; | ||||
|       "directory mask" = "0750"; | ||||
|       writable = "no"; | ||||
|       browseable = "yes"; | ||||
|       printable = "no"; | ||||
|       # TODO | ||||
|       # "valid users" = toString opts.users; | ||||
|     }) sharedFolders; | ||||
|   }; | ||||
|  | ||||
|   users.users = lib.mapAttrs (share: opts: { | ||||
|     isSystemUser = true; | ||||
|     group = share; | ||||
|   }) sharedFolders; | ||||
|  | ||||
|   users.groups = lib.mapAttrs (share: opts: { }) sharedFolders; | ||||
|  | ||||
|   systemd.services.samba-smbd.postStart = | ||||
|     lib.concatMapStrings ( | ||||
|       user: | ||||
|       let | ||||
|         password = config.clan.core.vars.generators."${user}-smb-password".files.password.path; | ||||
|       in | ||||
|       '' | ||||
|         mkdir -p /mnt/hdd/samba/${user} | ||||
|         chown ${user}:users /mnt/hdd/samba/${user} | ||||
|         # if a password is unchanged, this will error | ||||
|         (echo $(<${password}); echo $(<${password})) | ${config.services.samba.package}/bin/smbpasswd -s -a ${user} | ||||
|       '' | ||||
|     ) (lib.attrNames sambaUser) | ||||
|     + lib.concatMapStrings (share: '' | ||||
|       mkdir -p /mnt/hdd/samba/${share} | ||||
|       chown ${share}:${share} /mnt/hdd/samba/${share} | ||||
|     '') (lib.attrNames sharedFolders); | ||||
|  | ||||
|   services.samba-wsdd = { | ||||
|     enable = true; | ||||
|     openFirewall = true; | ||||
|   }; | ||||
|  | ||||
|   services.avahi = { | ||||
|     publish.enable = true; | ||||
|     publish.userServices = true; | ||||
|     # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` | ||||
|     nssmdns4 = true; | ||||
|     # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it | ||||
|     enable = true; | ||||
|     openFirewall = true; | ||||
|   }; | ||||
| } | ||||
		Reference in New Issue
	
	Block a user