cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

alyssum/samba: bind some directories

Browse source
This commit is contained in:
Cilly Leang 2026-06-17 21:05:38 +10:00
parent bc3269a814
commit 5c13051b4b
Signed by: cilly
GPG key ID: 6500251E087653C9
2 changed files with 83 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

67
hosts/alyssum/samba.nix
View file

@ -1,26 +1,42 @@
{ config, pkgs, ... }: { { config, lib, pkgs, ... }:
networking.firewall.allowPing = true; let
configOn = user: let
passwd_fname = "passwd_smb${user}";
in {
age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; users.users.${user} = {
age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age;
users.users.cilly = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
};
users.users.kujira = {
hashedPasswordFile = config.age.secrets.passwd.path; hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true; isNormalUser = true;
}; };
system.activationScripts = { system.activationScripts = {
init_smbpasswd.text = let init_smbpasswd.text = let
smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
in '' in ''
printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira
''; '';
}; };
services.samba.settings."${user}" = {
"path" = "/flower/smb/${user}";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = user;
"force group" = "users";
"valid users" = user;
};
};
in lib.mkMerge [
(configOn "cilly")
(configOn "kujira")
{
me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
networking.firewall.allowPing = true;
services.samba = { services.samba = {
enable = true; enable = true;
@ -48,28 +64,6 @@
"force user" = "hana"; "force user" = "hana";
"force group" = "users"; "force group" = "users";
}; };
"cilly" = {
"path" = "/flower/smb/cilly";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "cilly";
"force group" = "users";
"valid users" = "cilly";
};
"kujira" = {
"path" = "/flower/smb/kujira";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "kujira";
"force group" = "users";
"valid users" = "kujira";
};
}; };
}; };
@ -85,4 +79,5 @@
publish.enable = true; publish.enable = true;
publish.userServices = true; publish.userServices = true;
}; };
} }
]

8
modules/binds.nix
View file

@ -1,8 +1,12 @@
{ config, lib, ...}: { { config, lib, ...}: {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
fileSystems = lib.mapAttrs (dest: key: { fileSystems = lib.mapAttrs (dest: key: let
target = if (lib.strings.hasPrefix "/" key)
then key
else "/persist/binds/${key}";
in {
depends = [ "/persist" ]; depends = [ "/persist" ];
device = "/persist/binds/${key}"; device = target;
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
}) config.me.binds; }) config.me.binds;