cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

alyssum/samba: bind some directories

Browse source
This commit is contained in:
Cilly Leang 2026-06-17 21:05:38 +10:00
parent bc3269a814
commit 5c13051b4b
Signed by: cilly
GPG key ID: 6500251E087653C9
2 changed files with 83 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

159
hosts/alyssum/samba.nix
View file

@ -1,88 +1,83 @@
{ config, pkgs, ... }: { { config, lib, pkgs, ... }:
networking.firewall.allowPing = true; let
configOn = user: let
passwd_fname = "passwd_smb${user}";
in {
age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; users.users.${user} = {
age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age; hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
};
users.users.cilly = { system.activationScripts = {
hashedPasswordFile = config.age.secrets.passwd.path; init_smbpasswd.text = let
isNormalUser = true; smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
}; in ''
users.users.kujira = { printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
hashedPasswordFile = config.age.secrets.passwd.path; '';
isNormalUser = true; };
}; services.samba.settings."${user}" = {
system.activationScripts = { "path" = "/flower/smb/${user}";
init_smbpasswd.text = let "browseable" = "yes";
smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; "read only" = "no";
in '' "guest ok" = "no";
printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly "create mask" = "0644";
"directory mask" = "0755";
printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira "force user" = user;
''; "force group" = "users";
}; "valid users" = user;
services.samba = {
enable = true;
package = pkgs.samba4Full;
openFirewall = true;
settings = {
global = {
"server smb encrypt" = "required";
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
"public" = {
"path" = "/flower/smb/public";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "hana";
"force group" = "users";
};
"cilly" = {
"path" = "/flower/smb/cilly";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "cilly";
"force group" = "users";
"valid users" = "cilly";
};
"kujira" = {
"path" = "/flower/smb/kujira";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "kujira";
"force group" = "users";
"valid users" = "kujira";
};
}; };
}; };
in lib.mkMerge [
(configOn "cilly")
(configOn "kujira")
{
me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
services.samba-wsdd = { networking.firewall.allowPing = true;
enable = true;
openFirewall = true;
};
services.avahi = { services.samba = {
enable = true; enable = true;
openFirewall = true; package = pkgs.samba4Full;
nssmdns4 = true; openFirewall = true;
publish.enable = true; settings = {
publish.userServices = true; global = {
}; "server smb encrypt" = "required";
} "workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
"public" = {
"path" = "/flower/smb/public";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "hana";
"force group" = "users";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish.enable = true;
publish.userServices = true;
};
}
]

8
modules/binds.nix
View file

@ -1,8 +1,12 @@
{ config, lib, ...}: { { config, lib, ...}: {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
fileSystems = lib.mapAttrs (dest: key: { fileSystems = lib.mapAttrs (dest: key: let
target = if (lib.strings.hasPrefix "/" key)
then key
else "/persist/binds/${key}";
in {
depends = [ "/persist" ]; depends = [ "/persist" ];
device = "/persist/binds/${key}"; device = target;
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
}) config.me.binds; }) config.me.binds;