nixos-config/modules/services/samba-share.nix

102 lines
2.5 KiB
Nix
Raw Normal View History

2019-10-24 02:20:38 +02:00
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.samba-share;
in {
options.custom.samba-share = {
enable = mkEnableOption "enable custom.samba-share";
folders = mkOption {
2020-04-10 15:08:33 +02:00
default = { };
2019-10-24 02:20:38 +02:00
type = with types; attrsOf str;
description = ''
folders to share as readonly
'';
2019-12-20 05:54:26 +01:00
example = { public = "/srv/downloads/movies"; };
2019-10-24 02:20:38 +02:00
};
2020-04-10 15:08:33 +02:00
private = mkOption {
default = { };
type = with types;
attrsOf (submodule {
options = {
users = mkOption {
type = with types; str;
description = ''
System users allowed to access the folder.
To set password:
2020-05-15 17:24:38 +02:00
# nix-shell -p samba
2020-04-10 15:08:33 +02:00
# smbpasswd -a <user>
'';
};
folder = mkOption { type = with types; str; };
};
});
};
2019-10-24 02:20:38 +02:00
};
config = mkMerge [
2020-04-10 15:08:33 +02:00
2019-10-24 02:20:38 +02:00
(mkIf cfg.enable {
2020-04-10 15:08:33 +02:00
2019-10-24 02:20:38 +02:00
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
services.samba = {
enable = true;
# services.samba.securityType = "share";
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
2019-12-20 05:54:26 +01:00
shares = mapAttrs' (name: path: {
name = name;
value = {
browsable = "yes";
2019-12-21 12:33:28 +01:00
comment = "read only share ${name}";
2019-12-20 05:54:26 +01:00
path = path;
"read only" = "yes";
"guest ok" = "yes";
};
2020-04-10 15:08:33 +02:00
}) cfg.folders // (mapAttrs' (name:
{ users, folder, ... }: {
name = name;
value = {
browsable = "yes";
comment = "read only share ${name}";
path = folder;
"read only" = "no";
2020-04-10 15:08:33 +02:00
"valid users" = users;
"guest ok" = "false";
};
}) cfg.private);
2019-10-24 02:20:38 +02:00
};
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/home/smbguest";
createHome = true;
};
})
2019-12-21 12:33:28 +01:00
# todo : maybe better to have a parameter for this
(mkIf config.test.services.syncthing.enable {
users.groups."syncthing".members = [ "smbguest" ];
2019-10-24 02:20:38 +02:00
})
];
}