samba-share: add private folders

This commit is contained in:
Ingolf Wagner 2020-04-10 15:08:33 +02:00
parent bc6a84578a
commit 7756e5319d
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 36 additions and 1 deletions

View file

@ -11,6 +11,10 @@
samples = config.test.services.syncthing.declarative.folders.samples.path; samples = config.test.services.syncthing.declarative.folders.samples.path;
series = config.test.services.syncthing.declarative.folders.series.path; series = config.test.services.syncthing.declarative.folders.series.path;
}; };
private.test = {
folder = config.test.services.syncthing.declarative.folders.porn.path;
users = "kodi";
};
}; };
test.services.syncthing = { test.services.syncthing = {

View file

@ -11,16 +11,36 @@ in {
options.custom.samba-share = { options.custom.samba-share = {
enable = mkEnableOption "enable custom.samba-share"; enable = mkEnableOption "enable custom.samba-share";
folders = mkOption { folders = mkOption {
default = { };
type = with types; attrsOf str; type = with types; attrsOf str;
description = '' description = ''
folders to share as readonly folders to share as readonly
''; '';
example = { public = "/srv/downloads/movies"; }; example = { public = "/srv/downloads/movies"; };
}; };
private = mkOption {
default = { };
type = with types;
attrsOf (submodule {
options = {
users = mkOption {
type = with types; str;
description = ''
System users allowed to access the folder.
To set password:
# smbpasswd -a <user>
'';
};
folder = mkOption { type = with types; str; };
};
});
};
}; };
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ]; networking.firewall.allowedTCPPorts = [ 445 139 ];
@ -49,7 +69,18 @@ in {
"read only" = "yes"; "read only" = "yes";
"guest ok" = "yes"; "guest ok" = "yes";
}; };
}) cfg.folders; }) cfg.folders // (mapAttrs' (name:
{ users, folder, ... }: {
name = name;
value = {
browsable = "yes";
comment = "read only share ${name}";
path = folder;
"read only" = "yes";
"valid users" = users;
"guest ok" = "false";
};
}) cfg.private);
}; };
users.users.smbguest = { users.users.smbguest = {