diff --git a/nixos/common/users/sajenim/samba/default.nix b/nixos/common/users/sajenim/samba/default.nix new file mode 100644 index 0000000..f02461d --- /dev/null +++ b/nixos/common/users/sajenim/samba/default.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +{ + age.secrets.smb-secrets = { + rekeyFile = ./smb-secrets.age; + }; + + fileSystems."/home/sajenim/.backup" = { + device = "//192.168.1.102/sajenim"; + fsType = "cifs"; + options = let + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users"; + + in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; + }; + + environment.etc = { + "nixos/smb-secrets".source = config.age.secrets.smb-secrets.path; + }; +} + diff --git a/nixos/common/users/sajenim/samba/smb-secrets.age b/nixos/common/users/sajenim/samba/smb-secrets.age new file mode 100644 index 0000000..f9ae86a --- /dev/null +++ b/nixos/common/users/sajenim/samba/smb-secrets.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> piv-p256 hdSnGw AuXEhgAyxDSAP0HbRE1g0HOaEp9x76AD+681RMOReayb +0fpWaqClsG3wrak0hnU+nB6Dpmdv11CgCl81P5CuwcQ +-> q]sfNw0}-grease {sq +V6m76C8Jvng8SPHoPvyocYo +--- SaJq9U29eLJm6aM9OfiMlINa9rhZ1wy0ZtYU/U1D6BM +y Y_;2&C5> jFjl^ip=h @(.0A]Zd,!Im6˾=a f \ No newline at end of file diff --git a/nixos/fuchsia/configuration.nix b/nixos/fuchsia/configuration.nix index 7213f89..69faac8 100644 --- a/nixos/fuchsia/configuration.nix +++ b/nixos/fuchsia/configuration.nix @@ -4,6 +4,7 @@ imports = [ ../common/global ../common/users/sajenim + ../common/users/sajenim/samba ../common/users/sajenim/steam ../common/optional/key.nix diff --git a/nixos/viridian/hardware-configuration.nix b/nixos/viridian/hardware-configuration.nix index dc00d35..e975875 100644 --- a/nixos/viridian/hardware-configuration.nix +++ b/nixos/viridian/hardware-configuration.nix @@ -35,6 +35,12 @@ options = [ "subvol=containers" "compress=zstd" ]; }; + fileSystems."/srv/shares" = { + device = "/dev/disk/by-label/data"; + fsType = "btrfs"; + options = [ "subvol=shares" "compress=zstd" ]; + }; + fileSystems."/srv/backup" = { device = "/dev/disk/by-label/data"; fsType = "btrfs"; diff --git a/nixos/viridian/services/borgbackup.nix b/nixos/viridian/services/borgbackup.nix index c155735..7b4ec62 100644 --- a/nixos/viridian/services/borgbackup.nix +++ b/nixos/viridian/services/borgbackup.nix @@ -8,6 +8,12 @@ ]; encryption.mode = "none"; repo = "/srv/backup/borg/containers"; + shares = { + paths = [ + "/srv/shares" + ]; + encryption.mode = "none"; + repo = "/srv/backup/shares"; compression = "auto,zstd"; startAt = "daily"; }; diff --git a/nixos/viridian/services/default.nix b/nixos/viridian/services/default.nix index fe87bce..e78221e 100644 --- a/nixos/viridian/services/default.nix +++ b/nixos/viridian/services/default.nix @@ -7,5 +7,6 @@ ./borgbackup.nix ./forgejo.nix ./mpd.nix + ./samba.nix ]; } diff --git a/nixos/viridian/services/samba.nix b/nixos/viridian/services/samba.nix new file mode 100644 index 0000000..b0b3db9 --- /dev/null +++ b/nixos/viridian/services/samba.nix @@ -0,0 +1,52 @@ +{ ... }: + +{ + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + extraConfig = '' + workgroup = WORKGROUP + server string = smbnix + netbios name = smbnix + security = user + #use sendfile = yes + #max protocol = smb2 + # note: localhost is the ipv6 localhost ::1 + hosts allow = 192.168.1.101 192.168.1.108 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + spectre = { + path = "/srv/shares/spectre"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "spectre"; + "force group" = "users"; + }; + sajenim = { + path = "/srv/shares/sajenim"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "sajenim"; + "force group" = "users"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + networking.firewall.enable = true; + networking.firewall.allowPing = true; +}