Create samba shares
This commit is contained in:
parent
29e0251a95
commit
958f1e7042
21
nixos/common/users/sajenim/samba/default.nix
Normal file
21
nixos/common/users/sajenim/samba/default.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
age.secrets.smb-secrets = {
|
||||
rekeyFile = ./smb-secrets.age;
|
||||
};
|
||||
|
||||
fileSystems."/home/sajenim/.backup" = {
|
||||
device = "//192.168.1.102/sajenim";
|
||||
fsType = "cifs";
|
||||
options = let
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
|
||||
|
||||
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"nixos/smb-secrets".source = config.age.secrets.smb-secrets.path;
|
||||
};
|
||||
}
|
||||
|
7
nixos/common/users/sajenim/samba/smb-secrets.age
Normal file
7
nixos/common/users/sajenim/samba/smb-secrets.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> piv-p256 hdSnGw AuXEhgAyxDSAP0HbRE1g0HOaEp9x76AD+681RMOReayb
|
||||
0fpWaqClsG3wrak0hnU+nB6Dpmdv11CgCl81P5CuwcQ
|
||||
-> q]sfNw0}-grease {sq
|
||||
V6m76C8Jvng8SPHoPvyocYo
|
||||
--- SaJq9U29eLJm6aM9OfiMlINa9rhZ1wy0ZtYU/U1D6BM
|
||||
y
Yºœ_;2&C5>ëjFÄjl^iàè¶p–â=Âh@(.<2E>0¼A†]®Zd¸,ë!Im¯6âå™à“˾=ãÈa
f
|
|
@ -4,6 +4,7 @@
|
|||
imports = [
|
||||
../common/global
|
||||
../common/users/sajenim
|
||||
../common/users/sajenim/samba
|
||||
../common/users/sajenim/steam
|
||||
../common/optional/key.nix
|
||||
|
||||
|
|
|
@ -35,6 +35,12 @@
|
|||
options = [ "subvol=containers" "compress=zstd" ];
|
||||
};
|
||||
|
||||
fileSystems."/srv/shares" = {
|
||||
device = "/dev/disk/by-label/data";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=shares" "compress=zstd" ];
|
||||
};
|
||||
|
||||
fileSystems."/srv/backup" = {
|
||||
device = "/dev/disk/by-label/data";
|
||||
fsType = "btrfs";
|
||||
|
|
|
@ -8,6 +8,12 @@
|
|||
];
|
||||
encryption.mode = "none";
|
||||
repo = "/srv/backup/borg/containers";
|
||||
shares = {
|
||||
paths = [
|
||||
"/srv/shares"
|
||||
];
|
||||
encryption.mode = "none";
|
||||
repo = "/srv/backup/shares";
|
||||
compression = "auto,zstd";
|
||||
startAt = "daily";
|
||||
};
|
||||
|
|
|
@ -7,5 +7,6 @@
|
|||
./borgbackup.nix
|
||||
./forgejo.nix
|
||||
./mpd.nix
|
||||
./samba.nix
|
||||
];
|
||||
}
|
||||
|
|
52
nixos/viridian/services/samba.nix
Normal file
52
nixos/viridian/services/samba.nix
Normal file
|
@ -0,0 +1,52 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
services.samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = smbnix
|
||||
netbios name = smbnix
|
||||
security = user
|
||||
#use sendfile = yes
|
||||
#max protocol = smb2
|
||||
# note: localhost is the ipv6 localhost ::1
|
||||
hosts allow = 192.168.1.101 192.168.1.108 127.0.0.1 localhost
|
||||
hosts deny = 0.0.0.0/0
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
'';
|
||||
shares = {
|
||||
spectre = {
|
||||
path = "/srv/shares/spectre";
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "no";
|
||||
"create mask" = "0644";
|
||||
"directory mask" = "0755";
|
||||
"force user" = "spectre";
|
||||
"force group" = "users";
|
||||
};
|
||||
sajenim = {
|
||||
path = "/srv/shares/sajenim";
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "no";
|
||||
"create mask" = "0644";
|
||||
"directory mask" = "0755";
|
||||
"force user" = "sajenim";
|
||||
"force group" = "users";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.samba-wsdd = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.allowPing = true;
|
||||
}
|
Loading…
Reference in a new issue