Create samba shares

nixos/common/users/sajenim/samba/default.nix

@@ -0,0 +1,21 @@
+{ config, ... }:
+
+{
+  age.secrets.smb-secrets = {
+    rekeyFile = ./smb-secrets.age;
+  };
+
+  fileSystems."/home/sajenim/.backup" = {
+    device = "//192.168.1.102/sajenim";
+    fsType = "cifs";
+    options = let
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
+
+      in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
+  };
+
+  environment.etc = {
+    "nixos/smb-secrets".source = config.age.secrets.smb-secrets.path;
+  };
+}
+

nixos/common/users/sajenim/samba/smb-secrets.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> piv-p256 hdSnGw AuXEhgAyxDSAP0HbRE1g0HOaEp9x76AD+681RMOReayb
+0fpWaqClsG3wrak0hnU+nB6Dpmdv11CgCl81P5CuwcQ
+-> q]sfNw0}-grease {sq
+V6m76C8Jvng8SPHoPvyocYo
+--- SaJq9U29eLJm6aM9OfiMlINa9rhZ1wy0ZtYU/U1D6BM
+y
Yºœ_;2&C5>ëjFÄjl^iàè¶p–â=Âh@(.<2E>0¼A†]®Zd¸,ë!Im¯6âå™à“˾=ãÈa
f

nixos/common/users/spectre/default.nix

@@ -0,0 +1,13 @@
+{ inputs, pkgs, ... }:
+
+{
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+  ];
+  users.users.spectre = {
+      isNormalUser = true;
+      shell = pkgs.zsh;
+      hashedPassword = "$y$j9T$eCJ0MDPsx3tww9LP0LU8..$sE8u5keO7QNKNAR1t2R6GqsDzvGD0Xn9Fi3to14Gf9/";
+  };
+  users.mutableUsers = false;
+}

nixos/fuchsia/configuration.nix

@@ -4,6 +4,7 @@
   imports = [
     ../common/global
     ../common/users/sajenim
+    ../common/users/sajenim/samba
     ../common/users/sajenim/steam
     ../common/optional/key.nix
 

nixos/viridian/configuration.nix

@@ -4,6 +4,7 @@
   imports = [
     ../common/global
     ../common/users/sajenim
+    ../common/users/spectre
     ../common/optional/wireguard
 
     ./services

nixos/viridian/hardware-configuration.nix

@@ -35,6 +35,12 @@
     options = [ "subvol=containers" "compress=zstd" ];
   };
 
+  fileSystems."/srv/shares" = {
+    device = "/dev/disk/by-label/data";
+    fsType = "btrfs";
+    options = [ "subvol=shares" "compress=zstd" ];
+  };
+
   fileSystems."/srv/backup" = {
     device = "/dev/disk/by-label/data";
     fsType = "btrfs";

nixos/viridian/services/borgbackup.nix

@@ -8,6 +8,12 @@
       ];
       encryption.mode = "none";
       repo = "/srv/backup/borg/containers";
+    shares = {
+      paths = [
+        "/srv/shares"
+      ];
+      encryption.mode = "none";
+      repo = "/srv/backup/shares";
       compression = "auto,zstd";
       startAt = "daily";
     };

nixos/viridian/services/default.nix

@@ -7,5 +7,6 @@
     ./borgbackup.nix
     ./forgejo.nix
     ./mpd.nix
+    ./samba.nix
   ];
 }

nixos/viridian/services/samba.nix

@@ -0,0 +1,52 @@
+{ ... }:
+
+{
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = smbnix
+      netbios name = smbnix
+      security = user 
+      #use sendfile = yes
+      #max protocol = smb2
+      # note: localhost is the ipv6 localhost ::1
+      hosts allow = 192.168.1.101 192.168.1.108 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      spectre = {
+        path = "/srv/shares/spectre";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "spectre";
+        "force group" = "users";
+      };
+      sajenim = {
+        path = "/srv/shares/sajenim";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "sajenim";
+        "force group" = "users";
+      };
+    };
+  };
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+}