mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-23 07:28:56 +08:00
整理samba
This commit is contained in:
parent
25995e7dd8
commit
0eb722dab1
@ -15,6 +15,7 @@ inputs:
|
||||
./xrdp.nix
|
||||
./groupshare.nix
|
||||
./acme.nix
|
||||
./samba.nix
|
||||
# ./docker.nix
|
||||
];
|
||||
options.nixos.services = let inherit (inputs.lib) mkOption types; in
|
||||
@ -26,22 +27,6 @@ inputs:
|
||||
};
|
||||
kmscon.enable = mkOption { type = types.bool; default = false; };
|
||||
fontconfig.enable = mkOption { type = types.bool; default = false; };
|
||||
samba =
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
wsdd = mkOption { type = types.bool; default = false; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
hostsAllowed = mkOption { type = types.str; default = "127."; };
|
||||
shares = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
path = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
sshd.enable = mkOption { type = types.bool; default = false; };
|
||||
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
|
||||
frpClient =
|
||||
@ -146,49 +131,6 @@ inputs:
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.samba.enable
|
||||
{
|
||||
# make shares visible for windows 10 clients
|
||||
services =
|
||||
{
|
||||
samba-wsdd.enable = services.samba.wsdd;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
openFirewall = !services.samba.private;
|
||||
securityType = "user";
|
||||
extraConfig =
|
||||
''
|
||||
workgroup = WORKGROUP
|
||||
server string = Samba Server
|
||||
server role = standalone server
|
||||
hosts allow = ${services.samba.hostsAllowed}
|
||||
dns proxy = no
|
||||
'';
|
||||
# obey pam restrictions = yes
|
||||
# encrypt passwords = no
|
||||
shares = listToAttrs (map
|
||||
(share:
|
||||
{
|
||||
name = share.name;
|
||||
value =
|
||||
{
|
||||
comment = if share.value.comment != null then share.value.comment else share.name;
|
||||
path = share.value.path;
|
||||
browseable = true;
|
||||
writeable = true;
|
||||
"create mask" = "644";
|
||||
"force create mode" = "644";
|
||||
"directory mask" = "2755";
|
||||
"force directory mode" = "2755";
|
||||
};
|
||||
})
|
||||
(attrsToList services.samba.shares));
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
(
|
||||
mkIf services.sshd.enable
|
||||
{
|
||||
|
67
modules/services/samba.nix
Normal file
67
modules/services/samba.nix
Normal file
@ -0,0 +1,67 @@
|
||||
inputs:
|
||||
{
|
||||
options.nixos.services.samba = let inherit (inputs.lib) mkOption types; in
|
||||
{
|
||||
enable = mkOption { type = types.bool; default = false; };
|
||||
wsdd = mkOption { type = types.bool; default = false; };
|
||||
private = mkOption { type = types.bool; default = false; };
|
||||
hostsAllowed = mkOption { type = types.str; default = "127."; };
|
||||
shares = mkOption
|
||||
{
|
||||
type = types.attrsOf (types.submodule { options =
|
||||
{
|
||||
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
||||
path = mkOption { type = types.nonEmptyStr; };
|
||||
};});
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
config =
|
||||
let
|
||||
inherit (inputs.lib) mkIf;
|
||||
inherit (inputs.localLib) attrsToList;
|
||||
inherit (inputs.config.nixos.services) samba;
|
||||
inherit (builtins) map listToAttrs;
|
||||
in mkIf samba.enable
|
||||
{
|
||||
services =
|
||||
{
|
||||
# make shares visible for windows 10 clients
|
||||
samba-wsdd.enable = samba.wsdd;
|
||||
samba =
|
||||
{
|
||||
enable = true;
|
||||
# TCP 139 445 UDP 137 138
|
||||
openFirewall = !samba.private;
|
||||
securityType = "user";
|
||||
extraConfig =
|
||||
''
|
||||
workgroup = WORKGROUP
|
||||
server string = Samba Server
|
||||
server role = standalone server
|
||||
hosts allow = ${samba.hostsAllowed}
|
||||
dns proxy = no
|
||||
'';
|
||||
# obey pam restrictions = yes
|
||||
# encrypt passwords = no
|
||||
shares = listToAttrs (map
|
||||
(share:
|
||||
{
|
||||
name = share.name;
|
||||
value =
|
||||
{
|
||||
comment = if share.value.comment != null then share.value.comment else share.name;
|
||||
path = share.value.path;
|
||||
browseable = true;
|
||||
writeable = true;
|
||||
"create mask" = "644";
|
||||
"force create mode" = "644";
|
||||
"directory mask" = "2755";
|
||||
"force directory mode" = "2755";
|
||||
};
|
||||
})
|
||||
(attrsToList samba.shares));
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user