chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 07:28:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

整理samba

Browse Source
This commit is contained in:
陈浩南 2023-09-13 23:52:49 +08:00
parent 25995e7dd8
commit 0eb722dab1
2 changed files with 68 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
modules/services/default.nix
View File

@ -15,6 +15,7 @@ inputs:
./xrdp.nix
./groupshare.nix
./acme.nix
./samba.nix
# ./docker.nix
];
options.nixos.services = let inherit (inputs.lib) mkOption types; in
@ -26,22 +27,6 @@ inputs:
};
kmscon.enable = mkOption { type = types.bool; default = false; };
fontconfig.enable = mkOption { type = types.bool; default = false; };
samba =
{
enable = mkOption { type = types.bool; default = false; };
wsdd = mkOption { type = types.bool; default = false; };
private = mkOption { type = types.bool; default = false; };
hostsAllowed = mkOption { type = types.str; default = "127."; };
shares = mkOption
{
type = types.attrsOf (types.submodule { options =
{
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
path = mkOption { type = types.nonEmptyStr; };
};});
default = {};
};
};
sshd.enable = mkOption { type = types.bool; default = false; };
firewall.trustedInterfaces = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
frpClient =
@ -146,49 +131,6 @@ inputs:
};
}
)
(
mkIf services.samba.enable
{
# make shares visible for windows 10 clients
services =
{
samba-wsdd.enable = services.samba.wsdd;
samba =
{
enable = true;
openFirewall = !services.samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${services.samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
(share:
{
name = share.name;
value =
{
comment = if share.value.comment != null then share.value.comment else share.name;
path = share.value.path;
browseable = true;
writeable = true;
"create mask" = "644";
"force create mode" = "644";
"directory mask" = "2755";
"force directory mode" = "2755";
};
})
(attrsToList services.samba.shares));
};
};
}
)
(
mkIf services.sshd.enable
{

67
modules/services/samba.nix Normal file
View File

@ -0,0 +1,67 @@
inputs:
{
options.nixos.services.samba = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
wsdd = mkOption { type = types.bool; default = false; };
private = mkOption { type = types.bool; default = false; };
hostsAllowed = mkOption { type = types.str; default = "127."; };
shares = mkOption
{
type = types.attrsOf (types.submodule { options =
{
comment = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
path = mkOption { type = types.nonEmptyStr; };
};});
default = {};
};
};
config =
let
inherit (inputs.lib) mkIf;
inherit (inputs.localLib) attrsToList;
inherit (inputs.config.nixos.services) samba;
inherit (builtins) map listToAttrs;
in mkIf samba.enable
{
services =
{
# make shares visible for windows 10 clients
samba-wsdd.enable = samba.wsdd;
samba =
{
enable = true;
# TCP 139 445 UDP 137 138
openFirewall = !samba.private;
securityType = "user";
extraConfig =
''
workgroup = WORKGROUP
server string = Samba Server
server role = standalone server
hosts allow = ${samba.hostsAllowed}
dns proxy = no
'';
# obey pam restrictions = yes
# encrypt passwords = no
shares = listToAttrs (map
(share:
{
name = share.name;
value =
{
comment = if share.value.comment != null then share.value.comment else share.name;
path = share.value.path;
browseable = true;
writeable = true;
"create mask" = "644";
"force create mode" = "644";
"directory mask" = "2755";
"force directory mode" = "2755";
};
})
(attrsToList samba.shares));
};
};
};
}