yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Separate host-specific samba and disk health config

Browse source
This commit is contained in:
Yan Lin 2025-09-09 11:54:43 +02:00
parent 16cd2e5cbf
commit 617ab047a9
3 changed files with 182 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

0
modules/disk-health.nix → hosts/nixos/hs/disk-health.nix
View file

25
hosts/nixos/hs/system.nix
View file

@ -4,11 +4,11 @@
./disk-config.nix ./disk-config.nix
./containers.nix # Host-specific container definitions ./containers.nix # Host-specific container definitions
./proxy.nix # Host-specific Traefik dynamic configuration ./proxy.nix # Host-specific Traefik dynamic configuration
./disk-health.nix # Host-specific disk health monitoring
../../../modules/tailscale.nix ../../../modules/tailscale.nix
../../../modules/podman.nix ../../../modules/podman.nix
../../../modules/traefik.nix ../../../modules/traefik.nix
../../../modules/samba.nix ../../../modules/samba.nix
../../../modules/disk-health.nix
../../../modules/borg.nix ../../../modules/borg.nix
]; ];
@ -222,6 +222,29 @@
# Enable experimental nix features # Enable experimental nix features
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Samba file sharing configuration
services.samba-custom = {
enable = true;
serverString = "hs NAS Server";
workgroup = "WORKGROUP";
shares = {
Media = {
path = "/mnt/storage/Media";
comment = "Media Storage";
browseable = true;
readOnly = false;
guestOk = false;
createMask = "0644";
directoryMask = "0755";
forceUser = "yanlin";
forceGroup = "users";
validUsers = [ "yanlin" ];
};
};
enableWSDD = true;
openFirewall = false;
};
# Borg backup configuration # Borg backup configuration
services.borgbackup-custom = { services.borgbackup-custom = {
enable = true; enable = true;

145
modules/samba.nix
View file

@ -1,6 +1,108 @@
{ config, pkgs, lib, ... }: { config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.samba-custom;
in
{ {
options.services.samba-custom = {
enable = mkEnableOption "Samba file sharing service";
workgroup = mkOption {
type = types.str;
default = "WORKGROUP";
description = "SMB workgroup name";
};
serverString = mkOption {
type = types.str;
default = "NixOS Samba Server";
description = "Server description string";
};
shares = mkOption {
type = types.attrsOf (types.submodule {
options = {
path = mkOption {
type = types.str;
description = "Path to the shared directory";
};
comment = mkOption {
type = types.str;
default = "";
description = "Share description comment";
};
browseable = mkOption {
type = types.bool;
default = true;
description = "Whether share is browseable";
};
readOnly = mkOption {
type = types.bool;
default = false;
description = "Whether share is read-only";
};
guestOk = mkOption {
type = types.bool;
default = false;
description = "Allow guest access";
};
createMask = mkOption {
type = types.str;
default = "0644";
description = "File creation mask";
};
directoryMask = mkOption {
type = types.str;
default = "0755";
description = "Directory creation mask";
};
forceUser = mkOption {
type = types.nullOr types.str;
default = null;
description = "Force files to be owned by this user";
};
forceGroup = mkOption {
type = types.nullOr types.str;
default = null;
description = "Force files to be owned by this group";
};
validUsers = mkOption {
type = types.listOf types.str;
default = [];
description = "List of valid users for this share";
};
};
});
default = {};
description = "Samba share definitions";
};
enableWSDD = mkOption {
type = types.bool;
default = true;
description = "Enable Web Service Discovery (WSD) for SMB discovery";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open firewall ports for Samba";
};
};
config = mkIf cfg.enable {
# Enable Samba service # Enable Samba service
services.samba = { services.samba = {
enable = true; enable = true;
@ -12,8 +114,8 @@
settings = { settings = {
global = { global = {
# Server identification # Server identification
workgroup = "WORKGROUP"; workgroup = cfg.workgroup;
"server string" = "hs NAS Server"; "server string" = cfg.serverString;
# Security settings # Security settings
security = "user"; security = "user";
@ -36,28 +138,27 @@
"disable spoolss" = "yes"; "disable spoolss" = "yes";
}; };
# Define shares # Generate share configurations
Media = { } // (mapAttrs (name: share: {
path = "/mnt/storage/Media"; path = share.path;
browseable = "yes"; browseable = if share.browseable then "yes" else "no";
"read only" = "no"; "read only" = if share.readOnly then "yes" else "no";
"guest ok" = "no"; "guest ok" = if share.guestOk then "yes" else "no";
"create mask" = "0644"; "create mask" = share.createMask;
"directory mask" = "0755"; "directory mask" = share.directoryMask;
"force user" = "yanlin"; "valid users" = concatStringsSep " " share.validUsers;
"force group" = "users"; comment = share.comment;
"valid users" = "yanlin"; } // (optionalAttrs (share.forceUser != null) {
comment = "Media Storage"; "force user" = share.forceUser;
}; }) // (optionalAttrs (share.forceGroup != null) {
}; "force group" = share.forceGroup;
})) cfg.shares);
}; };
# Enable SMB discovery # Enable SMB discovery
services.samba-wsdd = { services.samba-wsdd = mkIf cfg.enableWSDD {
enable = true; enable = true;
openFirewall = false; # Keep firewall closed as requested openFirewall = cfg.openFirewall;
};
}; };
# Configure SMB users - requires manual setup after deployment
# Run: sudo smbpasswd -a yanlin
} }