diff --git a/modules/file-server/dufs.nix b/modules/file-server/dufs.nix index 3601a09..9b6c306 100644 --- a/modules/file-server/dufs.nix +++ b/modules/file-server/dufs.nix @@ -9,17 +9,22 @@ let in { options.services.dufs = { - sharedPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the folder to share via WebDAV. Set to null to disable dufs."; - example = "/mnt/storage/shared"; - }; - - port = lib.mkOption { - type = lib.types.port; - default = 5099; - description = "Port to listen on"; + shares = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options = { + path = lib.mkOption { + type = lib.types.str; + description = "Path to the folder to share via WebDAV"; + }; + port = lib.mkOption { + type = lib.types.port; + default = 5099; + description = "Port to listen on"; + }; + }; + }); + default = {}; + description = "WebDAV shares to expose via dufs. Each entry creates a separate dufs instance."; }; user = lib.mkOption { @@ -35,27 +40,25 @@ in }; }; - config = lib.mkIf (cfg.sharedPath != null) { - # Install dufs package + config = lib.mkIf (cfg.shares != {}) { environment.systemPackages = [ pkgs.dufs ]; - systemd.services.dufs = { - description = "Dufs WebDAV File Server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + systemd.services = lib.mapAttrs' (name: s: + lib.nameValuePair "dufs-${name}" { + description = "Dufs WebDAV File Server - ${name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - UMask = "0022"; - ExecStart = ''/bin/sh -c "${pkgs.dufs}/bin/dufs ${cfg.sharedPath} --port ${toString cfg.port} --bind 0.0.0.0 --allow-all --auth $(cat ${authFile})@/:rw"''; - Restart = "on-failure"; - RestartSec = "10s"; - }; - }; - - # Open firewall port (optional, since traffic comes through WireGuard) - # networking.firewall.allowedTCPPorts = [ cfg.port ]; + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + UMask = "0022"; + ExecStart = ''/bin/sh -c "${pkgs.dufs}/bin/dufs ${s.path} --port ${toString s.port} --bind 0.0.0.0 --allow-all --auth $(cat ${authFile})@/:rw"''; + Restart = "on-failure"; + RestartSec = "10s"; + }; + } + ) cfg.shares; }; } diff --git a/modules/file-server/samba.nix b/modules/file-server/samba.nix index 8145943..7c6fbe5 100644 --- a/modules/file-server/samba.nix +++ b/modules/file-server/samba.nix @@ -4,31 +4,33 @@ let cfg = config.services.samba-custom; + + mkShareSettings = _: path: { + "path" = path; + "valid users" = cfg.user; + "public" = "no"; + "writeable" = "yes"; + "force user" = cfg.user; + "create mask" = "0644"; + "directory mask" = "0755"; + }; in { options.services.samba-custom = { - sharedPath = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Path to the folder to share via Samba. Set to null to disable Samba sharing."; - example = "/mnt/storage/shared"; - }; - - shareName = lib.mkOption { - type = lib.types.str; - default = "shared"; - description = "Name of the Samba share as it appears on the network"; + shares = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = "Samba shares to expose. Keys are share names, values are paths."; }; user = lib.mkOption { type = lib.types.str; default = "yanlin"; - description = "Unix user that owns the shared directory and will be used for Samba authentication"; + description = "Unix user that owns the shared directories and will be used for Samba authentication"; }; }; - config = lib.mkIf (cfg.sharedPath != null) { - # Enable Samba service + config = lib.mkIf (cfg.shares != {}) { services.samba = { enable = true; openFirewall = true; @@ -41,28 +43,14 @@ in "security" = "user"; "guest account" = "nobody"; "map to guest" = "bad user"; - - # Security enhancements "server min protocol" = "SMB3_00"; "smb encrypt" = "desired"; }; - - "${cfg.shareName}" = { - "path" = cfg.sharedPath; - "valid users" = cfg.user; - "public" = "no"; - "writeable" = "yes"; - "force user" = cfg.user; - "create mask" = "0644"; - "directory mask" = "0755"; - }; - }; + } // lib.mapAttrs mkShareSettings cfg.shares; }; - # Create directory and set permissions - systemd.tmpfiles.rules = [ - "d ${cfg.sharedPath} 0755 ${cfg.user} users - -" - ]; - + systemd.tmpfiles.rules = lib.mapAttrsToList + (_: path: "d ${path} 0755 ${cfg.user} users - -") + cfg.shares; }; } diff --git a/modules/schedule.nix b/modules/schedule.nix index a0e7ccd..602ba6e 100644 --- a/modules/schedule.nix +++ b/modules/schedule.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.services.scheduled-commands; - # Create wrapper script for a specific instance makeCommandScript = name: instanceCfg: pkgs.writeScriptBin "${name}-run" '' #!${pkgs.zsh}/bin/zsh # Source user shell to get environment and functions @@ -15,7 +14,6 @@ let ${concatStringsSep "\n" instanceCfg.commands} ''; - # Filter for enabled instances enabledInstances = filterAttrs (_: instanceCfg: instanceCfg.enable) cfg; in @@ -63,14 +61,12 @@ in }; config = mkMerge [ - # Install wrapper scripts for all enabled instances { home.packages = mapAttrsToList (name: instanceCfg: makeCommandScript name instanceCfg ) enabledInstances; } - # Create systemd services and timers for all enabled instances { systemd.user.services = mapAttrs' (name: instanceCfg: nameValuePair name {