refactor both file server modules

modules/file-server/dufs.nix

@@ -9,17 +9,22 @@ let
 in
 {
   options.services.dufs = {
-    sharedPath = lib.mkOption {
+    shares = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
+      type = lib.types.attrsOf (lib.types.submodule {
-      default = null;
+        options = {
-      description = "Path to the folder to share via WebDAV. Set to null to disable dufs.";
+          path = lib.mkOption {
-      example = "/mnt/storage/shared";
+            type = lib.types.str;
-    };
+            description = "Path to the folder to share via WebDAV";
-
+          };
-    port = lib.mkOption {
+          port = lib.mkOption {
-      type = lib.types.port;
+            type = lib.types.port;
-      default = 5099;
+            default = 5099;
-      description = "Port to listen on";
+            description = "Port to listen on";
+          };
+        };
+      });
+      default = {};
+      description = "WebDAV shares to expose via dufs. Each entry creates a separate dufs instance.";
     };
 
     user = lib.mkOption {
@@ -35,27 +40,25 @@ in
     };
   };
 
-  config = lib.mkIf (cfg.sharedPath != null) {
+  config = lib.mkIf (cfg.shares != {}) {
-    # Install dufs package
     environment.systemPackages = [ pkgs.dufs ];
 
-    systemd.services.dufs = {
+    systemd.services = lib.mapAttrs' (name: s:
-      description = "Dufs WebDAV File Server";
+      lib.nameValuePair "dufs-${name}" {
-      wantedBy = [ "multi-user.target" ];
+        description = "Dufs WebDAV File Server - ${name}";
-      after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
 
-      serviceConfig = {
+        serviceConfig = {
-        Type = "simple";
+          Type = "simple";
-        User = cfg.user;
+          User = cfg.user;
-        Group = cfg.group;
+          Group = cfg.group;
-        UMask = "0022";
+          UMask = "0022";
-        ExecStart = ''/bin/sh -c "${pkgs.dufs}/bin/dufs ${cfg.sharedPath} --port ${toString cfg.port} --bind 0.0.0.0 --allow-all --auth $(cat ${authFile})@/:rw"'';
+          ExecStart = ''/bin/sh -c "${pkgs.dufs}/bin/dufs ${s.path} --port ${toString s.port} --bind 0.0.0.0 --allow-all --auth $(cat ${authFile})@/:rw"'';
-        Restart = "on-failure";
+          Restart = "on-failure";
-        RestartSec = "10s";
+          RestartSec = "10s";
-      };
+        };
-    };
+      }
-
+    ) cfg.shares;
-    # Open firewall port (optional, since traffic comes through WireGuard)
-    # networking.firewall.allowedTCPPorts = [ cfg.port ];
   };
 }

modules/file-server/samba.nix

@@ -4,31 +4,33 @@
 
 let
   cfg = config.services.samba-custom;
+
+  mkShareSettings = _: path: {
+    "path" = path;
+    "valid users" = cfg.user;
+    "public" = "no";
+    "writeable" = "yes";
+    "force user" = cfg.user;
+    "create mask" = "0644";
+    "directory mask" = "0755";
+  };
 in
 {
   options.services.samba-custom = {
-    sharedPath = lib.mkOption {
+    shares = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
+      type = lib.types.attrsOf lib.types.str;
-      default = null;
+      default = {};
-      description = "Path to the folder to share via Samba. Set to null to disable Samba sharing.";
+      description = "Samba shares to expose. Keys are share names, values are paths.";
-      example = "/mnt/storage/shared";
-    };
-
-    shareName = lib.mkOption {
-      type = lib.types.str;
-      default = "shared";
-      description = "Name of the Samba share as it appears on the network";
     };
 
     user = lib.mkOption {
       type = lib.types.str;
       default = "yanlin";
-      description = "Unix user that owns the shared directory and will be used for Samba authentication";
+      description = "Unix user that owns the shared directories and will be used for Samba authentication";
     };
   };
 
-  config = lib.mkIf (cfg.sharedPath != null) {
+  config = lib.mkIf (cfg.shares != {}) {
-    # Enable Samba service
     services.samba = {
       enable = true;
       openFirewall = true;
@@ -41,28 +43,14 @@ in
           "security" = "user";
           "guest account" = "nobody";
           "map to guest" = "bad user";
-
-          # Security enhancements
           "server min protocol" = "SMB3_00";
           "smb encrypt" = "desired";
         };
-
+      } // lib.mapAttrs mkShareSettings cfg.shares;
-        "${cfg.shareName}" = {
-          "path" = cfg.sharedPath;
-          "valid users" = cfg.user;
-          "public" = "no";
-          "writeable" = "yes";
-          "force user" = cfg.user;
-          "create mask" = "0644";
-          "directory mask" = "0755";
-        };
-      };
     };
 
-    # Create directory and set permissions
+    systemd.tmpfiles.rules = lib.mapAttrsToList
-    systemd.tmpfiles.rules = [
+      (_: path: "d ${path} 0755 ${cfg.user} users - -")
-      "d ${cfg.sharedPath} 0755 ${cfg.user} users - -"
+      cfg.shares;
-    ];
-
   };
 }

modules/schedule.nix

@@ -5,7 +5,6 @@ with lib;
 let
   cfg = config.services.scheduled-commands;
 
-  # Create wrapper script for a specific instance
   makeCommandScript = name: instanceCfg: pkgs.writeScriptBin "${name}-run" ''
     #!${pkgs.zsh}/bin/zsh
     # Source user shell to get environment and functions
@@ -15,7 +14,6 @@ let
     ${concatStringsSep "\n" instanceCfg.commands}
   '';
 
-  # Filter for enabled instances
   enabledInstances = filterAttrs (_: instanceCfg: instanceCfg.enable) cfg;
 in
 
@@ -63,14 +61,12 @@ in
   };
 
   config = mkMerge [
-    # Install wrapper scripts for all enabled instances
     {
       home.packages = mapAttrsToList (name: instanceCfg:
         makeCommandScript name instanceCfg
       ) enabledInstances;
     }
 
-    # Create systemd services and timers for all enabled instances
     {
       systemd.user.services = mapAttrs' (name: instanceCfg:
         nameValuePair name {