yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/modules/samba.nix

164 lines
4.5 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.samba-custom;
in
{
options.services.samba-custom = {
enable = mkEnableOption "Samba file sharing service";
workgroup = mkOption {
type = types.str;
default = "WORKGROUP";
description = "SMB workgroup name";
};
serverString = mkOption {
type = types.str;
default = "NixOS Samba Server";
description = "Server description string";
};
shares = mkOption {
type = types.attrsOf (types.submodule {
options = {
path = mkOption {
type = types.str;
description = "Path to the shared directory";
};
comment = mkOption {
type = types.str;
default = "";
description = "Share description comment";
};
browseable = mkOption {
type = types.bool;
default = true;
description = "Whether share is browseable";
};
readOnly = mkOption {
type = types.bool;
default = false;
description = "Whether share is read-only";
};
guestOk = mkOption {
type = types.bool;
default = false;
description = "Allow guest access";
};
createMask = mkOption {
type = types.str;
default = "0644";
description = "File creation mask";
};
directoryMask = mkOption {
type = types.str;
default = "0755";
description = "Directory creation mask";
};
forceUser = mkOption {
type = types.nullOr types.str;
default = null;
description = "Force files to be owned by this user";
};
forceGroup = mkOption {
type = types.nullOr types.str;
default = null;
description = "Force files to be owned by this group";
};
validUsers = mkOption {
type = types.listOf types.str;
default = [];
description = "List of valid users for this share";
};
};
});
default = {};
description = "Samba share definitions";
};
enableWSDD = mkOption {
type = types.bool;
default = true;
description = "Enable Web Service Discovery (WSD) for SMB discovery";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open firewall ports for Samba";
};
};
config = mkIf cfg.enable {
# Enable Samba service
services.samba = {
enable = true;
# Enable SMB protocol versions
package = pkgs.samba4Full;
# Modern Samba configuration using settings
settings = {
global = {
# Server identification
workgroup = cfg.workgroup;
"server string" = cfg.serverString;
# Security settings
security = "user";
"map to guest" = "never";
# Performance optimizations
"socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288";
deadtime = "30";
"use sendfile" = "yes";
# Logging
"log file" = "/var/log/samba/log.%m";
"max log size" = "1000";
"log level" = "0";
# Disable printer sharing
"load printers" = "no";
printing = "bsd";
"printcap name" = "/dev/null";
"disable spoolss" = "yes";
};
# Generate share configurations
} // (mapAttrs (name: share: {
path = share.path;
browseable = if share.browseable then "yes" else "no";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"valid users" = concatStringsSep " " share.validUsers;
comment = share.comment;
} // (optionalAttrs (share.forceUser != null) {
"force user" = share.forceUser;
}) // (optionalAttrs (share.forceGroup != null) {
"force group" = share.forceGroup;
})) cfg.shares);
};
# Enable SMB discovery
services.samba-wsdd = mkIf cfg.enableWSDD {
enable = true;
openFirewall = cfg.openFirewall;
};
};
}
Reference in a new issue View git blame Copy permalink