From 3eda14cffb54eca95c5acb8087f0905917d79e82 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Sun, 23 Nov 2025 19:38:16 +0100 Subject: [PATCH] nixberry: add samba --- modules/hosts/nixberry/default.nix | 69 +++++++++++++++++++++++++++++- secrets/secrets-nixberry.yaml | 6 ++- 2 files changed, 72 insertions(+), 3 deletions(-) diff --git a/modules/hosts/nixberry/default.nix b/modules/hosts/nixberry/default.nix index 860b0c3..7a53704 100644 --- a/modules/hosts/nixberry/default.nix +++ b/modules/hosts/nixberry/default.nix @@ -181,7 +181,7 @@ topLevel: { { name = "holli - phone"; ids = [ - "192.168.178.51" + "192.168.178.52" "100.124.47.76" "fd7a:115c:a1e0::b701:2f4f" ]; @@ -299,5 +299,72 @@ topLevel: { }; openFirewall = true; }; + + sops.secrets = { + "samba/cholli" = { + inherit sopsFile; + }; + }; + + services = { + samba = { + enable = true; + openFirewall = true; + + settings = { + global = { + "smb3 unix extensions" = "yes"; + }; + + cholli = { + path = "/storage/cholli"; + browsable = "yes"; + writable = "yes"; + "create mask" = "0664"; + "directory mask" = "0775"; + "force group" = "users"; + }; + + kaman = { + path = "/storage/kaman"; + browsable = "yes"; + writable = "yes"; + "create mask" = "0664"; + "directory mask" = "0775"; + "force group" = "users"; + }; + + }; + + }; + + avahi.enable = true; + samba-wsdd = { + enable = true; + openFirewall = true; + }; + }; + + # add user passwords + systemd.services.samba-smbd.postStart = + let + users = [ + "cholli" + ]; + setupUser = + user: + let + passwordPath = config.sops.secrets."samba/${user}".path; + smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; + in + '' + (echo $(< ${passwordPath}); + echo $(< ${passwordPath})) | \ + ${smbpasswd} -s -a ${user} + ''; + in + '' + ${builtins.concatStringsSep "\n" (map setupUser users)} + ''; }; } diff --git a/secrets/secrets-nixberry.yaml b/secrets/secrets-nixberry.yaml index e12424d..dcb3423 100644 --- a/secrets/secrets-nixberry.yaml +++ b/secrets/secrets-nixberry.yaml @@ -1,4 +1,6 @@ tailscale_key: ENC[AES256_GCM,data:koGEPaAHdrwb7UmxeYQUarWePzFKS2Z7WloSoIUj38vzyYSsd0phFvrAsHs3HAjBIk+PbqFUbQ/uwLUikg==,iv:yQ2hrvQ9Px4cM66mVYvfy2+T/3nZGD/Dm2seuvddtJ8=,tag:5LAdHpw/s+yiDBUSWtCJrQ==,type:str] +samba: + cholli: ENC[AES256_GCM,data:SURrbKsXwj8Bx7zTVvLyKK+Aito=,iv:AEaVTyUIpRbThrMoKZrOsvnTtqWjHCe/2HKAXp7EM04=,tag:4yPCw2y86XVMfk6wR04ymA==,type:str] sops: age: - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47 @@ -19,7 +21,7 @@ sops: eFJGejZqcytEMTEzN054WVZLZWFXeTQKsaT2rdowx8wTHyke1/5mEYQVL3L/A6/d weInwZWg30FNBYD0C1qY7yyYprwVe8FjEaN4zi2nQXCOfiCl3Cv4ow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-22T23:04:31Z" - mac: ENC[AES256_GCM,data:5aaZv2iW6j5CkyTyIm0BN7i3+xpyqo973l2fJihhq2FP1HyBfWV955BqDKAeqExQw7prj70E8nCRhyB9GbKfPDOtCTvmlgm5Ek6PNFl+eRMtZbTrVOHqd80tDZcA/89Tt2PxCJiKKaDMss37lbeQaPm/yL18zm6eIx/VeEEOlBY=,iv:/hiljkqCCUlmZIdCkn+hT/DQz8qKZ9cC54emDkIawM0=,tag:dkOu7GxNjplFcNtCX7aSXg==,type:str] + lastmodified: "2025-11-23T18:29:30Z" + mac: ENC[AES256_GCM,data:JHakDPHXyOhLQgL0LEUb8sW4H9GcCqrLQzu5HPO2uHbt7EKQCB1z86Hlbyu6pOZryXZirA7YQYk0ZD2w7C9ArgJBHb3Y0Xo5wAf3eCzMqasJuVoa5TiZnlycw95JCMyR+IwaE1TPZ6SznUSeHZYAVY89AtvDBXjo9HpNFyryyDo=,iv:LZir+L2OUH8/o49bLf9An/9aTsjXELf8eRP07HZwQPM=,tag:acnN6RMJLI3FAbNaFIq9rw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0