Daholli/nixos-config
1
0
Fork 0
Code Issues 2 Pull requests Releases Packages Activity Actions

nixberry: add samba

Browse source
This commit is contained in:
Christoph Hollizeck 2025-11-23 19:38:16 +01:00
parent df09a294a4
commit 3eda14cffb
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
2 changed files with 72 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

69
modules/hosts/nixberry/default.nix
View file

@ -181,7 +181,7 @@ topLevel: {
{ {
name = "holli - phone"; name = "holli - phone";
ids = [ ids = [
"192.168.178.51" "192.168.178.52"
"100.124.47.76" "100.124.47.76"
"fd7a:115c:a1e0::b701:2f4f" "fd7a:115c:a1e0::b701:2f4f"
]; ];
@ -299,5 +299,72 @@ topLevel: {
}; };
openFirewall = true; openFirewall = true;
}; };
sops.secrets = {
"samba/cholli" = {
inherit sopsFile;
};
};
services = {
samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"smb3 unix extensions" = "yes";
};
cholli = {
path = "/storage/cholli";
browsable = "yes";
writable = "yes";
"create mask" = "0664";
"directory mask" = "0775";
"force group" = "users";
};
kaman = {
path = "/storage/kaman";
browsable = "yes";
writable = "yes";
"create mask" = "0664";
"directory mask" = "0775";
"force group" = "users";
};
};
};
avahi.enable = true;
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
# add user passwords
systemd.services.samba-smbd.postStart =
let
users = [
"cholli"
];
setupUser =
user:
let
passwordPath = config.sops.secrets."samba/${user}".path;
smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
in
''
(echo $(< ${passwordPath});
echo $(< ${passwordPath})) | \
${smbpasswd} -s -a ${user}
'';
in
''
${builtins.concatStringsSep "\n" (map setupUser users)}
'';
}; };
} }

6
secrets/secrets-nixberry.yaml
View file

@ -1,4 +1,6 @@
tailscale_key: ENC[AES256_GCM,data:koGEPaAHdrwb7UmxeYQUarWePzFKS2Z7WloSoIUj38vzyYSsd0phFvrAsHs3HAjBIk+PbqFUbQ/uwLUikg==,iv:yQ2hrvQ9Px4cM66mVYvfy2+T/3nZGD/Dm2seuvddtJ8=,tag:5LAdHpw/s+yiDBUSWtCJrQ==,type:str] tailscale_key: ENC[AES256_GCM,data:koGEPaAHdrwb7UmxeYQUarWePzFKS2Z7WloSoIUj38vzyYSsd0phFvrAsHs3HAjBIk+PbqFUbQ/uwLUikg==,iv:yQ2hrvQ9Px4cM66mVYvfy2+T/3nZGD/Dm2seuvddtJ8=,tag:5LAdHpw/s+yiDBUSWtCJrQ==,type:str]
samba:
cholli: ENC[AES256_GCM,data:SURrbKsXwj8Bx7zTVvLyKK+Aito=,iv:AEaVTyUIpRbThrMoKZrOsvnTtqWjHCe/2HKAXp7EM04=,tag:4yPCw2y86XVMfk6wR04ymA==,type:str]
sops: sops:
age: age:
- recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47 - recipient: age1pc92kl38mfr0j68dxww7tpzvqp3lpw6lwfylj6hn2k3rf4rddgtsjxdx47
@ -19,7 +21,7 @@ sops:
eFJGejZqcytEMTEzN054WVZLZWFXeTQKsaT2rdowx8wTHyke1/5mEYQVL3L/A6/d eFJGejZqcytEMTEzN054WVZLZWFXeTQKsaT2rdowx8wTHyke1/5mEYQVL3L/A6/d
weInwZWg30FNBYD0C1qY7yyYprwVe8FjEaN4zi2nQXCOfiCl3Cv4ow== weInwZWg30FNBYD0C1qY7yyYprwVe8FjEaN4zi2nQXCOfiCl3Cv4ow==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-22T23:04:31Z" lastmodified: "2025-11-23T18:29:30Z"
mac: ENC[AES256_GCM,data:5aaZv2iW6j5CkyTyIm0BN7i3+xpyqo973l2fJihhq2FP1HyBfWV955BqDKAeqExQw7prj70E8nCRhyB9GbKfPDOtCTvmlgm5Ek6PNFl+eRMtZbTrVOHqd80tDZcA/89Tt2PxCJiKKaDMss37lbeQaPm/yL18zm6eIx/VeEEOlBY=,iv:/hiljkqCCUlmZIdCkn+hT/DQz8qKZ9cC54emDkIawM0=,tag:dkOu7GxNjplFcNtCX7aSXg==,type:str] mac: ENC[AES256_GCM,data:JHakDPHXyOhLQgL0LEUb8sW4H9GcCqrLQzu5HPO2uHbt7EKQCB1z86Hlbyu6pOZryXZirA7YQYk0ZD2w7C9ArgJBHb3Y0Xo5wAf3eCzMqasJuVoa5TiZnlycw95JCMyR+IwaE1TPZ6SznUSeHZYAVY89AtvDBXjo9HpNFyryyDo=,iv:LZir+L2OUH8/o49bLf9An/9aTsjXELf8eRP07HZwQPM=,tag:acnN6RMJLI3FAbNaFIq9rw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0