oysteikt/nix-dotfiles
oysteikt
/
nix-dotfiles
2
1
Fork 0
Code Issues Pull Requests Activity

tsuki/samba: init

This commit is contained in:
Oystein Kristoffer Tveit 2024-01-23 05:29:17 +01:00
parent 1efd3d4f0a
commit 3d2825d1ec
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
2 changed files with 81 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/tsuki/configuration.nix
View File

@ -21,6 +21,7 @@
./services/pgadmin.nix ./services/pgadmin.nix
./services/plex.nix ./services/plex.nix
./services/postgres.nix ./services/postgres.nix
./services/samba.nix
./services/taskserver.nix ./services/taskserver.nix
./services/vaultwarden.nix ./services/vaultwarden.nix
./services/vscode-server.nix ./services/vscode-server.nix

80
hosts/tsuki/services/samba.nix Normal file
View File

@ -0,0 +1,80 @@
{ config, lib, ... }:
{
# 100.120.148.116
services.samba = {
enable = true;
# openFirewall = true;
extraConfig = ''
workgroup = TSUKI
server string = smbnix
netbios name = smbnix
security = user
use sendfile = yes
min protocol = SMB2
smb encrypt = desired
# note: localhost is the ipv6 localhost ::1
hosts allow = 100.107.69.8 100.100.65.88
hosts deny = 0.0.0.0/0
guest ok = no
map to guest = never
'';
shares = {
cirno = {
path = "/data/cirno";
browseable = "yes";
"valid users" = "h7x4";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0600";
"directory mask" = "0700";
"force user" = "h7x4";
"force group" = "users";
"comment" = "cirno data drive";
};
backup-import = {
path = "/data/backup/import";
browseable = "yes";
"valid users" = "h7x4";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0600";
"directory mask" = "0700";
"force user" = "h7x4";
"force group" = "users";
"comment" = "backup import drive";
};
media = {
path = "/data/media";
browseable = "yes";
"valid users" = "h7x4";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "media";
"force group" = "media";
"comment" = "media drive";
};
};
};
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 139 445 ];
networking.firewall.interfaces."tailscale0".allowedUDPPorts = [ 137 138 ];
systemd.slices.system-samba = {
description = "Samba slice";
after = [ "system.slice" ];
requires = [ "system.slice" ];
};
systemd.services.samba-smbd.serviceConfig.Slice = "system-samba.slice";
systemd.services.samba-nmbd.serviceConfig.Slice = "system-samba.slice";
systemd.services.samba-winbindd.serviceConfig.Slice = "system-samba.slice";
}