Add smb

billy4479 · Oct 18, 2024 · 93b249d · 93b249d
1 parent a11bc6c
commit 93b249d
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 4 deletions.
diff --git a/secrets/serverone.yaml b/secrets/serverone.yaml
@@ -1,5 +1,10 @@
 user_password: ENC[AES256_GCM,data:7CRiscJZCty7Fz5JF5yslGcpAIrL1ZnOUPglofbVLMSHiytDw45m38aJQI7cO5D2cO0ggNlFt7WAeTpVYTaYVlc/GDoeODj2WQ==,iv:KJZHztwZ6thuOjmQGJmITaW3E4WU21cwhVUIq0xq5RE=,tag:9qY/7PC0EqnoZ+cmKg1heA==,type:str]
 ssh_key: ENC[AES256_GCM,data:Al9Q7h5VbW1yT/hbhoniBwFnYI1R4mw+Zdun4Wdau6ctkTN6CSMhYTvA/LOv9nc/ClyJXrdfFb4xVOmFUtrdX+EsiZT5nkNwxLF6DURDTllxj3/dCoO7uR2BeaD0S3QMI5TRwr5KhDFxmOr62MNnba+Q5dpbSNOB1UQl/BU6ZeFR50m8QI+kudaDlLY4mzGNk65/+LJFS0jkjfjMiZyn0rtKsdbqf1cU+bme49EwjEFC2HTPiX6Od0chAqNf+t+7HV6FjjiF1woy2869WD5hDKPLi4bc8oHXu2OpEuBWhf1OeFHzTpCBV5SxnHjptoFbY+khWzO77d5GrBstxsPWw75iaUHYGpXPBp9ELg1IITKy2I8EAu4cjyxpVA7lGxXu76h5q3/aPVTOmEOSh3vsuhOgBu5KznVEe4d/oaAE5B+/HpABzQM1cahF81uMp23nIpmIP+Veihq+Zn/DrUZD7eddhoJvgFuf01m9AZlSlTPwstcNoBMaKdDm+vNxdpGWzIfEfdw+PDm1A6/JmFUGsEAzExKasNadHZp3,iv:r/QU7HTNUlCl7u3+uHkSNWUrxYmCfxQqbxVhVeBNxIw=,tag:kBUlVJBo0reO8WXy84lCLw==,type:str]
+smbpasswd:
+    billy: ENC[AES256_GCM,data:FYSiQQI0OIc=,iv:8g8Y1HYAmbarrRvJV8FK75chZOdhgRMTxqEJxS0WkJY=,tag:QYrBEw25WJCBEUc2wpJmmA==,type:str]
+    luke: ENC[AES256_GCM,data:YcK9jg==,iv:r81ROzZBo0cvVMa03rQq35Csupc/DjhXltX/qsjzEEM=,tag:CXJJUhZcx7Pn7ByhF/7Y+g==,type:str]
+    edo: ENC[AES256_GCM,data:DZwOcbo3PYoAQw==,iv:KS9SKitotv58wsG7QdfFXGmqg4q3w1D15zsoJd0CPoA=,tag:NPLEj5BEJLP0UDOqihMlpw==,type:str]
+    barbara: ENC[AES256_GCM,data:LsTs0xiBJg==,iv:l0DjP711p/4HTtf4a/kyUZi0+hyfUt5NLMU9iDQLtXI=,tag:mOPcuOQVOFTYiZhjeQGTGw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +29,8 @@ sops:
             Y0NDeGZHdCtOM3kyRzBPUzEvTkVsWGsK6IUttIRwlXzAT+TbwS9u5iN9r3lDVDuD
             3L946APUuUAIDkJamiyFZvBfDfSfrTwKXUmZ5069785w+TkwnhhT9g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-18T13:01:03Z"
-    mac: ENC[AES256_GCM,data:asfRvXYdfAQUO08mX2uAey6KTUufCiz00W3NuW2Wx6XAyPjimKvMXPx2JDhbmH2J6emtqZI8SkEXV7kFI2OzDY5P0tk6+8GDhbwVJGt+a6oD1J1DEV33oqeOzyFHS1uT/1KgayP+YXjdxphJtdyCfm3zRPVBU2/QD31kedd6m3k=,iv:AewRlHQzV+FVRqP/7qA80/ONmxTvYB/zoO3Cpfo63dk=,tag:o1Z8p7+bj0y2WA/xyGPZxg==,type:str]
+    lastmodified: "2024-10-18T18:00:26Z"
+    mac: ENC[AES256_GCM,data:gkm8PJhNVjQ2+ReFXbIv5T9zi/QdgnR6qBVVV1p0GIL5bv8UFnMiJqkY60jLCuKQFY00SNvHNBKzDquv/2l0z9qR7s85SSyabJa/+Xi+cKsW3OieaN8iCMTnv6ObcQQphr0R4Cxby6Fbz5t/HWVvlkJByy890TAX6vhKpCxPs4g=,iv:1WIcvGVOjpgLt17fO7ecglXItpcEkLrq2PpcgwFRiG4=,tag:o79VwkDprWAWRg9CY+69Kw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1
diff --git a/system/hosts/serverone/default.nix b/system/hosts/serverone/default.nix
@@ -6,11 +6,13 @@
 }:
 {
   imports = [
-    ../../modules/power-management
-    ../../modules/graphics/intel.nix
     ./hardware-configuration.nix
     flakeInputs.disko.nixosModules.disko
     ./disko.nix
+
+    ./samba.nix
+    ../../modules/power-management
+    ../../modules/graphics/intel.nix
   ];
 
   # https://github.com/nix-community/disko/issues/581#issuecomment-2260602290

diff --git a/system/hosts/serverone/samba.nix b/system/hosts/serverone/samba.nix
@@ -0,0 +1,85 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+
+    settings = {
+      global = {
+        "hosts allow" = "192.168.1.0/24";
+        "hosts deny" = "0.0.0.0/0";
+      };
+
+      "nas-hdd" = {
+        "path" = "/mnt/HDD/generic";
+        "browsable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "valid users" = "@family";
+      };
+
+      "nas-ssd" = {
+        "path" = "/mnt/SSD/generic";
+        "browsable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "valid users" = "@family";
+      };
+
+      "nas-timemachine" = {
+        "path" = "/mnt/HDD/timemachine";
+        "browsable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "valid users" = "@family";
+
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+        "vfs objects" = "catia fruit streams_xattr";
+      };
+    };
+  };
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  sops.secrets = {
+    "smbpasswd/billy" = { };
+    "smbpasswd/luke" = { };
+    "smbpasswd/barbara" = { };
+    "smbpasswd/edo" = { };
+  };
+
+  # Automatic smbpasswd
+  system.activationScripts.smbpasswd.text =
+    lib.concatMapStringsSep "\n"
+      (
+        user:
+        let
+          passwordFile = config.sops.secrets."smbpasswd/${user}".path;
+        in
+        ''
+          { cat '${passwordFile}'; echo ""; cat '${passwordFile}'; echo ""; } \
+                      | "${pkgs.samba}/bin/smbpasswd" -s -a '${user}'  
+        ''
+      )
+      ([
+        "billy"
+        "luke"
+        "edo"
+        "barbara"
+      ]);
+}