From 3c8d9c4b512a9b838531eb2b01c013920a99cbbb Mon Sep 17 00:00:00 2001 From: sstent Date: Mon, 11 Dec 2023 22:34:45 +0000 Subject: [PATCH] sync --- modules/cifs.nix | 62 ++++++++++++++++++++++++++++++++++++++++++++++ modules/common.nix | 1 + 2 files changed, 63 insertions(+) create mode 100644 modules/cifs.nix diff --git a/modules/cifs.nix b/modules/cifs.nix new file mode 100644 index 0000000..f8eca23 --- /dev/null +++ b/modules/cifs.nix @@ -0,0 +1,62 @@ +{ + lib, + pkgs, + config, + inputs, + ... +}: { + services.samba.openFirewall = true; + + #services.samba-wsdd.enable = true; # make shares visible for windows 10 clients + networking.firewall.allowedTCPPorts = [ + 5357 # wsdd + ]; + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + ]; + + systemd.tmpfiles.rules = [ + "d /shares/Public 0777 root root - -" + ]; + + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + workgroup = WORKGROUP + server string = smbnix + netbios name = smbnix + disable netbios = yes + security = user + #use sendfile = yes + #max protocol = smb2 + # note: localhost is the ipv6 localhost ::1 + hosts allow = 192.168.1. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + public = { + path = "/shares/Public"; + browseable = "no"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "samba-guest"; + "force group" = "samba-guest"; + }; + }; + }; + + users.users.samba-guest = { + isSystemUser = true; + description = "Residence of our Samba guest users"; + group = "samba-guest"; + home = "/var/empty"; + createHome = false; + shell = pkgs.shadow; + }; + users.groups.samba-guest = {}; +} diff --git a/modules/common.nix b/modules/common.nix index 79b31fc..d8ab6fc 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -12,6 +12,7 @@ ./consul.nix ./odroid-m1-setleds.nix ./odroid-m1.nix + ./cifs.nix inputs.sops-nix.nixosModules.sops ];