mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

samba

Browse Source
This commit is contained in:
mjallen18
2026-03-17 14:18:57 -05:00
parent cf40c72e7e
commit 2c6ea8b9a4
3 changed files with 78 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
modules/nixos/services/samba/default.nix
View File

@@ -7,52 +7,44 @@
with lib; with lib;
let let
cfg = config.${namespace}.samba; cfg = config.${namespace}.samba;
sambaShares =
let makeShare =
make =
name: share: name: share:
nameValuePair "${name}" { let
isTimeMachine = share.enableTimeMachine;
baseAttrs = {
path = share.sharePath; path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
browseable = if share.browseable then "yes" else "no"; browseable = if share.browseable then "yes" else "no";
writable = "yes";
"force group" = "jallen-nas";
"read only" = if share.readOnly then "yes" else "no"; "read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no"; "guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask; "create mask" = share.createMask;
"directory mask" = share.directoryMask; "directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; }
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; // optionalAttrs (cfg.forceGroup != "") { "force group" = cfg.forceGroup; };
timeMachineAttrs = {
"vfs objects" = "catia fruit streams_xattr"; "vfs objects" = "catia fruit streams_xattr";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
}
// optionalAttrs (share.timeMachineMaxSize != "") {
"fruit:time machine max size" = share.timeMachineMaxSize; "fruit:time machine max size" = share.timeMachineMaxSize;
}; };
in in
mapAttrs' make cfg.shares; nameValuePair name (baseAttrs // optionalAttrs isTimeMachine timeMachineAttrs);
sambaShares = mapAttrs' makeShare cfg.shares;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
# make shares visible for Windows clients # Make shares visible for Windows clients via WS-Discovery
services.samba-wsdd = { services.samba-wsdd = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
}; };
services.netatalk = {
enable = cfg.enableTimeMachine;
settings = {
time-machine = {
path = cfg.timeMachinePath;
"valid users" = "whoever";
"time machine" = cfg.enableTimeMachine;
};
};
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
services.samba = { services.samba = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@@ -60,17 +52,19 @@ in
nmbd.enable = true; nmbd.enable = true;
settings = { settings = {
global = { global = {
"workgroup" = "WORKGROUP"; workgroup = "WORKGROUP";
"server string" = "Jallen-NAS"; "server string" = config.networking.hostName;
"netbios name" = "Jallen-NAS"; "netbios name" = config.networking.hostName;
"security" = "user"; security = "user";
#"use sendfile" = "yes"; "hosts allow" = cfg.hostsAllow;
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "10.0.1. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0"; "hosts deny" = "0.0.0.0/0";
"guest account" = "nobody"; "guest account" = "nobody";
"map to guest" = "bad user"; "map to guest" = "bad user";
}
// optionalAttrs cfg.enableTimeMachine {
# Required globals for macOS Time Machine over SMB3
"fruit:aapl" = "yes";
"fruit:model" = "MacSamba";
}; };
} }
// sambaShares; // sambaShares;

47
modules/nixos/services/samba/options.nix
View File

@@ -2,69 +2,88 @@
with lib; with lib;
{ {
options.${namespace}.samba = { options.${namespace}.samba = {
enable = mkEnableOption "nas samba service"; enable = mkEnableOption "NAS samba service";
autoStart = mkOption { hostsAllow = mkOption {
type = types.bool; type = types.str;
default = true; default = "127.0.0.1 localhost";
description = "Space-separated list of hosts/subnets allowed to connect (e.g. \"10.0.1. 127.0.0.1 localhost\").";
}; };
forceGroup = mkOption {
type = types.str;
default = "";
description = "If non-empty, force all file creation to use this group.";
};
enableTimeMachine = mkOption { enableTimeMachine = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable Time Machine support via SMB3.";
}; };
timeMachinePath = mkOption { timeMachinePath = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
}; description = "Path to the Time Machine backup directory (used as the default Time Machine share path).";
hostsAllow = mkOption {
type = types.str;
default = "";
}; };
shares = mkOption { shares = mkOption {
type = types.attrsOf ( type = types.attrsOf (
types.submodule { types.submodule {
options = { options = {
public = mkOption {
type = types.bool;
default = false;
};
sharePath = mkOption { sharePath = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
description = "Absolute path on disk to expose as this share.";
}; };
readOnly = mkOption { readOnly = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether the share is read-only.";
}; };
browseable = mkOption { browseable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = "Whether the share appears in network browse lists.";
}; };
guestOk = mkOption { guestOk = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = "Whether unauthenticated (guest) access is permitted.";
}; };
createMask = mkOption { createMask = mkOption {
type = types.str; type = types.str;
default = "0774"; default = "0664";
description = "Permission mask applied to newly created files.";
}; };
directoryMask = mkOption { directoryMask = mkOption {
type = types.str; type = types.str;
default = "0775"; default = "0775";
description = "Permission mask applied to newly created directories.";
}; };
enableTimeMachine = mkOption { enableTimeMachine = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether this share is a Time Machine target.";
}; };
timeMachineMaxSize = mkOption { timeMachineMaxSize = mkOption {
type = types.str; type = types.str;
default = "0K"; default = "";
description = "Maximum size for this Time Machine share (e.g. \"1T\"). Empty means unlimited.";
}; };
}; };
} }
); );
default = { }; default = { };
description = "Attribute set of Samba shares to export.";
}; };
}; };
} }

36
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -198,42 +198,24 @@ in
# ################################################### # ###################################################
samba = { samba = {
enable = false; enable = true;
hostsAllow = "10.0.1."; hostsAllow = "10.0.1. 127.0.0.1 localhost";
forceGroup = "jallen-nas";
enableTimeMachine = true; enableTimeMachine = true;
timeMachinePath = "/media/nas/main/timemachine"; timeMachinePath = "/media/nas/main/timemachine";
shares = { shares = {
"3d_printer" = { "3d_printer".sharePath = "/media/nas/main/documents/3d-models";
public = true; Backup.sharePath = "/media/nas/main/backup";
sharePath = "/media/nas/main/3d_printer"; Documents.sharePath = "/media/nas/main/documents";
}; isos.sharePath = "/media/nas/main/documents/isos";
Backup = { app_data.sharePath = "/media/nas/main/appdata";
public = true;
sharePath = "/media/nas/main/backup";
};
Documents = {
public = true;
sharePath = "/media/nas/main/documents";
};
isos = {
public = true;
sharePath = "/media/nas/main/isos";
};
TimeMachine = { TimeMachine = {
public = false;
sharePath = "/media/nas/main/timemachine"; sharePath = "/media/nas/main/timemachine";
guestOk = false;
enableTimeMachine = true; enableTimeMachine = true;
timeMachineMaxSize = "1T"; timeMachineMaxSize = "1T";
}; };
app_data = {
public = true;
sharePath = "/media/nas/main/ssd_app_data";
};
nix-config = {
public = true;
sharePath = "/home/matt/nix-config";
};
}; };
}; };