From 6c9bd35f44590db060039edfbe72ea4d59ccb468 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Fri, 23 May 2025 14:33:26 -0500 Subject: [PATCH] temp fix macos samba --- hosts/nas/apps/nextcloud/default.nix | 39 ++++++++++++++++------------ hosts/nas/services.nix | 15 +++++++++++ modules/samba/default.nix | 2 ++ 3 files changed, 39 insertions(+), 17 deletions(-) diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix index 9260a18..a0c2956 100755 --- a/hosts/nas/apps/nextcloud/default.nix +++ b/hosts/nas/apps/nextcloud/default.nix @@ -6,13 +6,18 @@ let nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudPackage = pkgs.unstable.nextcloud31; + hostAddress = "10.0.1.18"; + localAddress = "10.0.2.18"; + nextcloudPortExtHttp = 9988; + nextcloudPortExtHttps = 9943; + onlyofficePortExt = 9943; in { containers.nextcloud = { autoStart = true; privateNetwork = true; - hostAddress = "10.0.1.18"; - localAddress = "10.0.2.18"; + hostAddress = hostAddress; + localAddress = localAddress; bindMounts = { secrets = { @@ -52,7 +57,7 @@ in imports = [ ../../../../share/nvidia ]; nixpkgs.config.allowUnfree = true; networking.extraHosts = '' - 10.0.1.18 host.containers protonmail-bridge + ${hostAddress} host.containers protonmail-bridge ''; services = { @@ -83,14 +88,14 @@ in upgrade.disable-web = false; datadirectory = "/data"; trusted_domains = [ - "10.0.1.18:9988" - "10.0.1.18:9943" - "10.0.2.18:80" - "10.0.2.18:443" + "${hostAddress}:${toString nextcloudPortExtHttp}" + "${hostAddress}:${toString nextcloudPortExtHttps}" + "${localAddress}:80" + "${localAddress}:443" "cloud.mjallen.dev" ]; opcache.interned_strings_buffer = 16; - trusted_proxies = [ "10.0.1.18" ]; + trusted_proxies = [ hostAddress ]; maintenance_window_start = 6; default_phone_region = "US"; enable_previews = true; @@ -123,7 +128,7 @@ in services.onlyoffice = { enable = true; - port = 9980; + port = onlyofficePortExt; hostname = "office.mjallen.dev"; jwtSecretFile = jwtSecretFile; }; @@ -198,7 +203,7 @@ in allowedTCPPorts = [ 80 443 - 9980 + onlyofficePortExt ]; }; # Use systemd-resolved inside the container @@ -214,20 +219,20 @@ in nat = { forwardPorts = [ { - destination = "10.0.2.18:443"; - sourcePort = 9943; + destination = "${localAddress}:443"; + sourcePort = nextcloudPortExtHttps; } { - destination = "10.0.2.18:80"; - sourcePort = 9988; + destination = "${localAddress}:80"; + sourcePort = nextcloudPortExtHttp; } { - destination = "10.0.2.18:8000"; + destination = "${localAddress}:8000"; sourcePort = 8000; } { - destination = "10.0.2.18:9980"; - sourcePort = 9980; + destination = "${localAddress}:${toString onlyofficePortExt}"; + sourcePort = onlyofficePortExt; } ]; }; diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index 2c983d4..dddebd1 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -185,6 +185,21 @@ in }; }; + # TODO move to normal samba settings + services.samba.settings.global = { + "workgroup" = "WORKGROUP"; + "server string" = "Jallen-NAS"; + "netbios name" = "Jallen-NAS"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "10.0.1. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + systemd.services = { btrfs-balance = { description = "BTRFS Balance Service"; diff --git a/modules/samba/default.nix b/modules/samba/default.nix index 2c1263a..8f050ef 100755 --- a/modules/samba/default.nix +++ b/modules/samba/default.nix @@ -30,6 +30,8 @@ in services.samba = { enable = true; openFirewall = true; + nsswins = true; + nmbd.enable = true; settings = let make =