summaryrefslogtreecommitdiff
path: root/hosts/vidhar/samba.nix
blob: af1581c5a6d23fe0b89666bf2e2573dcca8d69f1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
{ config, lib, pkgs, ... }:
{
  config = {
    services.samba = {
      enable = true;
      securityType = "user";
      extraConfig = ''
        domain master = yes
        workgroup = WORKGROUP
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
        guest account = nobody
        bind interfaces only = yes
        interfaces = lo lan
        server signing = mandatory
        server min protocol = SMB3
        server smb encrypt = required
      '';
      shares = {
        homes = {
          comment = "Home directory for %S";
          path = "/home/%S";
          browseable = false;
          "valid users" = "%S";
          "read only" = false;
          "create mask" = "0700";
          "directory mask" = "0700";
          "vfs objects" = "shadow_copy2";
          "shadow:snapdir" = ".zfs/snapshot";
          "shadow:snapdirseverywhere" = true;
          "shadow:sort" = "desc";
          "shadow:format" = "%Y-%m-%dT%H:%M:%SZ";
        };
        eos = {
          comment = "Disk image of legacy eos";
          browseable = true;
          "valid users" = "mherold";
          writeable = "true";
          path = "/srv/eos";
        };
        home-eostre = {
          comment = "Home directoriy for %u on PXE booted eostre";
          path = "/srv/cifs/home-eostre/%u";
          volume = "%u@eostre";
          browseable = true;
          "read only" = false;
          "create mask" = "0700";
          "directory mask" = "0700";
          "vfs objects" = "shadow_copy2";
          "shadow:snapdir" = ".zfs/snapshot";
          "shadow:sort" = "desc";
          "shadow:format" = "%Y-%m-%dT%H:%M:%SZ";
        };
      };
    };
    services.samba-wsdd = {
      enable = true;
      workgroup = "WORKGROUP";
      interface = [ "lo" "lan" ];
    };

    systemd.mounts = [
      {
        where = "/srv/eos.lower";
        what = "/dev/zvol/hdd-raid6/safe/home/mherold/eos/base";
        type = "ntfs";
        options = lib.concatStringsSep ","
          [ "ro"
            "uid=mherold" "gid=users" "fmask=0177" "dmask=0077"
            "nofail"
          ];

        unitConfig.StopWhenUnneeded = true;
      }
      {
        where = "/srv/eos.upper";
        what = "/dev/zvol/hdd-raid6/safe/home/mherold/eos/upper";
        type = "ext4";
        options = lib.concatStringsSep ","
          [ "nofail"
          ];

        unitConfig.StopWhenUnneeded = true;
      }
      {
        bindsTo = [ "srv-eos.lower.mount" "srv-eos.upper.mount" ];

        where = "/srv/eos";
        what = "overlay";
        type = "overlay";
        options = lib.concatStringsSep ","
          [ "lowerdir=/srv/eos.lower"
            "upperdir=/srv/eos.upper/upper"
            "workdir=/srv/eos.upper/work"
          ];
      }
    ];
    systemd.automounts = [
      {
        wantedBy = [ "samba-smbd.service" ];
        before = [ "samba-smbd.service" ];

        where = "/srv/eos";

        automountConfig.TimeoutIdleSec = "5m";
      }
    ];
  };
}