diff options
| -rw-r--r-- | nixos/services/fileshares.nix | 76 |
1 files changed, 41 insertions, 35 deletions
diff --git a/nixos/services/fileshares.nix b/nixos/services/fileshares.nix index c99c9f9..efeed4a 100644 --- a/nixos/services/fileshares.nix +++ b/nixos/services/fileshares.nix @@ -3,61 +3,67 @@ fileShareType = lib.types.submodule ( { name, ... }: { options = { - enable = lib.mkEnableOption "enable this file share"; + enable = lib.mkEnableOption "enable this file share"; # FIXME mk default name = lib.mkOption { type = lib.types.str; default = name; description = "name of share"; }; - protocol = { - nfs = lib.mkEnableOption "share file with nfs protocol"; - smb = lib.mkEnableOption "share file with smb protocol"; - }; path = lib.mkOption { type = lib.types.path; default = ""; description = "path to share"; }; readOnly = lib.mkEnableOption "make share read only"; - allowGuests = lib.mkEnableOption "allow unauthenticated users to mount"; allowHosts = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; example = [ "192.168.1.100" "192.168.0.0/24" ]; description = "ip hosts to allow"; }; - # TODO make this work with nfs or provide a warning or prefix with smb. - allowUser = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "allow user"; + # TODO denyHosts etc + nfs = { + enable = lib.mkEnableOption "share file with nfs protocol"; }; - allowGroup = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "allow group"; + smb = { + enable = lib.mkEnableOption "share file with smb protocol"; + allowGuests = lib.mkEnableOption "allow unauthenticated users to mount"; + allowUser = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "allow user"; + }; + allowGroup = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "allow group"; + }; + extraOptions = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = {}; + description = "extra smb options for this share"; + }; }; }; } ); - boolToYesNo = lib.boolToYesNo; mkSambaShare = s: { "path" = s.path; - "browsable" = boolToYesNo true; - "read only" = boolToYesNo s.readOnly; - "guest ok" = boolToYesNo s.allowGuests; + "browsable" = lib.boolToYesNo true; + "read only" = lib.boolToYesNo s.readOnly; + "guest ok" = lib.boolToYesNo s.smb.allowGuests; "create mask" = "0644"; "directory mask" = "0755"; # allow user/group - "force user" = lib.mkIf (cfg.allowUser != null) cfg.allowUser; - "force group" = lib.mkIf (cfg.allowGroup != null) cfg.allowGroup; + "force user" = lib.mkIf (s.smb.allowUser != null) s.smb.allowUser; + "force group" = lib.mkIf (s.smb.allowGroup != null) s.smb.allowGroup; # allow hosts "hosts deny" = lib.mkIf (s.allowHosts != []) "ALL"; - "hosts allow" = lib.concatStringSep " " s.allowHosts; - }; + "hosts allow" = lib.mkIf (s.allowHosts != []) (lib.concatStringsSep " " s.allowHosts); + } // s.smb.extraOptions; mkNFSShareHost = s: host: ''${host}(${if s.readOnly then "ro" else "rw"},sync,no_subtree_check)''; mkNFSShare = s: '' - ${s.path} ${lib.concatMapStringSep " " (mkNFSShareHost s) (if s.allowHosts == [] then ["*"] else s.allowHosts) } + ${s.path} ${lib.concatMapStringsSep " " (mkNFSShareHost s) (if s.allowHosts == [] then ["*"] else s.allowHosts) } ''; in { options.services._fileShares = { @@ -76,17 +82,17 @@ in { openFirewall = true; settings = { global = { - #"workgroup" = "WORKGROUP"; - #"server string" = "smbnix"; - #"netbios name" = "smbnix"; - #"security" = "user"; - ##"use sendfile" = "yes"; - ##"max protocol" = "smb2"; - ## note: localhost is the ipv6 localhost ::1 - #"hosts allow" = "192.168.0. 127.0.0.1 localhost"; - #"hosts deny" = "0.0.0.0/0"; - #"guest account" = "nobody"; - #"map to guest" = "bad user"; + "workgroup" = "WORKGROUP"; + "server string" = "poweredge"; + "netbios name" = "poweredge"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; }; } // lib.mapAttrs (name: value: mkSambaShare value) cfg.shares; }; |