From 51911b37ace7b61a2b7a29c79882319c80f971ae Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sat, 14 Sep 2024 11:47:16 -0700 Subject: [PATCH] chore(ci): flake update samba module changed significantly --- flake.lock | 24 ++++++++-------- modules/nixos/samba.nix | 50 ++++++++++++++++++++++++---------- nixos/access/nextjs-ollama.nix | 25 +++++++++-------- nixos/kyuuto/opl.nix | 2 +- nixos/kyuuto/samba.nix | 2 +- nixos/samba.nix | 8 +++--- 6 files changed, 67 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index f3315163..04a55cc9 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ "ci": { "flake": false, "locked": { - "lastModified": 1725394561, - "narHash": "sha256-0Ov3dC7TeoqayZO2dVj6hfxUeg6DQehleZCjYwJRPpY=", + "lastModified": 1726101086, + "narHash": "sha256-veBakX/c/GfwzLtp62bcEm6Coype+03Hz8Aydi2b9xg=", "owner": "arcnmx", "repo": "ci", - "rev": "690f4d95427e6db9d720e72b9acbaa7c745bdcd9", + "rev": "154533df13bc059400186a9d52e000363f0a3cb2", "type": "github" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1725948275, - "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", + "lastModified": 1726308872, + "narHash": "sha256-d4vwO5N4RsLnCY7k5tY9xbdYDWQsY3RDMeUoIa4ms2A=", "owner": "nix-community", "repo": "home-manager", - "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", + "rev": "6c1a461a444e6ccb3f3e42bb627b510c3a722a57", "type": "github" }, "original": { @@ -190,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726062873, + "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f", "type": "github" }, "original": { @@ -267,11 +267,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726218807, + "narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e", "type": "github" }, "original": { diff --git a/modules/nixos/samba.nix b/modules/nixos/samba.nix index 725dac23..e111811a 100644 --- a/modules/nixos/samba.nix +++ b/modules/nixos/samba.nix @@ -7,8 +7,8 @@ }: let inherit (gensokyo-zone.lib) mkAlmostOptionDefault; inherit (lib.options) mkOption mkEnableOption; - inherit (lib.modules) mkIf mkMerge mkBefore mkAfter mkOptionDefault; - inherit (lib.attrsets) mapAttrs' mapAttrsToList listToAttrs nameValuePair; + inherit (lib.modules) mkIf mkMerge mkAfter mkOptionDefault; + inherit (lib.attrsets) mapAttrs mapAttrs' mapAttrsToList listToAttrs nameValuePair; inherit (lib.lists) concatLists; inherit (lib.strings) toUpper hasPrefix concatMapStringsSep; inherit (lib.trivial) flip; @@ -211,7 +211,10 @@ in { type = nullOr path; default = null; }; - # TODO: move to upstream settings! + shares' = mkOption { + type = attrsOf (attrsOf settingType); + default = {}; + }; settings' = mkOption { type = attrsOf settingType; default = {}; @@ -226,7 +229,7 @@ in { else pkgs.samba-ldap )); domain = { - isWorkgroup = mkOptionDefault (cfg.securityType != "domain" && cfg.securityType != "ads"); + isWorkgroup = mkOptionDefault (cfg.settings.global.security != "domain" && cfg.settings.global.security != "ads"); netbiosName' = let name = if cfg.domain.netbiosName != null @@ -300,7 +303,7 @@ in { "kerberos encryption types" = mkOptionDefault "strong"; "create krb5 conf" = mkOptionDefault false; }) - (mkIf cfg.enableWinbindd { + (mkIf cfg.winbindd.enable { "winbind nss info" = mkOptionDefault "rfc2307"; "winbind use default domain" = mkOptionDefault true; }) @@ -326,15 +329,34 @@ in { }) ] ++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains); - extraConfig = mkMerge ( - mapAttrsToList (key: value: ''${key} = ${settingValue value}'') cfg.settings' - ++ [ - (mkIf (cfg.ldap.enable && cfg.ldap.passdb.enable) (mkBefore '' - passdb backend = ${cfg.ldap.passdb.backend}:"${cfg.ldap.url}" - '')) - ] - ); - shares.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable { + settings = let + settingsValues = mapAttrs (_: settingValue); + defaults = + mapAttrs (_: mkOptionDefault) { + security = "user"; + "passwd program" = "/run/wrappers/bin/passwd %u"; + } + // { + "invalid users" = ["root"]; + }; + ldap = { + # TODO: this may need to be mkBefore'd? + "passdb backend" = mkIf (cfg.ldap.enable && cfg.ldap.passdb.enable) ''${cfg.ldap.passdb.backend}:"${cfg.ldap.url}"''; + }; + global = settingsValues cfg.settings'; + shares = mapAttrs (_: settingsValues) cfg.shares'; + in + mkMerge [ + shares + { + global = mkMerge [ + defaults + global + ldap + ]; + } + ]; + shares'.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable { "-valid" = false; }; }; diff --git a/nixos/access/nextjs-ollama.nix b/nixos/access/nextjs-ollama.nix index b3c6d977..cfa2f12e 100644 --- a/nixos/access/nextjs-ollama.nix +++ b/nixos/access/nextjs-ollama.nix @@ -29,16 +29,17 @@ in { enable = true; requireAuth = false; }; - subFilterLocation = { virtualHost, ... }: mkIf (virtualHost.locations ? "/ollama/") { - proxy.headers.set.Accept-Encoding = ""; - extraConfig = '' - sub_filter_once off; - sub_filter_types application/javascript; - sub_filter '${cfg.ollamaUrl}' '/ollama'; - ''; - }; + subFilterLocation = {virtualHost, ...}: + mkIf (virtualHost.locations ? "/ollama/") { + proxy.headers.set.Accept-Encoding = ""; + extraConfig = '' + sub_filter_once off; + sub_filter_types application/javascript; + sub_filter '${cfg.ollamaUrl}' '/ollama'; + ''; + }; proxyLocation = { - imports = [ subFilterLocation ]; + imports = [subFilterLocation]; proxy = { enable = true; upstream = mkDefault upstreamName; @@ -49,16 +50,16 @@ in { return = mkDefault "302 /llama/"; }; "/llama/" = {virtualHost, ...}: { - imports = [ proxyLocation ]; + imports = [proxyLocation]; vouch.requireAuth = mkIf virtualHost.vouch.enable true; proxy.path = "/"; }; "/_next/" = {virtualHost, ...}: { - imports = [ proxyLocation ]; + imports = [proxyLocation]; vouch.requireAuth = mkIf virtualHost.vouch.enable true; }; "/_next/static/" = _: { - imports = [ proxyLocation ]; + imports = [proxyLocation]; }; "~ '^/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'" = { return = mkDefault "302 /llama$request_uri"; diff --git a/nixos/kyuuto/opl.nix b/nixos/kyuuto/opl.nix index 8bf98f78..7419c595 100644 --- a/nixos/kyuuto/opl.nix +++ b/nixos/kyuuto/opl.nix @@ -40,7 +40,7 @@ in { "server min protocol" = mkDefault "NT1"; "keepalive" = mkDefault 0; }; - shares.opl = let + shares'.opl = let inherit (config.networking.access) cidrForNetwork; in mkIf cfg.enable { diff --git a/nixos/kyuuto/samba.nix b/nixos/kyuuto/samba.nix index 965b99cf..2c01b385 100644 --- a/nixos/kyuuto/samba.nix +++ b/nixos/kyuuto/samba.nix @@ -24,7 +24,7 @@ in { enable = mkDefault true; path = mkDefault (kyuuto.mountDir + "/usershares"); }; - shares = { + shares' = { kyuuto-transfer = { comment = "Kyuuto Media Transfer Area"; path = kyuuto.transferDir; diff --git a/nixos/samba.nix b/nixos/samba.nix index 519e2cc4..aa6c354e 100644 --- a/nixos/samba.nix +++ b/nixos/samba.nix @@ -17,10 +17,10 @@ in { services.samba = { enable = mkDefault true; - enableWinbindd = mkDefault true; - enableNmbd = mkDefault true; - securityType = mkDefault "user"; - # TODO: securityType = "ADS"? kerberos..! + winbindd.enable = mkDefault true; + nmbd.enable = mkDefault true; + # TODO: security = "ADS"? kerberos..! + settings.global.security = mkDefault "user"; domain = { name = "GENSOKYO"; netbiosName = "reisen";