gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(ci): flake update

Browse source 
samba module changed significantly
This commit is contained in:
arcnmx 2024-09-14 11:47:16 -07:00
parent acb76430a4
commit 51911b37ac
6 changed files with 67 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake.lock generated
View file

@ -41,11 +41,11 @@
"ci": { "ci": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1725394561, "lastModified": 1726101086,
"narHash": "sha256-0Ov3dC7TeoqayZO2dVj6hfxUeg6DQehleZCjYwJRPpY=", "narHash": "sha256-veBakX/c/GfwzLtp62bcEm6Coype+03Hz8Aydi2b9xg=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "ci", "repo": "ci",
"rev": "690f4d95427e6db9d720e72b9acbaa7c745bdcd9", "rev": "154533df13bc059400186a9d52e000363f0a3cb2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -160,11 +160,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725948275, "lastModified": 1726308872,
"narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "narHash": "sha256-d4vwO5N4RsLnCY7k5tY9xbdYDWQsY3RDMeUoIa4ms2A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "rev": "6c1a461a444e6ccb3f3e42bb627b510c3a722a57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -190,11 +190,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1725634671, "lastModified": 1726062873,
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -267,11 +267,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1725922448, "lastModified": 1726218807,
"narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "cede1a08039178ac12957733e97ab1006c6b6892", "rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e",
"type": "github" "type": "github"
}, },
"original": { "original": {

50
modules/nixos/samba.nix
View file

@ -7,8 +7,8 @@
}: let }: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault; inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.options) mkOption mkEnableOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkBefore mkAfter mkOptionDefault; inherit (lib.modules) mkIf mkMerge mkAfter mkOptionDefault;
inherit (lib.attrsets) mapAttrs' mapAttrsToList listToAttrs nameValuePair; inherit (lib.attrsets) mapAttrs mapAttrs' mapAttrsToList listToAttrs nameValuePair;
inherit (lib.lists) concatLists; inherit (lib.lists) concatLists;
inherit (lib.strings) toUpper hasPrefix concatMapStringsSep; inherit (lib.strings) toUpper hasPrefix concatMapStringsSep;
inherit (lib.trivial) flip; inherit (lib.trivial) flip;
@ -211,7 +211,10 @@ in {
type = nullOr path; type = nullOr path;
default = null; default = null;
}; };
# TODO: move to upstream settings! shares' = mkOption {
type = attrsOf (attrsOf settingType);
default = {};
};
settings' = mkOption { settings' = mkOption {
type = attrsOf settingType; type = attrsOf settingType;
default = {}; default = {};
@ -226,7 +229,7 @@ in {
else pkgs.samba-ldap else pkgs.samba-ldap
)); ));
domain = { domain = {
isWorkgroup = mkOptionDefault (cfg.securityType != "domain" && cfg.securityType != "ads"); isWorkgroup = mkOptionDefault (cfg.settings.global.security != "domain" && cfg.settings.global.security != "ads");
netbiosName' = let netbiosName' = let
name = name =
if cfg.domain.netbiosName != null if cfg.domain.netbiosName != null
@ -300,7 +303,7 @@ in {
"kerberos encryption types" = mkOptionDefault "strong"; "kerberos encryption types" = mkOptionDefault "strong";
"create krb5 conf" = mkOptionDefault false; "create krb5 conf" = mkOptionDefault false;
}) })
(mkIf cfg.enableWinbindd { (mkIf cfg.winbindd.enable {
"winbind nss info" = mkOptionDefault "rfc2307"; "winbind nss info" = mkOptionDefault "rfc2307";
"winbind use default domain" = mkOptionDefault true; "winbind use default domain" = mkOptionDefault true;
}) })
@ -326,15 +329,34 @@ in {
}) })
] ]
++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains); ++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains);
extraConfig = mkMerge ( settings = let
mapAttrsToList (key: value: ''${key} = ${settingValue value}'') cfg.settings' settingsValues = mapAttrs (_: settingValue);
++ [ defaults =
(mkIf (cfg.ldap.enable && cfg.ldap.passdb.enable) (mkBefore '' mapAttrs (_: mkOptionDefault) {
passdb backend = ${cfg.ldap.passdb.backend}:"${cfg.ldap.url}" security = "user";
'')) "passwd program" = "/run/wrappers/bin/passwd %u";
] }
); // {
shares.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable { "invalid users" = ["root"];
};
ldap = {
# TODO: this may need to be mkBefore'd?
"passdb backend" = mkIf (cfg.ldap.enable && cfg.ldap.passdb.enable) ''${cfg.ldap.passdb.backend}:"${cfg.ldap.url}"'';
};
global = settingsValues cfg.settings';
shares = mapAttrs (_: settingsValues) cfg.shares';
in
mkMerge [
shares
{
global = mkMerge [
defaults
global
ldap
];
}
];
shares'.${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {
"-valid" = false; "-valid" = false;
}; };
}; };

25
nixos/access/nextjs-ollama.nix
View file

@ -29,16 +29,17 @@ in {
enable = true; enable = true;
requireAuth = false; requireAuth = false;
}; };
subFilterLocation = { virtualHost, ... }: mkIf (virtualHost.locations ? "/ollama/") { subFilterLocation = {virtualHost, ...}:
proxy.headers.set.Accept-Encoding = ""; mkIf (virtualHost.locations ? "/ollama/") {
extraConfig = '' proxy.headers.set.Accept-Encoding = "";
sub_filter_once off; extraConfig = ''
sub_filter_types application/javascript; sub_filter_once off;
sub_filter '${cfg.ollamaUrl}' '/ollama'; sub_filter_types application/javascript;
''; sub_filter '${cfg.ollamaUrl}' '/ollama';
}; '';
};
proxyLocation = { proxyLocation = {
imports = [ subFilterLocation ]; imports = [subFilterLocation];
proxy = { proxy = {
enable = true; enable = true;
upstream = mkDefault upstreamName; upstream = mkDefault upstreamName;
@ -49,16 +50,16 @@ in {
return = mkDefault "302 /llama/"; return = mkDefault "302 /llama/";
}; };
"/llama/" = {virtualHost, ...}: { "/llama/" = {virtualHost, ...}: {
imports = [ proxyLocation ]; imports = [proxyLocation];
vouch.requireAuth = mkIf virtualHost.vouch.enable true; vouch.requireAuth = mkIf virtualHost.vouch.enable true;
proxy.path = "/"; proxy.path = "/";
}; };
"/_next/" = {virtualHost, ...}: { "/_next/" = {virtualHost, ...}: {
imports = [ proxyLocation ]; imports = [proxyLocation];
vouch.requireAuth = mkIf virtualHost.vouch.enable true; vouch.requireAuth = mkIf virtualHost.vouch.enable true;
}; };
"/_next/static/" = _: { "/_next/static/" = _: {
imports = [ proxyLocation ]; imports = [proxyLocation];
}; };
"~ '^/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'" = { "~ '^/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'" = {
return = mkDefault "302 /llama$request_uri"; return = mkDefault "302 /llama$request_uri";

2
nixos/kyuuto/opl.nix
View file

@ -40,7 +40,7 @@ in {
"server min protocol" = mkDefault "NT1"; "server min protocol" = mkDefault "NT1";
"keepalive" = mkDefault 0; "keepalive" = mkDefault 0;
}; };
shares.opl = let shares'.opl = let
inherit (config.networking.access) cidrForNetwork; inherit (config.networking.access) cidrForNetwork;
in in
mkIf cfg.enable { mkIf cfg.enable {

2
nixos/kyuuto/samba.nix
View file

@ -24,7 +24,7 @@ in {
enable = mkDefault true; enable = mkDefault true;
path = mkDefault (kyuuto.mountDir + "/usershares"); path = mkDefault (kyuuto.mountDir + "/usershares");
}; };
shares = { shares' = {
kyuuto-transfer = { kyuuto-transfer = {
comment = "Kyuuto Media Transfer Area"; comment = "Kyuuto Media Transfer Area";
path = kyuuto.transferDir; path = kyuuto.transferDir;

8
nixos/samba.nix
View file

@ -17,10 +17,10 @@
in { in {
services.samba = { services.samba = {
enable = mkDefault true; enable = mkDefault true;
enableWinbindd = mkDefault true; winbindd.enable = mkDefault true;
enableNmbd = mkDefault true; nmbd.enable = mkDefault true;
securityType = mkDefault "user"; # TODO: security = "ADS"? kerberos..!
# TODO: securityType = "ADS"? kerberos..! settings.global.security = mkDefault "user";
domain = { domain = {
name = "GENSOKYO"; name = "GENSOKYO";
netbiosName = "reisen"; netbiosName = "reisen";