From 5d48940824759e7b719a931025df47bcfed39aad Mon Sep 17 00:00:00 2001 From: arcnmx Date: Mon, 19 Feb 2024 13:23:37 -0800 Subject: [PATCH] feat(samba): kyuuto opl --- docs/index.adoc | 3 ++ docs/smb.adoc | 44 ++++++++++++++++++++++++ docs/steam.adoc | 7 ++++ nixos/kyuuto/samba.nix | 73 +++++++++++++++++++++++++++------------- nixos/secrets/samba.yaml | 6 ++-- nixos/users/groups.nix | 5 +++ 6 files changed, 111 insertions(+), 27 deletions(-) create mode 100644 docs/smb.adoc diff --git a/docs/index.adoc b/docs/index.adoc index f3111217..c6402f4c 100644 --- a/docs/index.adoc +++ b/docs/index.adoc @@ -15,6 +15,9 @@ Links:: https://gensokyo.zone[Homepage]:: Service listing +<<./smb.adoc#,SMB Shares>>:: +Network file shares + <<./network.adoc#,Home Network>>:: Local network subnets and IP address reservations diff --git a/docs/smb.adoc b/docs/smb.adoc new file mode 100644 index 00000000..efc02e2c --- /dev/null +++ b/docs/smb.adoc @@ -0,0 +1,44 @@ += SMB +:guest: Guest access is available by logging in with a non-existent username and password. + +== Shares + +[[transfer]] +kyuuto-transfer:: + +Accessible via LAN only ([.pathvalue]#\\smb.local.gensokyo.zone\kyuuto-transfer#) with guest access{empty}footnote:guest[{guest}]. +The transfer share used for quick file transfers onto the server for temporary sharing purposes. +Make sure to let someone know when you've added something here that should be moved to a media library or organized for some specific service! + +[[library]] +kyuuto-library:: + +Accessible via LAN only ([.pathvalue]#\\smb.local.gensokyo.zone\kyuuto-library#) with read-only guest access{empty}footnote:guest[{guest}]. ++ +The Kyuuto library directory is where most media and shared data belongs. +Adding new files to an appropriate directory will typically automatically add it to the corresponding Plex library or similar. + +[[library-net]] +kyuuto-library-net:: + +The <> share is also available globally via [.pathvalue]#\\smb.gensokyo.zone\kyuuto-library-net# + +kyuuto-media:: + +Top-level access to the disk containing the <>. + +shared:: + +Accessible both via LAN ([.pathvalue]#\\smb.local.gensokyo.zone\shared#) or globally ([.pathvalue]#\\smb.gensokyo.zone\shared#). ++ +A special share used for remote working data, typically used to set up mount points or similar. + +Services::: + +* <<./steam.adoc#library,Steam Library>> +* <<./steam.adoc#setup,Steam>> +** <<./steam.adoc#beatsaber,Beat Saber>> + +opl:: + +For local use by OPL only. diff --git a/docs/steam.adoc b/docs/steam.adoc index 9a3c5ede..bd881dc1 100644 --- a/docs/steam.adoc +++ b/docs/steam.adoc @@ -3,6 +3,7 @@ include::{inc}attrs.adoc[] :toc: +[[setup]] == Setup Environment Variables:: @@ -15,6 +16,12 @@ Advanced System Settings (System Properties -> Advanced) -> Environment Variable * [[env_GENSO_STEAM_LOCAL_DATA]] `GENSO_STEAM_LOCAL_DATA` = [.value]`+C:\Program Files\GensokyoZone+` or somewhere local to be used as scratch space * [[env_GENSO_STEAM_INSTALL]] `GENSO_STEAM_INSTALL` = [.value]`+C:\Program Files (x86)\Steam+` or wherever Steam is installed to +[[library]] +=== Library + +A network share folder is reserved for storing and sharing Steam games. +Add a new library in Steam's settings to <> for access. + [[beatsaber]] == Beat Saber diff --git a/nixos/kyuuto/samba.nix b/nixos/kyuuto/samba.nix index cd7bc7fd..4cc6b70d 100644 --- a/nixos/kyuuto/samba.nix +++ b/nixos/kyuuto/samba.nix @@ -11,17 +11,15 @@ cfg = config.services.samba; localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all ++ optionals config.services.tailscale.enable cidrForNetwork.tail.all; + guestUsers = mkIf cfg.guest.enable [ cfg.guest.user ]; kyuuto-media = { - path = kyuuto.mountDir; - comment = "Kyuuto Media"; - writeable = true; - public = false; - "valid users" = [ "@kyuuto-peeps" ]; - "acl group control" = true; "create mask" = "0664"; "force directory mode" = "3000"; "directory mask" = "7775"; }; + kyuuto-library = kyuuto-media // { + "acl group control" = true; + }; in { services.samba = { usershare = { @@ -29,6 +27,19 @@ in { path = mkDefault (kyuuto.mountDir + "/usershares"); }; shares = mkIf cfg.enable { + opl = { + comment = "Kyuuto Media OPL"; + path = kyuuto.libraryDir + "/games/PS2"; + writeable = false; + browseable = false; + public = false; + "valid users" = [ + "opl" + "@kyuuto-peeps" + ]; + "read list" = [ "opl" ]; + "hosts allow" = localAddrs; + }; kyuuto-transfer = { comment = "Kyuuto Media Transfer Area"; path = kyuuto.transferDir; @@ -36,7 +47,7 @@ in { browseable = true; public = true; "valid users" = mkMerge [ - (mkIf cfg.guest.enable [ cfg.guest.user ]) + guestUsers [ "@peeps" ] ]; #"guest only" = true; @@ -46,29 +57,43 @@ in { "force directory mode" = "3000"; "directory mask" = "7775"; }; - kyuuto-library-access = { - path = kyuuto.libraryDir; - comment = "Kyuuto Library Access"; - writeable = false; - browseable = true; - public = true; - "valid users" = mkMerge [ - (mkIf cfg.guest.enable [ cfg.guest.user ]) - [ "@kyuuto-peeps" ] - ]; - "hosts allow" = localAddrs; - }; - kyuuto-media = mkMerge [ - kyuuto-media + kyuuto-library = mkMerge [ + kyuuto-library { + path = kyuuto.libraryDir; + comment = "Kyuuto Library"; + writeable = false; browseable = true; + public = true; + "valid users" = mkMerge [ + guestUsers + [ "@kyuuto-peeps" ] + ]; + "read list" = guestUsers; + "write list" = [ "@kyuuto-peeps" ]; "hosts allow" = localAddrs; } ]; - kyuuto-media-global = mkMerge [ + kyuuto-library-net = mkMerge [ + kyuuto-library + { + path = kyuuto.libraryDir; + comment = "Kyuuto Library Access"; + writeable = true; + public = false; + browseable = false; + "valid users" = [ "@kyuuto-peeps" ]; + } + ]; + kyuuto-media = mkMerge [ kyuuto-media { + path = kyuuto.mountDir; + comment = "Kyuuto Media"; + writeable = true; + public = false; browseable = false; + "valid users" = [ "@kyuuto-peeps" ]; } ]; shared = { @@ -79,8 +104,8 @@ in { browseable = false; "valid users" = [ "@peeps" ]; "create mask" = "0775"; - "force file mode" = "3010"; - "force directory mode" = "3000"; + "force create mode" = "0010"; + "force directory mode" = "2000"; "directory mask" = "7775"; }; ${cfg.usershare.templateShare} = mkIf cfg.usershare.enable { diff --git a/nixos/secrets/samba.yaml b/nixos/secrets/samba.yaml index a908bff9..0343a3e9 100644 --- a/nixos/secrets/samba.yaml +++ b/nixos/secrets/samba.yaml @@ -1,4 +1,4 @@ -smbpasswd: ENC[AES256_GCM,data:T9ajprFSoJ8zot3GKKT44Gkc18H/R2O/sVcwoxkCcn8cNQoD+uCOv7t9dDKnvGQKSF6FsC9WxUSL6ZetR0opxH5nvULGpc9WCoxFn6UPZpDRFtp9J3WMbFGNzw+dnwlKJQVy8WqAqajlpjV7+OR1Q+nYGm0EwIjO0JSqE5fX7FcDBzUQJr5gry14Dvzpzh04rOqsGD+aAGXcJLEJej7zLeALPCMOy21VdpKt0wzd1PfeowJCMdIoLAYTlGl33gbONIIEHefa1QY3jn6ZRGmoNF2qWmwueUguak9kdACtocUrJcUhnpbSC3h4HrNVTcMuvoL4SrJ/kxec+Xzv23zc5ylffkpT2XuKjk7M6uiwe+tgVczxvnGn5rtp33nBszausrO9JwD8I5l0pW+BSApdpaVwMv72cNdMRV9nPuUGY/uYlcQ7nTWKypJnmcbbcg/w+WWCfCdSx4HhWN26oQotivY+unrWL/uHkYjVUzefh2/s0cmBbS0wrV//haqkUFGw3oJgM7c6nHYnCNugdYhsrB8u2gRTy+jvZrnYY4ukuuoYiLrXOYVcS38Co8PphCX2h/wnwzVyneaWHg5ttkvf+cEU6on3efzSKZamt+HsbwHB5M/4oiUEDWMH4K6X/xF3cTgHTV6bxUTL/jzLNwW6tKl9bjHnkAjNb6iYOIVXT5KjxpLfcwXr/SvRCINNN1enAEU=,iv:rXRyeDF7kUtfcOhHI8ILCCg9vpHDzCKn4K/2J/dEZLw=,tag:OZ7r2mu9xPTI7JJlddafkg==,type:str] +smbpasswd: ENC[AES256_GCM,data:W77mPgQ4sgdEsYgL271Kw34oHXYqMgGOM13KhY6XKlMVpIu1iznzuECXEG/6tDpv7J6hCMex8i4FMy85mUb2a/FLscx+vF7ncSATKZSGSKZZgU/kc5qGqM2yJrm7TnvmjSt7YRJfXBACM2h5X6eVKZ+0mtOAoQD72JLyM7aO8W4z4XyQQpudCqnpmNT5s8icHJGjRQubIm/25Znw8y5RME/OrA2/YkuGXeCNT7dEqHl6/KiH94//+XhCKij8lSV3iaE7ZKLiA3bqQJmp2n8Owvd+cDVZ1wWQU0TQGE1aAKysiHg1Yc1io7ek0t9UxyE5ZrOyifiWv6f2jdxbA7dvIihmlP0XWghdo30T9v4GE97cuNRG2rJTZEi3lP9Qy7Y4yS/XWRfSPLQnZ0D5xvuNxbVbXUR8OBcBlLeG6TFKtLPJgRr8oUrxw/03MHT8wxAOrfFPUYofd377DBIXQSv2Jbxg8117yAI1a/fBl8zFBrdkKDQvUjOSTTlCJ6J9goNe0Ra91noh9GMDC4qRzNheC22QVKWYExbtKyW0+OeIrpTfJ/1Ml1Jrb+FRjS0CDOHgHwYOqaPiyp1tlIgqhYEb3gIF7Ru69A1ctNdugaZAgz83Z951T2kpBNYguIoJn09X/MBq7ZKToWrFBi0kgOCnGbJfC9MusXGdJ1275Co6Xiaq2/mOWRwsH0e6HEjzSaFoOMgDe5jtq4+UIhbbS9u1dvn8/mR4mR/MsHDsT3FUWQ+c3C04/zTdJbt91w/f9PEs+Zi4qKwsyG0AtHzVV8/NADU4xAr1GFYBL9crMe/Y1vvPFXzpIlnfQrg+vYXE9vqXTXOgFB8KKUlT,iv:Ciw/zsXUiITP9vZJgvb9hDRgPZ1jSFISK+8Dqb2DeOs=,tag:Hn/k1t7AmM60tc6fOjj35w==,type:str] sops: shamir_threshold: 1 kms: [] @@ -42,8 +42,8 @@ sops: VitlT3d6d1FOSzFKTFRIWDU3cmJ2aXMKDN7HPa6pQSZd21cLvfk+sYvLqZm9eN+7 K1v7M9MXLY+nh1YGGbtDbWHh09p8g37tS1OwgGAiETh+z7hWsGHYdw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-09T21:54:53Z" - mac: ENC[AES256_GCM,data:tlGNpKn6rWCawNkmCdWJZRQqmNhDHFg5qAxMWRJ7A76I8/1XPZHXjG8m1vw9VaP3XDO15FPrLDUsAsVImXs0xc769GzlYsOa/WhjSbtrbT+WsAU6nXMs1OksKhzeAzCnQ04VCJPowMk09XIASZbIuES1+V6bFFgJbiK44UTHkW0=,iv:Hl+VzbDMI37nSaU4PHZ86362s6zqJWQ35J+qgSG3w20=,tag:uqMjhJ9eqgDsX587f0UCNQ==,type:str] + lastmodified: "2024-02-28T21:51:11Z" + mac: ENC[AES256_GCM,data:nHX08Itwgn4HI98tzq08VOwVG+bZGlBYMUe19SEECo9dRpH9P5eApV1ho8RknPHrTv6m3PBvapaIsTjp7uDVajjXRDKcWCb+5wYN+g0FHTSICohoRvwq0JNqHFszW+CnT5EdMw4V09B94LwDJB2YRABCTwPn2x69p8QU3GLjhrY=,iv:tCYrAcJLV5+OqL3wHNMRA4kxNZo2m73MgUXlCpAGSZg=,tag:6JndAJnSveti0jxqyOAbuw==,type:str] pgp: - created_at: "2024-01-30T22:23:56Z" enc: |- diff --git a/nixos/users/groups.nix b/nixos/users/groups.nix index bc811e98..72c1d2b6 100644 --- a/nixos/users/groups.nix +++ b/nixos/users/groups.nix @@ -45,5 +45,10 @@ in { group = "admin"; isSystemUser = true; }; + opl = { + uid = 8125; + group = "nogroup"; + isSystemUser = true; + }; }; }