feat(samba): kyuuto opl

2026-02-09 04:19:19 -08:00 · 2024-02-19 13:23:37 -08:00 · 2024-02-19 13:23:37 -08:00 · 5d48940824
commit 5d48940824
parent cc990d1d9a
6 changed files with 111 additions and 27 deletions
--- a/docs/index.adoc
+++ b/docs/index.adoc
@ -15,6 +15,9 @@ Links::
 https://gensokyo.zone[Homepage]::
 Service listing

+<<./smb.adoc#,SMB Shares>>::
+Network file shares
+
 <<./network.adoc#,Home Network>>::
 Local network subnets and IP address reservations

--- a/docs/smb.adoc
+++ b/docs/smb.adoc
@ -0,0 +1,44 @@
+= SMB
+:guest: Guest access is available by logging in with a non-existent username and password.
+
+== Shares
+
+[[transfer]]
+kyuuto-transfer::
+
+Accessible via LAN only ([.pathvalue]#\\smb.local.gensokyo.zone\kyuuto-transfer#) with guest access{empty}footnote:guest[{guest}].
+The transfer share used for quick file transfers onto the server for temporary sharing purposes.
+Make sure to let someone know when you've added something here that should be moved to a media library or organized for some specific service!
+
+[[library]]
+kyuuto-library::
+
+Accessible via LAN only ([.pathvalue]#\\smb.local.gensokyo.zone\kyuuto-library#) with read-only guest access{empty}footnote:guest[{guest}].
+
+The Kyuuto library directory is where most media and shared data belongs.
+Adding new files to an appropriate directory will typically automatically add it to the corresponding Plex library or similar.
+
+[[library-net]]
+kyuuto-library-net::
+
+The <<library,Kyuuto library>> share is also available globally via [.pathvalue]#\\smb.gensokyo.zone\kyuuto-library-net#
+
+kyuuto-media::
+
+Top-level access to the disk containing the <<library,Kyuuto library>>.
+
+shared::
+
+Accessible both via LAN ([.pathvalue]#\\smb.local.gensokyo.zone\shared#) or globally ([.pathvalue]#\\smb.gensokyo.zone\shared#).
+
+A special share used for remote working data, typically used to set up mount points or similar.
+
+Services:::
+
+* <<./steam.adoc#library,Steam Library>>
+* <<./steam.adoc#setup,Steam>>
+** <<./steam.adoc#beatsaber,Beat Saber>>
+
+opl::
+
+For local use by OPL only.
--- a/docs/steam.adoc
+++ b/docs/steam.adoc
@ -3,6 +3,7 @@
 include::{inc}attrs.adoc[]
 :toc:

+[[setup]]
 == Setup

 Environment Variables::
@ -15,6 +16,12 @@ Advanced System Settings (System Properties -> Advanced) -> Environment Variable
 * [[env_GENSO_STEAM_LOCAL_DATA]] `GENSO_STEAM_LOCAL_DATA` = [.value]`+C:\Program Files\GensokyoZone+` or somewhere local to be used as scratch space
 * [[env_GENSO_STEAM_INSTALL]] `GENSO_STEAM_INSTALL` = [.value]`+C:\Program Files (x86)\Steam+` or wherever Steam is installed to

+[[library]]
+=== Library
+
+A network share folder is reserved for storing and sharing Steam games.
+Add a new library in Steam's settings to <<env_GENSO_SMB_SHARED_MOUNT,[.pathvalue]#%GENSO_SMB_SHARED_MOUNT%\steam\library#>> for access.
+
 [[beatsaber]]
 == Beat Saber

--- a/nixos/kyuuto/samba.nix
+++ b/nixos/kyuuto/samba.nix
@ -11,17 +11,15 @@
  cfg = config.services.samba;
  localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all
    ++ optionals config.services.tailscale.enable cidrForNetwork.tail.all;
+  guestUsers = mkIf cfg.guest.enable [ cfg.guest.user ];
  kyuuto-media = {
-    path = kyuuto.mountDir;
-    comment = "Kyuuto Media";
-    writeable = true;
-    public = false;
-    "valid users" = [ "@kyuuto-peeps" ];
-    "acl group control" = true;
    "create mask" = "0664";
    "force directory mode" = "3000";
    "directory mask" = "7775";
  };
+  kyuuto-library = kyuuto-media // {
+    "acl group control" = true;
+  };
 in {
  services.samba = {
    usershare = {
@ -29,6 +27,19 @@ in {
      path = mkDefault (kyuuto.mountDir + "/usershares");
    };
    shares = mkIf cfg.enable {
+      opl = {
+        comment = "Kyuuto Media OPL";
+        path = kyuuto.libraryDir + "/games/PS2";
+        writeable = false;
+        browseable = false;
+        public = false;
+        "valid users" = [
+          "opl"
+          "@kyuuto-peeps"
+        ];
+        "read list" = [ "opl" ];
+        "hosts allow" = localAddrs;
+      };
      kyuuto-transfer = {
        comment = "Kyuuto Media Transfer Area";
        path = kyuuto.transferDir;
@ -36,7 +47,7 @@ in {
        browseable = true;
        public = true;
        "valid users" = mkMerge [
-          (mkIf cfg.guest.enable [ cfg.guest.user ])
+          guestUsers
          [ "@peeps" ]
        ];
        #"guest only" = true;
@ -46,29 +57,43 @@ in {
        "force directory mode" = "3000";
        "directory mask" = "7775";
      };
-      kyuuto-library-access = {
+      kyuuto-library = mkMerge [
+        kyuuto-library
+        {
          path = kyuuto.libraryDir;
-        comment = "Kyuuto Library Access";
+          comment = "Kyuuto Library";
          writeable = false;
          browseable = true;
          public = true;
          "valid users" = mkMerge [
-          (mkIf cfg.guest.enable [ cfg.guest.user ])
+            guestUsers
            [ "@kyuuto-peeps" ]
          ];
-        "hosts allow" = localAddrs;
-      };
-      kyuuto-media = mkMerge [
-        kyuuto-media
-        {
-          browseable = true;
+          "read list" = guestUsers;
+          "write list" = [ "@kyuuto-peeps" ];
          "hosts allow" = localAddrs;
        }
      ];
-      kyuuto-media-global = mkMerge [
+      kyuuto-library-net = mkMerge [
+        kyuuto-library
+        {
+          path = kyuuto.libraryDir;
+          comment = "Kyuuto Library Access";
+          writeable = true;
+          public = false;
+          browseable = false;
+          "valid users" = [ "@kyuuto-peeps" ];
+        }
+      ];
+      kyuuto-media = mkMerge [
        kyuuto-media
        {
+          path = kyuuto.mountDir;
+          comment = "Kyuuto Media";
+          writeable = true;
+          public = false;
          browseable = false;
+          "valid users" = [ "@kyuuto-peeps" ];
        }
      ];
      shared = {
@ -79,8 +104,8 @@ in {
        browseable = false;
        "valid users" = [ "@peeps" ];
        "create mask" = "0775";
-        "force file mode" = "3010";
-        "force directory mode" = "3000";
+        "force create mode" = "0010";
+        "force directory mode" = "2000";
        "directory mask" = "7775";
      };
      ${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {
--- a/nixos/secrets/samba.yaml
+++ b/nixos/secrets/samba.yaml
@ -1,4 +1,4 @@
-smbpasswd: ENC[AES256_GCM,data:T9ajprFSoJ8zot3GKKT44Gkc18H/R2O/sVcwoxkCcn8cNQoD+uCOv7t9dDKnvGQKSF6FsC9WxUSL6ZetR0opxH5nvULGpc9WCoxFn6UPZpDRFtp9J3WMbFGNzw+dnwlKJQVy8WqAqajlpjV7+OR1Q+nYGm0EwIjO0JSqE5fX7FcDBzUQJr5gry14Dvzpzh04rOqsGD+aAGXcJLEJej7zLeALPCMOy21VdpKt0wzd1PfeowJCMdIoLAYTlGl33gbONIIEHefa1QY3jn6ZRGmoNF2qWmwueUguak9kdACtocUrJcUhnpbSC3h4HrNVTcMuvoL4SrJ/kxec+Xzv23zc5ylffkpT2XuKjk7M6uiwe+tgVczxvnGn5rtp33nBszausrO9JwD8I5l0pW+BSApdpaVwMv72cNdMRV9nPuUGY/uYlcQ7nTWKypJnmcbbcg/w+WWCfCdSx4HhWN26oQotivY+unrWL/uHkYjVUzefh2/s0cmBbS0wrV//haqkUFGw3oJgM7c6nHYnCNugdYhsrB8u2gRTy+jvZrnYY4ukuuoYiLrXOYVcS38Co8PphCX2h/wnwzVyneaWHg5ttkvf+cEU6on3efzSKZamt+HsbwHB5M/4oiUEDWMH4K6X/xF3cTgHTV6bxUTL/jzLNwW6tKl9bjHnkAjNb6iYOIVXT5KjxpLfcwXr/SvRCINNN1enAEU=,iv:rXRyeDF7kUtfcOhHI8ILCCg9vpHDzCKn4K/2J/dEZLw=,tag:OZ7r2mu9xPTI7JJlddafkg==,type:str]
+smbpasswd: ENC[AES256_GCM,data:W77mPgQ4sgdEsYgL271Kw34oHXYqMgGOM13KhY6XKlMVpIu1iznzuECXEG/6tDpv7J6hCMex8i4FMy85mUb2a/FLscx+vF7ncSATKZSGSKZZgU/kc5qGqM2yJrm7TnvmjSt7YRJfXBACM2h5X6eVKZ+0mtOAoQD72JLyM7aO8W4z4XyQQpudCqnpmNT5s8icHJGjRQubIm/25Znw8y5RME/OrA2/YkuGXeCNT7dEqHl6/KiH94//+XhCKij8lSV3iaE7ZKLiA3bqQJmp2n8Owvd+cDVZ1wWQU0TQGE1aAKysiHg1Yc1io7ek0t9UxyE5ZrOyifiWv6f2jdxbA7dvIihmlP0XWghdo30T9v4GE97cuNRG2rJTZEi3lP9Qy7Y4yS/XWRfSPLQnZ0D5xvuNxbVbXUR8OBcBlLeG6TFKtLPJgRr8oUrxw/03MHT8wxAOrfFPUYofd377DBIXQSv2Jbxg8117yAI1a/fBl8zFBrdkKDQvUjOSTTlCJ6J9goNe0Ra91noh9GMDC4qRzNheC22QVKWYExbtKyW0+OeIrpTfJ/1Ml1Jrb+FRjS0CDOHgHwYOqaPiyp1tlIgqhYEb3gIF7Ru69A1ctNdugaZAgz83Z951T2kpBNYguIoJn09X/MBq7ZKToWrFBi0kgOCnGbJfC9MusXGdJ1275Co6Xiaq2/mOWRwsH0e6HEjzSaFoOMgDe5jtq4+UIhbbS9u1dvn8/mR4mR/MsHDsT3FUWQ+c3C04/zTdJbt91w/f9PEs+Zi4qKwsyG0AtHzVV8/NADU4xAr1GFYBL9crMe/Y1vvPFXzpIlnfQrg+vYXE9vqXTXOgFB8KKUlT,iv:Ciw/zsXUiITP9vZJgvb9hDRgPZ1jSFISK+8Dqb2DeOs=,tag:Hn/k1t7AmM60tc6fOjj35w==,type:str]
 sops:
    shamir_threshold: 1
    kms: []
@ -42,8 +42,8 @@ sops:
            VitlT3d6d1FOSzFKTFRIWDU3cmJ2aXMKDN7HPa6pQSZd21cLvfk+sYvLqZm9eN+7
            K1v7M9MXLY+nh1YGGbtDbWHh09p8g37tS1OwgGAiETh+z7hWsGHYdw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-09T21:54:53Z"
-    mac: ENC[AES256_GCM,data:tlGNpKn6rWCawNkmCdWJZRQqmNhDHFg5qAxMWRJ7A76I8/1XPZHXjG8m1vw9VaP3XDO15FPrLDUsAsVImXs0xc769GzlYsOa/WhjSbtrbT+WsAU6nXMs1OksKhzeAzCnQ04VCJPowMk09XIASZbIuES1+V6bFFgJbiK44UTHkW0=,iv:Hl+VzbDMI37nSaU4PHZ86362s6zqJWQ35J+qgSG3w20=,tag:uqMjhJ9eqgDsX587f0UCNQ==,type:str]
+    lastmodified: "2024-02-28T21:51:11Z"
+    mac: ENC[AES256_GCM,data:nHX08Itwgn4HI98tzq08VOwVG+bZGlBYMUe19SEECo9dRpH9P5eApV1ho8RknPHrTv6m3PBvapaIsTjp7uDVajjXRDKcWCb+5wYN+g0FHTSICohoRvwq0JNqHFszW+CnT5EdMw4V09B94LwDJB2YRABCTwPn2x69p8QU3GLjhrY=,iv:tCYrAcJLV5+OqL3wHNMRA4kxNZo2m73MgUXlCpAGSZg=,tag:6JndAJnSveti0jxqyOAbuw==,type:str]
    pgp:
        - created_at: "2024-01-30T22:23:56Z"
          enc: |-
--- a/nixos/users/groups.nix
+++ b/nixos/users/groups.nix
@ -45,5 +45,10 @@ in {
      group = "admin";
      isSystemUser = true;
    };
+    opl = {
+      uid = 8125;
+      group = "nogroup";
+      isSystemUser = true;
+    };
  };
 }