refactor(samba): kyuuto

nixos/kyuuto/mount.nix

@@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.options) mkOption mkEnableOption;
+  inherit (lib.modules) mkIf mkMerge;
+  cfg = config.kyuuto;
+in {
+  options.kyuuto = with lib.types; {
+    setup = mkEnableOption "directory and permission setup";
+    mountDir = mkOption {
+      type = path;
+      default = "/mnt/kyuuto-media";
+    };
+    libraryDir = mkOption {
+      type = path;
+      default = cfg.mountDir + "/library";
+    };
+    transferDir = mkOption {
+      type = path;
+      default = cfg.mountDir + "/transfer";
+    };
+  };
+
+  config = {
+    systemd.tmpfiles.rules = mkIf cfg.setup [
+      "d ${cfg.transferDir} 3775 root kyuuto"
+      "d ${cfg.libraryDir} 3775 root kyuuto"
+      "d ${cfg.libraryDir}/unsorted 3775 root kyuuto"
+      "d ${cfg.libraryDir}/music 7775 sonarr kyuuto"
+      "d ${cfg.libraryDir}/anime 7775 sonarr kyuuto"
+      "d ${cfg.libraryDir}/tv 7775 sonarr kyuuto"
+      "d ${cfg.libraryDir}/movies 7775 radarr kyuuto"
+    ];
+
+    users = let
+      mapId = id: if config.proxmoxLXC.privileged or true then 100000 + id else id;
+      mkDummyUsers = {
+        name,
+        group ? name,
+        enable ? !config.services.${serviceName}.enable, serviceName ? name,
+        uid ? config.ids.uids.${name},
+        gid ? config.ids.gids.${group}
+      }: mkIf enable {
+        users.${name} = {
+          group = mkIf (group != null) group;
+          uid = mapId uid;
+          isSystemUser = true;
+        };
+        groups.${group} = {
+          gid = mapId gid;
+        };
+      };
+    in mkMerge [
+      (mkDummyUsers { name = "deluge"; })
+      (mkDummyUsers { name = "radarr"; })
+      (mkDummyUsers { name = "sonarr"; })
+      (mkDummyUsers { name = "lidarr"; })
+    ];
+  };
+}

nixos/kyuuto/nfs.nix

@@ -0,0 +1,26 @@
+
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.lists) optionals;
+  inherit (lib.strings) concatStringsSep;
+  inherit (config.networking.access) cidrForNetwork;
+  inherit (config) kyuuto;
+in {
+  services.nfs.server.exports = let
+    mapPerm = perm: map (addr: "${addr}(${perm})");
+    toPerms = concatStringsSep " ";
+    localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all;
+    tailAddrs = optionals config.services.tailscale.enable cidrForNetwork.tail.all;
+    allAddrs = localAddrs ++ tailAddrs;
+    kyuutoPerms =
+      mapPerm "ro" localAddrs
+      ++ mapPerm "rw" tailAddrs;
+    transferPerms = mapPerm "rw" allAddrs;
+  in ''
+    ${kyuuto.mountDir} ${toPerms kyuutoPerms}
+    ${kyuuto.transferDir} ${toPerms transferPerms}
+  '';
+}

nixos/kyuuto/samba.nix

@@ -0,0 +1,49 @@
+
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.lists) optionals;
+  inherit (config.networking.access) cidrForNetwork;
+  inherit (config) kyuuto;
+  cfg = config.services.samba;
+  localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all
+    ++ optionals config.services.tailscale.enable cidrForNetwork.tail.all;
+in {
+  services.samba = {
+    usershare = {
+      enable = mkDefault true;
+      path = mkDefault (kyuuto.mountDir + "/usershares");
+    };
+    shares = mkIf cfg.enable {
+      kyuuto-transfer = {
+        path = kyuuto.transferDir;
+        writeable = true;
+        browseable = true;
+        public = true;
+        "acl group control" = true;
+        #"guest only" = true;
+        comment = "Kyuuto Media Transfer Area";
+        "hosts allow" = localAddrs;
+      };
+      kyuuto-access = {
+        path = kyuuto.libraryDir;
+        writeable = false;
+        browseable = true;
+        public = true;
+        comment = "Kyuuto Media Access";
+        "hosts allow" = localAddrs;
+      };
+      kyuuto-media = {
+        path = kyuuto.mountDir;
+        writeable = true;
+        browseable = true;
+        public = false;
+        comment = "Kyuuto Media";
+        "valid users" = [ "@kyuuto" ];
+      };
+    };
+  };
+}