gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(samba): opl

Browse source
This commit is contained in:
arcnmx 2024-02-29 10:08:01 -08:00
parent 5d48940824
commit de44c70844
4 changed files with 147 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/network.adoc
View file

@ -40,6 +40,7 @@ bedroom-friend:: `10.1.1.82`
bedroom-colour-strip:: `10.1.1.85` bedroom-colour-strip:: `10.1.1.85`
net_ac_9628:: `10.1.1.90` net_ac_9628:: `10.1.1.90`
ps2:: `10.1.1.96`
pinecube:: `10.1.1.97` pinecube:: `10.1.1.97`

70
modules/nixos/tmpfiles.nix
View file

@ -1,11 +1,13 @@
{ {
config, config,
lib, lib,
inputs,
pkgs, pkgs,
... ...
}: let }: let
inherit (inputs.self.lib.lib) unmerged;
inherit (lib.options) mkOption mkEnableOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkOptionDefault; inherit (lib.modules) mkIf mkMerge mkDefault mkOptionDefault;
inherit (lib.strings) match concatStringsSep escapeShellArg optionalString; inherit (lib.strings) match concatStringsSep escapeShellArg optionalString;
inherit (lib.attrsets) attrValues; inherit (lib.attrsets) attrValues;
inherit (lib.lists) filter; inherit (lib.lists) filter;
@ -23,6 +25,8 @@
}; };
mkdirParent = mkEnableOption "mkdir"; mkdirParent = mkEnableOption "mkdir";
bindReadOnly = mkEnableOption "mount -oro"; bindReadOnly = mkEnableOption "mount -oro";
relativeSymlink = mkEnableOption "ln -sr";
noOverwrite = mkEnableOption "disable overwrite";
path = mkOption { path = mkOption {
type = path; type = path;
default = name; default = name;
@ -55,6 +59,9 @@
rules = mkOption { rules = mkOption {
type = listOf str; type = listOf str;
}; };
mountSettings = mkOption {
type = unmerged.type;
};
}; };
setup = { setup = {
script = mkOption { script = mkOption {
@ -83,6 +90,7 @@
chown = "chown ${escapeShellArg config.owner}:${escapeShellArg config.group} ${escapeShellArg config.path}"; chown = "chown ${escapeShellArg config.owner}:${escapeShellArg config.group} ${escapeShellArg config.path}";
chmod = "chmod ${escapeShellArg config.mode} ${escapeShellArg config.path}"; chmod = "chmod ${escapeShellArg config.mode} ${escapeShellArg config.path}";
parentFlag = optionalString config.mkdirParent "p"; parentFlag = optionalString config.mkdirParent "p";
relativeFlag = optionalString config.relativeSymlink "r";
scriptCatch = " || EXITCODE=$?"; scriptCatch = " || EXITCODE=$?";
scriptFail = "EXITCODE=1"; scriptFail = "EXITCODE=1";
setupScript = { setupScript = {
@ -99,27 +107,36 @@
fi fi
''; '';
symlink = '' symlink = ''
if [[ ! -e ${escapeShellArg config.path} || -L ${escapeShellArg config.path} ]]; then if [[ -e ${escapeShellArg config.path} && ! -L ${escapeShellArg config.path} ]]; then
ln -sf ${escapeShellArg config.src} ${escapeShellArg config.path}${scriptCatch}
else
echo ${escapeShellArg config.path} exists but is not a symlink >&2 echo ${escapeShellArg config.path} exists but is not a symlink >&2
${scriptFail} ${scriptFail}
else
if [[ ! -L ${escapeShellArg config.path} || -z ${escapeShellArg config.noOverwrite} ]]; then
ln -s${relativeFlag}fT ${escapeShellArg config.src} ${escapeShellArg config.path}${scriptCatch}
fi
fi fi
''; '';
link = '' link = ''
if [[ -L ${escapeShellArg config.path} ]]; then if [[ -L ${escapeShellArg config.path} ]]; then
rm -f ${escapeShellArg config.path} rm -f ${escapeShellArg config.path}
fi fi
ln -f ${escapeShellArg config.src} ${escapeShellArg config.path}${scriptCatch} ln -fT ${escapeShellArg config.src} ${escapeShellArg config.path}${scriptCatch}
''; '';
copy = '' copy = ''
if [[ ! -e ${escapeShellArg config.path} || -f ${escapeShellArg config.path} ]]; then if [[ -d ${escapeShellArg config.src} ]]; then
cp -f ${escapeShellArg config.src} ${escapeShellArg config.path} && echo TODO: copy directory to ${escapeShellArg config.path} >&2
${chmod} &&
${chown}${scriptCatch}
else
echo ${escapeShellArg config.path} exists but is not a file >&2
${scriptFail} ${scriptFail}
else
if [[ -L ${escapeShellArg config.path} ]] || [[ -e ${escapeShellArg config.path} && ! -f ${escapeShellArg config.path} ]]; then
echo ${escapeShellArg config.path} exists but is not a file >&2
${scriptFail}
else
if [[ ! -e ${escapeShellArg config.path} || -z ${escapeShellArg config.noOverwrite} ]]; then
cp -TPf ${escapeShellArg config.src} ${escapeShellArg config.path}${scriptCatch}
fi
${chmod} &&
${chown}${scriptCatch}
fi
fi fi
''; '';
bind = '' bind = ''
@ -152,6 +169,22 @@
systemdRule.${config.type} systemdRule.${config.type}
(mkIf enableAcls [ systemdAclRule ]) (mkIf enableAcls [ systemdAclRule ])
]; ];
mountSettings = mkIf (config.type == "bind") {
enable = mkDefault config.enable;
type = mkDefault "none";
options = mkMerge [
"bind"
(mkIf config.bindReadOnly "ro")
];
what = mkDefault config.src;
where = mkDefault config.path;
wantedBy = [
"tmpfiles.service"
];
after = mkDefault [
"tmpfiles.service"
];
};
}; };
}; };
}; };
@ -200,20 +233,7 @@ in {
RemainAfterExit = mkOptionDefault true; RemainAfterExit = mkOptionDefault true;
}; };
}; };
mounts = map (file: rec { mounts = map (file: unmerged.merge file.systemd.mountSettings) bindFiles;
enable = file.enable;
type = "none";
options = mkMerge [
"bind"
(mkIf file.bindReadOnly "ro")
];
what = file.src;
where = file.path;
wantedBy = [
"tmpfiles.service"
];
after = wantedBy;
}) bindFiles;
}; };
}; };
} }

100
nixos/kyuuto/opl.nix Normal file
View file

@ -0,0 +1,100 @@
{
pkgs,
config,
lib,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (config) kyuuto;
cfg = kyuuto.opl;
in {
options.kyuuto.opl = with lib.types; {
enable = mkEnableOption "hosting" // {
default = config.services.samba.enable;
};
user = mkOption {
type = str;
default = "opl";
};
rootDir = mkOption {
type = path;
default = kyuuto.mountDir + "/opl";
};
dvdDir = mkOption {
type = path;
default = cfg.rootDir + "/DVD";
};
gameLibraryDir = mkOption {
type = path;
default = kyuuto.gameLibraryDir + "/PS2";
};
};
config = {
services.samba = {
settings = mkIf cfg.enable {
"ntlm auth" = mkDefault "ntlmv1-permitted";
"server min protocol" = mkDefault "NT1";
};
shares.opl = let
inherit (config.networking.access) cidrForNetwork;
localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all
++ lib.optionals config.services.tailscale.enable cidrForNetwork.tail.all;
in mkIf cfg.enable {
comment = "Kyuuto Media OPL";
path = cfg.rootDir;
writeable = true;
browseable = true;
public = false;
"valid users" = [
cfg.user
"@kyuuto-peeps"
];
"strict sync" = false;
"keepalive" = 0;
"hosts allow" = localAddrs;
};
};
services.tmpfiles = let
setupFiles = {
${cfg.rootDir} = {
owner = cfg.user;
group = mkDefault "kyuuto";
mode = mkDefault "2775";
};
${cfg.dvdDir} = {
type = mkDefault "directory";
owner = mkDefault "admin";
group = mkDefault "kyuuto";
mode = mkDefault "2775";
};
"${cfg.rootDir}/games.bin" = {
type = "copy";
owner = cfg.user;
group = mkDefault "kyuuto";
mode = "0775";
src = pkgs.writeText "empty" "";
noOverwrite = true;
};
"${cfg.gameLibraryDir}/games.bin" = {
type = "symlink";
src = cfg.rootDir + "/games.bin";
};
};
files = {
${cfg.dvdDir} = {
type = "bind";
src = cfg.gameLibraryDir;
bindReadOnly = true;
};
};
in {
enable = mkIf (kyuuto.setup || cfg.enable) true;
files = mkMerge [
(mkIf kyuuto.setup setupFiles)
(mkIf cfg.enable files)
];
};
};
}

15
nixos/kyuuto/samba.nix
View file

@ -26,20 +26,7 @@ in {
enable = mkDefault true; enable = mkDefault true;
path = mkDefault (kyuuto.mountDir + "/usershares"); path = mkDefault (kyuuto.mountDir + "/usershares");
}; };
shares = mkIf cfg.enable { shares = {
opl = {
comment = "Kyuuto Media OPL";
path = kyuuto.libraryDir + "/games/PS2";
writeable = false;
browseable = false;
public = false;
"valid users" = [
"opl"
"@kyuuto-peeps"
];
"read list" = [ "opl" ];
"hosts allow" = localAddrs;
};
kyuuto-transfer = { kyuuto-transfer = {
comment = "Kyuuto Media Transfer Area"; comment = "Kyuuto Media Transfer Area";
path = kyuuto.transferDir; path = kyuuto.transferDir;