mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
121 lines
3.1 KiB
Nix
121 lines
3.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf mkMerge mkDefault;
|
|
inherit (config.networking.access) cidrForNetwork;
|
|
inherit (config) kyuuto;
|
|
cfg = config.services.samba;
|
|
guestUsers = mkIf cfg.guest.enable [cfg.guest.user];
|
|
kyuuto-media = {
|
|
"create mask" = "0664";
|
|
"force directory mode" = "3000";
|
|
"directory mask" = "7775";
|
|
};
|
|
kyuuto-library =
|
|
kyuuto-media
|
|
// {
|
|
"acl group control" = true;
|
|
};
|
|
in {
|
|
services.samba = {
|
|
usershare = {
|
|
enable = mkDefault true;
|
|
path = mkDefault (kyuuto.mountDir + "/usershares");
|
|
};
|
|
shares' = {
|
|
kyuuto-transfer = {
|
|
comment = "Kyuuto Media Transfer Area";
|
|
path = kyuuto.transferDir;
|
|
writeable = true;
|
|
browseable = true;
|
|
public = true;
|
|
"valid users" = mkMerge [
|
|
guestUsers
|
|
["@peeps"]
|
|
];
|
|
#"guest only" = true;
|
|
"hosts allow" = cidrForNetwork.allLocal.all;
|
|
"acl group control" = true;
|
|
"create mask" = "0664";
|
|
"force directory mode" = "3000";
|
|
"directory mask" = "7775";
|
|
};
|
|
kyuuto-library = mkMerge [
|
|
kyuuto-library
|
|
{
|
|
path = kyuuto.libraryDir;
|
|
comment = "Kyuuto Library";
|
|
writeable = false;
|
|
browseable = true;
|
|
public = true;
|
|
"valid users" = mkMerge [
|
|
guestUsers
|
|
["@kyuuto-peeps"]
|
|
];
|
|
"read list" = guestUsers;
|
|
"write list" = ["@kyuuto-peeps"];
|
|
"hosts allow" = cidrForNetwork.allLocal.all;
|
|
}
|
|
];
|
|
kyuuto-library-net = mkMerge [
|
|
kyuuto-library
|
|
{
|
|
path = kyuuto.libraryDir;
|
|
comment = "Kyuuto Library Access";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = ["@kyuuto-peeps"];
|
|
}
|
|
];
|
|
kyuuto-media = mkMerge [
|
|
kyuuto-media
|
|
{
|
|
path = kyuuto.mountDir;
|
|
comment = "Kyuuto Media";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = ["@kyuuto-peeps"];
|
|
}
|
|
];
|
|
kyuuto-data = mkMerge [
|
|
kyuuto-media
|
|
{
|
|
path = kyuuto.dataDir;
|
|
comment = "Kyuuto Data";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = ["@kyuuto-peeps"];
|
|
}
|
|
];
|
|
shared = {
|
|
path = kyuuto.shareDir;
|
|
comment = "Shared Data";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = ["@peeps"];
|
|
"create mask" = "0775";
|
|
"force create mode" = "0010";
|
|
"force directory mode" = "2000";
|
|
"directory mask" = "7775";
|
|
};
|
|
${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {
|
|
writeable = true;
|
|
browseable = true;
|
|
public = false;
|
|
"valid users" = ["@peeps"];
|
|
"create mask" = "0664";
|
|
"force directory mode" = "5000";
|
|
"directory mask" = "7775";
|
|
};
|
|
};
|
|
};
|
|
|
|
# give guest users proper access to the transfer share
|
|
users.users.guest.extraGroups = ["kyuuto"];
|
|
}
|