mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 12:29:19 -08:00
112 lines
3 KiB
Nix
112 lines
3 KiB
Nix
|
|
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
inherit (lib.modules) mkIf mkMerge mkDefault;
|
|
inherit (lib.lists) optionals;
|
|
inherit (config.networking.access) cidrForNetwork;
|
|
inherit (config) kyuuto;
|
|
cfg = config.services.samba;
|
|
localAddrs = cidrForNetwork.loopback.all ++ cidrForNetwork.local.all
|
|
++ optionals config.services.tailscale.enable cidrForNetwork.tail.all;
|
|
guestUsers = mkIf cfg.guest.enable [ cfg.guest.user ];
|
|
kyuuto-media = {
|
|
"create mask" = "0664";
|
|
"force directory mode" = "3000";
|
|
"directory mask" = "7775";
|
|
};
|
|
kyuuto-library = kyuuto-media // {
|
|
"acl group control" = true;
|
|
};
|
|
in {
|
|
services.samba = {
|
|
usershare = {
|
|
enable = mkDefault true;
|
|
path = mkDefault (kyuuto.mountDir + "/usershares");
|
|
};
|
|
shares = {
|
|
kyuuto-transfer = {
|
|
comment = "Kyuuto Media Transfer Area";
|
|
path = kyuuto.transferDir;
|
|
writeable = true;
|
|
browseable = true;
|
|
public = true;
|
|
"valid users" = mkMerge [
|
|
guestUsers
|
|
[ "@peeps" ]
|
|
];
|
|
#"guest only" = true;
|
|
"hosts allow" = localAddrs;
|
|
"acl group control" = true;
|
|
"create mask" = "0664";
|
|
"force directory mode" = "3000";
|
|
"directory mask" = "7775";
|
|
};
|
|
kyuuto-library = mkMerge [
|
|
kyuuto-library
|
|
{
|
|
path = kyuuto.libraryDir;
|
|
comment = "Kyuuto Library";
|
|
writeable = false;
|
|
browseable = true;
|
|
public = true;
|
|
"valid users" = mkMerge [
|
|
guestUsers
|
|
[ "@kyuuto-peeps" ]
|
|
];
|
|
"read list" = guestUsers;
|
|
"write list" = [ "@kyuuto-peeps" ];
|
|
"hosts allow" = localAddrs;
|
|
}
|
|
];
|
|
kyuuto-library-net = mkMerge [
|
|
kyuuto-library
|
|
{
|
|
path = kyuuto.libraryDir;
|
|
comment = "Kyuuto Library Access";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = [ "@kyuuto-peeps" ];
|
|
}
|
|
];
|
|
kyuuto-media = mkMerge [
|
|
kyuuto-media
|
|
{
|
|
path = kyuuto.mountDir;
|
|
comment = "Kyuuto Media";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = [ "@kyuuto-peeps" ];
|
|
}
|
|
];
|
|
shared = {
|
|
path = kyuuto.shareDir;
|
|
comment = "Shared Data";
|
|
writeable = true;
|
|
public = false;
|
|
browseable = false;
|
|
"valid users" = [ "@peeps" ];
|
|
"create mask" = "0775";
|
|
"force create mode" = "0010";
|
|
"force directory mode" = "2000";
|
|
"directory mask" = "7775";
|
|
};
|
|
${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {
|
|
writeable = true;
|
|
browseable = true;
|
|
public = false;
|
|
"valid users" = [ "@peeps" ];
|
|
"create mask" = "0664";
|
|
"force directory mode" = "5000";
|
|
"directory mask" = "7775";
|
|
};
|
|
};
|
|
};
|
|
|
|
# give guest users proper access to the transfer share
|
|
users.users.guest.extraGroups = [ "kyuuto" ];
|
|
}
|