reconfigure samba

2025-02-19 19:27:31 -08:00 · 2023-07-25 15:23:07 -07:00 · 2023-07-25 15:23:07 -07:00 · 884c38d93f
commit 884c38d93f
parent 3bcac3cc72
8 changed files with 79 additions and 42 deletions
--- a/provision/nixos/hosts/kestrel/configuration.nix
+++ b/provision/nixos/hosts/kestrel/configuration.nix
@ -106,7 +106,7 @@
  imports = [ ../../modules ];
  modules = {
    services = {
-      samba.enable = true;
+      samba-client.enable = true;
    };
    devel = {
      tooling.enable = true;
--- a/provision/nixos/hosts/torus/configuration.nix
+++ b/provision/nixos/hosts/torus/configuration.nix
@ -19,6 +19,9 @@
  # Use normal kernel
  boot.kernelPackages = pkgs.linuxPackages;

+  # Set kernel modules
+  boot.kernelModules = [ "sg" ];
+
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
@ -35,6 +38,15 @@
  # Enable virtualisation
  virtualisation.docker.enable = true;
  virtualisation.docker.storageDriver = "btrfs";
+  virtualisation.docker.enableNvidia = true;
+  services.xserver.videoDrivers = [ "nvidia" ];
+
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+    setLdLibraryPath = true;
+  };

  # Enable zsh
  programs.zsh.enable = true;
@ -80,11 +92,9 @@
  # Enable modules
  imports = [ ../../modules ];
  modules = {
-    server = {
-      jellyfin.enable = true;
-    };
    services = {
-      samba.enable = true;
+      samba-server.enable = true;
+      jellyfin.enable = true;
    };
    devel = {
      tooling.enable = true;
--- a/provision/nixos/modules/server/default.nix
+++ b/provision/nixos/modules/server/default.nix
@ -1,4 +0,0 @@
-{ ... }:
-{
-  imports = [ ./jellyfin.nix ];
-}
--- a/provision/nixos/modules/services/default.nix
+++ b/provision/nixos/modules/services/default.nix
@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./samba.nix ];
+  imports = [ ./samba-server.nix ./samba-client.nix ./jellyfin.nix ];
 }
--- a/provision/nixos/modules/services/jellyfin.nix
+++ b/provision/nixos/modules/services/jellyfin.nix
@ -5,6 +5,8 @@ in {
  options.modules.server.jellyfin.enable = lib.mkEnableOption "jellyfin";
  config = lib.mkIf cfg.enable {
    services.jellyfin.enable = true;
+    services.jellyfin.openFirewall = true;
+    services.jellyfin.user = "${user}";
  };

 }
--- a/provision/nixos/modules/services/samba-client.nix
+++ b/provision/nixos/modules/services/samba-client.nix
@ -0,0 +1,15 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.modules.services.samba-client;
+in {
+  options.modules.services.samba-client.enable = lib.mkEnableOption "samba-client";
+  config = lib.mkIf cfg.enable {
+
+    # the needed ports in the firewall.
+    networking.firewall.allowedTCPPorts = [ 445 139 ];
+    networking.firewall.allowedUDPPorts = [ 137 138 ];
+
+    # To make SMB mounting easier on the command line
+    environment.systemPackages = with pkgs; [ cifs-utils ];
+  };
+}
--- a/provision/nixos/modules/services/samba-server.nix
+++ b/provision/nixos/modules/services/samba-server.nix
@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.modules.services.samba-server;
+in {
+  options.modules.services.samba-server.enable = lib.mkEnableOption "samba-server";
+  config = lib.mkIf cfg.enable {
+    services.samba = {
+      enable = true;
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = smbnix
+        netbios name = smbnix
+        security = user 
+        hosts allow = 192.168.1. 127.0.0.1 localhost
+        hosts deny = 0.0.0.0/0
+        guest account = nobody
+        map to guest = bad user
+      '';
+
+      shares = {
+        private = {
+          "path" = "/engi";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "no";
+          "force user" = "tstarr";
+          "force group" = "users";
+        };
+        public = {
+          "path" = "/engi";
+          browseable = "yes";
+          "read only" = "yes";
+          "guest ok" = "yes";
+        };
+      };
+    };
+
+    # Curiously, `services.samba` does not automatically open
+    # the needed ports in the firewall.
+    networking.firewall.allowedTCPPorts = [ 445 139 ];
+    networking.firewall.allowedUDPPorts = [ 137 138 ];
+
+    # To make SMB mounting easier on the command line
+    environment.systemPackages = with pkgs; [ cifs-utils ];
+  };
+}
--- a/provision/nixos/modules/services/samba.nix
+++ b/provision/nixos/modules/services/samba.nix
@ -1,32 +0,0 @@
-# Samba for file sharing!
-
-{ config, lib, pkgs, ... }:
-
-let cfg = config.modules.services.samba;
-in {
-  options.modules.services.samba.enable = lib.mkEnableOption "samba";
-  config = lib.mkIf cfg.enable {
-    services.samba = {
-      enable = true;
-      extraConfig = ''
-        browseable = yes
-        smb encrypt = required
-      '';
-      shares = {
-        homes = {
-          browseable = "no";  # note: each home will be browseable; the "homes" share will not.
-          "read only" = "no";
-          "guest ok" = "no";
-        };
-      };
-    };
-
-    # Curiously, `services.samba` does not automatically open
-    # the needed ports in the firewall.
-    networking.firewall.allowedTCPPorts = [ 445 139 ];
-    networking.firewall.allowedUDPPorts = [ 137 138 ];
-
-    # To make SMB mounting easier on the command line
-    environment.systemPackages = with pkgs; [ cifs-utils ];
-  };
-}