homeserver: enabled samba

2024-06-13 16:08:33 +07:00 · 2024-06-13 16:08:33 +07:00 · 5d27259205
parent 0713245e6e
commit 5d27259205
5 changed files with 66 additions and 0 deletions
--- a/options/services.nix
+++ b/options/services.nix
@ -6,5 +6,8 @@ in
  options.profile.services = {
    caddy.enable = mkEnableOption "caddy";
    cockpit.enable = mkEnableOption "cockpit";
+    forgejo.enable = mkEnableOption "forgejo";
+    kavita.enable = mkEnableOption "kavita";
+    samba.enable = mkEnableOption "samba";
  };
 }
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -36,6 +36,9 @@
    services = {
      caddy.enable = true;
      cockpit.enable = true;
+      forgejo.enable = true;
+      kavita.enable = true;
+      samba.enable = true;
    };
  };
 }
--- a/system/services/default.nix
+++ b/system/services/default.nix
@ -3,5 +3,6 @@
  imports = [
    ./caddy.nix
    ./cockpit.nix
+    ./samba.nix
  ];
 }
--- a/system/services/forgejo.nix
+++ b/system/services/forgejo.nix
@ -0,0 +1,22 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.forgejo;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf cfg.enable {
+    sops.secrets."forgejo" = {
+      sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
+      path = "/etc/caddy/sites-enabled/forgejo";
+      mode = "0440";
+    };
+
+    services.forgejo = {
+      enable = true;
+      settings = {
+        server.PROTOCOL = "http+unix";
+        session.COOKIE_SECURE = true;
+      };
+    };
+  };
+}
--- a/system/services/samba.nix
+++ b/system/services/samba.nix
@ -0,0 +1,37 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.samba;
+  user = config.profile.user;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf cfg.enable {
+    services.samba = {
+      enable = true;
+      securityType = "user";
+      openFirewall = true;
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = smbnix
+        netbios name = smbnix
+        security = user 
+      '';
+      shares = {
+        nas = {
+          path = "/nas";
+          browsable = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0777";
+          "directory mask" = "0777";
+          "force user" = user.name;
+          "force group" = user.name;
+        };
+      };
+    };
+    services.samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}