From cb85d738bcf557139fff8a9bbc49a64770986a55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 1 Nov 2023 22:35:47 +0100 Subject: [PATCH] ksmbd: add to turingmachine --- nixos/modules/ksmbd.nix | 113 ++++++++++++++++++++++++++ nixos/turingmachine/configuration.nix | 11 +++ 2 files changed, 124 insertions(+) create mode 100644 nixos/modules/ksmbd.nix diff --git a/nixos/modules/ksmbd.nix b/nixos/modules/ksmbd.nix new file mode 100644 index 000000000..7506a81bd --- /dev/null +++ b/nixos/modules/ksmbd.nix @@ -0,0 +1,113 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.services.ksmbd; + + smbToString = x: + if builtins.typeOf x == "bool" + then lib.boolToString x + else toString x; + + shareConfig = name: + let share = lib.getAttr name cfg.shares; in + "[${name}]\n " + (smbToString ( + map + (key: "${key} = ${smbToString (lib.getAttr key share)}\n") + (lib.attrNames share) + )); +in +{ + options = { + services.ksmbd = { + enable = lib.mkEnableOption "Enable cifsd kernel server"; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = lib.mdDoc '' + Whether to automatically open the necessary ports in the firewall. + ''; + }; + + securityType = lib.mkOption { + type = lib.types.str; + default = "user"; + description = "Samba security type"; + }; + + extraConfig = lib.mkOption { + type = lib.types.lines; + default = ""; + description = '' + Additional global section and extra section lines go in here. + ''; + example = '' + guest account = nobody + map to guest = bad user + ''; + }; + + shares = lib.mkOption { + default = { }; + description = '' + A set describing shared resources. + See man smb.conf for options. + ''; + type = lib.types.attrsOf (lib.types.attrsOf lib.types.unspecified); + example = lib.literalExample '' + { public = + { path = "/srv/public"; + "read only" = true; + browseable = "yes"; + "guest ok" = "yes"; + comment = "Public samba share."; + }; + } + ''; + }; + + users = lib.mkOption { + default = [ ]; + type = lib.types.listOf (lib.types.submodule { + options = { + user = lib.mkOption { + type = lib.types.str; + }; + passwordFile = lib.mkOption { + type = lib.types.path; + }; + }; + }); + }; + }; + }; + config = lib.mkIf cfg.enable { + boot.kernelModules = [ "ksmbd" ]; + environment.systemPackages = [ pkgs.ksmbd-tools ]; + + environment.etc."ksmbd/ksmbd.conf".text = '' + [global] + security = ${cfg.securityType} + ${cfg.extraConfig} + + ${smbToString (map shareConfig (lib.attrNames cfg.shares))} + ''; + + systemd.services.ksmbd = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = [ pkgs.ksmbd-tools ]; + preStart = builtins.concatStringsSep "\n" + (map (it: "ksmbd.adduser -i /run/ksmbd/passwd -a ${it.user} < ${it.passwordFile}") cfg.users); + serviceConfig = { + Type = "forking"; + ExecStart = "${pkgs.ksmbd-tools}/bin/ksmbd.mountd -C /etc/ksmbd/ksmbd.conf -P /run/ksmbd/passwd"; + Restart = "always"; + PrivateTmp = true; + RuntimeDirectory = "ksmbd"; + }; + }; + + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ 445 ]; + }; +} diff --git a/nixos/turingmachine/configuration.nix b/nixos/turingmachine/configuration.nix index 815b16831..6e42eecd4 100644 --- a/nixos/turingmachine/configuration.nix +++ b/nixos/turingmachine/configuration.nix @@ -53,6 +53,7 @@ ../modules/keyd.nix ../modules/lanzaboote.nix ../modules/no-hz.nix + ../modules/ksmbd.nix #../modules/k3s/server.nix ]; @@ -222,4 +223,14 @@ programs.gamemode.enable = true; security.sudo.wheelNeedsPassword = lib.mkForce true; # fprint + + services.ksmbd.enable = true; + services.ksmbd.openFirewall = true; + services.ksmbd.shares.public = { + path = "/var/lib/ksmbd"; + "read only" = true; + browseable = "yes"; + "guest ok" = "yes"; + comment = "Public samba share."; + }; }