move some stuff into hosts/hostname/profiles

2025-06-06 11:28:00 +02:00 · 2025-06-06 11:28:00 +02:00 · e2946e4a1f
commit e2946e4a1f
parent 9c9a3d543c
33 changed files with 14 additions and 14 deletions
--- a/hosts/hopper/profiles/lab/samba.nix
+++ b/hosts/hopper/profiles/lab/samba.nix
@ -0,0 +1,80 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  # only used for samba
+  users.groups.xun = {};
+  users.users.xun = {
+    isSystemUser = true;
+    group = "xun";
+    extraGroups = ["transmission" "vault" "media"];
+  };
+
+  users.users.media = {
+    isSystemUser = true;
+    group = "media";
+  };
+
+  users.groups.vault = {};
+  systemd.tmpfiles.rules = [
+    "d /srv/vault 0770 root vault -"
+    "d /media/library 0770 media media -"
+  ];
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        "log level" = "3 passdb:5 auth:5";
+        "log file" = "/var/log/samba/samba.log";
+        "server string" = config.networking.hostName;
+        "hosts allow" = "192.168.50.0/24";
+        "map to guest" = "bad user";
+        "passdb backend" = "smbpasswd:${config.sops.secrets.samba-pass.path}";
+      };
+      transmission = {
+        path = "/var/lib/transmission";
+        browseable = "yes";
+        "read only" = "yes";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+      };
+      vault = {
+        path = "/srv/vault";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "force user" = "xun";
+        "force group" = "xun";
+      };
+      slskd = {
+        path = "/var/lib/slskd";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "force user" = "slskd";
+        "force group" = "slskd";
+      };
+      library = {
+        path = "media/library";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0660";
+        "directory mask" = "0770";
+        "force user" = "media";
+        "force group" = "media";
+      };
+    };
+  };
+
+  environment.persistence."/persist".directories = ["/srv/vault"];
+  services.restic.backups.hopper.paths = ["/srv/vault"];
+}