nixfiles/hosts/koi/containers/sftpgo/samba.nix

{ abs, lib, config, pkgs, ... }@inputs:

let
  containers = import (abs "lib/containers.nix") inputs;
in
{
  imports = [
    (containers.mkNixosContainer {
      name = "puffer";
      ip = "10.42.0.5";
      private = false;

      config = { ... }: {
        users.users.smb-guest.isNormalUser = true;
        
        services.avahi = {
          enable = true;
          nssmdns4 = true;
          openFirewall = true;
          publish = {
            enable = true;
            userServices = true;
          };

          extraServiceFiles.puffer = ''
            <?xml version="1.0" standalone='no'?>
            <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
            <service-group>
              <name>puffer</name>
              <service>
                <port>445</port>
                <type>_smb._tcp</type>
              </service>
              <service>
                <port>9</port>
                <type>_adisk._tcp</type>
                <txt-record>sys=waMa=0,adVF=0x100</txt-record>
                <txt-record>dk0=adVN=Puffer TimeMachine,adVF=0x82</txt-record>
              </service>
              <service>
                <port>0</port>
                <type>_device-info._tcp</type>
                <txt-record>model=TimeCapsule8,119</txt-record>
              </service>
            </service-group>
          '';
        };

        services.samba = {
          enable = true;
          openFirewall = true;

          securityType = "user";
          extraConfig = ''
            workgroup = WORKGROUP
            server string = puffer
            netbios name = puffer
            security = user
            guest account = smb-guest
            map to guest = bad user
            hosts allow = 10.0.0.0/8
            hosts deny = 0.0.0.0/0
            inherit permissions = yes

            # Performance
            socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
            read raw = yes
            write raw = yes
            server signing = no
            strict locking = no
            min receivefile size = 16384
            use sendfile = Yes
            aio read size = 16384
            aio write size = 16384

            # Fruit global config
            fruit:aapl = yes
            fruit:nfs_aces = no
            fruit:copyfile = no
            fruit:model = MacSamba
          '';

          shares =
            let
              common = {
                browseable = "yes";
                "read only" = "yes";
                "guest ok" = "yes";
              };
            in
            {
              Downloads = common // {
                path = "/mnt/puffer/Downloads";
              };

              Public = common // {
                path = "/mnt/puffer/Public";
              };
            };
        };
      };

      mounts = {
        "/mnt/puffer/Downloads" = {
          hostPath = "/mnt/puffer/Downloads";
          isReadOnly = true;
        };
        "/mnt/puffer/Public" = {
          hostPath = "/mnt/puffer/Public";
          isReadOnly = true;
        };
      };
    })
  ];

}
chore(koi): moved sftpgo to a docker container 2024-09-18 01:04:59 +03:00			`{ abs, lib, config, pkgs, ... }@inputs:`

			`let`
			`containers = import (abs "lib/containers.nix") inputs;`
			`in`
			`{`
			`imports = [`
			`(containers.mkNixosContainer {`
			`name = "puffer";`
			`ip = "10.42.0.5";`
			`private = false;`

			`config = { ... }: {`
			`users.users.smb-guest.isNormalUser = true;`

			`services.avahi = {`
			`enable = true;`
			`nssmdns4 = true;`
			`openFirewall = true;`
			`publish = {`
			`enable = true;`
			`userServices = true;`
			`};`

			`extraServiceFiles.puffer = ''`
			`<?xml version="1.0" standalone='no'?>`
			`<!DOCTYPE service-group SYSTEM "avahi-service.dtd">`
			`<service-group>`
			`<name>puffer</name>`
			`<service>`
			`<port>445</port>`
			`<type>_smb._tcp</type>`
			`</service>`
			`<service>`
			`<port>9</port>`
			`<type>_adisk._tcp</type>`
			`<txt-record>sys=waMa=0,adVF=0x100</txt-record>`
			`<txt-record>dk0=adVN=Puffer TimeMachine,adVF=0x82</txt-record>`
			`</service>`
			`<service>`
			`<port>0</port>`
			`<type>_device-info._tcp</type>`
			`<txt-record>model=TimeCapsule8,119</txt-record>`
			`</service>`
			`</service-group>`
			`'';`
			`};`

			`services.samba = {`
			`enable = true;`
			`openFirewall = true;`

			`securityType = "user";`
			`extraConfig = ''`
			`workgroup = WORKGROUP`
			`server string = puffer`
			`netbios name = puffer`
			`security = user`
			`guest account = smb-guest`
			`map to guest = bad user`
			`hosts allow = 10.0.0.0/8`
			`hosts deny = 0.0.0.0/0`
			`inherit permissions = yes`

			`# Performance`
			`socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072`
			`read raw = yes`
			`write raw = yes`
			`server signing = no`
			`strict locking = no`
			`min receivefile size = 16384`
			`use sendfile = Yes`
			`aio read size = 16384`
			`aio write size = 16384`

			`# Fruit global config`
			`fruit:aapl = yes`
			`fruit:nfs_aces = no`
			`fruit:copyfile = no`
			`fruit:model = MacSamba`
			`'';`

			`shares =`
			`let`
			`common = {`
			`browseable = "yes";`
			`"read only" = "yes";`
			`"guest ok" = "yes";`
			`};`
			`in`
			`{`
			`Downloads = common // {`
			`path = "/mnt/puffer/Downloads";`
			`};`

			`Public = common // {`
			`path = "/mnt/puffer/Public";`
			`};`
			`};`
			`};`
			`};`

			`mounts = {`
			`"/mnt/puffer/Downloads" = {`
			`hostPath = "/mnt/puffer/Downloads";`
			`isReadOnly = true;`
			`};`
			`"/mnt/puffer/Public" = {`
			`hostPath = "/mnt/puffer/Public";`
			`isReadOnly = true;`
			`};`
			`};`
			`})`
			`];`

			`}`