From 24a9712b3a978148a90dbd93033d8421f21e5e2e Mon Sep 17 00:00:00 2001 From: billimek Date: Tue, 27 Feb 2024 19:19:31 -0500 Subject: [PATCH] feat: Add Avahi and Samba configurations for network services Introduce Avahi and Samba configurations to enable network services and file sharing functionalities for the NAS system. Configure necessary settings for Avahi and Samba to facilitate network discovery and file sharing capabilities. Include specific configurations for services, firewall rules, and shared directories. Set up user and group permissions for NAS functionality. Install required packages for network management and monitoring. --- hosts/common/optional/avahi.nix | 33 +++++++++ hosts/common/optional/samba.nix | 117 ++++++++++++++++++++++++++++++++ hosts/nas/default.nix | 21 ++++++ 3 files changed, 171 insertions(+) create mode 100644 hosts/common/optional/avahi.nix create mode 100644 hosts/common/optional/samba.nix diff --git a/hosts/common/optional/avahi.nix b/hosts/common/optional/avahi.nix new file mode 100644 index 0000000..9c15000 --- /dev/null +++ b/hosts/common/optional/avahi.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.avahi = { + enable = true; + nssmdns = true; + openFirewall = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + smb = '' + + + + %h + + _smb._tcp + 445 + + + ''; + }; + }; +} \ No newline at end of file diff --git a/hosts/common/optional/samba.nix b/hosts/common/optional/samba.nix new file mode 100644 index 0000000..b6d0c05 --- /dev/null +++ b/hosts/common/optional/samba.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.samba-wsdd.enable = true; + services.samba-wsdd.workgroup = "WORKGROUP"; + networking.firewall.allowedTCPPorts = [ + 5357 # wsdd + ]; + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + ]; + services.samba = { + enable = true; + securityType = "user"; + enableNmbd = true; # namespace and browsing suport + enableWinbindd = true; # integrations linux user auth + openFirewall = true; + extraConfig = '' + # server string = nas + # netbios name = nas + workgroup = WORKGROUP + browseable = yes + smb encrypt = auto + load printers = no + printcap name = /dev/null + guest account = nobody + map to guest = bad user + hosts allow = 10.0.7. 10.0.2. 10.2.0. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + vfs objects = catia fruit streams_xattr + fruit:nfs_aces = no + fruit:zero_file_id = yes + fruit:metadata = stream + fruit:encoding = native + spotlight backend = tracker + fruit:model = MacPro7,1@ECOLOR=226,226,224 + fruit:wipe_intentionally_left_blank_rfork = yes + fruit:delete_empty_adfiles = yes + ''; + + # Don't forget to run `smbpasswd -a ` to set the passwords (the user must already exit) + shares = { + timemachine = { + path = "/mnt/tank/backups/timemachine"; + browseable = "yes"; + # "valid users" = "root"; + public = "no"; + writeable = "yes"; + "force user" = "root"; + "force group" = "root"; + "fruit:aapl" = "yes"; + "fruit:time machine" = "yes"; + "vfs objects" = "catia fruit streams_xattr"; + }; + Tesla = { + path = "/mnt/tank/media/Videos/Tesla"; + browseable = "yes"; + "force user" = "nas"; + "force group" = "nas"; + "guest ok" = "no"; + public = "no"; + "read only" = "no"; + writeable = "yes"; + "create mask" = "0666"; + "directory mask" = "0777"; + "veto files" = "/._*/.DS_Store/"; + "delete veto files" = "yes"; + "spotlight" = "yes"; + }; + media = { + path = "/mnt/tank/media"; + browseable = "yes"; + "force user" = "nas"; + # "force group" = "nas"; + "guest ok" = "no"; + public = "no"; + "read only" = "no"; + writeable = "yes"; + "create mask" = "0666"; + "directory mask" = "0777"; + "veto files" = "/._*/.DS_Store/"; + "delete veto files" = "yes"; + "spotlight" = "yes"; + }; + Photographs = { + path = "/mnt/tank/media/Photographs"; + browseable = "yes"; + "force user" = "nas"; + "force group" = "nas"; + "guest ok" = "no"; + public = "no"; + "read only" = "no"; + writeable = "yes"; + "create mask" = "0666"; + "directory mask" = "0777"; + "veto files" = "/._*/.DS_Store/"; + "delete veto files" = "yes"; + "spotlight" = "yes"; + }; + backups = { + path = "/mnt/tank/backups"; + browseable = "yes"; + "force user" = "root"; + "force group" = "root"; + "guest ok" = "no"; + public = "no"; + "read only" = "no"; + writeable = "yes"; + "veto files" = "/._*/.DS_Store/"; + "delete veto files" = "yes"; + }; + }; + }; +} diff --git a/hosts/nas/default.nix b/hosts/nas/default.nix index ff5118d..fa5e5a6 100644 --- a/hosts/nas/default.nix +++ b/hosts/nas/default.nix @@ -10,9 +10,11 @@ ../common/nixos ../common/nixos/auto-upgrade.nix ../common/nixos/users/nix + ../common/optional/avahi.nix ../common/optional/fish.nix ../common/optional/nfs.nix ../common/optional/reboot-required.nix + ../common/optional/samba.nix ../common/optional/virtulization.nix ../common/optional/vscode-server.nix ../common/optional/zfs.nix @@ -24,6 +26,25 @@ networkmanager.enable = true; # Easiest to use and most distros use this by default. }; + users.groups = { + nas.gid = 1001; + }; + users.users = { + nas = { + group = "nas"; + uid = 1001; + isSystemUser = true; + # isNormalUser = true; + }; + }; + services.smartd.enable = true; + environment.systemPackages = with pkgs; [ + ipmitool + lshw + rclone + smartmontools + ]; + # may fix issues with network service failing during a nixos-rebuild systemd.services.NetworkManager-wait-online.enable = lib.mkForce false; systemd.services.systemd-networkd-wait-online.enable = lib.mkForce false;