nixos/samba: cleanup and update defaults
This commit is contained in:
parent
fe07c77ff1
commit
b903bf0a57
1 changed files with 32 additions and 69 deletions
|
@ -6,25 +6,11 @@ let
|
|||
|
||||
cfg = config.services.samba;
|
||||
|
||||
logDir = "/var/log/samba";
|
||||
privateDir = "/var/samba/private";
|
||||
|
||||
samba = cfg.package;
|
||||
|
||||
setupScript =
|
||||
''
|
||||
if ! test -d /var/samba ; then
|
||||
mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd
|
||||
fi
|
||||
|
||||
passwdFile="$(${pkgs.gnused}/bin/sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})"
|
||||
if [ -n "$passwdFile" ]; then
|
||||
echo 'INFO: [samba] creating directory containing passwd file'
|
||||
mkdir -p "$(dirname "$passwdFile")"
|
||||
fi
|
||||
|
||||
mkdir -p ${logDir}
|
||||
mkdir -p ${privateDir}
|
||||
mkdir -p /var/lock/samba /var/log/samba /var/cache/samba /var/lib/samba/private
|
||||
'';
|
||||
|
||||
shareConfig = name:
|
||||
|
@ -39,9 +25,10 @@ let
|
|||
(if cfg.configText != null then cfg.configText else
|
||||
''
|
||||
[ global ]
|
||||
log file = ${logDir}/log.%m
|
||||
private dir = ${privateDir}
|
||||
${optionalString cfg.syncPasswordsByPam "pam password change = true"}
|
||||
security = ${cfg.securityType}
|
||||
passwd program = /var/setuid-wrappers/passwd %u
|
||||
pam password change = ${toString cfg.syncPasswordsByPam}
|
||||
invalid users = ${toString cfg.invalidUsers}
|
||||
|
||||
${cfg.extraConfig}
|
||||
|
||||
|
@ -83,14 +70,16 @@ in
|
|||
services.samba = {
|
||||
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "
|
||||
description = ''
|
||||
Whether to enable Samba, which provides file and print
|
||||
services to Windows clients through the SMB/CIFS protocol.
|
||||
";
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.samba;
|
||||
example = pkgs.samba4;
|
||||
description = ''
|
||||
|
@ -99,72 +88,47 @@ in
|
|||
};
|
||||
|
||||
syncPasswordsByPam = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "
|
||||
enabling this will add a line directly after pam_unix.so.
|
||||
description = ''
|
||||
Enabling this will add a line directly after pam_unix.so.
|
||||
Whenever a password is changed the samba password will be updated as well.
|
||||
However you still yave to add the samba password once using smbpasswd -a user
|
||||
If you don't want to maintain an extra pwd database you still can send plain text
|
||||
passwords which is not secure.
|
||||
";
|
||||
'';
|
||||
};
|
||||
|
||||
invalidUsers = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ "root" ];
|
||||
description = ''
|
||||
List of users who are denied to login via Samba.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
# !!! Bad default.
|
||||
default = ''
|
||||
# [global] continuing global section here, section is started by nix to set pids etc
|
||||
|
||||
smb passwd file = /etc/samba/passwd
|
||||
|
||||
# is this useful ?
|
||||
domain master = auto
|
||||
|
||||
encrypt passwords = Yes
|
||||
client plaintext auth = No
|
||||
|
||||
# yes: if you use this you probably also want to enable syncPasswordsByPam
|
||||
# no: You can still use the pam password database. However
|
||||
# passwords will be sent plain text on network (discouraged)
|
||||
|
||||
workgroup = Users
|
||||
server string = %h
|
||||
comment = Samba
|
||||
log file = /var/log/samba/log.%m
|
||||
log level = 10
|
||||
max log size = 50000
|
||||
security = ${cfg.securityType}
|
||||
|
||||
client lanman auth = Yes
|
||||
dns proxy = no
|
||||
invalid users = root
|
||||
passdb backend = tdbsam
|
||||
passwd program = /usr/bin/passwd %u
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Additional global section and extra section lines go in here.
|
||||
'';
|
||||
|
||||
description = "
|
||||
additional global section and extra section lines go in here.
|
||||
";
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
description = "
|
||||
internal use to pass filepath to samba pam module
|
||||
";
|
||||
};
|
||||
|
||||
configText = mkOption {
|
||||
type = types.nullOr types.lines;
|
||||
default = null;
|
||||
description = "
|
||||
description = ''
|
||||
Verbatim contents of smb.conf. If null (default), use the
|
||||
autogenerated file from NixOS instead.
|
||||
";
|
||||
'';
|
||||
};
|
||||
|
||||
securityType = mkOption {
|
||||
description = "Samba security type";
|
||||
type = types.str;
|
||||
default = "user";
|
||||
example = "share";
|
||||
description = "Samba security type";
|
||||
};
|
||||
|
||||
nsswins = mkOption {
|
||||
|
@ -179,12 +143,11 @@ in
|
|||
|
||||
shares = mkOption {
|
||||
default = {};
|
||||
description =
|
||||
''
|
||||
description = ''
|
||||
A set describing shared resources.
|
||||
See <command>man smb.conf</command> for options.
|
||||
'';
|
||||
type = types.attrsOf (types.attrsOf types.str);
|
||||
'';
|
||||
type = types.attrsOf (types.attrsOf types.unspecified);
|
||||
example =
|
||||
{ srv =
|
||||
{ path = "/srv";
|
||||
|
|
Loading…
Reference in a new issue