nixos: configure samba and rsync shares with sets
This commit is contained in:
Emery Hemingway
parent
e5d92d45b7
commit
f30748a7cd
|
|
@ -6,113 +6,84 @@ let
|
||||||
|
|
||||||
cfg = config.services.rsyncd;
|
cfg = config.services.rsyncd;
|
||||||
|
|
||||||
motdFile = pkgs.writeText "rsyncd-motd" cfg.motd;
|
motdFile = builtins.toFile "rsyncd-motd" cfg.motd;
|
||||||
|
|
||||||
rsyncdCfg = ""
|
moduleConfig = name:
|
||||||
+ optionalString (cfg.motd != "") "motd file = ${motdFile}\n"
|
let module = getAttr name cfg.modules; in
|
||||||
+ optionalString (cfg.address != "") "address = ${cfg.address}\n"
|
"[${name}]\n " + (toString (
|
||||||
+ optionalString (cfg.port != 873) "port = ${toString cfg.port}\n"
|
map
|
||||||
+ cfg.extraConfig
|
(key: "${key} = ${toString (getAttr key module)}\n")
|
||||||
+ "\n"
|
(attrNames module)
|
||||||
+ flip concatMapStrings cfg.modules (m: "[${m.name}]\n\tpath = ${m.path}\n"
|
));
|
||||||
+ optionalString (m.comment != "") "\tcomment = ${m.comment}\n"
|
|
||||||
+ m.extraConfig
|
|
||||||
+ "\n"
|
|
||||||
);
|
|
||||||
|
|
||||||
rsyncdCfgFile = pkgs.writeText "rsyncd.conf" rsyncdCfg;
|
|
||||||
|
|
||||||
|
cfgFile = builtins.toFile "rsyncd.conf"
|
||||||
|
''
|
||||||
|
${optionalString (cfg.motd != "") "motd file = ${motdFile}"}
|
||||||
|
${optionalString (cfg.address != "") "address = ${cfg.address}"}
|
||||||
|
${optionalString (cfg.port != 873) "port = ${toString cfg.port}"}
|
||||||
|
${cfg.extraConfig}
|
||||||
|
${toString (map moduleConfig (attrNames cfg.modules))}
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
services.rsyncd = {
|
services.rsyncd = {
|
||||||
|
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
default = false;
|
default = false;
|
||||||
description = "Whether to enable the rsync daemon.";
|
description = "Whether to enable the rsync daemon.";
|
||||||
};
|
};
|
||||||
|
|
||||||
motd = mkOption {
|
motd = mkOption {
|
||||||
type = types.string;
|
type = types.string;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = ''
|
||||||
Message of the day to display to clients on each connect.
|
Message of the day to display to clients on each connect.
|
||||||
This usually contains site information and any legal notices.
|
This usually contains site information and any legal notices.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
default = 873;
|
default = 873;
|
||||||
type = types.int;
|
type = types.int;
|
||||||
description = "TCP port the daemon will listen on.";
|
description = "TCP port the daemon will listen on.";
|
||||||
};
|
};
|
||||||
|
|
||||||
address = mkOption {
|
address = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
example = "192.168.1.2";
|
example = "192.168.1.2";
|
||||||
description = ''
|
description = ''
|
||||||
IP address the daemon will listen on; rsyncd will listen on
|
IP address the daemon will listen on; rsyncd will listen on
|
||||||
all addresses if this is not specified.
|
all addresses if this is not specified.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = ''
|
||||||
Lines of configuration to add to rsyncd globally.
|
Lines of configuration to add to rsyncd globally.
|
||||||
See <literal>man rsyncd.conf</literal> for more options.
|
See <command>man rsyncd.conf</command> for options.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
modules = mkOption {
|
modules = mkOption {
|
||||||
default = [ ];
|
default = {};
|
||||||
example = [
|
description = ''
|
||||||
{ name = "ftp";
|
A set describing exported directories.
|
||||||
path = "/home/ftp";
|
See <command>man rsyncd.conf</command> for options.
|
||||||
comment = "ftp export area";
|
'';
|
||||||
extraConfig = ''
|
type = types.attrsOf (types.attrsOf types.str);
|
||||||
secrets file = /etc/rsyncd.secrets
|
example =
|
||||||
'';
|
{ srv =
|
||||||
}
|
{ path = "/srv";
|
||||||
];
|
"read only" = "yes";
|
||||||
description = "The list of file paths to export.";
|
comment = "Public rsync share.";
|
||||||
type = types.listOf types.optionSet;
|
};
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
name = mkOption {
|
|
||||||
example = "ftp";
|
|
||||||
type = types.string;
|
|
||||||
description = "Name of export module.";
|
|
||||||
};
|
|
||||||
|
|
||||||
comment = mkOption {
|
|
||||||
default = "";
|
|
||||||
description = ''
|
|
||||||
Description string that is displayed next to the module name
|
|
||||||
when clients obtain a list of available modules.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
path = mkOption {
|
|
||||||
example = "/home/ftp";
|
|
||||||
type = types.string;
|
|
||||||
description = "Directory to make available in this module.";
|
|
||||||
};
|
|
||||||
|
|
||||||
extraConfig = mkOption {
|
|
||||||
type = types.lines;
|
|
||||||
default = "";
|
|
||||||
description = ''
|
|
||||||
Lines of configuration to add to this module.
|
|
||||||
See <literal>man rsyncd.conf</literal> for more options.
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -120,20 +91,16 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
environment.etc = singleton
|
environment.etc = singleton {
|
||||||
{ source = rsyncdCfgFile;
|
source = cfgFile;
|
||||||
target = "rsyncd.conf";
|
target = "rsyncd.conf";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.rsyncd = {
|
systemd.services.rsyncd = {
|
||||||
description = "Rsync daemon";
|
description = "Rsync daemon";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
path = [ pkgs.rsync ];
|
|
||||||
|
|
||||||
serviceConfig.ExecStart = "${pkgs.rsync}/bin/rsync --daemon --no-detach";
|
serviceConfig.ExecStart = "${pkgs.rsync}/bin/rsync --daemon --no-detach";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,14 @@ let
|
||||||
mkdir -p ${privateDir}
|
mkdir -p ${privateDir}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
shareConfig = name:
|
||||||
|
let share = getAttr name cfg.shares; in
|
||||||
|
"[${name}]\n " + (toString (
|
||||||
|
map
|
||||||
|
(key: "${key} = ${toString (getAttr key share)}\n")
|
||||||
|
(attrNames share)
|
||||||
|
));
|
||||||
|
|
||||||
configFile = pkgs.writeText "smb.conf"
|
configFile = pkgs.writeText "smb.conf"
|
||||||
(if cfg.configText != null then cfg.configText else
|
(if cfg.configText != null then cfg.configText else
|
||||||
''
|
''
|
||||||
|
|
@ -36,6 +44,8 @@ let
|
||||||
${optionalString cfg.syncPasswordsByPam "pam password change = true"}
|
${optionalString cfg.syncPasswordsByPam "pam password change = true"}
|
||||||
|
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
|
|
||||||
|
${toString (map shareConfig (attrNames cfg.shares))}
|
||||||
'');
|
'');
|
||||||
|
|
||||||
# This may include nss_ldap, needed for samba if it has to use ldap.
|
# This may include nss_ldap, needed for samba if it has to use ldap.
|
||||||
|
|
@ -159,6 +169,23 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
shares = mkOption {
|
||||||
|
default = {};
|
||||||
|
description =
|
||||||
|
''
|
||||||
|
A set describing shared resources.
|
||||||
|
See <command>man smb.conf</command> for options.
|
||||||
|
'';
|
||||||
|
type = types.attrsOf (types.attrsOf types.str);
|
||||||
|
example =
|
||||||
|
{ srv =
|
||||||
|
{ path = "/srv";
|
||||||
|
"read only" = "yes";
|
||||||
|
comment = "Public samba share.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue