nixos: configure samba and rsync shares with sets
This commit is contained in:
parent
e5d92d45b7
commit
f30748a7cd
@ -6,113 +6,84 @@ let
|
||||
|
||||
cfg = config.services.rsyncd;
|
||||
|
||||
motdFile = pkgs.writeText "rsyncd-motd" cfg.motd;
|
||||
motdFile = builtins.toFile "rsyncd-motd" cfg.motd;
|
||||
|
||||
rsyncdCfg = ""
|
||||
+ optionalString (cfg.motd != "") "motd file = ${motdFile}\n"
|
||||
+ optionalString (cfg.address != "") "address = ${cfg.address}\n"
|
||||
+ optionalString (cfg.port != 873) "port = ${toString cfg.port}\n"
|
||||
+ cfg.extraConfig
|
||||
+ "\n"
|
||||
+ flip concatMapStrings cfg.modules (m: "[${m.name}]\n\tpath = ${m.path}\n"
|
||||
+ optionalString (m.comment != "") "\tcomment = ${m.comment}\n"
|
||||
+ m.extraConfig
|
||||
+ "\n"
|
||||
);
|
||||
|
||||
rsyncdCfgFile = pkgs.writeText "rsyncd.conf" rsyncdCfg;
|
||||
moduleConfig = name:
|
||||
let module = getAttr name cfg.modules; in
|
||||
"[${name}]\n " + (toString (
|
||||
map
|
||||
(key: "${key} = ${toString (getAttr key module)}\n")
|
||||
(attrNames module)
|
||||
));
|
||||
|
||||
cfgFile = builtins.toFile "rsyncd.conf"
|
||||
''
|
||||
${optionalString (cfg.motd != "") "motd file = ${motdFile}"}
|
||||
${optionalString (cfg.address != "") "address = ${cfg.address}"}
|
||||
${optionalString (cfg.port != 873) "port = ${toString cfg.port}"}
|
||||
${cfg.extraConfig}
|
||||
${toString (map moduleConfig (attrNames cfg.modules))}
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
services.rsyncd = {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "Whether to enable the rsync daemon.";
|
||||
description = "Whether to enable the rsync daemon.";
|
||||
};
|
||||
|
||||
motd = mkOption {
|
||||
type = types.string;
|
||||
default = "";
|
||||
description = ''
|
||||
Message of the day to display to clients on each connect.
|
||||
This usually contains site information and any legal notices.
|
||||
'';
|
||||
description = ''
|
||||
Message of the day to display to clients on each connect.
|
||||
This usually contains site information and any legal notices.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
default = 873;
|
||||
type = types.int;
|
||||
description = "TCP port the daemon will listen on.";
|
||||
type = types.int;
|
||||
description = "TCP port the daemon will listen on.";
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
default = "";
|
||||
example = "192.168.1.2";
|
||||
description = ''
|
||||
IP address the daemon will listen on; rsyncd will listen on
|
||||
all addresses if this is not specified.
|
||||
'';
|
||||
example = "192.168.1.2";
|
||||
description = ''
|
||||
IP address the daemon will listen on; rsyncd will listen on
|
||||
all addresses if this is not specified.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Lines of configuration to add to rsyncd globally.
|
||||
See <literal>man rsyncd.conf</literal> for more options.
|
||||
'';
|
||||
default = "";
|
||||
description = ''
|
||||
Lines of configuration to add to rsyncd globally.
|
||||
See <command>man rsyncd.conf</command> for options.
|
||||
'';
|
||||
};
|
||||
|
||||
modules = mkOption {
|
||||
default = [ ];
|
||||
example = [
|
||||
{ name = "ftp";
|
||||
path = "/home/ftp";
|
||||
comment = "ftp export area";
|
||||
extraConfig = ''
|
||||
secrets file = /etc/rsyncd.secrets
|
||||
'';
|
||||
}
|
||||
];
|
||||
description = "The list of file paths to export.";
|
||||
type = types.listOf types.optionSet;
|
||||
|
||||
options = {
|
||||
|
||||
name = mkOption {
|
||||
example = "ftp";
|
||||
type = types.string;
|
||||
description = "Name of export module.";
|
||||
};
|
||||
|
||||
comment = mkOption {
|
||||
default = "";
|
||||
description = ''
|
||||
Description string that is displayed next to the module name
|
||||
when clients obtain a list of available modules.
|
||||
'';
|
||||
};
|
||||
|
||||
path = mkOption {
|
||||
example = "/home/ftp";
|
||||
type = types.string;
|
||||
description = "Directory to make available in this module.";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
description = ''
|
||||
Lines of configuration to add to this module.
|
||||
See <literal>man rsyncd.conf</literal> for more options.
|
||||
'';
|
||||
default = {};
|
||||
description = ''
|
||||
A set describing exported directories.
|
||||
See <command>man rsyncd.conf</command> for options.
|
||||
'';
|
||||
type = types.attrsOf (types.attrsOf types.str);
|
||||
example =
|
||||
{ srv =
|
||||
{ path = "/srv";
|
||||
"read only" = "yes";
|
||||
comment = "Public rsync share.";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
@ -120,20 +91,16 @@ in
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.etc = singleton
|
||||
{ source = rsyncdCfgFile;
|
||||
environment.etc = singleton {
|
||||
source = cfgFile;
|
||||
target = "rsyncd.conf";
|
||||
};
|
||||
|
||||
systemd.services.rsyncd = {
|
||||
description = "Rsync daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
path = [ pkgs.rsync ];
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.rsync}/bin/rsync --daemon --no-detach";
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
};
|
||||
}
|
||||
|
@ -27,6 +27,14 @@ let
|
||||
mkdir -p ${privateDir}
|
||||
'';
|
||||
|
||||
shareConfig = name:
|
||||
let share = getAttr name cfg.shares; in
|
||||
"[${name}]\n " + (toString (
|
||||
map
|
||||
(key: "${key} = ${toString (getAttr key share)}\n")
|
||||
(attrNames share)
|
||||
));
|
||||
|
||||
configFile = pkgs.writeText "smb.conf"
|
||||
(if cfg.configText != null then cfg.configText else
|
||||
''
|
||||
@ -36,6 +44,8 @@ let
|
||||
${optionalString cfg.syncPasswordsByPam "pam password change = true"}
|
||||
|
||||
${cfg.extraConfig}
|
||||
|
||||
${toString (map shareConfig (attrNames cfg.shares))}
|
||||
'');
|
||||
|
||||
# This may include nss_ldap, needed for samba if it has to use ldap.
|
||||
@ -159,6 +169,23 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
shares = mkOption {
|
||||
default = {};
|
||||
description =
|
||||
''
|
||||
A set describing shared resources.
|
||||
See <command>man smb.conf</command> for options.
|
||||
'';
|
||||
type = types.attrsOf (types.attrsOf types.str);
|
||||
example =
|
||||
{ srv =
|
||||
{ path = "/srv";
|
||||
"read only" = "yes";
|
||||
comment = "Public samba share.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user