samba and wireguard

2021-06-29 22:28:37 +03:00 · 2021-06-29 22:28:37 +03:00 · f290bef00c
commit f290bef00c
parent 4949659d36
3 changed files with 17 additions and 81 deletions
--- a/modules/filesystems.nix
+++ b/modules/filesystems.nix
@ -1,33 +1,11 @@
 { pkgs, lib, config, ... }:
 with rec {
-  inherit (config) deviceSpecific secrets;
+  inherit (config) deviceSpecific secrets device;
 };
 with deviceSpecific;
-# let
-#   wgEnabled = config.secrets.wireguard.${config.device}.enable;
-# in
 {
-
-  # services.zfs = {
-  #   trim.enable = true;
-  #   trim.interval = "weekly";
-  #   autoScrub.enable = true;
-  #   autoScrub.interval = "weekly";
-  #   autoSnapshot = {
-  #     enable = true;
-  #     frequent = 8;
-  #     hourly = 8;
-  #     daily = 4;
-  #     weekly = 2;
-  #     monthly = 2;
-  #   };
-  # };
-  secrets.samba-windows = {
-    encrypted = "${config.home-manager.users.alukard.xdg.dataHome}/password-store/samba/windows.gpg";
-    services = [ ];
-  };
-  secrets.samba-linux = {
-    encrypted = "${config.home-manager.users.alukard.xdg.dataHome}/password-store/samba/linux.gpg";
+  secrets.samba = {
+    # encrypted = "${config.home-manager.users.alukard.xdg.dataHome}/password-store/samba/linux.gpg";
    services = [ ];
  };

@ -46,10 +24,10 @@ with deviceSpecific;
        "gid=${toString config.users.groups.smbgrp.gid}"
      ];
    };
-    "/media/data" = if isHost then {
+    "/media/data" = if (device == "AMD-Workstation") then {
      # Samba host
      fsType = "ntfs";
-      device = "/dev/disk/by-partuuid/944f923d-cf08-4752-bf3f-8aa8e0190260";
+      device = "/dev/disk/by-partuuid/a61ac8ea-53b9-462f-8a93-a5c07b131209";
      options = [
        # "noatime"
        "nofail"
@ -61,23 +39,19 @@ with deviceSpecific;
      fsType = "cifs";
      device = "//192.168.0.100/data";
      options = [
-        "credentials=${secrets.samba-linux.decrypted}"
+        "credentials=${secrets.samba.decrypted}"
        "uid=${toString config.users.users.alukard.uid}"
        "gid=${toString config.users.groups.users.gid}"
        "vers=3.0"
        "nofail"
        "noauto"
        "x-systemd.automount"
-        "x-systemd.mount-timeout=15"
+        "x-systemd.mount-timeout=5"
        "_netdev"
      ];
-      # ] ++ lib.optionals wgEnabled [
-      #   "x-systemd.after=wg-quick-wg0.service"
-      # ];
    };
-    "/media/files" = if isHost then {
+    "/media/files" = if (device == "AMD-Workstation") then {
      # Samba host
-
      fsType = "ntfs";
      device = "/dev/disk/by-partuuid/8a1d933c-302b-4e62-b9af-a45ecd05777f";
      options = [
@ -91,69 +65,29 @@ with deviceSpecific;
      fsType = "cifs";
      device = "//192.168.0.100/files";
      options = [
-        "credentials=${secrets.samba-linux.decrypted}"
+        "credentials=${secrets.samba.decrypted}"
        "uid=${toString config.users.users.alukard.uid}"
        "gid=${toString config.users.groups.users.gid}"
        "vers=3.0"
        "nofail"
        "noauto"
        "x-systemd.automount"
-        "x-systemd.mount-timeout=15"
+        "x-systemd.mount-timeout=5"
        "_netdev"
      ];
-      # ] ++ lib.optionals wgEnabled [
-      #   "x-systemd.after=wg-quick-wg0.service"
-      # ];
-    };
-    # Samba Windows
-    "/media/windows/files" = lib.mkIf (!isHost) {
-      fsType = "cifs";
-      device = "//192.168.0.100/Files";
-      options = [
-        "credentials=${secrets.samba-windows.decrypted}"
-        "uid=${toString config.users.users.alukard.uid}"
-        "gid=${toString config.users.groups.users.gid}"
-        "vers=3.0"
-        "nofail"
-        "noauto"
-        "x-systemd.automount"
-        "x-systemd.mount-timeout=15"
-        "_netdev"
-      ];
-      # ] ++ lib.optionals wgEnabled [
-      #   "x-systemd.after=wg-quick-wg0.service"
-      # ];
-    };
-    "/media/windows/data" = lib.mkIf (!isHost) {
-      fsType = "cifs";
-      device = "//192.168.0.100/Data";
-      options = [
-        "credentials=${secrets.samba-windows.decrypted}"
-        "uid=${toString config.users.users.alukard.uid}"
-        "gid=${toString config.users.groups.users.gid}"
-        "vers=3.0"
-        "nofail"
-        "noauto"
-        "x-systemd.automount"
-        "x-systemd.mount-timeout=15"
-        "_netdev"
-      ];
-      # ] ++ lib.optionals wgEnabled [
-      #   "x-systemd.after=wg-quick-wg0.service"
-      # ];
    };

    # Music folder
    # TODO: FIXIT
    "/home/alukard/Music" = {
      fsType = "none";
-      device = "/media/windows/files/Music";
+      device = "/media/files/Music";
+      depends = [ "/media/files" ];
      options = [
        "uid=${toString config.users.users.alukard.uid}"
        "gid=${toString config.users.groups.users.gid}"
        "bind"
        "nofail"
-        "x-systemd.requires-mounts-for=media-windows-files.mount"
        "_netdev"
      ];
    };
--- a/modules/samba.nix
+++ b/modules/samba.nix
@ -5,7 +5,8 @@ with config.deviceSpecific; {
  # TODO: add nologin shell to this user
  users.users.smbuser =
  lib.mkIf isHost {
-    isNormalUser = false;
+    # isNormalUser = false;
+    isSystemUser = true;
    extraGroups = [
      "smbgrp"
    ];
@ -19,7 +20,7 @@ with config.deviceSpecific; {
    invalidUsers = [ "root" ];
    nsswins = false;
    securityType = "user";
-    syncPasswordsByPam = false;
+    # syncPasswordsByPam = false;
    configText = ''
      [global]
      server string = samba home server
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -54,5 +54,6 @@ in {
    networking.firewall.checkReversePath = "loose";
    environment.systemPackages = [ pkgs.wireguard-tools pkgs.mullvad-vpn ];
    services.mullvad-vpn.enable = true;
+    startupApplications = [ "${pkgs.mullvad-vpn}/share/mullvad/mullvad-gui" ];
  };
 }