diff options
author | Nikolay Amiantov <ab@fmap.me> | 2015-02-04 22:31:50 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2015-02-04 22:31:50 +0300 |
commit | b903bf0a5752668dbbd6e7563e2c7b28309af2f6 (patch) | |
tree | fd668b325b0c1661e79ea38d819c4e6a5c814fcc /nixos/modules | |
parent | fe07c77ff142f8a26ab0c14c65255748aa646a3a (diff) | |
download | nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.tar nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.tar.gz nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.tar.bz2 nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.tar.lz nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.tar.xz nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.tar.zst nixlib-b903bf0a5752668dbbd6e7563e2c7b28309af2f6.zip |
nixos/samba: cleanup and update defaults
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/network-filesystems/samba.nix | 99 |
1 files changed, 31 insertions, 68 deletions
diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix index 6fcf89999523..8c79bf663d15 100644 --- a/nixos/modules/services/network-filesystems/samba.nix +++ b/nixos/modules/services/network-filesystems/samba.nix @@ -6,25 +6,11 @@ let cfg = config.services.samba; - logDir = "/var/log/samba"; - privateDir = "/var/samba/private"; - samba = cfg.package; setupScript = '' - if ! test -d /var/samba ; then - mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd - fi - - passwdFile="$(${pkgs.gnused}/bin/sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})" - if [ -n "$passwdFile" ]; then - echo 'INFO: [samba] creating directory containing passwd file' - mkdir -p "$(dirname "$passwdFile")" - fi - - mkdir -p ${logDir} - mkdir -p ${privateDir} + mkdir -p /var/lock/samba /var/log/samba /var/cache/samba /var/lib/samba/private ''; shareConfig = name: @@ -39,9 +25,10 @@ let (if cfg.configText != null then cfg.configText else '' [ global ] - log file = ${logDir}/log.%m - private dir = ${privateDir} - ${optionalString cfg.syncPasswordsByPam "pam password change = true"} + security = ${cfg.securityType} + passwd program = /var/setuid-wrappers/passwd %u + pam password change = ${toString cfg.syncPasswordsByPam} + invalid users = ${toString cfg.invalidUsers} ${cfg.extraConfig} @@ -83,14 +70,16 @@ in services.samba = { enable = mkOption { + type = types.bool; default = false; - description = " + description = '' Whether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol. - "; + ''; }; package = mkOption { + type = types.package; default = pkgs.samba; example = pkgs.samba4; description = '' @@ -99,72 +88,47 @@ in }; syncPasswordsByPam = mkOption { + type = types.bool; default = false; - description = " - enabling this will add a line directly after pam_unix.so. + description = '' + Enabling this will add a line directly after pam_unix.so. Whenever a password is changed the samba password will be updated as well. However you still yave to add the samba password once using smbpasswd -a user If you don't want to maintain an extra pwd database you still can send plain text passwords which is not secure. - "; + ''; }; - extraConfig = mkOption { - # !!! Bad default. - default = '' - # [global] continuing global section here, section is started by nix to set pids etc - - smb passwd file = /etc/samba/passwd - - # is this useful ? - domain master = auto - - encrypt passwords = Yes - client plaintext auth = No - - # yes: if you use this you probably also want to enable syncPasswordsByPam - # no: You can still use the pam password database. However - # passwords will be sent plain text on network (discouraged) - - workgroup = Users - server string = %h - comment = Samba - log file = /var/log/samba/log.%m - log level = 10 - max log size = 50000 - security = ${cfg.securityType} - - client lanman auth = Yes - dns proxy = no - invalid users = root - passdb backend = tdbsam - passwd program = /usr/bin/passwd %u + invalidUsers = mkOption { + type = types.listOf types.str; + default = [ "root" ]; + description = '' + List of users who are denied to login via Samba. ''; - - description = " - additional global section and extra section lines go in here. - "; }; - configFile = mkOption { - description = " - internal use to pass filepath to samba pam module - "; + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Additional global section and extra section lines go in here. + ''; }; configText = mkOption { type = types.nullOr types.lines; default = null; - description = " + description = '' Verbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead. - "; + ''; }; securityType = mkOption { - description = "Samba security type"; + type = types.str; default = "user"; example = "share"; + description = "Samba security type"; }; nsswins = mkOption { @@ -179,12 +143,11 @@ in shares = mkOption { default = {}; - description = - '' + description = '' A set describing shared resources. See <command>man smb.conf</command> for options. - ''; - type = types.attrsOf (types.attrsOf types.str); + ''; + type = types.attrsOf (types.attrsOf types.unspecified); example = { srv = { path = "/srv"; |