Automount samba shares

Create samba users
Use latest pykms
2022-04-24 21:56:28 -04:00 · 2022-04-24 21:55:24 -04:00 · 2022-04-24 21:54:04 -04:00 · 2022-04-24 21:53:41 -04:00 · 2022-04-24 21:26:29 -04:00
10 changed files with 70 additions and 15 deletions
--- a/common/default.nix
+++ b/common/default.nix
@ -57,6 +57,7 @@
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = (import ./ssh.nix).users;
    hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
+    uid = 1000;
  };
  nix.trustedUsers = [ "root" "googlebot" ];

--- a/common/hosts.nix
+++ b/common/hosts.nix
@ -3,6 +3,11 @@
 let
  system = (import ./ssh.nix).system;
 in {
+  networking.hosts = {
+    # some DNS providers filter local ip results from DNS request
+    "172.30.145.180" = [ "s0.zt.neet.dev" ];
+  };
+
  programs.ssh.knownHosts = {
    liza = {
      hostNames = [ "liza" "liza.neet.dev" ];
--- a/common/pc/chromium.nix
+++ b/common/pc/chromium.nix
@ -63,7 +63,7 @@ in {
        "fihnjjcciajhdojfnbdddfaoknhalnja" # I don't care about cookies
        "mnjggcdmjocbbbhaepdhchncahnbgone" # SponsorBlock
        "dhdgffkkebhmkfjojejmpbldmpobfkfo" # Tampermonkey
-        "ehpdicggenhgapiikfpnmppdonadlnmp" # Disable Scroll Jacking
+        # "ehpdicggenhgapiikfpnmppdonadlnmp" # Disable Scroll Jacking
      ];
      extraOpts = {
        "BrowserSignin" = 0;
--- a/common/pc/default.nix
+++ b/common/pc/default.nix
@ -17,6 +17,7 @@ in {
    ./discord.nix
    ./steam.nix
    ./touchpad.nix
+    ./mount-samba.nix
  ];

  options.de = {
--- a/common/pc/mount-samba.nix
+++ b/common/pc/mount-samba.nix
@ -0,0 +1,36 @@
+# mounts the samba share on s0 over zeroteir
+
+{ config, lib, ... }:
+
+let
+  cfg = config.services.mount-samba;
+
+  # prevents hanging on network split
+  network_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+
+  user_opts = "uid=${toString config.users.users.googlebot.uid},file_mode=0660,dir_mode=0770,user";
+  auth_opts = "credentials=/run/agenix/smb-secrets";
+  version_opts = "vers=2.1";
+
+  opts = "${network_opts},${user_opts},${version_opts}";
+in {
+  options.services.mount-samba = {
+    enable = lib.mkEnableOption "enable mounting samba shares";
+  };
+
+  config = lib.mkIf (cfg.enable && config.services.zerotierone.enable) {
+    fileSystems."/mnt/public" = {
+        device = "//s0.zt.neet.dev/public";
+        fsType = "cifs";
+        options = ["guest,${opts}"];
+    };
+
+    fileSystems."/mnt/private" = {
+        device = "//s0.zt.neet.dev/googlebot";
+        fsType = "cifs";
+        options = ["${auth_opts},${opts}"];
+    };
+
+    age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age;
+  };
+}
--- a/common/server/samba.nix
+++ b/common/server/samba.nix
@ -24,18 +24,6 @@
        load printers = yes
        printing = cups
        printcap name = cups
-
-        # encryption
-        server smb encrypt = desired
-
-        # gotta go fast https://wiki.archlinux.org/title/Samba#Improve_throughput
-        server multi channel support = yes
-        deadtime = 30
-        use sendfile = yes
-        min receivefile size = 16384
-        aio read size = 1
-        aio write size = 1
-        socket options = IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=131072 SO_SNDBUF=131072
      '';

      shares = {
@ -49,16 +37,28 @@
          "force user" = "public_data";
          "force group" = "public_data";
        };
-        private = {
-          path = "/data/samba/Private";
+        googlebot = {
+          path = "/data/samba/googlebot";
          browseable = "yes";
          "read only" = "no";
          "guest ok" = "no";
+          "valid users" = "googlebot";
          "create mask" = "0644";
          "directory mask" = "0755";
          "force user" = "googlebot";
          "force group" = "users";
        };
+        cris = {
+          path = "/data/samba/cris";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "no";
+          "valid users" = "cris";
+          "create mask" = "0644";
+          "directory mask" = "0755";
+          "force user" = "root";
+          "force group" = "users";
+        };
        printers = {
          comment = "All Printers";
          path = "/var/spool/samba";
--- a/machines/ray/configuration.nix
+++ b/machines/ray/configuration.nix
@ -49,6 +49,8 @@

  services.zerotierone.enable = true;

+  services.mount-samba.enable = true;
+
  de.enable = true;
  de.touchpad.enable = true;
 }
--- a/machines/storage/s0/configuration.nix
+++ b/machines/storage/s0/configuration.nix
@ -173,6 +173,15 @@
          runHook postInstall
        '';
      });
+
+      pykms = prev.pykms.overrideAttrs (old: {
+        src = pkgs.fetchFromGitHub {
+          owner = "Py-KMS-Organization";
+          repo = "py-kms";
+          rev = "7bea3a2cb03c4c3666ff41185ace9f7ea2a07b99";
+          sha256 = "90DqMqPjfqfyRq86UzG9B/TjY+yclJBlggw+eIDgRe0=";
+        };
+      });
    })
  ];
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -17,4 +17,5 @@ in
  "spotifyd.age".publicKeys = all;
  "wolframalpha.age".publicKeys = all;
  "cloudflared-navidrome.json.age".publicKeys = all;
+  "smb-secrets.age".publicKeys = all;
 }
--- a/secrets/smb-secrets.age
+++ b/secrets/smb-secrets.age
Author	SHA1	Message	Date
Zuckerberg	e37878c544	Automount samba shares	2022-04-24 21:56:28 -04:00
Zuckerberg	73bbd39c64	Create samba users	2022-04-24 21:55:24 -04:00
Zuckerberg	acbf162ffe	Use latest pykms	2022-04-24 21:54:04 -04:00
Zuckerberg	516121b26c	Revert broken samba config for now...	2022-04-24 21:53:41 -04:00
Zuckerberg	8742352ea9	Disable scroll jacking extension works poorly	2022-04-24 21:26:29 -04:00