mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-22 01:11:02 +03:00
4f0dadbf38
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
400 lines
12 KiB
Nix
400 lines
12 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.samba;
|
|
|
|
settingsFormat = pkgs.formats.ini {
|
|
listToValue = lib.concatMapStringsSep " " (lib.generators.mkValueStringDefault { });
|
|
};
|
|
# Ensure the global section is always first
|
|
globalConfigFile = settingsFormat.generate "smb-global.conf" { global = cfg.settings.global; };
|
|
sharesConfigFile = settingsFormat.generate "smb-shares.conf" (
|
|
lib.removeAttrs cfg.settings [ "global" ]
|
|
);
|
|
|
|
configFile = pkgs.concatText "smb.conf" [
|
|
globalConfigFile
|
|
sharesConfigFile
|
|
];
|
|
|
|
in
|
|
|
|
{
|
|
meta = {
|
|
doc = ./samba.md;
|
|
maintainers = [ lib.maintainers.anthonyroussel ];
|
|
};
|
|
|
|
imports = [
|
|
(lib.mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "")
|
|
(lib.mkRemovedOptionModule [ "services" "samba" "syncPasswordsByPam" ]
|
|
"This option has been removed by upstream, see https://bugzilla.samba.org/show_bug.cgi?id=10669#c10"
|
|
)
|
|
|
|
(lib.mkRemovedOptionModule [ "services" "samba" "configText" ] ''
|
|
Use services.samba.settings instead.
|
|
|
|
This is part of the general move to use structured settings instead of raw
|
|
text for config as introduced by RFC0042:
|
|
https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
|
|
'')
|
|
(lib.mkRemovedOptionModule [
|
|
"services"
|
|
"samba"
|
|
"extraConfig"
|
|
] "Use services.samba.settings instead.")
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "samba" "invalidUsers" ]
|
|
[ "services" "samba" "settings" "global" "invalid users" ]
|
|
)
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "samba" "securityType" ]
|
|
[ "services" "samba" "settings" "global" "security" ]
|
|
)
|
|
(lib.mkRenamedOptionModule [ "services" "samba" "shares" ] [ "services" "samba" "settings" ])
|
|
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "samba" "enableWinbindd" ]
|
|
[ "services" "samba" "winbindd" "enable" ]
|
|
)
|
|
(lib.mkRenamedOptionModule
|
|
[ "services" "samba" "enableNmbd" ]
|
|
[ "services" "samba" "nmbd" "enable" ]
|
|
)
|
|
];
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
services.samba = {
|
|
enable = lib.mkEnableOption "Samba, the SMB/CIFS protocol";
|
|
|
|
package = lib.mkPackageOption pkgs "samba" {
|
|
example = "samba4Full";
|
|
};
|
|
|
|
openFirewall = lib.mkEnableOption "opening the default ports in the firewall for Samba";
|
|
|
|
smbd = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = "Whether to enable Samba's smbd daemon.";
|
|
};
|
|
|
|
extraArgs = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
description = "Extra arguments to pass to the smbd service.";
|
|
};
|
|
};
|
|
|
|
nmbd = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = ''
|
|
Whether to enable Samba's nmbd, which replies to NetBIOS over IP name
|
|
service requests. It also participates in the browsing protocols
|
|
which make up the Windows "Network Neighborhood" view.
|
|
'';
|
|
};
|
|
|
|
extraArgs = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
description = "Extra arguments to pass to the nmbd service.";
|
|
};
|
|
};
|
|
|
|
winbindd = {
|
|
enable = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = ''
|
|
Whether to enable Samba's winbindd, which provides a number of services
|
|
to the Name Service Switch capability found in most modern C libraries,
|
|
to arbitrary applications via PAM and ntlm_auth and to Samba itself.
|
|
'';
|
|
};
|
|
|
|
extraArgs = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
description = "Extra arguments to pass to the winbindd service.";
|
|
};
|
|
};
|
|
|
|
usershares = {
|
|
enable = lib.mkEnableOption "user-configurable Samba shares";
|
|
group = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "samba";
|
|
description = ''
|
|
Name of the group members of which will be allowed to create usershares.
|
|
|
|
The group will be created automatically.
|
|
'';
|
|
};
|
|
};
|
|
|
|
nsswins = lib.mkEnableOption ''
|
|
WINS NSS (Name Service Switch) plug-in.
|
|
|
|
Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a.
|
|
Windows machine names) by transparently querying the winbindd daemon
|
|
'';
|
|
|
|
settings = lib.mkOption {
|
|
type = lib.types.submodule {
|
|
freeformType = settingsFormat.type;
|
|
options = {
|
|
global.security = lib.mkOption {
|
|
type = lib.types.enum [
|
|
"auto"
|
|
"user"
|
|
"domain"
|
|
"ads"
|
|
];
|
|
default = "user";
|
|
description = "Samba security type.";
|
|
};
|
|
global."invalid users" = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ "root" ];
|
|
description = "List of users who are denied to login via Samba.";
|
|
};
|
|
global."passwd program" = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "/run/wrappers/bin/passwd %u";
|
|
description = "Path to a program that can be used to set UNIX user passwords.";
|
|
};
|
|
};
|
|
};
|
|
default = {
|
|
"global" = {
|
|
"security" = "user";
|
|
"passwd program" = "/run/wrappers/bin/passwd %u";
|
|
"invalid users" = [ "root" ];
|
|
};
|
|
};
|
|
example = {
|
|
"global" = {
|
|
"security" = "user";
|
|
"passwd program" = "/run/wrappers/bin/passwd %u";
|
|
"invalid users" = [ "root" ];
|
|
};
|
|
"public" = {
|
|
"path" = "/srv/public";
|
|
"read only" = "yes";
|
|
"browseable" = "yes";
|
|
"guest ok" = "yes";
|
|
"comment" = "Public samba share.";
|
|
};
|
|
};
|
|
description = ''
|
|
Configuration file for the Samba suite in ini format.
|
|
This file is located in /etc/samba/smb.conf
|
|
|
|
Refer to <https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html>
|
|
for all available options.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = lib.mkMerge [
|
|
{
|
|
assertions = [
|
|
{
|
|
assertion = cfg.nsswins -> cfg.winbindd.enable;
|
|
message = "If services.samba.nsswins is enabled, then services.samba.winbindd.enable must also be enabled";
|
|
}
|
|
];
|
|
}
|
|
|
|
(lib.mkIf cfg.enable {
|
|
environment.etc."samba/smb.conf".source = configFile;
|
|
|
|
system.nssModules = lib.optional cfg.nsswins cfg.package;
|
|
system.nssDatabases.hosts = lib.optional cfg.nsswins "wins";
|
|
|
|
systemd = {
|
|
slices.system-samba = {
|
|
description = "Samba (SMB Networking Protocol) Slice";
|
|
};
|
|
targets.samba = {
|
|
description = "Samba Server";
|
|
after = [ "network.target" ];
|
|
wants = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
tmpfiles.rules = [
|
|
"d /var/lock/samba - - - - -"
|
|
"d /var/log/samba - - - - -"
|
|
"d /var/cache/samba - - - - -"
|
|
"d /var/lib/samba/private - - - - -"
|
|
];
|
|
};
|
|
|
|
security.pam.services.samba = { };
|
|
environment.systemPackages = [ cfg.package ];
|
|
# Like other mount* related commands that need the setuid bit, this is
|
|
# required too.
|
|
security.wrappers."mount.cifs" = {
|
|
program = "mount.cifs";
|
|
source = "${lib.getBin pkgs.cifs-utils}/bin/mount.cifs";
|
|
owner = "root";
|
|
group = "root";
|
|
setuid = true;
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
|
|
139
|
|
445
|
|
];
|
|
networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [
|
|
137
|
|
138
|
|
];
|
|
})
|
|
|
|
(lib.mkIf (cfg.enable && cfg.nmbd.enable) {
|
|
systemd.services.samba-nmbd = {
|
|
description = "Samba NMB Daemon";
|
|
documentation = [
|
|
"man:nmbd(8)"
|
|
"man:samba(7)"
|
|
"man:smb.conf(5)"
|
|
];
|
|
|
|
after = [
|
|
"network.target"
|
|
"network-online.target"
|
|
];
|
|
|
|
partOf = [ "samba.target" ];
|
|
wantedBy = [ "samba.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
environment.LD_LIBRARY_PATH = config.system.nssModules.path;
|
|
|
|
serviceConfig = {
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
ExecStart = "${cfg.package}/sbin/nmbd --foreground --no-process-group ${lib.escapeShellArgs cfg.nmbd.extraArgs}";
|
|
LimitCORE = "infinity";
|
|
PIDFile = "/run/samba/nmbd.pid";
|
|
Slice = "system-samba.slice";
|
|
Type = "notify";
|
|
};
|
|
|
|
unitConfig.RequiresMountsFor = "/var/lib/samba";
|
|
|
|
restartTriggers = [ configFile ];
|
|
};
|
|
})
|
|
|
|
(lib.mkIf (cfg.enable && cfg.smbd.enable) {
|
|
systemd.services.samba-smbd = {
|
|
description = "Samba SMB Daemon";
|
|
documentation = [
|
|
"man:smbd(8)"
|
|
"man:samba(7)"
|
|
"man:smb.conf(5)"
|
|
];
|
|
|
|
after =
|
|
[
|
|
"network.target"
|
|
"network-online.target"
|
|
]
|
|
++ lib.optionals (cfg.nmbd.enable) [
|
|
"samba-nmbd.service"
|
|
]
|
|
++ lib.optionals (cfg.winbindd.enable) [
|
|
"samba-winbindd.service"
|
|
];
|
|
|
|
partOf = [ "samba.target" ];
|
|
wantedBy = [ "samba.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
environment.LD_LIBRARY_PATH = config.system.nssModules.path;
|
|
|
|
serviceConfig = {
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
ExecStart = "${cfg.package}/sbin/smbd --foreground --no-process-group ${lib.escapeShellArgs cfg.smbd.extraArgs}";
|
|
LimitCORE = "infinity";
|
|
LimitNOFILE = 16384;
|
|
PIDFile = "/run/samba/smbd.pid";
|
|
Slice = "system-samba.slice";
|
|
Type = "notify";
|
|
};
|
|
|
|
unitConfig.RequiresMountsFor = "/var/lib/samba";
|
|
|
|
restartTriggers = [ configFile ];
|
|
};
|
|
})
|
|
|
|
(lib.mkIf (cfg.enable && cfg.winbindd.enable) {
|
|
systemd.services.samba-winbindd = {
|
|
description = "Samba Winbind Daemon";
|
|
documentation = [
|
|
"man:winbindd(8)"
|
|
"man:samba(7)"
|
|
"man:smb.conf(5)"
|
|
];
|
|
|
|
after =
|
|
[
|
|
"network.target"
|
|
]
|
|
++ lib.optionals (cfg.nmbd.enable) [
|
|
"samba-nmbd.service"
|
|
];
|
|
|
|
partOf = [ "samba.target" ];
|
|
wantedBy = [ "samba.target" ];
|
|
|
|
environment.LD_LIBRARY_PATH = config.system.nssModules.path;
|
|
|
|
serviceConfig = {
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
ExecStart = "${cfg.package}/sbin/winbindd --foreground --no-process-group ${lib.escapeShellArgs cfg.winbindd.extraArgs}";
|
|
LimitCORE = "infinity";
|
|
PIDFile = "/run/samba/winbindd.pid";
|
|
Slice = "system-samba.slice";
|
|
Type = "notify";
|
|
};
|
|
|
|
unitConfig.RequiresMountsFor = "/var/lib/samba";
|
|
|
|
restartTriggers = [ configFile ];
|
|
};
|
|
})
|
|
|
|
(lib.mkIf (cfg.enable && cfg.usershares.enable) {
|
|
users.groups.${cfg.usershares.group} = { };
|
|
|
|
systemd.tmpfiles.settings."50-samba-usershares"."/var/lib/samba/usershares".d = {
|
|
user = "root";
|
|
group = cfg.usershares.group;
|
|
mode = "1775"; # sticky so users can't delete others' shares
|
|
};
|
|
|
|
# set some reasonable defaults
|
|
services.samba.settings.global = lib.mkDefault {
|
|
"usershare path" = "/var/lib/samba/usershares";
|
|
"usershare max shares" = 100; # high enough to be considered ~unlimited
|
|
"usershare allow guests" = true;
|
|
};
|
|
})
|
|
];
|
|
}
|