Compare commits
No commits in common. "2c27517ab11bda9fb4c4cf1eceb7216d5985ed0b" and "e0394f866cb7ad8fc35b8759c4d79e33ae483ac7" have entirely different histories.
2c27517ab1
...
e0394f866c
|
|
@ -3,12 +3,61 @@ let
|
|||
cfg = config.waffentragerService.auth;
|
||||
in
|
||||
{
|
||||
options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
|
||||
imports =
|
||||
[
|
||||
./samba.nix
|
||||
];
|
||||
config =
|
||||
config = lib.mkIf cfg.enable
|
||||
{
|
||||
waffentragerService.elements.enable = true;
|
||||
waffentragerService.nginx.enable = true;
|
||||
|
||||
|
||||
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
|
||||
|
||||
systemd.services.resolvconf.enable = false;
|
||||
networking.hosts = {
|
||||
"${materusArg.ips.wireguard.waffentrager}" = [
|
||||
materusArg.waffentrager.samba.domain
|
||||
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
|
||||
materusArg.waffentrager.samba.netbiosName
|
||||
];
|
||||
};
|
||||
environment.etc = {
|
||||
resolvconf = {
|
||||
text = ''
|
||||
search ${materusArg.waffentrager.samba.domain}
|
||||
nameserver ${materusArg.waffentrager.samba.dnsIp}
|
||||
nameserver 9.9.9.9
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.rsync-acme = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "1min";
|
||||
OnUnitActiveSec = "1h";
|
||||
Unit = "rsync-acme.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.rsync-acme = {
|
||||
description = "Sync acme for samba";
|
||||
path = [ pkgs.rsync ];
|
||||
requires = [ "var-lib-mnt_acme.mount" ];
|
||||
after = [ "var-lib-mnt_acme.mount" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = false;
|
||||
script = ''
|
||||
rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
|
||||
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
|
||||
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,10 @@
|
|||
{ materusArg, config, lib, pkgs, ... }:
|
||||
{
|
||||
|
||||
options.waffentragerService.auth.samba.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable samba AD";
|
||||
|
||||
config =
|
||||
let
|
||||
cfg = config.waffentragerService.auth.samba;
|
||||
cfg = config.waffentragerService.auth;
|
||||
sambaCfg = config.services.samba;
|
||||
servicePath = materusArg.waffentrager.samba.servicePath;
|
||||
smbToString = x:
|
||||
|
|
@ -87,51 +86,6 @@
|
|||
${smbToString (map shareConfig (lib.attrNames sambaCfg.shares))}
|
||||
'';
|
||||
};
|
||||
environment.etc = {
|
||||
resolvconf = {
|
||||
text = ''
|
||||
search ${materusArg.waffentrager.samba.domain}
|
||||
nameserver ${materusArg.waffentrager.samba.dnsIp}
|
||||
nameserver 9.9.9.9
|
||||
'';
|
||||
};
|
||||
};
|
||||
networking.hosts = {
|
||||
"${materusArg.ips.wireguard.waffentrager}" = [
|
||||
materusArg.waffentrager.samba.domain
|
||||
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
|
||||
materusArg.waffentrager.samba.netbiosName
|
||||
];
|
||||
};
|
||||
systemd.timers.rsync-acme = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "1min";
|
||||
OnUnitActiveSec = "1h";
|
||||
Unit = "rsync-acme.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.rsync-acme = {
|
||||
description = "Sync acme for samba";
|
||||
path = [ pkgs.rsync ];
|
||||
requires = [ "var-lib-mnt_acme.mount" ];
|
||||
after = [ "var-lib-mnt_acme.mount" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.RemainAfterExit = false;
|
||||
script = ''
|
||||
rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
|
||||
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
|
||||
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
|
||||
'';
|
||||
};
|
||||
waffentragerService.elements.enable = true;
|
||||
waffentragerService.nginx.enable = true;
|
||||
|
||||
|
||||
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
|
||||
|
||||
systemd.services.resolvconf.enable = false;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,5 +16,5 @@
|
|||
waffentragerService.gitea.enable = true;
|
||||
waffentragerService.nginx.enable = true;
|
||||
waffentragerService.nextcloud.enable = true;
|
||||
|
||||
waffentragerService.auth.enable = true;
|
||||
}
|
||||
112
flake.lock
112
flake.lock
|
|
@ -167,11 +167,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720545123,
|
||||
"narHash": "sha256-ykoUKgarf1Q7uTZu+HV+Z5xsUANvmh7SGC6TfJ/jD9k=",
|
||||
"lastModified": 1719767646,
|
||||
"narHash": "sha256-Y7Dqti8FpWEwb9PQRIfyEFp0GUff7HRAeKs1lYwBgrw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "5f5a1ea7e6c0deab773d9a060a4695bbcd3e054c",
|
||||
"rev": "9059feb48648e980cdd797cd828377c08989ca8f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -194,11 +194,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720545123,
|
||||
"narHash": "sha256-ykoUKgarf1Q7uTZu+HV+Z5xsUANvmh7SGC6TfJ/jD9k=",
|
||||
"lastModified": 1719767646,
|
||||
"narHash": "sha256-Y7Dqti8FpWEwb9PQRIfyEFp0GUff7HRAeKs1lYwBgrw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "5f5a1ea7e6c0deab773d9a060a4695bbcd3e054c",
|
||||
"rev": "9059feb48648e980cdd797cd828377c08989ca8f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -337,11 +337,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720042825,
|
||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
||||
"lastModified": 1718530513,
|
||||
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
||||
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -359,11 +359,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720470846,
|
||||
"narHash": "sha256-7ftA4Bv5KfH4QdTRxqe8/Hz2YTKo+7IQ9n7vbNWgv28=",
|
||||
"lastModified": 1719677234,
|
||||
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "2fb5c1e0a17bc6059fa09dc411a43d75f35bb192",
|
||||
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -445,11 +445,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1720515935,
|
||||
"narHash": "sha256-8b+fzR4W2hI5axwB+4nBwoA15awPKkck4ghhCt8v39M=",
|
||||
"lastModified": 1719681865,
|
||||
"narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "a111ce6b537df12a39874aa9672caa87f8677eda",
|
||||
"rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -461,11 +461,11 @@
|
|||
},
|
||||
"nixos-hardware_2": {
|
||||
"locked": {
|
||||
"lastModified": 1720515935,
|
||||
"narHash": "sha256-8b+fzR4W2hI5axwB+4nBwoA15awPKkck4ghhCt8v39M=",
|
||||
"lastModified": 1719681865,
|
||||
"narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "a111ce6b537df12a39874aa9672caa87f8677eda",
|
||||
"rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -493,75 +493,75 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1720386169,
|
||||
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
|
||||
"lastModified": 1719663039,
|
||||
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
|
||||
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1720282526,
|
||||
"narHash": "sha256-dudRkHPRivMNOhd04YI+v4sWvn2SnN5ODSPIu5IVbco=",
|
||||
"lastModified": 1719663039,
|
||||
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "550ac3e955c30fe96dd8b2223e37e0f5d225c927",
|
||||
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_3": {
|
||||
"locked": {
|
||||
"lastModified": 1720386169,
|
||||
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
|
||||
"lastModified": 1719663039,
|
||||
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
|
||||
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_4": {
|
||||
"locked": {
|
||||
"lastModified": 1720282526,
|
||||
"narHash": "sha256-dudRkHPRivMNOhd04YI+v4sWvn2SnN5ODSPIu5IVbco=",
|
||||
"lastModified": 1719663039,
|
||||
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "550ac3e955c30fe96dd8b2223e37e0f5d225c927",
|
||||
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"ref": "release-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_5": {
|
||||
"locked": {
|
||||
"lastModified": 1720386169,
|
||||
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
|
||||
"lastModified": 1719707984,
|
||||
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
|
||||
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -573,11 +573,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1720418205,
|
||||
"narHash": "sha256-cPJoFPXU44GlhWg4pUk9oUPqurPlCFZ11ZQPk21GTPU=",
|
||||
"lastModified": 1719506693,
|
||||
"narHash": "sha256-C8e9S7RzshSdHB7L+v9I51af1gDM5unhJ2xO1ywxNH8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "655a58a72a6601292512670343087c2d75d859c1",
|
||||
"rev": "b2852eb9365c6de48ffb0dc2c9562591f652242a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -602,11 +602,11 @@
|
|||
},
|
||||
"nur_2": {
|
||||
"locked": {
|
||||
"lastModified": 1720556912,
|
||||
"narHash": "sha256-qOrIsGLZhniFg/pzBsSQ2EozNoWH9gqsmyoxBIPvJwU=",
|
||||
"lastModified": 1719815785,
|
||||
"narHash": "sha256-QWEnb5xut6yQg6bg30bAu5gJNhOQkWF1yBvBHqNTu6w=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "f8388f87ef85f0e2b7028f5af9e290bf324fa814",
|
||||
"rev": "eb317e310f2c5e4dc6a670601af21a7bc0c323ef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -631,11 +631,11 @@
|
|||
},
|
||||
"nur_4": {
|
||||
"locked": {
|
||||
"lastModified": 1720556912,
|
||||
"narHash": "sha256-qOrIsGLZhniFg/pzBsSQ2EozNoWH9gqsmyoxBIPvJwU=",
|
||||
"lastModified": 1719815785,
|
||||
"narHash": "sha256-QWEnb5xut6yQg6bg30bAu5gJNhOQkWF1yBvBHqNTu6w=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "f8388f87ef85f0e2b7028f5af9e290bf324fa814",
|
||||
"rev": "eb317e310f2c5e4dc6a670601af21a7bc0c323ef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -647,10 +647,10 @@
|
|||
},
|
||||
"nur_5": {
|
||||
"locked": {
|
||||
"lastModified": 1719815785,
|
||||
"narHash": "sha256-QWEnb5xut6yQg6bg30bAu5gJNhOQkWF1yBvBHqNTu6w=",
|
||||
"path": "/nix/store/gj66zs0bw6y0qiyv4l2jvcz7fdhzwa0l-source",
|
||||
"rev": "eb317e310f2c5e4dc6a670601af21a7bc0c323ef",
|
||||
"lastModified": 1719308707,
|
||||
"narHash": "sha256-NKS3AO5mTJvbzfnGwyEPeIFhHC6HK8Q2aLImNNBHYNM=",
|
||||
"path": "/nix/store/3c5fkqdakm8p2n5qk8q9bdnggqdcblkl-source",
|
||||
"rev": "d76c0154e524f26a0e4a8e83db97e1844b5028b8",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -695,11 +695,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720479166,
|
||||
"narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=",
|
||||
"lastModified": 1719716556,
|
||||
"narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "67035a355b1d52d2d238501f8cc1a18706979760",
|
||||
"rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -718,11 +718,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720479166,
|
||||
"narHash": "sha256-jqvhLDXzTLTHq9ZviFOpcTmXXmnbLfz7mWhgMNipMN4=",
|
||||
"lastModified": 1719716556,
|
||||
"narHash": "sha256-KA9gy2Wkv76s4A8eLnOcdKVTygewbw3xsB8+awNMyqs=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "67035a355b1d52d2d238501f8cc1a18706979760",
|
||||
"rev": "b5974d4331fb6c893e808977a2e1a6d34b3162d6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
Loading…
Reference in New Issue