public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #6152 from abbradar/samba-clean

Browse Source 
nixos/samba: cleanup and update defaults
This commit is contained in:
William A. Kennington III 2015-02-08 14:20:49 -08:00
commit c4bec1a0a4
1 changed files with 32 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
nixos/modules/services/network-filesystems/samba.nix
View File

@ -6,25 +6,11 @@ let
cfg = config.services.samba; cfg = config.services.samba;
logDir = "/var/log/samba";
privateDir = "/var/samba/private";
samba = cfg.package; samba = cfg.package;
setupScript = setupScript =
'' ''
if ! test -d /var/samba ; then mkdir -p /var/lock/samba /var/log/samba /var/cache/samba /var/lib/samba/private
mkdir -p /var/samba/locks /var/samba/cores/nmbd /var/samba/cores/smbd /var/samba/cores/winbindd
fi
passwdFile="$(${pkgs.gnused}/bin/sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})"
if [ -n "$passwdFile" ]; then
echo 'INFO: [samba] creating directory containing passwd file'
mkdir -p "$(dirname "$passwdFile")"
fi
mkdir -p ${logDir}
mkdir -p ${privateDir}
''; '';
shareConfig = name: shareConfig = name:
@ -39,9 +25,10 @@ let
(if cfg.configText != null then cfg.configText else (if cfg.configText != null then cfg.configText else
'' ''
[ global ] [ global ]
log file = ${logDir}/log.%m security = ${cfg.securityType}
private dir = ${privateDir} passwd program = /var/setuid-wrappers/passwd %u
${optionalString cfg.syncPasswordsByPam "pam password change = true"} pam password change = ${toString cfg.syncPasswordsByPam}
invalid users = ${toString cfg.invalidUsers}
${cfg.extraConfig} ${cfg.extraConfig}
@ -83,14 +70,16 @@ in
services.samba = { services.samba = {
enable = mkOption { enable = mkOption {
type = types.bool;
default = false; default = false;
description = " description = ''
Whether to enable Samba, which provides file and print Whether to enable Samba, which provides file and print
services to Windows clients through the SMB/CIFS protocol. services to Windows clients through the SMB/CIFS protocol.
"; '';
}; };
package = mkOption { package = mkOption {
type = types.package;
default = pkgs.samba; default = pkgs.samba;
example = pkgs.samba4; example = pkgs.samba4;
description = '' description = ''
@ -99,72 +88,47 @@ in
}; };
syncPasswordsByPam = mkOption { syncPasswordsByPam = mkOption {
type = types.bool;
default = false; default = false;
description = " description = ''
enabling this will add a line directly after pam_unix.so. Enabling this will add a line directly after pam_unix.so.
Whenever a password is changed the samba password will be updated as well. Whenever a password is changed the samba password will be updated as well.
However you still yave to add the samba password once using smbpasswd -a user However you still yave to add the samba password once using smbpasswd -a user
If you don't want to maintain an extra pwd database you still can send plain text If you don't want to maintain an extra pwd database you still can send plain text
passwords which is not secure. passwords which is not secure.
"; '';
};
invalidUsers = mkOption {
type = types.listOf types.str;
default = [ "root" ];
description = ''
List of users who are denied to login via Samba.
'';
}; };
extraConfig = mkOption { extraConfig = mkOption {
# !!! Bad default. type = types.lines;
default = '' default = "";
# [global] continuing global section here, section is started by nix to set pids etc description = ''
Additional global section and extra section lines go in here.
smb passwd file = /etc/samba/passwd
# is this useful ?
domain master = auto
encrypt passwords = Yes
client plaintext auth = No
# yes: if you use this you probably also want to enable syncPasswordsByPam
# no: You can still use the pam password database. However
# passwords will be sent plain text on network (discouraged)
workgroup = Users
server string = %h
comment = Samba
log file = /var/log/samba/log.%m
log level = 10
max log size = 50000
security = ${cfg.securityType}
client lanman auth = Yes
dns proxy = no
invalid users = root
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
''; '';
description = "
additional global section and extra section lines go in here.
";
};
configFile = mkOption {
description = "
internal use to pass filepath to samba pam module
";
}; };
configText = mkOption { configText = mkOption {
type = types.nullOr types.lines; type = types.nullOr types.lines;
default = null; default = null;
description = " description = ''
Verbatim contents of smb.conf. If null (default), use the Verbatim contents of smb.conf. If null (default), use the
autogenerated file from NixOS instead. autogenerated file from NixOS instead.
"; '';
}; };
securityType = mkOption { securityType = mkOption {
description = "Samba security type"; type = types.str;
default = "user"; default = "user";
example = "share"; example = "share";
description = "Samba security type";
}; };
nsswins = mkOption { nsswins = mkOption {
@ -179,12 +143,11 @@ in
shares = mkOption { shares = mkOption {
default = {}; default = {};
description = description = ''
''
A set describing shared resources. A set describing shared resources.
See <command>man smb.conf</command> for options. See <command>man smb.conf</command> for options.
''; '';
type = types.attrsOf (types.attrsOf types.str); type = types.attrsOf (types.attrsOf types.unspecified);
example = example =
{ srv = { srv =
{ path = "/srv"; { path = "/srv";