From 060a8f28fa1fc648bdf66afb31a5d1efac868837 Mon Sep 17 00:00:00 2001 From: makefu Date: Fri, 28 Jul 2023 22:24:15 +0200 Subject: makefu: move out to own repo, add vacation-note --- makefu/2configs/share/anon-ftp.nix | 31 -------- makefu/2configs/share/anon-sftp.nix | 25 ------- makefu/2configs/share/default.nix | 29 -------- makefu/2configs/share/gum-client.nix | 31 -------- makefu/2configs/share/gum.nix | 36 ---------- makefu/2configs/share/hetzner-client.nix | 29 -------- makefu/2configs/share/omo-client.nix | 28 -------- makefu/2configs/share/omo-timemachine.nix | 19 ----- makefu/2configs/share/omo.nix | 111 ----------------------------- makefu/2configs/share/temp-share-samba.nix | 45 ------------ makefu/2configs/share/wbob.nix | 47 ------------ 11 files changed, 431 deletions(-) delete mode 100644 makefu/2configs/share/anon-ftp.nix delete mode 100644 makefu/2configs/share/anon-sftp.nix delete mode 100644 makefu/2configs/share/default.nix delete mode 100644 makefu/2configs/share/gum-client.nix delete mode 100644 makefu/2configs/share/gum.nix delete mode 100644 makefu/2configs/share/hetzner-client.nix delete mode 100644 makefu/2configs/share/omo-client.nix delete mode 100644 makefu/2configs/share/omo-timemachine.nix delete mode 100644 makefu/2configs/share/omo.nix delete mode 100644 makefu/2configs/share/temp-share-samba.nix delete mode 100644 makefu/2configs/share/wbob.nix (limited to 'makefu/2configs/share') diff --git a/makefu/2configs/share/anon-ftp.nix b/makefu/2configs/share/anon-ftp.nix deleted file mode 100644 index d2a535f97..000000000 --- a/makefu/2configs/share/anon-ftp.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, ... }: -let - ftpdir = "/data"; -in { - networking.firewall = { - allowedTCPPorts = [ 20 21 ]; - autoLoadConntrackHelpers = true; - connectionTrackingModules = [ "ftp" ]; - extraCommands = '' - iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp - ''; - }; - systemd.services.vsftpd.preStart = lib.mkForce '' - mkdir -p -m755 ${ftpdir}/incoming - chown root:root ${ftpdir} - chown ftp ${ftpdir}/incoming - ''; - services.vsftpd = { - enable = true; - extraConfig = '' - ftpd_banner=Welcome to the krebs share, use the incoming dir for new and old leaks. Join freenode#krebs - ''; - anonymousUser = true; - anonymousUserNoPassword = true; - anonymousUploadEnable = true; - anonymousMkdirEnable = true; - writeEnable = true; - chrootlocalUser = true; - anonymousUserHome = ftpdir; - }; -} diff --git a/makefu/2configs/share/anon-sftp.nix b/makefu/2configs/share/anon-sftp.nix deleted file mode 100644 index 7cde9317a..000000000 --- a/makefu/2configs/share/anon-sftp.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -{ - services.openssh = { - allowSFTP = true; - sftpFlags = [ "-l VERBOSE" ]; - extraConfig = '' - Match User anonymous - ForceCommand internal-sftp - AllowTcpForwarding no - X11Forwarding no - PasswordAuthentication no - ''; - }; - - users.users.anonymous = { - uid = genid "anonymous"; - useDefaultShell = false; - password = "anonymous"; - home = "/media/anon"; - createHome = true; - }; - -} diff --git a/makefu/2configs/share/default.nix b/makefu/2configs/share/default.nix deleted file mode 100644 index a1ad349b9..000000000 --- a/makefu/2configs/share/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, ... }: -with import ; -let - base-dir = config.services.rtorrent.downloadDir; -in { - users.users = { - download = { - name = "download"; - home = base-dir; - isNormalUser = true; - uid = mkDefault (genid "download"); - createHome = false; - useDefaultShell = true; - group = "download"; - openssh.authorizedKeys.keys = [ ]; - }; - }; - - users.groups = { - download = { - gid = lib.mkDefault (genid "download"); - members = [ - config.krebs.build.user.name - "download" - ]; - }; - }; - -} diff --git a/makefu/2configs/share/gum-client.nix b/makefu/2configs/share/gum-client.nix deleted file mode 100644 index 09a3dd733..000000000 --- a/makefu/2configs/share/gum-client.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - automount_opts = - [ "x-systemd.automount" "noauto" - "x-systemd.idle-timeout=300" - "x-systemd.mount-timeout=60s" - ]; - host = "gum.w"; #TODO -in { - boot.extraModprobeConfig = '' - options cifs CIFSMaxBufSize=130048 - ''; - fileSystems."/media/cloud" = { - device = "//${host}/cloud-proxy"; - fsType = "cifs"; - options = automount_opts ++ - [ "credentials=/var/src/secrets/download.smb" - "file_mode=0775" - "dir_mode=0775" - "bsize=8388608" - "fsc" - "rsize=130048" - "cache=loose" - "uid=${toString config.users.users.download.uid}" - "gid=${toString config.users.groups.download.gid}" - "vers=3" - ]; - }; - -} diff --git a/makefu/2configs/share/gum.nix b/makefu/2configs/share/gum.nix deleted file mode 100644 index 9647e0a6c..000000000 --- a/makefu/2configs/share/gum.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - hostname = config.krebs.build.host.name; -in { - # users.users.smbguest = { - # name = "smbguest"; - # uid = config.ids.uids.smbguest; - # description = "smb guest user"; - # home = "/var/empty"; - # }; - environment.systemPackages = [ pkgs.samba ]; - services.samba = { - enable = true; - shares = { - cloud-proxy = { - path = "/media/cloud"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "download"; - }; - }; - extraConfig = '' - # guest account = smbguest - # map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; - networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 445 ]; - networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ 445 ]; -} diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix deleted file mode 100644 index 9713b776a..000000000 --- a/makefu/2configs/share/hetzner-client.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -with ; -let - automount_opts = - ["nofail" - ]; - host = "u288834.your-storagebox.de"; -in { - boot.kernel.sysctl."net.ipv6.route.max_size" = 2147483647; - - fileSystems."/media/cloud" = { - device = "//${host}/backup"; - fsType = "cifs"; - options = automount_opts ++ - [ "credentials=${toString }" - "file_mode=0770" - "dir_mode=0770" - "uid=${toString config.users.users.download.uid}" - "gid=${toString config.users.groups.download.gid}" - "vers=3" - #"vers=2.1" - "rsize=65536" - "wsize=130048" - "iocharset=utf8" - "cache=loose" - ]; - }; -} diff --git a/makefu/2configs/share/omo-client.nix b/makefu/2configs/share/omo-client.nix deleted file mode 100644 index 4ad32bdd6..000000000 --- a/makefu/2configs/share/omo-client.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - automount_opts = - [ "x-systemd.automount" - "noauto" "x-systemd.idle-timeout=600" - "x-systemd.device-timeout=5s" - "x-systemd.mount-timeout=5s" - ]; - host = "omo.lan"; #TODO - path = "/media/omo/photos"; -in { - systemd.tmpfiles.rules = [ - "d ${path} root root - -" - ]; - fileSystems."${path}" = { - device = "//${host}/photos"; - fsType = "cifs"; - options = automount_opts ++ - [ "credentials=/var/src/secrets/omo-client.smb" - "file_mode=0775" - "dir_mode=0775" - "uid=9001" - "vers=3" - ]; - }; - -} diff --git a/makefu/2configs/share/omo-timemachine.nix b/makefu/2configs/share/omo-timemachine.nix deleted file mode 100644 index 18cf0328e..000000000 --- a/makefu/2configs/share/omo-timemachine.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -{ - services.samba = { - # support for timemachine in git - package = pkgs.sambaFull; - shares = { - time_machine = { - path = "/media/crypt3/backup/time_machine"; - "valid users" = "misa"; - public = "no"; - writeable = "yes"; - "force user" = "misa"; - "fruit:aapl" = "yes"; - "fruit:time machine" = "yes"; - "vfs objects" = "catia fruit streams_xattr"; - }; - }; - }; -} diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix deleted file mode 100644 index 16959bc90..000000000 --- a/makefu/2configs/share/omo.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import ; -let - hostname = config.krebs.build.host.name; - # TODO local-ip from the nets config - internal-ip = "192.168.111.11"; - # local-ip = config.krebs.build.host.nets.retiolum.ip4.addr; -in { - - # samba share /media/crypt1/share - systemd.services.samba-smbd.serviceConfig.RequiresMountFor = [ "/media/cryptX" ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; - description = "smb guest user"; - home = "/var/empty"; - group = "share"; - }; - users.groups.share = {}; - services.samba = { - enable = true; - shares = { - winshare = { - path = "/media/crypt1/share"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - emu = { - path = "/media/crypt1/emu"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - movies = { - path = "/media/cryptX/movies"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - audiobook = { - path = "/media/crypt1/audiobooks"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - crypt0 = { - path = "/media/crypt0"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - anime = { - path = "/media/cryptX/anime"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - serien = { - path = "/media/cryptX/series"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - youtube = { - path = "/media/cryptX/youtube"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - photos = { - path = "/media/cryptX/photos"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - crypX-games = { - path = "/media/cryptX/games"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - media-rw = { - path = "/media/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - "valid users" = "makefu"; - }; - #cloud = { - # path = "/media/cloud/download/finished"; - # "read only" = "no"; - # browseable = "yes"; - # "guest ok" = "yes"; - #}; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - workgroup = WORKGROUP - server string = ${config.networking.hostName} - netbios name = ${config.networking.hostName} - ''; - }; -} diff --git a/makefu/2configs/share/temp-share-samba.nix b/makefu/2configs/share/temp-share-samba.nix deleted file mode 100644 index bcfddc112..000000000 --- a/makefu/2configs/share/temp-share-samba.nix +++ /dev/null @@ -1,45 +0,0 @@ -{config, ... }:{ - services.avahi = { - enable = true; - interfaces = [ config.makefu.server.primary-itf ]; - publish.enable = true; - publish.userServices = true; - }; - networking.firewall.allowedUDPPorts = [ 137 138 ]; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; # effectively systemUser - description = "smb guest user"; - home = "/home/share"; - createHome = true; - group = "smbguest"; - }; - users.groups.smbguest = {}; - services.samba = { - enable = true; - shares = { - share-home = { - path = "/home/share/"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - movies = { - path = "/home/makefu/movies"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} diff --git a/makefu/2configs/share/wbob.nix b/makefu/2configs/share/wbob.nix deleted file mode 100644 index 9e5f8ddf5..000000000 --- a/makefu/2configs/share/wbob.nix +++ /dev/null @@ -1,47 +0,0 @@ -{config, ... }:{ - networking.firewall.allowedUDPPorts = [ 137 138 ]; - networking.firewall.allowedTCPPorts = [ 139 445 ]; - users.users.smbguest = { - name = "smbguest"; - uid = config.ids.uids.smbguest; # effectively systemUser - description = "smb guest user"; - home = "/home/share"; - createHome = true; - group = "smbguest"; - }; - users.groups.smbguest = {}; - users.groups.mpd.members = [ "makefu" ]; - services.samba = { - enable = true; - enableNmbd = true; - shares = { - incoming = { - path = "/data/incoming"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "yes"; - }; - data = { - path = "/data/"; - "read only" = "yes"; - browseable = "yes"; - "guest ok" = "yes"; - }; - music-rw = { - path = "/data/music"; - "read only" = "no"; - browseable = "yes"; - "guest ok" = "no"; - }; - }; - extraConfig = '' - guest account = smbguest - map to guest = bad user - # disable printing - load printers = no - printing = bsd - printcap name = /dev/null - disable spoolss = yes - ''; - }; -} -- cgit v1.2.3