Merge pull request #6152 from abbradar/samba-clean

nixos/samba: cleanup and update defaults
2015-02-08 14:20:49 -08:00 · 2015-02-08 14:20:49 -08:00 · c4bec1a0a4
commit c4bec1a0a4
parent 2a0754ccbc b903bf0a57
1 changed files with 32 additions and 69 deletions
--- a/nixos/modules/services/network-filesystems/samba.nix
+++ b/nixos/modules/services/network-filesystems/samba.nix
@ -6,25 +6,11 @@ let

  cfg = config.services.samba;

-  logDir = "/var/log/samba";
-  privateDir = "/var/samba/private";
-
  samba = cfg.package;

  setupScript =
    ''
-      if ! test -d /var/samba ; then
-        mkdir -p /var/samba/locks /var/samba/cores/nmbd  /var/samba/cores/smbd /var/samba/cores/winbindd
-      fi
-
-      passwdFile="$(${pkgs.gnused}/bin/sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})"
-      if [ -n "$passwdFile" ]; then
-        echo 'INFO: [samba] creating directory containing passwd file'
-        mkdir -p "$(dirname "$passwdFile")"
-      fi
-
-      mkdir -p ${logDir}
-      mkdir -p ${privateDir}
+      mkdir -p /var/lock/samba /var/log/samba /var/cache/samba /var/lib/samba/private
    '';

  shareConfig = name:
@ -39,9 +25,10 @@ let
    (if cfg.configText != null then cfg.configText else
    ''
      [ global ]
-      log file = ${logDir}/log.%m
-      private dir = ${privateDir}
-      ${optionalString cfg.syncPasswordsByPam "pam password change = true"}
+      security = ${cfg.securityType}
+      passwd program = /var/setuid-wrappers/passwd %u
+      pam password change = ${toString cfg.syncPasswordsByPam}
+      invalid users = ${toString cfg.invalidUsers}

      ${cfg.extraConfig}

@ -83,14 +70,16 @@ in
    services.samba = {

      enable = mkOption {
+        type = types.bool;
        default = false;
-        description = "
+        description = ''
          Whether to enable Samba, which provides file and print
          services to Windows clients through the SMB/CIFS protocol.
-        ";
+        '';
      };

      package = mkOption {
+        type = types.package;
        default = pkgs.samba;
        example = pkgs.samba4;
        description = ''
@ -99,72 +88,47 @@ in
      };

      syncPasswordsByPam = mkOption {
+        type = types.bool;
        default = false;
-        description = "
-          enabling this will add a line directly after pam_unix.so.
+        description = ''
+          Enabling this will add a line directly after pam_unix.so.
          Whenever a password is changed the samba password will be updated as well.
          However you still yave to add the samba password once using smbpasswd -a user
          If you don't want to maintain an extra pwd database you still can send plain text
          passwords which is not secure.
-        ";
+        '';
+      };
+
+      invalidUsers = mkOption {
+        type = types.listOf types.str;
+        default = [ "root" ];
+        description = ''
+          List of users who are denied to login via Samba.
+        '';
      };

      extraConfig = mkOption {
-        # !!! Bad default.
-        default = ''
-          # [global] continuing global section here, section is started by nix to set pids etc
-
-            smb passwd file = /etc/samba/passwd
-
-            # is this useful ?
-            domain master = auto
-
-            encrypt passwords = Yes
-            client plaintext auth = No
-
-            # yes: if you use this you probably also want to enable syncPasswordsByPam
-            # no: You can still use the pam password database. However
-            # passwords will be sent plain text on network (discouraged)
-
-            workgroup = Users
-            server string = %h
-            comment = Samba
-            log file = /var/log/samba/log.%m
-            log level = 10
-            max log size = 50000
-            security = ${cfg.securityType}
-
-            client lanman auth = Yes
-            dns proxy = no
-            invalid users = root
-            passdb backend = tdbsam
-            passwd program = /usr/bin/passwd %u
+        type = types.lines;
+        default = "";
+        description = ''
+          Additional global section and extra section lines go in here.
        '';
-
-        description = "
-          additional global section and extra section lines go in here.
-        ";
-      };
-
-      configFile = mkOption {
-        description = "
-          internal use to pass filepath to samba pam module
-        ";
      };

      configText = mkOption {
        type = types.nullOr types.lines;
        default = null;
-        description = "
+        description = ''
          Verbatim contents of smb.conf. If null (default), use the
          autogenerated file from NixOS instead.
-        ";
+        '';
      };

      securityType = mkOption {
-        description = "Samba security type";
+        type = types.str;
        default = "user";
        example = "share";
+        description = "Samba security type";
      };

      nsswins = mkOption {
@ -179,12 +143,11 @@ in

      shares = mkOption {
        default = {};
-        description =
-          ''
+        description = ''
          A set describing shared resources.
          See <command>man smb.conf</command> for options.
-          '';
-        type = types.attrsOf (types.attrsOf types.str);
+        '';
+        type = types.attrsOf (types.attrsOf types.unspecified);
        example =
          { srv =
             { path = "/srv";