Merge pull request #5254 from ehmry/network-filesystems

nixos: configure samba and rsync shares with sets

2 files changed, 77 insertions, 83 deletions

diff --git a/nixos/modules/services/network-filesystems/rsyncd.nix b/nixos/modules/services/network-filesystems/rsyncd.nix
index 19aa7efd2ff..2018bfa14a5 100644
--- a/nixos/modules/services/network-filesystems/rsyncd.nix
+++ b/nixos/modules/services/network-filesystems/rsyncd.nix
@@ -6,113 +6,84 @@ let
 
   cfg = config.services.rsyncd;
 
-  motdFile = pkgs.writeText "rsyncd-motd" cfg.motd;
-
-  rsyncdCfg = ""
-    + optionalString (cfg.motd != "") "motd file = ${motdFile}\n"
-    + optionalString (cfg.address != "") "address = ${cfg.address}\n"
-    + optionalString (cfg.port != 873) "port = ${toString cfg.port}\n"
-    + cfg.extraConfig
-    + "\n"
-    + flip concatMapStrings cfg.modules (m: "[${m.name}]\n\tpath = ${m.path}\n"
-      + optionalString (m.comment != "") "\tcomment = ${m.comment}\n"
-      + m.extraConfig
-      + "\n"
-    );
-
-  rsyncdCfgFile = pkgs.writeText "rsyncd.conf" rsyncdCfg;
-
+  motdFile = builtins.toFile "rsyncd-motd" cfg.motd;
+
+  moduleConfig = name:
+    let module = getAttr name cfg.modules; in
+    "[${name}]\n " + (toString (
+       map
+         (key: "${key} = ${toString (getAttr key module)}\n")
+         (attrNames module)
+    ));
+
+  cfgFile = builtins.toFile "rsyncd.conf"
+    ''
+    ${optionalString (cfg.motd != "") "motd file = ${motdFile}"}
+    ${optionalString (cfg.address != "") "address = ${cfg.address}"}
+    ${optionalString (cfg.port != 873) "port = ${toString cfg.port}"}
+    ${cfg.extraConfig}
+    ${toString (map moduleConfig (attrNames cfg.modules))}
+    '';
 in
 
 {
   options = {
-
     services.rsyncd = {
 
       enable = mkOption {
         default = false;
-	description = "Whether to enable the rsync daemon.";
+        description = "Whether to enable the rsync daemon.";
       };
 
       motd = mkOption {
         type = types.string;
         default = "";
-	description = ''
-	  Message of the day to display to clients on each connect.
-	  This usually contains site information and any legal notices.
-	'';
+        description = ''
+          Message of the day to display to clients on each connect.
+          This usually contains site information and any legal notices.
+        '';
       };
 
       port = mkOption {
         default = 873;
-	type = types.int;
-	description = "TCP port the daemon will listen on.";
+        type = types.int;
+        description = "TCP port the daemon will listen on.";
       };
 
       address = mkOption {
         default = "";
-	example = "192.168.1.2";
-	description = ''
-	  IP address the daemon will listen on; rsyncd will listen on
-	  all addresses if this is not specified.
-	'';
+        example = "192.168.1.2";
+        description = ''
+          IP address the daemon will listen on; rsyncd will listen on
+          all addresses if this is not specified.
+        '';
       };
 
       extraConfig = mkOption {
         type = types.lines;
-	default = "";
-	description = ''
-	  Lines of configuration to add to rsyncd globally.
-	  See <literal>man rsyncd.conf</literal> for more options.
-	'';
+        default = "";
+        description = ''
+            Lines of configuration to add to rsyncd globally.
+            See <command>man rsyncd.conf</command> for options.
+          '';
       };
 
       modules = mkOption {
-        default = [ ];
-	example = [ 
-	  { name = "ftp"; 
-	    path = "/home/ftp"; 
-	    comment = "ftp export area";
-	    extraConfig = ''
-	      secrets file = /etc/rsyncd.secrets
-	    '';
-	  }
-	];
-	description = "The list of file paths to export.";
-	type = types.listOf types.optionSet;
-
-	options = {
-
-	  name = mkOption {
-	    example = "ftp";
-	    type = types.string;
-	    description = "Name of export module.";
-	  };
-
-	  comment = mkOption {
-	    default = "";
-	    description = ''
-	      Description string that is displayed next to the module name
-	      when clients obtain a list of available modules.
-	    '';
-	  };
-
-	  path = mkOption {
-	    example = "/home/ftp";
-	    type = types.string;
-	    description = "Directory to make available in this module.";
-   	  };
-
-          extraConfig = mkOption {
-            type = types.lines;
-	    default = "";
-            description = ''
-	      Lines of configuration to add to this module.
-	      See <literal>man rsyncd.conf</literal> for more options.
-	    '';
+        default = {};
+        description = ''
+            A set describing exported directories.
+            See <command>man rsyncd.conf</command> for options.
+          '';
+        type = types.attrsOf (types.attrsOf types.str);
+        example =
+          { srv =
+             { path = "/srv";
+               "read only" = "yes";
+               comment = "Public rsync share.";
+             };
           };
-	};
       };
+
     };
   };
 
@@ -120,20 +91,16 @@ in
 
   config = mkIf cfg.enable {
 
-    environment.etc = singleton
-    { source = rsyncdCfgFile;
+    environment.etc = singleton {
+      source = cfgFile;
       target = "rsyncd.conf";
     };
 
     systemd.services.rsyncd = {
       description = "Rsync daemon";
       wantedBy = [ "multi-user.target" ];
-
-      path = [ pkgs.rsync ];
-
       serviceConfig.ExecStart = "${pkgs.rsync}/bin/rsync --daemon --no-detach";
     };
 
-    networking.firewall.allowedTCPPorts = [ cfg.port ];
   };
 }
diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix
index fd1e83d9f3e..1199fa316f9 100644
--- a/nixos/modules/services/network-filesystems/samba.nix
+++ b/nixos/modules/services/network-filesystems/samba.nix
@@ -27,6 +27,14 @@ let
       mkdir -p ${privateDir}
     '';
 
+  shareConfig = name:
+    let share = getAttr name cfg.shares; in
+    "[${name}]\n " + (toString (
+       map
+         (key: "${key} = ${toString (getAttr key share)}\n")
+         (attrNames share)
+    ));
+
   configFile = pkgs.writeText "smb.conf"
     (if cfg.configText != null then cfg.configText else
     ''
@@ -36,6 +44,8 @@ let
       ${optionalString cfg.syncPasswordsByPam "pam password change = true"}
 
       ${cfg.extraConfig}
+
+      ${toString (map shareConfig (attrNames cfg.shares))}
     '');
 
   # This may include nss_ldap, needed for samba if it has to use ldap.
@@ -159,6 +169,23 @@ in
         '';
       };
 
+      shares = mkOption {
+        default = {};
+        description =
+          ''
+          A set describing shared resources.
+          See <command>man smb.conf</command> for options.
+          '';
+        type = types.attrsOf (types.attrsOf types.str);
+        example =
+          { srv =
+             { path = "/srv";
+               "read only" = "yes";
+                comment = "Public samba share.";
+             };
+          };
+      };
+
     };
 
   };