From 7501b311f899f073adb3cdfce9f7a7328726c743 Mon Sep 17 00:00:00 2001 From: min Date: Sat, 10 May 2025 17:54:17 -0400 Subject: [PATCH] Add new samba share --- nixos/hosts/eidola/services/samba.nix | 24 +++++++++++++++-------- nixos/hosts/silver/services/wireguard.nix | 6 ++++++ secrets/silver.yaml | 5 +++-- 3 files changed, 25 insertions(+), 10 deletions(-) diff --git a/nixos/hosts/eidola/services/samba.nix b/nixos/hosts/eidola/services/samba.nix index 1dff8af..9ff5299 100644 --- a/nixos/hosts/eidola/services/samba.nix +++ b/nixos/hosts/eidola/services/samba.nix @@ -7,12 +7,15 @@ _: { }; in { min = shareUser; + # other ppls + u2-1 = shareUser; }; groups."share" = {}; }; systemd.tmpfiles.rules = [ - "d /terra/terrarium 0775 root share - -" + "d /terra/terrarium 0775 root share - -" + "d /terra/lostlibrary 0775 root share - -" ]; services.samba = { @@ -22,20 +25,25 @@ _: { settings = { global = { "security" = "user"; - "browseable" = true; "smb encrypt" = "required"; - "valid users" = "@share"; - }; - - terrarium = { - "path" = "/terra/terrarium"; "browseable" = true; - "read only" = false; "guest ok" = false; "create mask" = "0664"; "directory mask" = "0775"; }; + + terrarium = { + "path" = "/terra/terrarium"; + "read only" = false; + "valid users" = "min"; + }; + + lostlibrary = { + "path" = "/terra/lostlibrary"; + "read only" = false; + "valid users" = "min u2-1"; + }; }; }; } diff --git a/nixos/hosts/silver/services/wireguard.nix b/nixos/hosts/silver/services/wireguard.nix index 60afcc5..d85b4ea 100644 --- a/nixos/hosts/silver/services/wireguard.nix +++ b/nixos/hosts/silver/services/wireguard.nix @@ -9,6 +9,7 @@ in { sops.secrets."svc-wireguard-key" = {}; sops.secrets."svc-wireguard-psk-0-2" = {}; sops.secrets."svc-wireguard-psk-1-1" = {}; + sops.secrets."svc-wireguard-psk-2-1" = {}; boot.kernel.sysctl."net.ipv4.ip_forward" = true; @@ -50,6 +51,11 @@ in { allowedIPs = ["10.193.1.1/32"]; presharedKeyFile = config.sops.secrets."svc-wireguard-psk-1-1".path; } + { + publicKey = "E+cApvpWOfwehlwDxA8paR/fWZq8iozSofTSRA7dBx0="; + allowedIPs = ["10.193.2.1/32"]; + presharedKeyFile = config.sops.secrets."svc-wireguard-psk-2-1".path; + } ]; }; }; diff --git a/secrets/silver.yaml b/secrets/silver.yaml index b7fd842..4afe565 100644 --- a/secrets/silver.yaml +++ b/secrets/silver.yaml @@ -10,6 +10,7 @@ svc-nebula-key: ENC[AES256_GCM,data:FV5KD4pMAXN1VBh93M3sDN5qb/B2SCGXKnfi+IMLcCKL svc-wireguard-key: ENC[AES256_GCM,data:dmxJ07UnQAtet4RtlVXEMFLVKxOU44XQcUW7h7UPbLG9chiQeXGkZkkTihs=,iv:bEA9+DYDBLo1dgrCSrIpa1ig9JJEtXeJF5ZmtdsAO3s=,tag:tyLB5Dd9uolalSzddC608A==,type:str] svc-wireguard-psk-0-2: ENC[AES256_GCM,data:0sTGYa3HUe70hYJZnPy9w0iG37aRDTplmdvGdc5C8KN8Dg5XbVc2CmVS1r4=,iv:9Dnr3BYhzKKOZ7S565HY4CkhgPv1JEd3Zk7662/cd9s=,tag:Dd0BLrIjfX0F2lBan59jUg==,type:str] svc-wireguard-psk-1-1: ENC[AES256_GCM,data:YbxjRleUWTr1+rZyzZ+5vB9Po/V0T1mYhH+H8igjascGV/Oo4lPn1xoYqLg=,iv:+fcWdpRqR7GU5UXug+6GCX9Be5DoE944T5PIm0csgEU=,tag:3mGEL3KYjfSJ9uM+i6Wirg==,type:str] +svc-wireguard-psk-2-1: ENC[AES256_GCM,data:+80iLdsHE0rtM1rVb4xUfzOwpMSOqgxtuKWg4d7Kj7kDuvrCrHPX83NruNo=,iv:HDfGq2o41qTyUU3PwfUvJJcb88JIcbW3yrfqRY8lBxY=,tag:+jWwRf5vqSriCOKdOu3Qag==,type:str] sops: age: - recipient: age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj @@ -31,7 +32,7 @@ sops: MXdERWkyRitkbWtHMnpQaGxhbTRma2cK75S4x9TdquXAV00m9EQ1vJno14YTmPD4 K8ne37brRWWi3gW6JsaOQOshNE19u4uwkAXZ2IQ+NdAq7Kt/qrcU8w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-10T00:53:55Z" - mac: ENC[AES256_GCM,data:KOs621LpjHZCoMhcTv1r5XQn3wGv18HSBIuGOsgqx8V9SZQE8a5mFKqPHw7eVRhD0sXa0tZrsdRGyjuYBrQ/W1Ay5iiehg00RICfthx9ON0sAxam8nJpUAV5fnmW57yj3OQfNQWgivsRy18bTUMUZ2WxNTGTk7iUW1oLuKXZW6Y=,iv:BYonX1N3Rdg8FNtkRmd+kGNhg/j9kN5fyG7NQRz4V+U=,tag:8Lc/Ql5Azl4el0ZvHm7Zag==,type:str] + lastmodified: "2025-05-10T21:20:57Z" + mac: ENC[AES256_GCM,data:DW6JeUzmMBOTvf6ryn943ZzbQ8785cPERuCALUdd9AS+SfbXwSOrHB8O+P8CFOFhgEyQZAxTX3s/Zgf7kXrNkZw42GOebdHIK/GN4ZVcY//RJ9muuYPrnniBe158vGzqBtq73tZRKIyp725hhfEc+vISsQ4c6023dPpToFQQH6w=,iv:himdgdJFnQVyowYcqiJcWd44XIWI3ToPeVV2tXfFhGg=,tag:8gO8KJk88sCp0lj+kPlOGg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2