replace webdav with samba

2026-05-17 18:54:10 +02:00 · 2026-05-17 18:54:10 +02:00 · 1bb2b7c194
commit 1bb2b7c194
parent dab1a39866
8 changed files with 30 additions and 106 deletions
--- a/hosts/rx4/services/default.nix
+++ b/hosts/rx4/services/default.nix
@ -19,10 +19,10 @@
    ./open-webui-oci.nix
    ./print-server.nix
    ./rsshub-oci.nix
+    ./samba.nix
    ./vaultwarden.nix

    # ./alditalk-extender.nix # FIXME
-    # ./webdav.nix # FIXME
  ];

  # bootstrap
--- a/hosts/rx4/services/samba.nix
+++ b/hosts/rx4/services/samba.nix
@ -0,0 +1,27 @@
+{ config, ... }:
+
+{
+  services.samba = {
+    enable = true;
+    openFirewall = false;
+    nmbd.enable = false;
+    winbindd.enable = false;
+    settings = {
+      global = {
+        workgroup = "WORKGROUP";
+        "server string" = config.networking.hostName;
+        security = "user";
+        "map to guest" = "Bad User";
+        "guest account" = "nobody";
+      };
+      share = {
+        path = "/home/sid";
+        browseable = "yes";
+        "read only" = "yes";
+        "guest ok" = "yes";
+        "force user" = "sid";
+        "directory mask" = "0750";
+      };
+    };
+  };
+}
--- a/hosts/rx4/services/webdav.nix
+++ b/hosts/rx4/services/webdav.nix
@ -1,86 +0,0 @@
-{ constants, config, ... }:
-
-# FIXME: floccus throws error: NetworkError when attempting to fetch resource.
-
-let
-  cfg = config.services.webdav;
-
-  inherit (constants.services.webdav) fqdn port;
-in
-{
-  services.webdav = {
-    enable = true;
-    environmentFile = config.sops.templates."webdav/env-file".path;
-
-    settings = {
-      inherit port;
-      address = "127.0.0.1";
-      prefix = "/";
-      directory = "/srv/webdav";
-      users = [
-        {
-          username = "{env}WEBDAV_USER";
-          password = "{env}WEBDAV_PASS";
-          permissions = "CRUD";
-        }
-      ];
-    };
-  };
-
-  systemd.tmpfiles.rules = [
-    "d ${cfg.settings.directory} 0750 ${cfg.user} ${cfg.group} -"
-  ];
-
-  networking.firewall.allowedTCPPorts = [ port ];
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."${fqdn}" = {
-      listen = [
-        {
-          addr = "0.0.0.0";
-          inherit port;
-        }
-      ];
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString port}";
-        extraConfig = ''
-          add_header 'Access-Control-Allow-Origin' '*' always;
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS' always;
-          add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth' always;
-
-          if ($request_method = 'OPTIONS') {
-              add_header 'Access-Control-Allow-Origin' '*';
-              add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS';
-              add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth';
-              return 204;
-          }
-        '';
-      };
-    };
-  };
-
-  sops =
-    let
-      owner = cfg.user;
-      group = cfg.group;
-      mode = "0400";
-    in
-    {
-      secrets = {
-        "webdav/user" = {
-          inherit owner group mode;
-        };
-        "webdav/pass" = {
-          inherit owner group mode;
-        };
-      };
-      templates."webdav/env-file" = {
-        inherit owner group mode;
-        content = ''
-          WEBDAV_USER=${config.sops.placeholder."webdav/user"}
-          WEBDAV_PASS=${config.sops.placeholder."webdav/pass"}
-        '';
-      };
-    };
-}