From 1bb2b7c194aa5ec35bce360849b5725a9edd3eaf Mon Sep 17 00:00:00 2001 From: sid Date: Sun, 17 May 2026 18:54:10 +0200 Subject: [PATCH] replace webdav with samba --- constants.nix | 4 -- hosts/rx4/secrets/secrets.yaml | 7 +-- hosts/rx4/services/default.nix | 2 +- hosts/rx4/services/samba.nix | 27 +++++++++++ hosts/rx4/services/webdav.nix | 86 ---------------------------------- hosts/sid/services/coredns.nix | 1 - hosts/sid/services/nginx.nix | 8 ---- hosts/sid/services/step-ca.nix | 1 - 8 files changed, 30 insertions(+), 106 deletions(-) create mode 100644 hosts/rx4/services/samba.nix delete mode 100644 hosts/rx4/services/webdav.nix diff --git a/constants.nix b/constants.nix index 3dc7ded..d49999c 100644 --- a/constants.nix +++ b/constants.nix @@ -49,9 +49,5 @@ rec { fqdn = "pw." + intranet; port = 8222; }; - webdav = { - fqdn = "dav." + intranet; - port = 8080; - }; }; } diff --git a/hosts/rx4/secrets/secrets.yaml b/hosts/rx4/secrets/secrets.yaml index 0aa47f7..a591f81 100644 --- a/hosts/rx4/secrets/secrets.yaml +++ b/hosts/rx4/secrets/secrets.yaml @@ -13,9 +13,6 @@ syncthing: gui-pw: ENC[AES256_GCM,data:mN4rxYr5DZgvbpIkwSFIuPvviJE=,iv:Kyl3mZFOejVwEwBCKteJQpgbCosREp9C4T4JYhWz6KQ=,tag:6myk9lr/44CH/hyUPgRH0Q==,type:str] forgejo-runner: token: ENC[AES256_GCM,data:DZgi6ocpV0MplgQ6Et85vHxmkMfC4qYbLLdyRuj/4z8tJauz1w6DUQ==,iv:+SZYsv6sDn2Nc1WxhTn0dJGN9nXYZw16/HVtXJGXpHc=,tag:8Oa5mC7cUy85+lXHbRcCcg==,type:str] -webdav: - user: ENC[AES256_GCM,data:vCLx,iv:Nra/FprNfd02HpvqOb5uYK+IGRFHhNwnFXWrX71c0C0=,tag:TjbKKOKBTq31o/5MxmqIsA==,type:str] - pass: ENC[AES256_GCM,data:jfIoob6R6OhqKa2EujRzTQbvIlA=,iv:HvB088H2Z2uLCveT4YfNEdkK5VU0lBFD5FrZhx79fg0=,tag:1RnrfeUEURx0C575GTxi9A==,type:str] vaultwarden: admin-token: ENC[AES256_GCM,data:HhD0xNZ/Ep7pCOX1j6p/M/ZZ3gs=,iv:7QT71KlYz+HQYBhiRavpiXS9sNS2PoJiM/WkxM3Hk/g=,tag:SYTRWpyA2+WMSMiRM8mvew==,type:str] smtp-password: ENC[AES256_GCM,data:eQo7op5+74EID6689hL0/J1pq2s=,iv:JqrEqxabWGydRuJJ/27e1q+4YnQhTQ1bKRSsOvjQ+bE=,tag:weqnrhqK+LGEfAacBcuPUA==,type:str] @@ -39,7 +36,7 @@ sops: NE5yK3ZaOG5PdXNSUnlIUmFSSmRFancKk57hCmo79HvI3hzzgQvgOK7oK5/dcQR8 f3R4OGF5+212VXEHR/hAEbKzV7CY4y6HhFyrGZ9bUKm1RrxtnVqUyA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-02T17:10:11Z" - mac: ENC[AES256_GCM,data:uf5TqZaevyUUjW6pM6K8c4CZFFdwTXFGIaHmYr5Q4XFR1uW3kBsVLeQKxq26duLuQ4UiZkUpW27a/PW797Z+iIpBdqbnoQ35q7RnOW+GpnAv8TaRW1PpqQ+JR3/R0LMXsi3cMt7ioG2ad1bIHztiNz+SmePiv3Yt9WxQ7PIqBdY=,iv:dAzuyKSo0OW+j02AH0chCdLBm7Wv6PZgqZrEWhEVnxQ=,tag:k6EKWHHY4fwTd03d4TVcNg==,type:str] + lastmodified: "2026-05-17T16:35:00Z" + mac: ENC[AES256_GCM,data:U2WT4ENx8I9sr3byj7fQjv3H+mQTlhTI1HL9tufryKcUGjvb35ChwkIBcvEiYLa8udOR631sWwN4dCqZ4qwtCQ3MNjR8s1P6HqhzXeAPwyxfMLPZG1mbKXvYpamkxAOq8RxVHnVsPbrvFsxc57J11SI5IUfWT5T5GPQyJ+U8gMs=,iv:/xDaNV0fgKf9z+sql4BwwyIO/LQhRm3TrMhgaYZsPuE=,tag:Y0bfT1ZuiJ05F/+EwyzbSg==,type:str] unencrypted_suffix: _unencrypted version: 3.12.1 diff --git a/hosts/rx4/services/default.nix b/hosts/rx4/services/default.nix index a61584e..6cb2dc6 100644 --- a/hosts/rx4/services/default.nix +++ b/hosts/rx4/services/default.nix @@ -19,10 +19,10 @@ ./open-webui-oci.nix ./print-server.nix ./rsshub-oci.nix + ./samba.nix ./vaultwarden.nix # ./alditalk-extender.nix # FIXME - # ./webdav.nix # FIXME ]; # bootstrap diff --git a/hosts/rx4/services/samba.nix b/hosts/rx4/services/samba.nix new file mode 100644 index 0000000..2696005 --- /dev/null +++ b/hosts/rx4/services/samba.nix @@ -0,0 +1,27 @@ +{ config, ... }: + +{ + services.samba = { + enable = true; + openFirewall = false; + nmbd.enable = false; + winbindd.enable = false; + settings = { + global = { + workgroup = "WORKGROUP"; + "server string" = config.networking.hostName; + security = "user"; + "map to guest" = "Bad User"; + "guest account" = "nobody"; + }; + share = { + path = "/home/sid"; + browseable = "yes"; + "read only" = "yes"; + "guest ok" = "yes"; + "force user" = "sid"; + "directory mask" = "0750"; + }; + }; + }; +} diff --git a/hosts/rx4/services/webdav.nix b/hosts/rx4/services/webdav.nix deleted file mode 100644 index 46d01a9..0000000 --- a/hosts/rx4/services/webdav.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ constants, config, ... }: - -# FIXME: floccus throws error: NetworkError when attempting to fetch resource. - -let - cfg = config.services.webdav; - - inherit (constants.services.webdav) fqdn port; -in -{ - services.webdav = { - enable = true; - environmentFile = config.sops.templates."webdav/env-file".path; - - settings = { - inherit port; - address = "127.0.0.1"; - prefix = "/"; - directory = "/srv/webdav"; - users = [ - { - username = "{env}WEBDAV_USER"; - password = "{env}WEBDAV_PASS"; - permissions = "CRUD"; - } - ]; - }; - }; - - systemd.tmpfiles.rules = [ - "d ${cfg.settings.directory} 0750 ${cfg.user} ${cfg.group} -" - ]; - - networking.firewall.allowedTCPPorts = [ port ]; - - services.nginx = { - enable = true; - virtualHosts."${fqdn}" = { - listen = [ - { - addr = "0.0.0.0"; - inherit port; - } - ]; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; - extraConfig = '' - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth' always; - - if ($request_method = 'OPTIONS') { - add_header 'Access-Control-Allow-Origin' '*'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth'; - return 204; - } - ''; - }; - }; - }; - - sops = - let - owner = cfg.user; - group = cfg.group; - mode = "0400"; - in - { - secrets = { - "webdav/user" = { - inherit owner group mode; - }; - "webdav/pass" = { - inherit owner group mode; - }; - }; - templates."webdav/env-file" = { - inherit owner group mode; - content = '' - WEBDAV_USER=${config.sops.placeholder."webdav/user"} - WEBDAV_PASS=${config.sops.placeholder."webdav/pass"} - ''; - }; - }; -} diff --git a/hosts/sid/services/coredns.nix b/hosts/sid/services/coredns.nix index c7af795..13c3096 100644 --- a/hosts/sid/services/coredns.nix +++ b/hosts/sid/services/coredns.nix @@ -20,7 +20,6 @@ ${hosts.sid.ip} ${services.netdata.fqdn} ${hosts.sid.ip} ${services.vaultwarden.fqdn} - ${hosts.sid.ip} ${services.webdav.fqdn} fallthrough } diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index d1e6227..81eace3 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -91,14 +91,6 @@ in }; }; }; - virtualHosts."${constants.services.webdav.fqdn}" = { - useACMEHost = "sid-internal"; - forceSSL = ssl; - locations."/" = { - proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.webdav.port}"; - proxyWebsockets = true; - }; - }; # FIXME # virtualHosts."print.sid.ovh" = { # enableACME = true; diff --git a/hosts/sid/services/step-ca.nix b/hosts/sid/services/step-ca.nix index d3abb11..21d04d4 100644 --- a/hosts/sid/services/step-ca.nix +++ b/hosts/sid/services/step-ca.nix @@ -82,7 +82,6 @@ in extraDomainNames = [ constants.services.netdata.fqdn # constants.services.vaultwarden.fqdn - constants.services.webdav.fqdn ]; server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; group = "nginx"; -- 2.51.2