lf3/server-conf
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

enable samba and ldap

Browse source
This commit is contained in:
jopejoe1 2024-05-01 13:09:04 +02:00
parent 27b1c639dd
commit af31ba32e7
2 changed files with 108 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
common.nix
View file

@ -11,9 +11,7 @@
#enable = true;
networks = { };
};
nameservers = [
"192.168.88.251"
];
nameservers = [ "192.168.88.251" ];
networkmanager.enable = true;
};
@ -95,22 +93,20 @@
};
networking.hosts = {
"192.168.88.251" = (builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts)
"192.168.88.251" =
(builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts)
++ [
"dns"
"ldap.it3"
self.nixosConfigurations.mio-mio-mate.config.networking.hostName
];
"192.168.88.252" = [
self.nixosConfigurations.club-mate.config.networking.hostName
];
"192.168.88.252" = [ self.nixosConfigurations.club-mate.config.networking.hostName ];
"192.168.88.253" = [
self.nixosConfigurations.flora-mate.config.networking.hostName
"ap"
"minecraft"
];
"192.168.88.1" = [
"router"
];
"192.168.88.1" = [ "router" ];
};
programs = {

105
systems/mio-mio-mate/default.nix
View file

@ -85,9 +85,7 @@
settings = {
server = {
systemTrayEnabled = true;
extensionRepos = [
"https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"
];
extensionRepos = [ "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json" ];
webUIEnabled = true;
initialOpenInBrowserEnabled = true;
webUIInterface = "browser";
@ -102,4 +100,105 @@
authType = "none";
baseUrl = "http://rss.it3";
};
services.openldap = {
enable = true;
# enable plain connections only
urlList = [ "ldap:///" ];
settings = {
attrs = {
olcLogLevel = "conns config";
};
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={1}mdb".attrs = {
objectClass = [
"olcDatabaseConfig"
"olcMdbConfig"
];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=ldap,dc=it3";
# your admin account, do not use writeText on a production system
olcRootDN = "cn=admin,dc=ldap,dc=it3";
olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
olcAccess = [
# custom access rules for userPassword attributes
''
{0}to attrs=userPassword
by self write
by anonymous auth
by * none''
# allow read on anything else
''
{1}to *
by * read''
];
};
};
};
};
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
nsswins = true;
package = pkgs.sambaFull;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.0. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/mnt/Shares/Public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
private = {
path = "/mnt/Shares/Private";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
networking.firewall.allowPing = true;
}