diff --git a/common.nix b/common.nix index 4edbb45..1cf1c91 100644 --- a/common.nix +++ b/common.nix @@ -11,9 +11,7 @@ #enable = true; networks = { }; }; - nameservers = [ - "192.168.88.251" - ]; + nameservers = [ "192.168.88.251" ]; networkmanager.enable = true; }; @@ -95,22 +93,20 @@ }; networking.hosts = { - "192.168.88.251" = (builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts) + "192.168.88.251" = + (builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts) ++ [ "dns" + "ldap.it3" self.nixosConfigurations.mio-mio-mate.config.networking.hostName ]; - "192.168.88.252" = [ - self.nixosConfigurations.club-mate.config.networking.hostName - ]; + "192.168.88.252" = [ self.nixosConfigurations.club-mate.config.networking.hostName ]; "192.168.88.253" = [ self.nixosConfigurations.flora-mate.config.networking.hostName "ap" "minecraft" ]; - "192.168.88.1" = [ - "router" - ]; + "192.168.88.1" = [ "router" ]; }; programs = { diff --git a/systems/mio-mio-mate/default.nix b/systems/mio-mio-mate/default.nix index 43e70a6..3f61d4d 100644 --- a/systems/mio-mio-mate/default.nix +++ b/systems/mio-mio-mate/default.nix @@ -85,9 +85,7 @@ settings = { server = { systemTrayEnabled = true; - extensionRepos = [ - "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json" - ]; + extensionRepos = [ "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json" ]; webUIEnabled = true; initialOpenInBrowserEnabled = true; webUIInterface = "browser"; @@ -102,4 +100,105 @@ authType = "none"; baseUrl = "http://rss.it3"; }; + + services.openldap = { + enable = true; + + # enable plain connections only + urlList = [ "ldap:///" ]; + + settings = { + attrs = { + olcLogLevel = "conns config"; + }; + + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + ]; + + "olcDatabase={1}mdb".attrs = { + objectClass = [ + "olcDatabaseConfig" + "olcMdbConfig" + ]; + + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; + + olcSuffix = "dc=ldap,dc=it3"; + + # your admin account, do not use writeText on a production system + olcRootDN = "cn=admin,dc=ldap,dc=it3"; + olcRootPW.path = pkgs.writeText "olcRootPW" "pass"; + + olcAccess = [ + # custom access rules for userPassword attributes + '' + {0}to attrs=userPassword + by self write + by anonymous auth + by * none'' + + # allow read on anything else + '' + {1}to * + by * read'' + ]; + }; + }; + }; + }; + + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + nsswins = true; + package = pkgs.sambaFull; + extraConfig = '' + workgroup = WORKGROUP + server string = smbnix + netbios name = smbnix + security = user + #use sendfile = yes + #max protocol = smb2 + # note: localhost is the ipv6 localhost ::1 + hosts allow = 192.168.0. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + public = { + path = "/mnt/Shares/Public"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "username"; + "force group" = "groupname"; + }; + private = { + path = "/mnt/Shares/Private"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "username"; + "force group" = "groupname"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + networking.firewall.allowPing = true; }