blob: 86f768662d5c06fd108e49a3ae17414ddc5c0679 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
hostname = config.krebs.build.host.name;
# TODO local-ip from the nets config
local-ip = "192.168.1.11";
# local-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
in {
krebs.nginx = {
enable = mkDefault true;
servers = {
omo-share = {
listen = [ "${local-ip}:80" ];
locations = singleton (nameValuePair "/" ''
access_log off;
# sendfile off;
# tcp_nopush on;
# aio on;
sendfile on;
sendfile_max_chunk 512k;
directio 512;
mp4;
autoindex on;
root /media;
limit_rate_after 100m;
limit_rate 5m;
mp4_buffer_size 4M;
mp4_max_buffer_size 10M;
allow all;
access_log off;
keepalive_timeout 65;
keepalive_requests 200;
reset_timedout_connection on;
tcp_nopush on;
gzip off;
'');
};
};
};
# samba share /media/crypt1/share
users.users.smbguest = {
name = "smbguest";
uid = config.ids.uids.smbguest;
description = "smb guest user";
home = "/var/empty";
};
services.samba = {
enable = true;
shares = {
winshare = {
path = "/media/crypt1/share";
"read only" = "no";
browseable = "yes";
"guest ok" = "yes";
};
emu = {
path = "/media/crypt1/emu";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
usenet = {
path = "/media/crypt0/usenet/dst";
"read only" = "yes";
browseable = "yes";
"guest ok" = "yes";
};
crypt0-rw = {
path = "/media/crypt0/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "makefu";
};
crypt1-rw = {
path = "/media/crypt1/";
"read only" = "no";
browseable = "yes";
"guest ok" = "no";
"valid users" = "makefu";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
};
}
|
