system-manager-wakasu
1{
2 libx,
3 globals,
4 ...
5}:
6{
7 imports = [
8 ../common/services/samba.nix
9 ../common/services/prometheus-exporters-node.nix
10 ];
11
12 networking.firewall.enable = false;
13
14 # TODO make it an option ? (otherwise I'll add it for all)
15 users.users.vincent.linger = true;
16
17 services = {
18 samba.settings."vincent" = {
19 path = "/data/share";
20 public = true;
21 browseable = "yes";
22 "read only" = "no";
23 "guest ok" = "yes";
24 writable = true;
25 comment = "Vincent's share";
26 "create mask" = "0644";
27 "directory mask" = "0755";
28 "force user" = "vincent";
29 "force group" = "users";
30 };
31 wireguard = {
32 enable = true;
33 ips = libx.wg-ips globals.machines.aix.net.vpn.ips;
34 endpoint = "${globals.net.vpn.endpoint}";
35 endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
36 };
37 };
38
39 # TODO: could be enable by default for all ?
40 security.pam.enableSSHAgentAuth = true;
41}