Initial commit unclean

2026-01-01 06:44:26 -05:00 · 2025-08-30 20:31:10 +02:00
commit 4ebc8b23fe
50 changed files with 5191 additions and 0 deletions
--- a/modules/server/services.nix
+++ b/modules/server/services.nix
@@ -0,0 +1,114 @@
+{ pkgs, config, lib, inputs,  ...}:
+
+{
+	# figure out how this works
+	services.openldap = {
+		enable = true;
+
+		/* enable plain connections only */
+		urlList = [ "ldap:///" ];
+
+
+		settings = {
+			attrs = {
+				olcLogLevel = "conns config";
+			};
+
+			children = {
+				"cn=schema".includes = [
+					"${pkgs.openldap}/etc/schema/core.ldif"
+					"${pkgs.openldap}/etc/schema/cosine.ldif"
+					"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
+				];
+
+				"olcDatabase={1}mdb".attrs = {
+					objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
+
+					olcDatabase = "{1}mdb";
+					olcDbDirectory = "/var/lib/openldap/data";
+
+					olcSuffix = "dc=example,dc=com";
+
+					/* your admin account, do not use writeText on a production system */
+					olcRootDN = "cn=admin,dc=example,dc=com";
+					olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
+
+					olcAccess = [
+						/* custom access rules for userPassword attributes */
+						''{0}to attrs=userPassword
+				by self write
+				by anonymous auth
+				by * none''
+
+						/* allow read on anything else */
+						''{1}to *
+				by * read''
+					];
+				};
+			};
+		};
+	};
+
+	# Enable all the old services on gullfoss
+	services.postgresql = {
+		enable = true;
+		ensureDatabases = [ "mydatabase" ];
+		authentication = pkgs.lib.mkOverride 10 ''
+	  #type database  DBuser  auth-method
+	  local all       all     trust
+		'';
+	};
+
+	# TODO: need to configure this
+	services.samba = {
+		enable = true;
+		openFirewall = true;
+		settings = {
+			global = {
+				"workgroup" = "WORKGROUP";
+				"server string" = "smbnix";
+				"netbios name" = "smbnix";
+				"security" = "user";
+				#"use sendfile" = "yes";
+				#"max protocol" = "smb2";
+				# note: localhost is the ipv6 localhost ::1
+				"hosts allow" = "192.168.0. 127.0.0.1 localhost";
+				"hosts deny" = "0.0.0.0/0";
+				"guest account" = "nobody";
+				"map to guest" = "bad user";
+			};
+			"public" = {
+				"path" = "/mnt/Shares/Public";
+				"browseable" = "yes";
+				"read only" = "no";
+				"guest ok" = "yes";
+				"create mask" = "0644";
+				"directory mask" = "0755";
+				"force user" = "username";
+				"force group" = "groupname";
+			};
+			"private" = {
+				"path" = "/mnt/Shares/Private";
+				"browseable" = "yes";
+				"read only" = "no";
+				"guest ok" = "no";
+				"create mask" = "0644";
+				"directory mask" = "0755";
+				"force user" = "username";
+				"force group" = "groupname";
+			};
+		};
+	};
+
+	services.samba-wsdd = {
+		enable = true;
+		openFirewall = true;
+	};
+
+	services.cron = {
+		enable = true;
+		systemCronJobs = [
+			"*/5 * * * *      root    date >> /tmp/cron.log"
+		];
+	};
+}