alpine: add samba for public jellyfin library

2025-08-05 14:37:57 +01:00 · 2025-08-05 14:37:57 +01:00 · 19811d6854
commit 19811d6854
parent b5f1220ea9
4 changed files with 63 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -84,6 +84,7 @@
      alpine = mkConf {
        nixos-modules = [
          ./hardware/alpine.nix
          ./nixos/services/fail2ban.nix
          ./nixos/services/anki.nix
          ./nixos/services/forgejo.nix
          ./nixos/services/vaultwarden.nix
@ -99,6 +100,7 @@
          ./nixos/services/authentik.nix
          ./nixos/services/monero.nix
          ./nixos/services/arr.nix
          ./nixos/services/samba.nix
        ];
      };
--- a/nixos/services/fail2ban.nix
+++ b/nixos/services/fail2ban.nix
@ -0,0 +1,5 @@
 {...}: {
  services.fail2ban = {
    enable = true;
  };
 }
--- a/nixos/services/loki.nix
+++ b/nixos/services/loki.nix
@ -48,6 +48,9 @@ in {
  ];
  services.alloy = {
    enable = true;
    extraFlags = [
      "--server.http.listen-addr=100.106.241.122:12345"
    ];
  };
  environment.etc."alloy/config.alloy" = {
    text = ''
@ -79,7 +82,7 @@ in {
        endpoint {
          url = "http://localhost:3100/loki/api/v1/push"
        }
-        max_streams = 24
+        max_streams = 64
      }
    '';
--- a/nixos/services/samba.nix
+++ b/nixos/services/samba.nix
@ -0,0 +1,52 @@
 {...}: {
  users.users.guest = {
    extraGroups = ["media"];
    isNormalUser = true;
  };
  services.samba = {
    enable = true;
    openFirewall = true;
    settings = {
      global = {
        "workgroup" = "WORKGROUP";
        "server string" = "Tristan's Media Server";
        "netbios name" = "alpine";
        "security" = "user";
        #"use sendfile" = "yes";
        #"max protocol" = "smb2";
        # note: localhost is the ipv6 localhost ::1
        "hosts allow" = "192.168.1. 127.0.0.1 localhost";
        "hosts deny" = "0.0.0.0/0";
        "guest account" = "guest";
        "map to guest" = "bad user";
      };
      "Music" = {
        "path" = "/mnt/storage/media/Public/";
        "browseable" = "yes";
        "read only" = "no";
        "guest ok" = "yes";
        "guest only" = "yes";
        "create mask" = "0644";
        "directory mask" = "0755";
      };
    };
  };
  services.samba-wsdd = {
    enable = true;
    openFirewall = true;
  };
  services.avahi = {
    publish.enable = true;
    publish.userServices = true;
    # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
    nssmdns4 = true;
    # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
    enable = true;
    openFirewall = true;
  };
  networking.firewall.enable = true;
  networking.firewall.allowPing = true;
 }