samba

modules/nixos/services/samba/default.nix

@@ -7,52 +7,44 @@
 with lib;
 let
   cfg = config.${namespace}.samba;
-  sambaShares =
+
+  makeShare =
+    name: share:
     let
-      make =
-        name: share:
-        nameValuePair "${name}" {
-          path = share.sharePath;
-          public = if share.enableTimeMachine then "no" else "yes";
-          browseable = if share.browseable then "yes" else "no";
-          writable = "yes";
-          "force group" = "jallen-nas";
-          "read only" = if share.readOnly then "yes" else "no";
-          "guest ok" = if share.guestOk then "yes" else "no";
-          "create mask" = share.createMask;
-          "directory mask" = share.directoryMask;
-          "fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
-          "fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
-          "vfs objects" = "catia fruit streams_xattr";
-          "fruit:time machine max size" = share.timeMachineMaxSize;
-        };
+      isTimeMachine = share.enableTimeMachine;
+      baseAttrs = {
+        path = share.sharePath;
+        browseable = if share.browseable then "yes" else "no";
+        "read only" = if share.readOnly then "yes" else "no";
+        "guest ok" = if share.guestOk then "yes" else "no";
+        "create mask" = share.createMask;
+        "directory mask" = share.directoryMask;
+      }
+      // optionalAttrs (cfg.forceGroup != "") { "force group" = cfg.forceGroup; };
+
+      timeMachineAttrs = {
+        "vfs objects" = "catia fruit streams_xattr";
+        "fruit:aapl" = "yes";
+        "fruit:time machine" = "yes";
+      }
+      // optionalAttrs (share.timeMachineMaxSize != "") {
+        "fruit:time machine max size" = share.timeMachineMaxSize;
+      };
     in
-    mapAttrs' make cfg.shares;
+    nameValuePair name (baseAttrs // optionalAttrs isTimeMachine timeMachineAttrs);
+
+  sambaShares = mapAttrs' makeShare cfg.shares;
 in
 {
   imports = [ ./options.nix ];
 
   config = mkIf cfg.enable {
-    # make shares visible for Windows clients
+    # Make shares visible for Windows clients via WS-Discovery
     services.samba-wsdd = {
       enable = true;
       openFirewall = true;
     };
 
-    services.netatalk = {
-      enable = cfg.enableTimeMachine;
-      settings = {
-        time-machine = {
-          path = cfg.timeMachinePath;
-          "valid users" = "whoever";
-          "time machine" = cfg.enableTimeMachine;
-        };
-      };
-    };
-
-    networking.firewall.enable = true;
-    networking.firewall.allowPing = true;
-
     services.samba = {
       enable = true;
       openFirewall = true;
@@ -60,17 +52,19 @@ in
       nmbd.enable = true;
       settings = {
         global = {
-          "workgroup" = "WORKGROUP";
-          "server string" = "Jallen-NAS";
-          "netbios name" = "Jallen-NAS";
-          "security" = "user";
-          #"use sendfile" = "yes";
-          #"max protocol" = "smb2";
-          # note: localhost is the ipv6 localhost ::1
-          "hosts allow" = "10.0.1. 127.0.0.1 localhost";
+          workgroup = "WORKGROUP";
+          "server string" = config.networking.hostName;
+          "netbios name" = config.networking.hostName;
+          security = "user";
+          "hosts allow" = cfg.hostsAllow;
           "hosts deny" = "0.0.0.0/0";
           "guest account" = "nobody";
           "map to guest" = "bad user";
+        }
+        // optionalAttrs cfg.enableTimeMachine {
+          # Required globals for macOS Time Machine over SMB3
+          "fruit:aapl" = "yes";
+          "fruit:model" = "MacSamba";
         };
       }
       // sambaShares;