temp fix macos samba

hosts/nas/apps/nextcloud/default.nix

@@ -6,13 +6,18 @@ let
   nextcloudUserId = config.users.users.nix-apps.uid;
   nextcloudGroupId = config.users.groups.jallen-nas.gid;
   nextcloudPackage = pkgs.unstable.nextcloud31;
+  hostAddress = "10.0.1.18";
+  localAddress = "10.0.2.18";
+  nextcloudPortExtHttp = 9988;
+  nextcloudPortExtHttps = 9943;
+  onlyofficePortExt = 9943;
 in
 {
   containers.nextcloud = {
     autoStart = true;
     privateNetwork = true;
-    hostAddress = "10.0.1.18";
+    hostAddress = hostAddress;
-    localAddress = "10.0.2.18";
+    localAddress = localAddress;
 
     bindMounts = {
       secrets = {
@@ -52,7 +57,7 @@ in
         imports = [ ../../../../share/nvidia ];
         nixpkgs.config.allowUnfree = true;
         networking.extraHosts = ''
-            10.0.1.18 host.containers protonmail-bridge
+            ${hostAddress} host.containers protonmail-bridge
           '';
 
         services = {
@@ -83,14 +88,14 @@ in
               upgrade.disable-web = false;
               datadirectory = "/data";
               trusted_domains = [
-                "10.0.1.18:9988"
+                "${hostAddress}:${toString nextcloudPortExtHttp}"
-                "10.0.1.18:9943"
+                "${hostAddress}:${toString nextcloudPortExtHttps}"
-                "10.0.2.18:80"
+                "${localAddress}:80"
-                "10.0.2.18:443"
+                "${localAddress}:443"
                 "cloud.mjallen.dev"
               ];
               opcache.interned_strings_buffer = 16;
-              trusted_proxies = [ "10.0.1.18" ];
+              trusted_proxies = [ hostAddress ];
               maintenance_window_start = 6;
               default_phone_region = "US";
               enable_previews = true;
@@ -123,7 +128,7 @@ in
 
         services.onlyoffice = {
           enable = true;
-          port = 9980;
+          port = onlyofficePortExt;
           hostname = "office.mjallen.dev";
           jwtSecretFile = jwtSecretFile;
         };
@@ -198,7 +203,7 @@ in
             allowedTCPPorts = [
               80
               443
-              9980
+              onlyofficePortExt
             ];
           };
           # Use systemd-resolved inside the container
@@ -214,20 +219,20 @@ in
     nat = {
       forwardPorts = [
         {
-          destination = "10.0.2.18:443";
+          destination = "${localAddress}:443";
-          sourcePort = 9943;
+          sourcePort = nextcloudPortExtHttps;
         }
         {
-          destination = "10.0.2.18:80";
+          destination = "${localAddress}:80";
-          sourcePort = 9988;
+          sourcePort = nextcloudPortExtHttp;
         }
         {
-          destination = "10.0.2.18:8000";
+          destination = "${localAddress}:8000";
           sourcePort = 8000;
         }
         {
-          destination = "10.0.2.18:9980";
+          destination = "${localAddress}:${toString onlyofficePortExt}";
-          sourcePort = 9980;
+          sourcePort = onlyofficePortExt;
         }
       ];
     };

hosts/nas/services.nix

@@ -185,6 +185,21 @@ in
     };
   };
 
+  # TODO move to normal samba settings
+  services.samba.settings.global = {
+    "workgroup" = "WORKGROUP";
+    "server string" = "Jallen-NAS";
+    "netbios name" = "Jallen-NAS";
+    "security" = "user";
+    #"use sendfile" = "yes";
+    #"max protocol" = "smb2";
+    # note: localhost is the ipv6 localhost ::1
+    "hosts allow" = "10.0.1. 127.0.0.1 localhost";
+    "hosts deny" = "0.0.0.0/0";
+    "guest account" = "nobody";
+    "map to guest" = "bad user";
+  };
+
   systemd.services = {
     btrfs-balance = {
       description = "BTRFS Balance Service";

modules/samba/default.nix

@@ -30,6 +30,8 @@ in
     services.samba = {
       enable = true;
       openFirewall = true;
+      nsswins = true;
+      nmbd.enable = true;
       settings =
         let
           make =