more organization, or maybe disorganization...

modules/samba/default.nix

@@ -0,0 +1,67 @@
+{ lib, pkgs, config, ... }:
+with lib;
+let
+  cfg = config.nas-samba;
+in {
+  imports = [
+    ./options.nix
+  ];
+
+  config = mkIf cfg.enable {
+    # make shares visible for Windows clients
+    services.samba-wsdd = {
+      enable = true;
+      openFirewall = true;
+    };
+
+    services.netatalk = {
+      enable = cfg.enableTimeMachine;
+      settings = {
+        time-machine = {
+          path = cfg.timeMachinePath;
+          "valid users" = "whoever";
+          "time machine" = cfg.enableTimeMachine;
+        };
+      };
+    };
+    
+    services.samba = {
+      enable = true;
+      securityType = "user";
+      openFirewall = true;
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = smbnix
+        netbios name = smbnix
+        security = user 
+        #use sendfile = yes
+        #max protocol = smb2
+        # note: localhost is the ipv6 localhost ::1
+        hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
+        hosts deny = 0.0.0.0/0
+        guest account = nobody
+        map to guest = bad user
+      '';
+      shares = 
+        let
+          make = name: share: nameValuePair "${name}"
+            {
+              path = share.sharePath;
+              public = if share.enableTimeMachine then false else share.public;
+              private = if !share.public || share.enableTimeMachine then "yes" else "no";
+              browseable = if share.browseable then "yes" else "no";
+              writable = "yes";
+              "read only" = if share.readOnly then "yes" else "no";
+              "guest ok" = if share.guestOk then "yes" else "no";
+              "create mask" = share.createMask;
+              "directory mask" = share.directoryMask;
+              "fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
+              "fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
+              "vfs objects" = "catia fruit streams_xattr";
+              "fruit:time machine max size" = share.timeMachineMaxSize;
+            };
+        in
+        mapAttrs' make cfg.shares;
+    };
+  };
+}

modules/samba/options.nix

@@ -0,0 +1,70 @@
+{ lib, ... }:
+with lib;
+{
+  options.nas-samba = {
+    enable = mkEnableOption "nas samba service";
+    
+    autoStart = mkOption {
+      type = types.bool;
+      default = true;
+    };
+    enableTimeMachine = mkOption {
+      type = types.bool;
+      default = false;
+    };
+    timeMachinePath = mkOption {
+      type = types.str;
+      default = "";
+    };
+    hostsAllow = mkOption {
+      type = types.str;
+      default = "";
+    };
+
+    shares = mkOption {
+      type = types.attrsOf (types.submodule
+        {
+          options = {
+            public = mkOption {
+              type = types.bool;
+              default = false;
+            };
+            sharePath = mkOption {
+              type = types.str;
+              default = "";
+            };
+            readOnly = mkOption {
+              type = types.bool;
+              default = false;
+            };
+            browseable = mkOption {
+              type = types.bool;
+              default = true;
+            };
+            guestOk = mkOption {
+              type = types.bool;
+              default = true;
+            };
+            createMask = mkOption {
+              type = types.str;
+              default = "0644";
+            };
+            directoryMask = mkOption {
+              type = types.str;
+              default = "0755";
+            };
+            enableTimeMachine = mkOption {
+              type = types.bool;
+              default = false;
+            };
+            timeMachineMaxSize = mkOption {
+              type = types.str;
+              default = "0K";
+            };
+          };
+        }
+      );
+      default = { };
+    };
+  };
+}