{ lib, namespace, ... }: with lib; { options.${namespace}.samba = { enable = mkEnableOption "NAS samba service"; hostsAllow = mkOption { type = types.str; default = "127.0.0.1 localhost"; description = "Space-separated list of hosts/subnets allowed to connect (e.g. \"10.0.1. 127.0.0.1 localhost\")."; }; forceGroup = mkOption { type = types.str; default = ""; description = "If non-empty, force all file creation to use this group."; }; enableTimeMachine = mkOption { type = types.bool; default = false; description = "Whether to enable Time Machine support via SMB3."; }; timeMachinePath = mkOption { type = types.str; default = ""; description = "Path to the Time Machine backup directory (used as the default Time Machine share path)."; }; shares = mkOption { type = types.attrsOf ( types.submodule { options = { sharePath = mkOption { type = types.str; default = ""; description = "Absolute path on disk to expose as this share."; }; readOnly = mkOption { type = types.bool; default = false; description = "Whether the share is read-only."; }; browseable = mkOption { type = types.bool; default = true; description = "Whether the share appears in network browse lists."; }; guestOk = mkOption { type = types.bool; default = true; description = "Whether unauthenticated (guest) access is permitted."; }; createMask = mkOption { type = types.str; default = "0664"; description = "Permission mask applied to newly created files."; }; directoryMask = mkOption { type = types.str; default = "0775"; description = "Permission mask applied to newly created directories."; }; enableTimeMachine = mkOption { type = types.bool; default = false; description = "Whether this share is a Time Machine target."; }; timeMachineMaxSize = mkOption { type = types.str; default = ""; description = "Maximum size for this Time Machine share (e.g. \"1T\"). Empty means unlimited."; }; }; } ); default = { }; description = "Attribute set of Samba shares to export."; }; }; }