{ lib, config, ... }: with lib; let cfg = config.nas-samba; in { imports = [ ./options.nix ]; config = mkIf cfg.enable { # make shares visible for Windows clients services.samba-wsdd = { enable = true; openFirewall = true; }; services.netatalk = { enable = cfg.enableTimeMachine; settings = { time-machine = { path = cfg.timeMachinePath; "valid users" = "whoever"; "time machine" = cfg.enableTimeMachine; }; }; }; networking.firewall.enable = true; networking.firewall.allowPing = true; services.samba = { enable = true; openFirewall = true; # settings = { # create-mode = 664; # force directory mode = 2770 # workgroup = WORKGROUP # server string = jallen-nas # netbios name = jallen-nas # security = user # #use sendfile = yes # #max protocol = smb2 # # note: localhost is the ipv6 localhost ::1 # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost # hosts deny = 0.0.0.0/0 # guest account = nobody # map to guest = bad user # usershare allow guests = yes # }; settings = let make = name: share: nameValuePair "${name}" { path = share.sharePath; public = if share.enableTimeMachine then "no" else "yes"; private = if !share.public || share.enableTimeMachine then "yes" else "no"; browseable = if share.browseable then "yes" else "no"; writable = "yes"; "force group" = "jallen-nas"; "read only" = if share.readOnly then "yes" else "no"; "guest ok" = if share.guestOk then "yes" else "no"; "create mask" = share.createMask; "directory mask" = share.directoryMask; "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; "vfs objects" = "catia fruit streams_xattr"; "fruit:time machine max size" = share.timeMachineMaxSize; }; in mapAttrs' make cfg.shares; }; }; }