{ lib, pkgs, config, ... }: with lib; let cfg = config.nas-samba; in { imports = [ ./options.nix ]; config = mkIf cfg.enable { # make shares visible for Windows clients services.samba-wsdd = { enable = true; openFirewall = true; }; services.netatalk = { enable = cfg.enableTimeMachine; settings = { time-machine = { path = cfg.timeMachinePath; "valid users" = "whoever"; "time machine" = cfg.enableTimeMachine; }; }; }; services.samba = { enable = true; securityType = "user"; openFirewall = true; extraConfig = '' workgroup = WORKGROUP server string = smbnix netbios name = smbnix security = user #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; shares = let make = name: share: nameValuePair "${name}" { path = share.sharePath; public = if share.enableTimeMachine then "no" else "yes"; private = if !share.public || share.enableTimeMachine then "yes" else "no"; browseable = if share.browseable then "yes" else "no"; writable = "yes"; "read only" = if share.readOnly then "yes" else "no"; "guest ok" = if share.guestOk then "yes" else "no"; "create mask" = share.createMask; "directory mask" = share.directoryMask; "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; "vfs objects" = "catia fruit streams_xattr"; "fruit:time machine max size" = share.timeMachineMaxSize; }; in mapAttrs' make cfg.shares; }; }; }