{ lib, config, ... }: with lib; let cfg = config.nas-samba; sambaShares = let make = name: share: nameValuePair "${name}" { path = share.sharePath; public = if share.enableTimeMachine then "no" else "yes"; browseable = if share.browseable then "yes" else "no"; writable = "yes"; "force group" = "jallen-nas"; "read only" = if share.readOnly then "yes" else "no"; "guest ok" = if share.guestOk then "yes" else "no"; "create mask" = share.createMask; "directory mask" = share.directoryMask; "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; "vfs objects" = "catia fruit streams_xattr"; "fruit:time machine max size" = share.timeMachineMaxSize; }; in mapAttrs' make cfg.shares; in { imports = [ ./options.nix ]; config = mkIf cfg.enable { # make shares visible for Windows clients services.samba-wsdd = { enable = true; openFirewall = true; }; services.netatalk = { enable = cfg.enableTimeMachine; settings = { time-machine = { path = cfg.timeMachinePath; "valid users" = "whoever"; "time machine" = cfg.enableTimeMachine; }; }; }; networking.firewall.enable = true; networking.firewall.allowPing = true; services.samba = { enable = true; openFirewall = true; nsswins = true; nmbd.enable = true; settings = { global = { "workgroup" = "WORKGROUP"; "server string" = "Jallen-NAS"; "netbios name" = "Jallen-NAS"; "security" = "user"; #"use sendfile" = "yes"; #"max protocol" = "smb2"; # note: localhost is the ipv6 localhost ::1 "hosts allow" = "10.0.1. 127.0.0.1 localhost"; "hosts deny" = "0.0.0.0/0"; "guest account" = "nobody"; "map to guest" = "bad user"; }; } // sambaShares; }; }; }