65 lines
2.0 KiB
Nix
65 lines
2.0 KiB
Nix
{ lib, pkgs, config, ... }:
|
|
with lib;
|
|
let cfg = config.nas-samba;
|
|
in {
|
|
imports = [ ./options.nix ];
|
|
|
|
config = mkIf cfg.enable {
|
|
# make shares visible for Windows clients
|
|
services.samba-wsdd = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
|
|
services.netatalk = {
|
|
enable = cfg.enableTimeMachine;
|
|
settings = {
|
|
time-machine = {
|
|
path = cfg.timeMachinePath;
|
|
"valid users" = "whoever";
|
|
"time machine" = cfg.enableTimeMachine;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.samba = {
|
|
enable = true;
|
|
securityType = "user";
|
|
openFirewall = true;
|
|
extraConfig = ''
|
|
workgroup = WORKGROUP
|
|
server string = smbnix
|
|
netbios name = smbnix
|
|
security = user
|
|
#use sendfile = yes
|
|
#max protocol = smb2
|
|
# note: localhost is the ipv6 localhost ::1
|
|
hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
|
|
hosts deny = 0.0.0.0/0
|
|
guest account = nobody
|
|
map to guest = bad user
|
|
'';
|
|
shares = let
|
|
make = name: share:
|
|
nameValuePair "${name}" {
|
|
path = share.sharePath;
|
|
public = if share.enableTimeMachine then false else share.public;
|
|
private =
|
|
if !share.public || share.enableTimeMachine then "yes" else "no";
|
|
browseable = if share.browseable then "yes" else "no";
|
|
writable = "yes";
|
|
"read only" = if share.readOnly then "yes" else "no";
|
|
"guest ok" = if share.guestOk then "yes" else "no";
|
|
"create mask" = share.createMask;
|
|
"directory mask" = share.directoryMask;
|
|
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
|
|
"fruit:time machine" =
|
|
if share.enableTimeMachine then "yes" else "no";
|
|
"vfs objects" = "catia fruit streams_xattr";
|
|
"fruit:time machine max size" = share.timeMachineMaxSize;
|
|
};
|
|
in mapAttrs' make cfg.shares;
|
|
};
|
|
};
|
|
}
|