prefect: configure samba

2 files changed, 50 insertions, 0 deletions

diff --git a/system/prefect.nix b/system/prefect.nix
index f5d1ea5f..deaad479 100644
--- a/system/prefect.nix
+++ b/system/prefect.nix
@@ -23,6 +23,7 @@
     ./settings/hardware/keyboardio-model01.nix
     ./settings/hardware/trackball.nix
     ./settings/hardware/trezor.nix
+    ./settings/services/samba.nix
     ./settings/services/syncthing.nix
     ./settings/services/zeroconf.nix
     ./settings/user-interface.nix
@@ -130,5 +131,24 @@
   };
   systemd.services.transmission.requires = [ "mnt-data.mount" ];
 
+  services.samba = {
+    extraConfig = ''
+      hosts allow = 172.30.42. 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+    '';
+    shares = {
+      Music = {
+        path = "/mnt/data/Home/Music/";
+        browseable = "yes";
+        "read only" = "yes";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "alan";
+        "force group" = "users";
+      };
+    };
+  };
+
   system.stateVersion = "22.05";
 }
diff --git a/system/settings/services/samba.nix b/system/settings/services/samba.nix
new file mode 100644
index 00000000..63283e88
--- /dev/null
+++ b/system/settings/services/samba.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+let
+  workgroup = "WORKGROUP";
+
+in
+{
+  services.samba-wsdd = {
+    inherit workgroup;
+    enable = true;
+  };
+  networking.firewall.allowedTCPPorts = [ 5357 ];
+  networking.firewall.allowedUDPPorts = [ 3702 ];
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = ${workgroup}
+      server string = ${config.networking.hostName}
+      netbios name = ${config.networking.hostName}
+      security = user
+      #use sendfile = yes
+      #max protocol = smb2
+      guest account = nobody
+      map to guest = bad user
+    '';
+  };
+}