@@ -23,6 +23,7 @@ ./settings/hardware/keyboard.nix
     ./settings/hardware/keyboardio-model01.nix
     ./settings/hardware/trackball.nix
     ./settings/hardware/trezor.nix
+    ./settings/services/samba.nix
     ./settings/services/syncthing.nix
     ./settings/services/zeroconf.nix
     ./settings/user-interface.nix
@@ -129,6 +130,25 @@ download-dir = "/mnt/data/Transmission/Storage";
     };
   };
   systemd.services.transmission.requires = [ "mnt-data.mount" ];
+
+  services.samba = {
+    extraConfig = ''
+      hosts allow = 172.30.42. 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+    '';
+    shares = {
+      Music = {
+        path = "/mnt/data/Home/Music/";
+        browseable = "yes";
+        "read only" = "yes";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "alan";
+        "force group" = "users";
+      };
+    };
+  };
 
   system.stateVersion = "22.05";
 }

@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+let
+  workgroup = "WORKGROUP";
+
+in
+{
+  services.samba-wsdd = {
+    inherit workgroup;
+    enable = true;
+  };
+  networking.firewall.allowedTCPPorts = [ 5357 ];
+  networking.firewall.allowedUDPPorts = [ 3702 ];
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = ${workgroup}
+      server string = ${config.networking.hostName}
+      netbios name = ${config.networking.hostName}
+      security = user
+      #use sendfile = yes
+      #max protocol = smb2
+      guest account = nobody
+      map to guest = bad user
+    '';
+  };
+}