nixos-config/modules/services/samba-share.nix

{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.custom.samba-share;

in {

  options.custom.samba-share = {
    enable = mkEnableOption "enable custom.samba-share";
    folders = mkOption {
      type = with types; attrsOf str;
      description = ''
        folders to share as readonly
      '';
      example = {
        public = "/srv/downloads/movies";
      };
    };
  };

  config = mkMerge [
    (mkIf cfg.enable {
      networking.firewall.enable = true;
      networking.firewall.allowPing = true;
      networking.firewall.allowedTCPPorts = [ 445 139 ];
      networking.firewall.allowedUDPPorts = [ 137 138 ];

      services.samba = {
        enable = true;
        # services.samba.securityType = "share";
        extraConfig = ''
          guest account = smbguest
          map to guest = bad user

          # disable printing
          load printers = no
          printing = bsd
          printcap name = /dev/null
          disable spoolss = yes
        '';

        shares =
          mapAttrs' (name: path:
          {
            name = name;
            value = {
              browsable = "yes";
              comment = "read only share {name}";
              path = path;
              "read only" = "yes";
              "guest ok" = "yes";
            };
          }) cfg.folders;
      };

      users.users.smbguest = {
        name = "smbguest";
        uid = config.ids.uids.smbguest;
        description = "smb guest user";
        home = "/home/smbguest";
        createHome = true;
      };

    })
    (mkIf config.services.syncthing.enable {
      users.groups.syncthing.members = [ "smbguest" ];
    })
  ];
}
init 2019-10-24 02:20:38 +02:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`

			`cfg = config.custom.samba-share;`

			`in {`

			`options.custom.samba-share = {`
			`enable = mkEnableOption "enable custom.samba-share";`
			`folders = mkOption {`
			`type = with types; attrsOf str;`
			`description = ''`
			`folders to share as readonly`
			`'';`
			`example = {`
			`public = "/srv/downloads/movies";`
			`};`
			`};`
			`};`

			`config = mkMerge [`
			`(mkIf cfg.enable {`
			`networking.firewall.enable = true;`
			`networking.firewall.allowPing = true;`
			`networking.firewall.allowedTCPPorts = [ 445 139 ];`
			`networking.firewall.allowedUDPPorts = [ 137 138 ];`

			`services.samba = {`
			`enable = true;`
			`# services.samba.securityType = "share";`
			`extraConfig = ''`
			`guest account = smbguest`
			`map to guest = bad user`

			`# disable printing`
			`load printers = no`
			`printing = bsd`
			`printcap name = /dev/null`
			`disable spoolss = yes`
			`'';`

			`shares =`
			`mapAttrs' (name: path:`
			`{`
			`name = name;`
			`value = {`
			`browsable = "yes";`
			`comment = "read only share {name}";`
			`path = path;`
			`"read only" = "yes";`
			`"guest ok" = "yes";`
			`};`
			`}) cfg.folders;`
			`};`

			`users.users.smbguest = {`
			`name = "smbguest";`
			`uid = config.ids.uids.smbguest;`
			`description = "smb guest user";`
			`home = "/home/smbguest";`
			`createHome = true;`
			`};`

			`})`
			`(mkIf config.services.syncthing.enable {`
			`users.groups.syncthing.members = [ "smbguest" ];`
			`})`
			`];`
			`}`