{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.custom.samba-share;

in {

  options.custom.samba-share = {
    enable = mkEnableOption "enable custom.samba-share";
    folders = mkOption {
      type = with types; attrsOf str;
      description = ''
        folders to share as readonly
      '';
      example = { public = "/srv/downloads/movies"; };
    };
  };

  config = mkMerge [
    (mkIf cfg.enable {
      networking.firewall.enable = true;
      networking.firewall.allowPing = true;
      networking.firewall.allowedTCPPorts = [ 445 139 ];
      networking.firewall.allowedUDPPorts = [ 137 138 ];

      services.samba = {
        enable = true;
        # services.samba.securityType = "share";
        extraConfig = ''
          guest account = smbguest
          map to guest = bad user

          # disable printing
          load printers = no
          printing = bsd
          printcap name = /dev/null
          disable spoolss = yes
        '';

        shares = mapAttrs' (name: path: {
          name = name;
          value = {
            browsable = "yes";
            comment = "read only share ${name}";
            path = path;
            "read only" = "yes";
            "guest ok" = "yes";
          };
        }) cfg.folders;
      };

      users.users.smbguest = {
        name = "smbguest";
        uid = config.ids.uids.smbguest;
        description = "smb guest user";
        home = "/home/smbguest";
        createHome = true;
      };

    })
    # todo : maybe better to have a parameter for this
    (mkIf config.test.services.syncthing.enable {
      users.groups."syncthing".members = [ "smbguest" ];
    })
  ];
}