{ config , lib , pkgs , ... }: let shares = [ "thomas" "christine" ]; # TODO: make sure to add system users for all the users that don't exist in { services.samba = { enable = true; openFirewall = true; settings = { global = { workgroup = "WORKGROUP"; "server string" = config.networking.hostName; "netbios name" = config.networking.hostName; "security" = "user"; "invalid users" = [ "root" ]; "hosts allow" = "100.64.0.0/10 192.168.178. 127.0.0.1 localhost"; "hosts deny" = "0.0.0.0/0"; "guest account" = "nobody"; "map to guest" = "bad user"; "passdb backend" = "tdbsam"; }; } // builtins.listToAttrs (map (name: { inherit name; value = { path = "/mnt/storage/samba/${name}"; "preserve case" = "yes"; "short preserve case" = "yes"; "browseable" = "yes"; "writeable" = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "valid users" = "${name}"; "fruit:aapl" = "yes"; "vfs objects" = "catia fruit streams_xattr"; }; }) shares); }; systemd.tmpfiles.rules = [ "d /mnt/storage/samba 0755 root storage -" ] ++ map (name: "d /mnt/storage/samba/${name} 0770 ${name} storage -") shares; system.activationScripts.addSambaUsers = { text = '' #!/bin/sh USERS="${config.age.secrets."odin/services/samba".path}" if [ -f "$USERS" ]; then while IFS=, read -r username password; do if [ -z "$username" ] || [ -z "$password" ]; then continue fi # Check if the user exists in the system if id "$username" >/dev/null 2>&1; then # Add or update the Samba user password echo -e "$password\n$password" | ${lib.getExe' pkgs.samba "smbpasswd"} -s -a "$username" echo "Added/Updated Samba user: $username" else echo "System user $username does not exist, skipping..." fi done < "$USERS" else echo "Samba users CSV file not found at $USERS" fi ''; deps = [ "users" ]; }; }