control
/
home


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
							{ config
, lib
, pkgs
, ...
}:
let
  shares = [ "thomas" "christine" ];
  # TODO: make sure to add system users for all the users that don't exist
in
{
  users.users.christine.isSystemUser = true;
  users.users.christine.group = "storage";

  services.samba = {
    enable = true;
    openFirewall = true;
    settings = {
      global = {
        workgroup = "WORKGROUP";
        "server string" = config.networking.hostName;
        "netbios name" = config.networking.hostName;
        "security" = "user";
        "invalid users" = [ "root" ];
        "hosts allow" = "100.64.0.0/10 192.168.178. 127.0.0.1 localhost";
        "hosts deny" = "0.0.0.0/0";
        "guest account" = "nobody";
        "map to guest" = "bad user";
        "passdb backend" = "tdbsam";
      };

    } // builtins.listToAttrs
      (map
        (name: {
          inherit name;
          value = {
            path = "/mnt/storage/samba/${name}";
            "preserve case" = "yes";
            "short preserve case" = "yes";
            "browseable" = "yes";
            "writeable" = "yes";
            "read only" = "no";
            "guest ok" = "no";
            "create mask" = "0644";
            "directory mask" = "0755";
            "valid users" = "${name}";
            "fruit:aapl" = "yes";
            "vfs objects" = "catia fruit streams_xattr";
          };
        })
        shares);
  };

  systemd.tmpfiles.rules = [
    "d /mnt/storage/samba 0755 root storage -"
  ] ++ map (name: "d /mnt/storage/samba/${name} 0770 ${name} storage -") shares;

  system.activationScripts.addSambaUsers = {
    text = ''
      #!/bin/sh
      USERS="${config.age.secrets."odin/services/samba".path}"

      if [ -f "$USERS" ]; then
        while IFS=, read -r username password; do
          if [ -z "$username" ] || [ -z "$password" ]; then
            continue
          fi

          # Check if the user exists in the system
          if id "$username" >/dev/null 2>&1; then
            # Add or update the Samba user password
            echo -e "$password\n$password" | ${lib.getExe' pkgs.samba "smbpasswd"} -s -a "$username"
            echo "Added/Updated Samba user: $username"
          else
            echo "System user $username does not exist, skipping..."
          fi
        done < "$USERS"
      else
        echo "Samba users CSV file not found at $USERS"
      fi
    '';
    deps = [ "users" ];
  };
}