control
/
home


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
							{
  config,
  lib,
  pkgs,
  ...
}:
let
  shares = [
    "thomas"
    "christine"
  ];
in
{
  services.samba = {
    enable = true;
    openFirewall = true;
    settings = {
      global = {
        "workgroup" = "WORKGROUP";
        "server string" = config.networking.hostName;
        "netbios name" = config.networking.hostName;
        "security" = "user";
        "invalid users" = [ "root" ];
        "hosts allow" = "100.64.0.0/10 192.168.178. 127.0.0.1 localhost";
        "hosts deny" = "0.0.0.0/0";
        "guest account" = "nobody";
        "map to guest" = "bad user";
        "passdb backend" = "tdbsam";
        "local master" = "no";
        "domain master" = "no";
        "preferred master" = "no";
      };

    }
    // builtins.listToAttrs (
      map (name: {
        inherit name;
        value = {
          path = "/mnt/storage/samba/${name}";
          "preserve case" = "yes";
          "short preserve case" = "yes";
          "browseable" = "yes";
          "writeable" = "yes";
          "read only" = "no";
          "guest ok" = "no";
          "create mask" = "0644";
          "directory mask" = "0750";
          "valid users" = "${name}";
          "fruit:aapl" = "yes";
          "vfs objects" = "catia fruit streams_xattr";
        };
      }) shares
    );
  };

  systemd.tmpfiles.rules = [
    "d /mnt/storage/samba 0750 root storage -"
  ]
  ++ map (name: "d /mnt/storage/samba/${name} 0750 ${name} storage -") shares;

  system.activationScripts.addSambaUsers = {
    text = ''
      #!/bin/sh
      USERS="${config.age.secrets."odin/services/samba".path}"

      if [ -f "$USERS" ]; then
        while IFS=, read -r username password; do
          if [ -z "$username" ] || [ -z "$password" ]; then
            continue
          fi

          # Check if the user exists in the system
          if id "$username" >/dev/null 2>&1; then
            # Add or update the Samba user password
            echo -e "$password\n$password" | ${lib.getExe' pkgs.samba "smbpasswd"} -s -a "$username"
            echo "Added/Updated Samba user: $username"
          else
            echo "System user $username does not exist, skipping..."
          fi
        done < "$USERS"
      else
        echo "Samba users CSV file not found at $USERS"
      fi
    '';
    deps = [ "users" ];
  };
}