infra/nix/hosts/loki/modules/smb.nix

{
  config,
  lib,
  pkgs,
  ...
}: {
  services.samba-wsdd = {
    enable = true; # make shares visible for windows 10 clients
    openFirewall = true;
  };
  # networking.firewall.allowedTCPPorts = [
  # 5357 # wsdd
  # ];
  # networking.firewall.allowedUDPPorts = [
  # 3702 # wsdd
  # ];
  services.avahi.publish.userServices = true;
  services.samba = {
    enable = true;
    nmbd.enable = true; # holds 9300
    # package = pkgs.samba4Full;
    openFirewall = true;
    # securityType = "user";
    #extraConfig = ''
    #  workgroup = WORKGROUP
    #  server string = smbnix
    #  netbios name = smbnix
    #  security = user
    #  #use sendfile = yes
    #  #max protocol = smb2
    #  # note: localhost is the ipv6 localhost ::1
    #  # hosts allow = 172.16. 192.168. 127.0.0.1 localhost
    #  # hosts deny = 0.0.0.0/0
    #  guest account = nobody
    #  map to guest = bad user
    #'';

    settings = {
      global = {
        # browsable = yes
        "server role" = "standalone server";
        # smb encrypt = required
        "server min protocol" = "SMB3_00";
        "map to guest" = "Bad User";
        "socket options" = "TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192";
        "server multi channel support" = "yes";
        "aio read size" = 1;
        "aio write size" = "1g";
      };
      data = {
        path = "/DATA";
        browsable = "yes";
        "read only" = "no";
        "guest ok" = "yes";
        "guest only" = "yes";
        "force user" = "root";
        "create mask" = "0640";
        "directory mask" = "0750";
        # "force user" = "username";
        # "force group" = "groupname";
      };

      music = {
        # path = "/DATA/media/music";
        path = "/media/music";
        browsable = "yes";
        "read only" = "no";
        "guest ok" = "yes";
        "force user" = "gonic";
        "create mask" = "0644";
        "directory mask" = "0755";
      };

      nxdata = {
        path = "/DATA/services/nextcloud/data";
        browsable = "yes";
        "read only" = "no";
        "guest ok" = "yes";
        # "guest only" = "yes";
        "force user" = "root";
        "create mask" = "0640";
        "directory mask" = "0750";
      };
    };
    # XXX: deprecated in 24.11
    ### extraConfig = ''
    ###   # browsable = yes
    ###   server role = standalone server
    ###   # smb encrypt = required
    ###   server min protocol = SMB3_00
    ###   map to guest = Bad User
    ###   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    ### '';
    ### shares = {
    ###   #homes = {
    ###   #  # browseable = "no";  # note: each home will be browseable; the "homes" share will not.
    ###   #  "read only" = "no";
    ###   #  "guest ok" = "no";
    ###   #};
    ###   data = {
    ###     path = "/DATA";
    ###     browsable = "yes";
    ###     "read only" = "no";
    ###     "guest ok" = "yes";
    ###     "guest only" = "yes";
    ###     "force user" = "root";
    ###     "create mask" = "0640";
    ###     "directory mask" = "0750";
    ###     # "force user" = "username";
    ###     # "force group" = "groupname";
    ###   };

    ###   music = {
    ###     path = "/DATA/music";
    ###     browsable = "yes";
    ###     "read only" = "no";
    ###     "guest ok" = "yes";
    ###     "force user" = "root";
    ###     "create mask" = "0640";
    ###     "directory mask" = "0750";
    ###   };

    ###   nxdata = {
    ###     path = "/DATA/services/nextcloud/data";
    ###     browsable = "yes";
    ###     "read only" = "no";
    ###     "guest ok" = "yes";
    ###     # "guest only" = "yes";
    ###     "force user" = "root";
    ###     "create mask" = "0640";
    ###     "directory mask" = "0750";
    ###   };
    ### };
  };
}