2 files changed, 56 insertions, 1 deletions

diff --git a/modules/services/default.nix b/modules/services/default.nix
index a919d04..251498d 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -1 +1,5 @@
-{ ... }: { imports = [ ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ]; }
+{ ... }:
+
+{
+  imports = [ ./samba ./ssh-server ./tailscale ./thermald ./tlp ./fwupd ];
+}
diff --git a/modules/services/samba/default.nix b/modules/services/samba/default.nix
new file mode 100644
index 0000000..b5d150d
--- /dev/null
+++ b/modules/services/samba/default.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.my.services.samba;
+  makePublicShare = path: {
+    name = builtins.baseNameOf path;
+    value = {
+      inherit path;
+      browseable = "yes";
+      writeable = "no";
+      "guest ok" = "yes";
+      "guest only" = "yes";
+      "force user" = "nobody";
+    };
+  };
+in {
+  options.my.services.samba = with lib; {
+    enable = mkEnableOption "Samba";
+    publicShares = mkOption {
+      type = with types; listOf str;
+      default = [ ];
+      example = literalExample ''
+        [
+          "/data/fast/music"
+        ]
+      '';
+      description = "Which directories to share publicly";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.samba = {
+      enable = true;
+      securityType = "user";
+      extraConfig = ''
+        workgroup = WORKGROUP
+        server string = tahoe
+        netbios name = tahoe
+        security = user
+        guest account = nobody
+        mangled names = no
+        client min protocol = SMB2
+        map to guest = bad user
+        ntlm auth = true
+      '';
+      shares = with lib; (listToAttrs (map makePublicShare cfg.publicShares));
+    };
+
+    networking.firewall.allowedTCPPorts = [ 445 139 ];
+    networking.firewall.allowedUDPPorts = [ 137 138 ];
+  };
+}