From e8c74efd70873e78a3f65d782a16438f2e086dc6 Mon Sep 17 00:00:00 2001
From: noe <git@kat.cafe>
Date: Sun, 31 Mar 2024 01:20:49 -0400
Subject: [PATCH] nas0: add samba

---
 nixos/hosts/nas0/default.nix | 42 +++++++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/nixos/hosts/nas0/default.nix b/nixos/hosts/nas0/default.nix
index 9841420..adf7a50 100644
--- a/nixos/hosts/nas0/default.nix
+++ b/nixos/hosts/nas0/default.nix
@@ -10,5 +10,45 @@
   system.stateVersion = "24.05";
   nixpkgs.hostPlatform = "x86_64-linux";
 
-  
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+  networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+
+  users.groups.data = {};
+  users.users.data = {
+    isNormalUser = true;
+    groups = "data";
+  };
+
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      security = user
+      server string = nas0
+      netbios name = nas0
+      hosts allow = 10.0.0.0/8 100.64.0.0/10 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares."main" = {
+      path = "/mnt/storage/main";
+      browseable = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = "data";
+      "force group" = "data";
+    };
+  };
+
+  # Advertise to local Windows hosts
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
 }