Samba: Difference between revisions

← Older edit

VisualWikitext

@@ Line 1: / Line 1: @@
 This guide will help you on how to use samba on nixos.
+== Usershares ==
+You can allow some users to share via samba a given directory simply via a right click in their file browser (tested with Dolphin). For that, first add this configuration (make sure to add your user in the samba group):
+{{file|/etc/nixos/configuration.nix|nix|<nowiki>
+{ pkgs, config, ... }: {
+  services.samba = {
+    # The full package is needed to register mDNS records (for discoverability), see discussion in
+    # https://gist.github.com/vy-let/a030c1079f09ecae4135aebf1e121ea6
+    package = pkgs.samba4Full;
+    usershares.enable = true;
+    enable = true;
+    openFirewall = true;
+    };
+  };
+  # To be discoverable with windows
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+  # Make sure your user is in the samba group
+  users.users.YOURUSER = {
+    isNormalUser = true;
+    extraGroups = [ "samba" ];
+  };
+}
+</nowiki>}}
+Then, logout and login (to make sure your group change has been taken into account), open Dolphin, right click on a folder you'd like to share, go to Properties, Tab "Share", and configure it the way you want.
 == Server setup ==
@@ Line 8: / Line 41: @@
 services.samba = {
    enable = true;
-  securityType = "user";
    openFirewall = true;
    settings = {
@@ Line 15: / Line 47: @@
        "server string" = "smbnix";
        "netbios name" = "smbnix";
-       "security" = "user ";
+       "security" = "user";
        #"use sendfile" = "yes";
        #"max protocol" = "smb2";
@@ Line 70: / Line 102: @@
 === User Authentication ===
-For a user called <code>my_user</code>to be authenticated on the samba server, you must add their password using
+For a user called <code>my_user</code>to be authenticated on the samba server, you can add a password using:
 <syntaxhighlight lang="bash">
-smbpasswd -a my_user
+sudo smbpasswd -a my_user
 </syntaxhighlight>
+To automate creation of the samba user and the required system user, you can use [https://search.nixos.org/options?show=system.activationScripts system.activationScripts]:
+<syntaxhighlight lang="nix">
+{
+  # Make the samba user "my_user" on the system
+  users.users.my_user = {
+    description = "Write-access to samba media shares";
+    # Add this user to a group with permission to access the expected files
+    extraGroups = [ "users" ];
+    # Password can be set in clear text with a literal string or from a file.
+    # Using sops-nix we can use the same file so that the system user and samba
+    # user share the same credential (if desired).
+    hashedPasswordFile = config.sops.secrets.samba.path;
+    isNormalUser = true;
+  };
+  # Set "my_user" as a valid samba login
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    settings.my_share_directory = {
+      # ...
+      "valid users" = "my_user";
+    };
+  };
+  # Activation scripts run every time nixos switches build profiles. So if you're
+  # pulling the user/samba password from a file then it will be updated during
+  # nixos-rebuild. Again, in this example we're using sops-nix with a "samba" entry
+  # to avoid cleartext password, but this could be replaced with a static path.
+  system.activationScripts = {
+    # The "init_smbpasswd" script name is arbitrary, but a useful label for tracking
+    # failed scripts in the build output. An absolute path to smbpasswd is necessary
+    # as it is not in $PATH in the activation script's environment. The password
+    # is repeated twice with newline characters as smbpasswd requires a password
+    # confirmation even in non-interactive mode where input is piped in through stdin.
+    init_smbpasswd.text = ''
+      /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.sops.secrets.samba.path})\n$(/run/current-system/sw/bin/cat ${config.sops.secrets.samba.path})\n" | /run/current-system/sw/bin/smbpasswd -sa my_user
+    '';
+  };
+}
+</syntaxhighlight>
 === Configuration ===
@@ Line 119: / Line 196: @@
          <service>
            <type>_adisk._tcp</type>
+          <!--
+            change tm_share to share name, if you changed it.
+          -->
            <txt-record>dk0=adVN=tm_share,adVF=0x82</txt-record>
            <txt-record>sys=waMa=0,adVF=0x100</txt-record>
@@ Line 142: / Line 222: @@
    openFirewall = true;
    settings = {
+    "global" = {
        "load printers" = "yes";
        "printing" = "cups";
@@ Line 376: / Line 457: @@
    services.gvfs = {
      enable = true;
-     package = lib.mkForce pkgs.gnome3.gvfs;
+     package = lib.mkForce pkgs.gnome.gvfs;
    };
 </syntaxhighlight>
@@ Line 448: / Line 529: @@
 * [https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.samba Samba Options in NixOS on unstable]
 * [https://wiki.archlinux.org/title/Samba Samba in the Arch Linux Wiki]
+* [https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html smb.conf man page]
 [[Category:Server]]
 [[Category:Applications]]