Samba: Difference between revisions
add note to change avahi service file if modifying share name |
TobiasBora (talk | contribs) No edit summary |
||
| (4 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
This guide will help you on how to use samba on nixos. | This guide will help you on how to use samba on nixos. | ||
== Usershares == | |||
You can allow some users to share via samba a given directory simply via a right click in their file browser (tested with Dolphin). For that, first add this configuration (make sure to add your user in the samba group): | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | |||
{ pkgs, config, ... }: { | |||
services.samba = { | |||
# The full package is needed to register mDNS records (for discoverability), see discussion in | |||
# https://gist.github.com/vy-let/a030c1079f09ecae4135aebf1e121ea6 | |||
package = pkgs.samba4Full; | |||
usershares.enable = true; | |||
enable = true; | |||
openFirewall = true; | |||
}; | |||
}; | |||
# To be discoverable with windows | |||
services.samba-wsdd = { | |||
enable = true; | |||
openFirewall = true; | |||
}; | |||
# Make sure your user is in the samba group | |||
users.users.YOURUSER = { | |||
isNormalUser = true; | |||
extraGroups = [ "samba" ]; | |||
}; | |||
} | |||
</nowiki>}} | |||
Then, logout and login (to make sure your group change has been taken into account), open Dolphin, right click on a folder you'd like to share, go to Properties, Tab "Share", and configure it the way you want. | |||
== Server setup == | == Server setup == | ||
| Line 69: | Line 102: | ||
=== User Authentication === | === User Authentication === | ||
For a user called <code>my_user</code>to be authenticated on the samba server, you | For a user called <code>my_user</code>to be authenticated on the samba server, you can add a password using: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
smbpasswd -a my_user | sudo smbpasswd -a my_user | ||
</syntaxhighlight> | </syntaxhighlight> | ||
To automate creation of the samba user and the required system user, you can use [https://search.nixos.org/options?show=system.activationScripts system.activationScripts]: | |||
<syntaxhighlight lang="nix"> | |||
{ | |||
# Make the samba user "my_user" on the system | |||
users.users.my_user = { | |||
description = "Write-access to samba media shares"; | |||
# Add this user to a group with permission to access the expected files | |||
extraGroups = [ "users" ]; | |||
# Password can be set in clear text with a literal string or from a file. | |||
# Using sops-nix we can use the same file so that the system user and samba | |||
# user share the same credential (if desired). | |||
hashedPasswordFile = config.sops.secrets.samba.path; | |||
isNormalUser = true; | |||
}; | |||
# Set "my_user" as a valid samba login | |||
services.samba = { | |||
enable = true; | |||
securityType = "user"; | |||
openFirewall = true; | |||
settings.my_share_directory = { | |||
# ... | |||
"valid users" = "my_user"; | |||
}; | |||
}; | |||
# Activation scripts run every time nixos switches build profiles. So if you're | |||
# pulling the user/samba password from a file then it will be updated during | |||
# nixos-rebuild. Again, in this example we're using sops-nix with a "samba" entry | |||
# to avoid cleartext password, but this could be replaced with a static path. | |||
system.activationScripts = { | |||
# The "init_smbpasswd" script name is arbitrary, but a useful label for tracking | |||
# failed scripts in the build output. An absolute path to smbpasswd is necessary | |||
# as it is not in $PATH in the activation script's environment. The password | |||
# is repeated twice with newline characters as smbpasswd requires a password | |||
# confirmation even in non-interactive mode where input is piped in through stdin. | |||
init_smbpasswd.text = '' | |||
/run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.sops.secrets.samba.path})\n$(/run/current-system/sw/bin/cat ${config.sops.secrets.samba.path})\n" | /run/current-system/sw/bin/smbpasswd -sa my_user | |||
''; | |||
}; | |||
} | |||
</syntaxhighlight> | |||
=== Configuration === | === Configuration === | ||
| Line 451: | Line 529: | ||
* [https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.samba Samba Options in NixOS on unstable] | * [https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.samba Samba Options in NixOS on unstable] | ||
* [https://wiki.archlinux.org/title/Samba Samba in the Arch Linux Wiki] | * [https://wiki.archlinux.org/title/Samba Samba in the Arch Linux Wiki] | ||
* [https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html smb.conf man page] | |||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Applications]] | [[Category:Applications]] | ||