Samba: Difference between revisions

Revision as of 12:28, 7 March 2019

Motivation

This guide will help you on how to use samba on nixos.

Samba Client

cifs mount

The following snippets shows how to mount a CIFS (Windows) share in NixOS. Replace all <FIELDS> with concrete values:

{
  fileSystems."/mnt/share" = {
      device = "//<IP_OR_HOST>/path/to/share";
      fsType = "cifs";
      options = let
        # this line prevents hanging on network split
        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

      in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
  };
}

Also create /etc/nixos/smb-secrets with the following content (domain= can be optional)

username=<USERNAME>
domain=<DOMAIN>
password=<PASSWORD>

Browsing samba shares with PCManFM

excerpt of /etc/nixos/configuration.nix

environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; # lets PCManFM discover gvfs modules
services.gnome3.gvfs.enable = true; # enables gvfs

Furthermore, if you happen to start your Window Manager via xinitrc, edit it accordingly:

export `dbus-launch` # starts dbus and exports its address
exec xterm # your prefered Window Manager

You need to restart your Window Manager to have the changes in .xinitrc to take place.

Samba Server

excerpt of /etc/nixos/configuration.nix

services.samba = {
  enable = true;
  securityType = "share";
  extraConfig = ''
    workgroup = WORKGROUP
    server string = smbnix
    netbios name = smbnix
    security = share 
    #use sendfile = yes
    #max protocol = smb2
    hosts allow = 192.168.0  localhost
    hosts deny = 0.0.0.0/0
    guest account = nobody
    map to guest = bad user
  '';
  shares = {
    public = {
      path = "/mnt/Shares/Public";
      browseable = "yes";
      "read only" = "no";
      "guest ok" = "yes";
      "create mask" = "0644";
      "directory mask" = "0755";
      "force user" = "username";
      "force group" = "groupname";
    };
    private = {
      path = "/mnt/Shares/Private";
      browseable = "yes";
      "read only" = "no";
      "guest ok" = "no";
      "create mask" = "0644";
      "directory mask" = "0755";
      "force user" = "username";
      "force group" = "groupname";
    };
  };
};

If your firewall is enabled, or if you consider enabling it:

networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];

Tip

In order to affect your NixOS system by your nix-language-specific changes you must first evaluate it:

$ nixos-rebuild switch --use-remote-sudo

samba should startup afterwards

stopping/restarting the services

# systemctl stop samba
# systemctl start samba
# systemctl restart samba

Use Cases

Apple Time Machine

nixpkgs includes Samba4.8-git, which adds support for using shares for Time Machine backups on macOS 10.12+. Example configuration:

services.samba = {
  package = pkgs.sambaMaster;
  shares = {
    tm_share = {
        path = "/mnt/Shares/tm_share";
        "valid users" = "username";
        public = "no";
        writeable = "yes";
        "force user" = "username";
        "fruit:aapl" = "yes";
        "fruit:time machine" = "yes";
        "vfs objects" = "catia fruit streams_xattr";
    };
  };
}

Printer sharing

The `samba` packages comes without cups support compiled in, however `sambaFull` features printer sharing support. To use it set the `services.samba.package` option:

services.samba.package = pkgs.sambaFull;

A printer share that allows all members in the local network printing could look like this:

{ pkgs, ... }: {
  services.samba = {
    enable = true;
    package = pkgs.sambaFull;
    extraConfig = ''
      load printers = yes
      printing = cups
      printcap name = cups
    '';
    shares = {
      printers = {
        comment = "All Printers";
        path = "/var/spool/samba";
        public = "yes";
        browseable = "yes";
        # to allow user 'guest account' to print.
        "guest ok" = "yes";
        writable = "no";
        printable = "yes";
        "create mode" = 0700;
      };
  };
  systemd.tmpfiles.rules = [
    "d /var/spool/samba 1777 root root -"
  ];
}

links

Samba Options in NixOS

@@ Line 29: / Line 29: @@
 password=<PASSWORD>
 </syntaxhighlight>
+== Browsing samba shares with PCManFM ==
+=== excerpt of /etc/nixos/configuration.nix ===
+<syntaxhighlight lang="nix">
+environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
+environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; # lets PCManFM discover gvfs modules
+services.gnome3.gvfs.enable = true; # enables gvfs
+</syntaxhighlight>
+Furthermore, if you happen to start your Window Manager via ''xinitrc'', edit it accordingly:
+<syntaxhighlight lang="bash">
+export `dbus-launch` # starts dbus and exports its address
+exec xterm # your prefered Window Manager
+</syntaxhighlight>
+You need to restart your Window Manager to have the changes in ''.xinitrc'' to take place.
 == Samba Server ==