Samba: Difference between revisions
imported>Jchv - Remove GIO_EXTRA_MODULES hack as it should no longer be needed as of 19.09. - Add more detail around the dbus session. |
imported>Jchv More improvements to documentation around PCManFM. |
||
| Line 31: | Line 31: | ||
== Browsing samba shares with PCManFM == | == Browsing samba shares with PCManFM == | ||
You will need to modify your configuration to enable GVFS in order for SMB shares to be available in PCManFM. | |||
Excerpt of <code>/etc/nixos/configuration.nix</code>: | |||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit | environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit | ||
services | services.gvfs.enable = true; # enables gvfs | ||
</syntaxhighlight> | </syntaxhighlight> | ||
(If you are using XFCE, you may find that your build of GVFS does not contain SMB support. You can mitigate this by setting the <code>services.gvfs.package</code> option, like for example: <code>services.gvfs.package = pkgs.gvfs;</code>) | |||
For example, if you are using | Furthermore, if you happen to start your Window Manager directly, via <code>.xinitrc</code>, or directly invoke a Wayland compositor such as Sway, you should ensure that you launch dbus at startup in your session and export its environment. If you do not have a dbus session in your environment, you will see errors such as "Operation not supported" when attempting to browse the network. | ||
For example, if you are using <code>.xinitrc</code>, you could invoke <code>dbus-launch</code>: | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
export `dbus-launch` # starts dbus and exports its address | export `dbus-launch` # starts dbus and exports its address | ||
exec xterm # your prefered Window Manager | exec xterm # your prefered Window Manager | ||
</syntaxhighlight> | </syntaxhighlight> | ||
(You need to restart your Window Manager to have the changes in | (You need to restart your Window Manager to have the changes in <code>.xinitrc</code> to take place.) | ||
If you are using a Wayland compositor like Sway, you can run it under | If you are using a Wayland compositor like Sway, you can run it under <code>dbus-run-session</code> for the same effect: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
dbus-run-session sway | dbus-run-session sway | ||
</syntaxhighlight> | </syntaxhighlight> | ||
(Because | (Because <code>dbus-run-session</code> exits when the child process exits, it is only appropriate to use <code>dbus-run-session</code> with a process that will be running during the entire session. This is the case for Wayland compositors, but is not necessarily true for all configurations of X11 window managers.) | ||
== Samba Server == | == Samba Server == | ||
Revision as of 09:07, 24 December 2019
Motivation
This guide will help you on how to use samba on nixos.
Samba Client
cifs mount
The following snippets shows how to mount a CIFS (Windows) share in NixOS.
Replace all <FIELDS> with concrete values:
{
fileSystems."/mnt/share" = {
device = "//<IP_OR_HOST>/path/to/share";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
};
}
Also create /etc/nixos/smb-secrets with the following content (domain= can be optional)
username=<USERNAME>
domain=<DOMAIN>
password=<PASSWORD>
You will need to modify your configuration to enable GVFS in order for SMB shares to be available in PCManFM.
Excerpt of /etc/nixos/configuration.nix:
environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
services.gvfs.enable = true; # enables gvfs
(If you are using XFCE, you may find that your build of GVFS does not contain SMB support. You can mitigate this by setting the services.gvfs.package option, like for example: services.gvfs.package = pkgs.gvfs;)
Furthermore, if you happen to start your Window Manager directly, via .xinitrc, or directly invoke a Wayland compositor such as Sway, you should ensure that you launch dbus at startup in your session and export its environment. If you do not have a dbus session in your environment, you will see errors such as "Operation not supported" when attempting to browse the network.
For example, if you are using .xinitrc, you could invoke dbus-launch:
export `dbus-launch` # starts dbus and exports its address
exec xterm # your prefered Window Manager
(You need to restart your Window Manager to have the changes in .xinitrc to take place.)
If you are using a Wayland compositor like Sway, you can run it under dbus-run-session for the same effect:
dbus-run-session sway
(Because dbus-run-session exits when the child process exits, it is only appropriate to use dbus-run-session with a process that will be running during the entire session. This is the case for Wayland compositors, but is not necessarily true for all configurations of X11 window managers.)
Samba Server
excerpt of /etc/nixos/configuration.nix
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
hosts allow = 192.168.0 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/mnt/Shares/Public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
private = {
path = "/mnt/Shares/Private";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
};
};
If your firewall is enabled, or if you consider enabling it:
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
 |
Tip
In order to affect your NixOS system by your nix-language-specific changes you must first evaluate it:
$ nixos-rebuild switch --use-remote-sudo |
samba should startup afterwards
stopping/restarting the services
# systemctl stop samba
# systemctl start samba
# systemctl restart samba
Use Cases
Apple Time Machine
nixpkgs includes Samba4.8-git, which adds support for using shares for Time Machine backups on macOS 10.12+. Example configuration:
services.samba = {
package = pkgs.sambaMaster;
shares = {
tm_share = {
path = "/mnt/Shares/tm_share";
"valid users" = "username";
public = "no";
writeable = "yes";
"force user" = "username";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
};
}
Printer sharing
The `samba` packages comes without cups support compiled in, however `sambaFull` features printer sharing support. To use it set the `services.samba.package` option:
services.samba.package = pkgs.sambaFull;
A printer share that allows all members in the local network printing could look like this:
{ pkgs, ... }: {
services.samba = {
enable = true;
package = pkgs.sambaFull;
extraConfig = ''
load printers = yes
printing = cups
printcap name = cups
'';
shares = {
printers = {
comment = "All Printers";
path = "/var/spool/samba";
public = "yes";
browseable = "yes";
# to allow user 'guest account' to print.
"guest ok" = "yes";
writable = "no";
printable = "yes";
"create mode" = 0700;
};
};
systemd.tmpfiles.rules = [
"d /var/spool/samba 1777 root root -"
];
}