Samba
Motivation
This guide will help you on how to use samba on nixos.
Samba Client
cifs mount
The following snippets shows how to mount a CIFS (Windows) share in NixOS.
Replace all <FIELDS>
with concrete values:
{
fileSystems."/mnt/share" = {
device = "//<IP_OR_HOST>/path/to/share";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
};
}
Also create /etc/nixos/smb-secrets with the following content (domain=
can be optional)
username=<USERNAME>
domain=<DOMAIN>
password=<PASSWORD>
Samba Server
excerpt of /etc/nixos/configuration.nix
services.samba = {
enable = true;
securityType = "share";
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = share
#use sendfile = yes
#max protocol = smb2
hosts allow = 192.168.0 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/mnt/Shares/Public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
private = {
path = "/mnt/Shares/Private";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
};
};
If your firewall is enabled, or if you consider enabling it:
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
samba should startup afterwards
stopping/restarting the services
# systemctl stop samba
# systemctl start samba
# systemctl restart samba
Use Cases
Apple Time Machine
nixpkgs includes Samba4.8-git, which adds support for using shares for Time Machine backups on macOS 10.12+. Example configuration:
services.samba = {
package = pkgs.sambaMaster;
shares = {
tm_share = {
path = "/mnt/Shares/tm_share";
"valid users" = "username";
public = "no";
writeable = "yes";
"force user" = "username";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
};
}
Printer sharing
The `samba` packages comes without cups support compiled in, however `sambaFull` features printer sharing support. To use it set the `services.samba.package` option:
services.samba.package = pkgs.sambaFull;
A printer share that allows all members in the local network printing could look like this:
{ pkgs, ... }: {
services.samba = {
enable = true;
package = pkgs.sambaFull;
extraConfig = ''
load printers = yes
printing = cups
printcap name = cups
'';
shares = {
printers = {
comment = "All Printers";
path = "/var/spool/samba";
public = "yes";
browseable = "yes";
# to allow user 'guest account' to print.
"guest ok" = "yes";
writable = "no";
printable = "yes";
"create mode" = 0700;
};
};
systemd.tmpfiles.rules = [
"d /var/spool/samba 1777 root root -"
];
}