Samba
Motivation
This guide will help you on how to use samba on nixos.
Samba Client
cifs mount
The following snippets shows how to mount a CIFS (Windows) share in NixOS.
Replace all <FIELDS> with concrete values:
{
fileSystems."/mnt/share" = {
device = "//<IP_OR_HOST>/path/to/share";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
};
}
Also create /etc/nixos/smb-secrets with the following content (domain= can be optional)
username=<USERNAME>
domain=<DOMAIN>
password=<PASSWORD>
excerpt of /etc/nixos/configuration.nix
environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; # lets PCManFM discover gvfs modules
services.gnome3.gvfs.enable = true; # enables gvfs
Furthermore, if you happen to start your Window Manager via xinitrc, edit it accordingly:
export `dbus-launch` # starts dbus and exports its address
exec xterm # your prefered Window Manager
You need to restart your Window Manager to have the changes in .xinitrc to take place.
Samba Server
excerpt of /etc/nixos/configuration.nix
services.samba = {
enable = true;
securityType = "share";
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = share
#use sendfile = yes
#max protocol = smb2
hosts allow = 192.168.0 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/mnt/Shares/Public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
private = {
path = "/mnt/Shares/Private";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "username";
"force group" = "groupname";
};
};
};
If your firewall is enabled, or if you consider enabling it:
networking.firewall.enable = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 445 139 ];
networking.firewall.allowedUDPPorts = [ 137 138 ];
 |
Tip
In order to affect your system by your nix-language-specific changes you have to evaluate it, run (as root):
# nixos-rebuild switch |
samba should startup afterwards
stopping/restarting the services
# systemctl stop samba
# systemctl start samba
# systemctl restart samba
Use Cases
Apple Time Machine
nixpkgs includes Samba4.8-git, which adds support for using shares for Time Machine backups on macOS 10.12+. Example configuration:
services.samba = {
package = pkgs.sambaMaster;
shares = {
tm_share = {
path = "/mnt/Shares/tm_share";
"valid users" = "username";
public = "no";
writeable = "yes";
"force user" = "username";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
};
}
Printer sharing
The `samba` packages comes without cups support compiled in, however `sambaFull` features printer sharing support. To use it set the `services.samba.package` option:
services.samba.package = pkgs.sambaFull;
A printer share that allows all members in the local network printing could look like this:
{ pkgs, ... }: {
services.samba = {
enable = true;
package = pkgs.sambaFull;
extraConfig = ''
load printers = yes
printing = cups
printcap name = cups
'';
shares = {
printers = {
comment = "All Printers";
path = "/var/spool/samba";
public = "yes";
browseable = "yes";
# to allow user 'guest account' to print.
"guest ok" = "yes";
writable = "no";
printable = "yes";
"create mode" = 0700;
};
};
systemd.tmpfiles.rules = [
"d /var/spool/samba 1777 root root -"
];
}