From 95236643f3dc3fe3e9c9ead89b70c5fa425ecb46 Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Wed, 1 Apr 2026 18:31:54 -0500
Subject: fileshares module fix

---
 nixos/services/fileshares.nix | 76 +++++++++++++++++++++++--------------------
 1 file changed, 41 insertions(+), 35 deletions(-)

diff --git a/nixos/services/fileshares.nix b/nixos/services/fileshares.nix
index c99c9f9..efeed4a 100644
--- a/nixos/services/fileshares.nix
+++ b/nixos/services/fileshares.nix
@@ -3,61 +3,67 @@
 	fileShareType = lib.types.submodule (
 		{ name, ... }: {
 			options = {
-				enable = lib.mkEnableOption "enable this file share";
+				enable = lib.mkEnableOption "enable this file share";  # FIXME mk default
 				name = lib.mkOption {
 					type = lib.types.str;
 					default = name;
 					description = "name of share";
 				};
-				protocol = {
-					nfs = lib.mkEnableOption "share file with nfs protocol";
-					smb = lib.mkEnableOption "share file with smb protocol";
-				};
 				path = lib.mkOption {
 					type = lib.types.path;
 					default = "";
 					description = "path to share";
 				};
 				readOnly = lib.mkEnableOption "make share read only";
-				allowGuests = lib.mkEnableOption "allow unauthenticated users to mount";
 				allowHosts = lib.mkOption {
 					type = lib.types.listOf lib.types.str;
 					default = [];
 					example = [ "192.168.1.100" "192.168.0.0/24" ];
 					description = "ip hosts to allow";
 				};
-				# TODO make this work with nfs or provide a warning or prefix with smb.
-				allowUser = lib.mkOption {
-					type = lib.types.nullOr lib.types.str;
-					default = null;
-					description = "allow user";
+				# TODO denyHosts etc
+				nfs = {
+					enable = lib.mkEnableOption "share file with nfs protocol";
 				};
-				allowGroup = lib.mkOption {
-					type = lib.types.nullOr lib.types.str;
-					default = null;
-					description = "allow group";
+				smb = {
+					enable = lib.mkEnableOption "share file with smb protocol";
+					allowGuests = lib.mkEnableOption "allow unauthenticated users to mount";
+					allowUser = lib.mkOption {
+						type = lib.types.nullOr lib.types.str;
+						default = null;
+						description = "allow user";
+					};
+					allowGroup = lib.mkOption {
+						type = lib.types.nullOr lib.types.str;
+						default = null;
+						description = "allow group";
+					};
+					extraOptions = lib.mkOption {
+						type = lib.types.attrsOf lib.types.str;
+						default = {};
+						description = "extra smb options for this share";
+					};
 				};
 			};
 		}
 	);
-	boolToYesNo = lib.boolToYesNo;
 	mkSambaShare = s: {
 		"path" = s.path;
-		"browsable" = boolToYesNo true;
-		"read only" = boolToYesNo s.readOnly;
-		"guest ok" = boolToYesNo s.allowGuests;
+		"browsable" = lib.boolToYesNo true;
+		"read only" = lib.boolToYesNo s.readOnly;
+		"guest ok" = lib.boolToYesNo s.smb.allowGuests;
 		"create mask" = "0644";
 		"directory mask" = "0755";
 		# allow user/group
-		"force user" = lib.mkIf (cfg.allowUser != null) cfg.allowUser;
-		"force group" = lib.mkIf (cfg.allowGroup != null) cfg.allowGroup;
+		"force user" = lib.mkIf (s.smb.allowUser != null) s.smb.allowUser;
+		"force group" = lib.mkIf (s.smb.allowGroup != null) s.smb.allowGroup;
 		# allow hosts
 		"hosts deny" = lib.mkIf (s.allowHosts != []) "ALL";
-		"hosts allow" = lib.concatStringSep " " s.allowHosts;
-	};
+		"hosts allow" = lib.mkIf (s.allowHosts != []) (lib.concatStringsSep " " s.allowHosts);
+	} // s.smb.extraOptions;
 	mkNFSShareHost = s: host: ''${host}(${if s.readOnly then "ro" else "rw"},sync,no_subtree_check)'';
 	mkNFSShare = s: ''
-		${s.path} ${lib.concatMapStringSep " " (mkNFSShareHost s) (if s.allowHosts == [] then ["*"] else s.allowHosts) }
+		${s.path} ${lib.concatMapStringsSep " " (mkNFSShareHost s) (if s.allowHosts == [] then ["*"] else s.allowHosts) }
 	'';
 in {
 	options.services._fileShares = {
@@ -76,17 +82,17 @@ in {
 			openFirewall = true;
 			settings = {
 				global = {
-					#"workgroup" = "WORKGROUP";
-					#"server string" = "smbnix";
-					#"netbios name" = "smbnix";
-					#"security" = "user";
-					##"use sendfile" = "yes";
-					##"max protocol" = "smb2";
-					## note: localhost is the ipv6 localhost ::1
-					#"hosts allow" = "192.168.0. 127.0.0.1 localhost";
-					#"hosts deny" = "0.0.0.0/0";
-					#"guest account" = "nobody";
-					#"map to guest" = "bad user";
+					"workgroup" = "WORKGROUP";
+					"server string" = "poweredge";
+					"netbios name" = "poweredge";
+					"security" = "user";
+					#"use sendfile" = "yes";
+					#"max protocol" = "smb2";
+					# note: localhost is the ipv6 localhost ::1
+					"hosts allow" = "192.168.1. 127.0.0.1 localhost";
+					"hosts deny" = "0.0.0.0/0";
+					"guest account" = "nobody";
+					"map to guest" = "bad user";
 				};
 			} // lib.mapAttrs (name: value: mkSambaShare value) cfg.shares;
 		};
-- 
cgit v1.2.3