From f59930c49edcc293d348eeb15a88d6014155c0e2 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Wed, 14 May 2025 10:46:20 +0200
Subject: [PATCH] feat(syncthing): expose scan folder via samba

---
 nix/os/containers/syncthing.nix | 54 +++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix
index 51b7dcf..921662f 100644
--- a/nix/os/containers/syncthing.nix
+++ b/nix/os/containers/syncthing.nix
@@ -5,6 +5,7 @@
   localAddress,
   syncthingPort ? 22000,
   syncthingLocalAnnouncePort ? 21027,
+  smbTcpPort ? 445,
   autoStart ? false,
 }:
 {
@@ -26,6 +27,54 @@
         openDefaultPorts = true;
         guiAddress = "0.0.0.0:8384";
       };
+
+      services.samba = {
+        enable = true;
+        securityType = "user";
+        openFirewall = true;
+        settings = {
+          global = {
+            "workgroup" = "DMZ";
+            "server string" = "syncthing";
+            "netbios name" = "syncthing";
+            "security" = "user";
+            #"use sendfile" = "yes";
+            #"max protocol" = "smb2";
+            # note: localhost is the ipv6 localhost ::1
+            "hosts allow" = "192.168.23. 127.0.0.1 localhost";
+            "hosts deny" = "0.0.0.0/0";
+            "guest account" = "nobody";
+            "map to guest" = "bad user";
+          };
+          "scan-stefan" = {
+            "path" = "/var/lib/syncthing/Sync/Home::Scan::Stefan";
+            "browseable" = "yes";
+            "read only" = "no";
+            "guest ok" = "no";
+            "create mask" = "0644";
+            "directory mask" = "0755";
+            "force user" = "syncthing";
+            "force group" = "syncthing";
+          };
+
+          "scan-justyna" = {
+            "path" = "/var/lib/syncthing/Sync/Home::Scan::Justyna";
+            "browseable" = "yes";
+            "read only" = "no";
+            "guest ok" = "no";
+            "create mask" = "0644";
+            "directory mask" = "0755";
+            "force user" = "syncthing";
+            "force group" = "syncthing";
+          };
+        };
+      };
+
+
+      # TODO: find out if smbpasswd file is still used and set it here. or find an alternative
+      # sops.secrets.smbpasswd = {
+      # };
+      # environment.etc."samba/smbpasswd".source = config.sops.secrets.smbpasswd.text;
     };
 
   inherit autoStart;
@@ -54,6 +103,11 @@
       hostPort = syncthingLocalAnnouncePort;
       protocol = "udp";
     }
+    {
+      containerPort = 445;
+      hostPort = smbTcpPort;
+      protocol = "tcp";
+    }
   ];
 
   inherit hostBridge hostAddress localAddress;