From be974b10e4f92e68fb50ffc5e07626acbb643f1b Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Tue, 13 May 2025 16:02:32 +0200
Subject: [PATCH 1/2] nix/os/devices/sj-srv1: bump versions

---
 nix/os/devices/sj-srv1/flake.lock | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/nix/os/devices/sj-srv1/flake.lock b/nix/os/devices/sj-srv1/flake.lock
index 9961108..05230e2 100644
--- a/nix/os/devices/sj-srv1/flake.lock
+++ b/nix/os/devices/sj-srv1/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742655702,
-        "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=",
+        "lastModified": 1747020534,
+        "narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff",
+        "rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca",
         "type": "github"
       },
       "original": {
@@ -23,11 +23,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742937945,
-        "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=",
+        "lastModified": 1746957726,
+        "narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7",
+        "rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
         "type": "github"
       },
       "original": {
@@ -55,11 +55,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1743256265,
-        "narHash": "sha256-1GJtabBAEwSkwKgSBe+osLCYwcRr5zx5H7ipuoVkO/4=",
+        "lastModified": 1747142919,
+        "narHash": "sha256-84jJ5uDXws7EYch+4fxmfoCCTWRWZCXCCVM0Dh65ZH8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5dab1e63b3efccf767a54b0b978b41fe7410aff0",
+        "rev": "60bdd7db9e890967224c2244be45beecd7d6e448",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1743210622,
-        "narHash": "sha256-AagCXne3DGJARB7kxCjcBgJddT/J2CC7SSe7I6kFqso=",
+        "lastModified": 1747114929,
+        "narHash": "sha256-GnQGiZiOnGfxM9oVhgqOJk0Qv1aZ11p5Aloac2tdoKY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "800863744b6d0ef3c748a094a15e7f9d361f62fb",
+        "rev": "fab95ba4b9523f310644e6e6087c0014535c8e02",
         "type": "github"
       },
       "original": {

From f59930c49edcc293d348eeb15a88d6014155c0e2 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Wed, 14 May 2025 10:46:20 +0200
Subject: [PATCH 2/2] feat(syncthing): expose scan folder via samba

---
 nix/os/containers/syncthing.nix | 54 +++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix
index 51b7dcf..921662f 100644
--- a/nix/os/containers/syncthing.nix
+++ b/nix/os/containers/syncthing.nix
@@ -5,6 +5,7 @@
   localAddress,
   syncthingPort ? 22000,
   syncthingLocalAnnouncePort ? 21027,
+  smbTcpPort ? 445,
   autoStart ? false,
 }:
 {
@@ -26,6 +27,54 @@
         openDefaultPorts = true;
         guiAddress = "0.0.0.0:8384";
       };
+
+      services.samba = {
+        enable = true;
+        securityType = "user";
+        openFirewall = true;
+        settings = {
+          global = {
+            "workgroup" = "DMZ";
+            "server string" = "syncthing";
+            "netbios name" = "syncthing";
+            "security" = "user";
+            #"use sendfile" = "yes";
+            #"max protocol" = "smb2";
+            # note: localhost is the ipv6 localhost ::1
+            "hosts allow" = "192.168.23. 127.0.0.1 localhost";
+            "hosts deny" = "0.0.0.0/0";
+            "guest account" = "nobody";
+            "map to guest" = "bad user";
+          };
+          "scan-stefan" = {
+            "path" = "/var/lib/syncthing/Sync/Home::Scan::Stefan";
+            "browseable" = "yes";
+            "read only" = "no";
+            "guest ok" = "no";
+            "create mask" = "0644";
+            "directory mask" = "0755";
+            "force user" = "syncthing";
+            "force group" = "syncthing";
+          };
+
+          "scan-justyna" = {
+            "path" = "/var/lib/syncthing/Sync/Home::Scan::Justyna";
+            "browseable" = "yes";
+            "read only" = "no";
+            "guest ok" = "no";
+            "create mask" = "0644";
+            "directory mask" = "0755";
+            "force user" = "syncthing";
+            "force group" = "syncthing";
+          };
+        };
+      };
+
+
+      # TODO: find out if smbpasswd file is still used and set it here. or find an alternative
+      # sops.secrets.smbpasswd = {
+      # };
+      # environment.etc."samba/smbpasswd".source = config.sops.secrets.smbpasswd.text;
     };
 
   inherit autoStart;
@@ -54,6 +103,11 @@
       hostPort = syncthingLocalAnnouncePort;
       protocol = "udp";
     }
+    {
+      containerPort = 445;
+      hostPort = smbTcpPort;
+      protocol = "tcp";
+    }
   ];
 
   inherit hostBridge hostAddress localAddress;