Created
July 4, 2020 04:16
-
-
Save vy-let/a030c1079f09ecae4135aebf1e121ea6 to your computer and use it in GitHub Desktop.
Setting up NixOS for typical home SMB file sharing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| { | |
| services.samba = { | |
| enable = true; | |
| syncPasswordsByPam = true; | |
| # You will still need to set up the user accounts to begin with: | |
| # $ sudo smbpasswd -a yourusername | |
| # This adds to the [global] section: | |
| extraConfig = '' | |
| browseable = yes | |
| smb encrypt = required | |
| ''; | |
| shares = { | |
| homes = { | |
| browseable = "no"; # note: each home will be browseable; the "homes" share will not. | |
| "read only" = "no"; | |
| "guest ok" = "no"; | |
| }; | |
| }; | |
| }; | |
| # Curiously, `services.samba` does not automatically open | |
| # the needed ports in the firewall. | |
| networking.firewall.allowedTCPPorts = [ 445 139 ]; | |
| networking.firewall.allowedUDPPorts = [ 137 138 ]; | |
| # To make SMB mounting easier on the command line | |
| environment.systemPackages = with pkgs; [ | |
| cifs-utils | |
| ]; | |
| # mDNS | |
| # | |
| # This part may be optional for your needs, but I find it makes browsing in Dolphin easier, | |
| # and it makes connecting from a local Mac possible. | |
| services.avahi = { | |
| enable = true; | |
| nssmdns = true; | |
| publish = { | |
| enable = true; | |
| addresses = true; | |
| domain = true; | |
| hinfo = true; | |
| userServices = true; | |
| workstation = true; | |
| }; | |
| extraServiceFiles = { | |
| smb = '' | |
| <?xml version="1.0" standalone='no'?><!--*-nxml-*--> | |
| <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> | |
| <service-group> | |
| <name replace-wildcards="yes">%h</name> | |
| <service> | |
| <type>_smb._tcp</type> | |
| <port>445</port> | |
| </service> | |
| </service-group> | |
| ''; | |
| }; | |
| }; | |
| } |
Tested and working with the minor modifications below for those not using flakes. Thanks for the update @TheRealGramdalf! You saved me a bunch of time.
The only glaring difference is that I got nssmdns4 does not exist so I commented it out.
{ config, lib, pkgs, ... }: {
services = {
# Network shares
samba = {
package = pkgs.samba4Full;
# ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba`
# Required for samba to register mDNS records for auto discovery
# See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268
enable = true;
openFirewall = true;
shares.testshare = {
path = "/path/to/share";
writable = "true";
comment = "Hello World!";
};
extraConfig = ''
server smb encrypt = required
# ^^ Note: Breaks `smbclient -L <ip/host> -U%` by default, might require the client to set `client min protocol`?
server min protocol = SMB3_00
'';
};
avahi = {
publish.enable = true;
publish.userServices = true;
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
#nssmdns4 = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true;
openFirewall = true;
};
samba-wsdd = {
# This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
enable = true;
openFirewall = true;
};
};
}
Glad I could help!
Regarding nssmdns4, I believe the issue is with the version - I'm running my server on nixos-unstable, and when I used nssmdns alone it threw a warning saying that option was renamed recently - I believe it's because nssmdns4 is for ipv4 only, and it was renamed for clarity.
@ddanon Thanks your solution worked well.
For anyone else having trouble, here's what I did:
- skipped the extra config portion
- Don't forget to setup
sudo smbpasswd -a <user>to add a user. Also add a password to the user when prompted
@sohanglal thanks for the tip with the extra config portion.
New updated config in 2026:
gist: https://gist.github.com/bahrom04/dc36db27da4fe6c7c149eb5d9699e782
{...}: {
services = {
samba = {
enable = true;
package = pkgs.samba4Full;
openFirewall = true;
settings = {
global = {
"server smb encrypt" = "required";
"server min protocol" = "SMB3_00";
"workgroup" = "WORKGROUP";
"security" = "user";
};
testshare = {
"path" = "/home/bahrom/Public";
"writable" = "yes";
"comment" = "Hello World!";
"browseable" = "yes";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
avahi = {
enable = true;
publish.enable = true;
publish.userServices = true;
openFirewall = true;
};
};
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For anyone else coming across this down the line, there are a couple of extra things of note regarding SMB autodiscovery in 2024:
services.samba.openfirewall = true;andservices.avahi.openfirewall = true;insteadsyncPasswordsByPamwill work if you use something likekanidm-unixd