From 5fa9c0c87b8032e46f3894f33f6eccf1c43bb2fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Wed, 13 Jul 2022 23:58:39 +0200
Subject: [PATCH] feat: create dedicated samba user

Also set samba share permissions to 0775 to allow users with `media`
group to create files.
---
 services/samba/home-pc.nix     |  3 +++
 services/samba/home-server.nix | 12 +++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/services/samba/home-pc.nix b/services/samba/home-pc.nix
index 56a1448..b7224e5 100644
--- a/services/samba/home-pc.nix
+++ b/services/samba/home-pc.nix
@@ -15,7 +15,10 @@
       "x-systemd.mount-timeout=5s"
 
       "uid=1000"
+      "gid=100"
       "credentials=${config.age.secrets.samba.path}"
+
+      "nobrl"
     ];
   };
 }
diff --git a/services/samba/home-server.nix b/services/samba/home-server.nix
index 14a38d7..65c6a49 100644
--- a/services/samba/home-server.nix
+++ b/services/samba/home-server.nix
@@ -4,6 +4,11 @@
   # Use `smbpasswd -a <user>` to set passwords
   # age.secrets.samba.file = ../../secrets/samba.age;
 
+  users.users.samba = {
+    isSystemUser = true;
+    group = "media";
+  };
+
   services.samba = {
     enable = true;
     openFirewall = true;
@@ -19,9 +24,10 @@
         public = "no";
         browseable = "yes";
         writeable = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "felschr";
+        "valid users" = "felschr";
+        "create mask" = "0664";
+        "directory mask" = "0775";
+        "force user" = "samba";
         "force group" = "media";
       };
     };