{ config, pkgs, ... }:


{
services.samba = {
  enable = true;
#  securityType = "user";
  openFirewall = true;
  settings = {
    global = {
      "workgroup" = "WORKGROUP";
      "server role" = "standalone server";
      "server string" = "wlin003";
      "netbios name" = "wlin003";
      "global.security" = "user";
      "min protocol" = "smb3_11";
      "max protocol" = "smb3_11";
      "wide links" = "no";
      "follow symlinks" = "no";

      #### Networking ####
      "bind interfaces only" = "yes";
      "interfaces" = "lo eth0";      
      # note: localhost is the ipv6 localhost ::1
      "hosts allow" = "192.168.10.0/24 127.0.0.1 localhost";
      "hosts deny" = "0.0.0.0/0";

      ### Browsing election options ###
      "wins support" = "no";
      "name resolve order" = "host bcast lmhosts";
      "multicast dns register" = "yes";
      "dns proxy" = "yes";
      
      ####### Authentication #######
      "guest account" = "zulumann";
      "map to guest" = "bad user";

      ### Tuning ###
      "socket options" = "TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_RCVBUF=131072 SO_SNDBUF=131072";
      "use sendfile" = "yes";
      "getwd cache" = "yes";
      "stat cache" = "yes";
      "min receivefile size" = "16384";
      "write raw"  = "yes";
      "read raw"  = "yes";
      "max xmit"  = "32768";
      "deadtime"  = "15";
      "keepalive"  = "150";
      "sync always" = "no";
      "large readwrite" = "yes";
      "strict sync" = "no";
      "strict allocate" = "yes";
      "strict locking" = "auto";
      "server multi channel support" = "yes";
      "aio write size" = "1";
      "aio read size" = "1";
      "idmap cache time" = "604";

      #### Debugging  ####
      "log level" = "1";
      "log file" = "/var/log/samba/log.%m";
      "max log size" = "1000";
      "logging" = "file";
      "panic action" = "/usr/share/samba/panic-action %d";
      };


     "Share" = {
       "path"  = "/home/zulumann/Share-SMB";
       "browseable"  = "yes";
       "read only" = "no";
       "guest ok" = "yes";
       "public" = "yes";
       "writable" = "yes";
       "create mask" = "0644";
       "directory mask" = "0755";
     };

    "Private" = {
      "path" = "/home/zulumann/Share-Priv";
      "browseable" = "yes";
      "read only" = "no";
      "guest ok" = "no";
      "create mask" = "0644";
      "directory mask" = "0755";
      #"force user" = "zulumann";
      #"force group" = "zulumann";
    };

  };
};

  services.samba-wsdd = {
    enable = true;
    openFirewall = true;
  };

  services.avahi.extraServiceFiles = {
    smb = ''
      <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
      <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
      <service-group>
        <name replace-wildcards="yes">%h - SMB/CIFS</name>
        <service>
          <type>_smb._tcp</type>
          <port>445</port>
        </service>
      </service-group>
      '';
  };

}

# User Authentication
# For a user called my_userto be authenticated on the samba server, you must add their password using
# sudo smbpasswd -a my_user