[global] workgroup = KUNBOX server string = ${node.name} samba dns proxy = no max log size = 1000 syslog = 1 syslog only = 1 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes map to guest = bad user load printers = no usershare allow guests = yes allow insecure wide links = yes min protocol = SMB2 % if timemachine: vfs objects = fruit fruit:aapl = yes fruit:copyfile = yes fruit:model = MacSamba % endif % for name, opts in sorted(node.metadata.get('samba/shares', {}).items()): [${name}] browseable = yes comment = ${opts.get('comment', f'share of {opts["path"]}')} fake oplocks = yes force group = ${opts.get('force_group', 'nogroup')} force user = ${opts.get('force_user', 'nobody')} % if opts.get('guest_ok', True): guest ok = yes % else: guest ok = no % endif locking = no path = ${opts['path']} printable = no read only = no vfs objects = catia fruit writable = ${'yes' if opts.get('writable', False) else 'no'} % if opts.get('follow_symlinks', True): follow symlinks = yes wide links = yes % endif % endfor % for name in sorted(timemachine): [timemachine-${name}] comment = Time Machine backup for ${name} available = yes browseable = yes guest ok = no read only = false valid users = timemachine-${name} path = /srv/timemachine/${name} durable handles = yes vfs objects = catia fruit streams_xattr fruit:delete_empty_adfiles = yes fruit:metadata = stream fruit:posix_rename = yes fruit:time machine = yes fruit:time machine max size = 2000G fruit:veto_appledouble = no fruit:wipe_intentionally_left_blank_rfork = yes % endfor