{ config, pkgs, lib, ... }: with lib; let cfg = config.services.netatalk; extmapFile = pkgs.writeText "extmap.conf" cfg.extmap; afpToString = x: if builtins.typeOf x == "bool" then boolToString x else toString x; volumeConfig = name: let vol = getAttr name cfg.volumes; in "[${name}]\n " + (toString ( map (key: "${key} = ${afpToString (getAttr key vol)}\n") (attrNames vol) )); afpConf = ''[Global] extmap file = ${extmapFile} afp port = ${toString cfg.port} ${cfg.extraConfig} ${if cfg.homes.enable then ''[Homes] ${optionalString (cfg.homes.path != "") "path = ${cfg.homes.path}"} basedir regex = ${cfg.homes.basedirRegex} ${cfg.homes.extraConfig} '' else ""} ${toString (map volumeConfig (attrNames cfg.volumes))} ''; afpConfFile = pkgs.writeText "afp.conf" afpConf; in { options = { services.netatalk = { enable = mkEnableOption "the Netatalk AFP fileserver"; port = mkOption { type = types.port; default = 548; description = "TCP port to be used for AFP."; }; extraConfig = mkOption { type = types.lines; default = ""; example = "uam list = uams_guest.so"; description = '' Lines of configuration to add to the <literal>[Global]</literal> section. See <literal>man apf.conf</literal> for more information. ''; }; homes = { enable = mkOption { type = types.bool; default = false; description = "Enable sharing of the UNIX server user home directories."; }; path = mkOption { type = types.str; default = ""; example = "afp-data"; description = "Share not the whole user home but this subdirectory path."; }; basedirRegex = mkOption { example = "/home"; type = types.str; description = "Regex which matches the parent directory of the user homes."; }; extraConfig = mkOption { type = types.lines; default = ""; description = '' Lines of configuration to add to the <literal>[Homes]</literal> section. See <literal>man apf.conf</literal> for more information. ''; }; }; volumes = mkOption { default = { }; type = types.attrsOf (types.attrsOf types.unspecified); description = '' Set of AFP volumes to export. See <literal>man apf.conf</literal> for more information. ''; example = literalExample '' { srv = { path = "/srv"; "read only" = true; "hosts allow" = "10.1.0.0/16 10.2.1.100 2001:0db8:1234::/48"; }; } ''; }; extmap = mkOption { type = types.lines; default = ""; description = '' File name extension mappings. See <literal>man extmap.conf</literal> for more information. ''; }; }; }; config = mkIf cfg.enable { systemd.services.netatalk = { description = "Netatalk AFP fileserver for Macintosh clients"; unitConfig.Documentation = "man:afp.conf(5) man:netatalk(8) man:afpd(8) man:cnid_metad(8) man:cnid_dbd(8)"; after = [ "network.target" "avahi-daemon.service" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.netatalk ]; serviceConfig = { Type = "forking"; GuessMainPID = "no"; PIDFile = "/run/lock/netatalk"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -m 0755 -p /var/lib/netatalk/CNID"; ExecStart = "${pkgs.netatalk}/sbin/netatalk -F ${afpConfFile}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecStop = "${pkgs.coreutils}/bin/kill -TERM $MAINPID"; Restart = "always"; RestartSec = 1; }; }; security.pam.services.netatalk.unixAuth = true; }; }