From 88162ff382598e3d8088ea1caad1ae64a873a9f2 Mon Sep 17 00:00:00 2001
From: Maurice <maurice.golverdingen@infosupport.com>
Date: Fri, 3 Oct 2025 15:03:41 +0200
Subject: [PATCH] Bye NFS, hello Samba

---
 services/firewall/rules.nft | 10 +++++-----
 services/nfs/install.sh     | 19 -------------------
 services/samba/install.sh   | 24 ++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 24 deletions(-)
 delete mode 100644 services/nfs/install.sh
 create mode 100644 services/samba/install.sh

diff --git a/services/firewall/rules.nft b/services/firewall/rules.nft
index c555626..ad9d646 100644
--- a/services/firewall/rules.nft
+++ b/services/firewall/rules.nft
@@ -76,11 +76,11 @@ table inet firewall {
     udp dport { 67, 68, 784 } accept
     tcp dport { 853 } accept
 
-    # Allow DNS, NFS from LAN and VPN
-    ip saddr { $lan_net, $vpn_net } udp dport { 53, 2049 } accept
-    ip6 saddr $lan_net6 udp dport { 53, 2049 } accept
-    ip saddr { $lan_net, $vpn_net } tcp dport { 53, 2049 } accept
-    ip6 saddr $lan_net6 tcp dport { 53, 2049 } accept
+    # Allow DNS (53), SMB (445, no netbios ports) from LAN and VPN
+    ip saddr { $lan_net, $vpn_net } udp dport { 53, 445 } accept
+    ip6 saddr $lan_net6 udp dport { 53, 445 } accept
+    ip saddr { $lan_net, $vpn_net } tcp dport { 53, 445 } accept
+    ip6 saddr $lan_net6 tcp dport { 53, 445 } accept
 
     # Allow Minecraft server access from LAN and VPN
     ip saddr { $lan_net, $vpn_net } tcp dport 25565 accept
diff --git a/services/nfs/install.sh b/services/nfs/install.sh
deleted file mode 100644
index a4180be..0000000
--- a/services/nfs/install.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-echo "Installing NFS server..."
-apk add nfs-utils
-
-# Make mount point directory for sharing
-mkdir /mnt/shared
-chmod 777 /mnt/shared
-chown nobody:nobody /mnt/shared
-
-# Mount /mnt/shared for all IPs, read-write, root users NOT allowed
-# nohide: allows nested exports (doesnt hide a folder shared inside another shared folder)
-cat << EOF > /etc/exports
-/mnt/shared *(rw,nohide,sync,no_subtree_check,root_squash)
-EOF
-
-# Enable and start NFS server
-exportfs -afv
-rc-update add nfs
-rc-service nfs start
\ No newline at end of file
diff --git a/services/samba/install.sh b/services/samba/install.sh
new file mode 100644
index 0000000..e99f0c5
--- /dev/null
+++ b/services/samba/install.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+apk add samba
+
+mkdir -p /mnt/shared
+chmod 0777 /mnt/shared
+
+cat << EOF > /etc/samba/smb.conf
+[global]
+    workgroup = GOOFJES
+    server string = Goofjes Samba
+    server role = standalone server
+    
+[shared]
+    path = /mnt/shared
+    follow symlinks = yes
+    wide links = yes
+    browseable = yes
+    writable = yes
+EOF
+
+rc-update add samba
+rc-service samba start
+
+echo "Use smbpasswd -a <username> to add users to SAMBA."
\ No newline at end of file