Bye NFS, hello Samba

services/firewall/rules.nft

@@ -76,11 +76,11 @@ table inet firewall {
     udp dport { 67, 68, 784 } accept
     tcp dport { 853 } accept
 
-    # Allow DNS, NFS from LAN and VPN
-    ip saddr { $lan_net, $vpn_net } udp dport { 53, 2049 } accept
-    ip6 saddr $lan_net6 udp dport { 53, 2049 } accept
-    ip saddr { $lan_net, $vpn_net } tcp dport { 53, 2049 } accept
-    ip6 saddr $lan_net6 tcp dport { 53, 2049 } accept
+    # Allow DNS (53), SMB (445, no netbios ports) from LAN and VPN
+    ip saddr { $lan_net, $vpn_net } udp dport { 53, 445 } accept
+    ip6 saddr $lan_net6 udp dport { 53, 445 } accept
+    ip saddr { $lan_net, $vpn_net } tcp dport { 53, 445 } accept
+    ip6 saddr $lan_net6 tcp dport { 53, 445 } accept
 
     # Allow Minecraft server access from LAN and VPN
     ip saddr { $lan_net, $vpn_net } tcp dport 25565 accept

services/nfs/install.sh

@@ -1,19 +0,0 @@
-#!/bin/sh
-echo "Installing NFS server..."
-apk add nfs-utils
-
-# Make mount point directory for sharing
-mkdir /mnt/shared
-chmod 777 /mnt/shared
-chown nobody:nobody /mnt/shared
-
-# Mount /mnt/shared for all IPs, read-write, root users NOT allowed
-# nohide: allows nested exports (doesnt hide a folder shared inside another shared folder)
-cat << EOF > /etc/exports
-/mnt/shared *(rw,nohide,sync,no_subtree_check,root_squash)
-EOF
-
-# Enable and start NFS server
-exportfs -afv
-rc-update add nfs
-rc-service nfs start

services/samba/install.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+apk add samba
+
+mkdir -p /mnt/shared
+chmod 0777 /mnt/shared
+
+cat << EOF > /etc/samba/smb.conf
+[global]
+    workgroup = GOOFJES
+    server string = Goofjes Samba
+    server role = standalone server
+    
+[shared]
+    path = /mnt/shared
+    follow symlinks = yes
+    wide links = yes
+    browseable = yes
+    writable = yes
+EOF
+
+rc-update add samba
+rc-service samba start
+
+echo "Use smbpasswd -a <username> to add users to SAMBA."