From 959e82bcee65439efdd1590e77633ba15be6a98a Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 30 Jul 2025 13:27:03 +0200
Subject: [PATCH] feat(sgx): disable Netatalk and enhance Samba configuration

- Disabled Netatalk service by setting `enable` to `false`.
- Improved macOS compatibility in Samba with specific `fruit` and `vfs` options.
- Added a new Time Machine share configuration for backups.
---
 systems/x86_64-linux/sgx/fileserver.nix | 32 +++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/systems/x86_64-linux/sgx/fileserver.nix b/systems/x86_64-linux/sgx/fileserver.nix
index 0f9f5f8..ca0682d 100644
--- a/systems/x86_64-linux/sgx/fileserver.nix
+++ b/systems/x86_64-linux/sgx/fileserver.nix
@@ -4,7 +4,7 @@
   systemd.services.netatalk.requires = [ "mnt-backup.mount" "mnt-raid.mount" ];
   systemd.services.netatalk.after = [ "mnt-backup.mount" "mnt-raid.mount" ];
   services.netatalk = {
-    enable = true;
+    enable = false;
     settings = {
       Homes = {
         "basedir regex" = "/home";
@@ -40,7 +40,7 @@
     openFirewall = true;
     settings = {
       global = {
-        security = "user";
+        "security" = "user";
         "read raw" = "Yes";
         "write raw" = "Yes";
         "socket options" = "TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072";
@@ -56,7 +56,35 @@
         "hosts deny" = "ALL";
         "guest account" = "nobody";
         "map to guest" = "bad user";
+        # macOS compat options
+        "wide links" = "yes";
+        "unix extensions" = "no";
+        "vfs object" = "acl_xattr catia fruit streams_xattr";
+        "fruit:nfc_aces" = "no";
+        "fruit:aapl" = "yes";
+        "fruit:model" = "MacSamba";
+        "fruit:posix_rename" = "yes";
+        "fruit:metadata" = "stream";
+        "fruit:delete_empty_adfiles" = "yes";
+        "fruit:veto_appledouble" = "no";
+        "spotlight" = "yes";
       };
+      time-machine = {
+        path = "/mnt/backup/tm_share";
+        "browseable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "harald";
+        "force group" = "users";
+        "available" = "yes";
+        "writable" = "yes";
+        "valid users" = "harald";
+        "vfs objects" = "catia fruit streams_xattr";
+        "fruit:time machine" = "yes";
+      };
+
       Qmultimedia = {
         path = "/mnt/raid/Qmultimedia";
         browseable = "yes";