{
  services.samba = {
    enable = true;
    openFirewall = true;
    settings = {
      global = {
        "invalid users" = [
          "root"
        ];
        "passwd program" = "/run/wrappers/bin/passwd %u";
        "security" = "user";

        "workgroup" = "WORKGROUP";
        "server string" = "franz";
        "netbios name" = "franz";
        # note: localhost is the ipv6 localhost ::1
        "hosts allow" = "192.168.178. 127.0.0.1 localhost";
        "hosts deny" = "0.0.0.0/0";
        "guest account" = "nobody";
        "map to guest" = "bad user";

        # debugging
        # log file = /var/log/samba/log.%m
        # max log size = 1000
        # logging = file
      };

      # Run sudo smbpasswd -a <username> to set the smb password for an EXISTING linux user
      software = {
        path = "/storage/dataset/data/torrents/misc";
        browseable = "yes";
        "read only" = "yes";
        "guest ok" = "yes";
        "create mask" = "0644";
        "directory mask" = "0755";
        "force user" = "ghoscht";
        "force group" = "users";
      };
    };
  };

  services.samba-wsdd = {
    enable = true;
    openFirewall = true;
  };

  networking.firewall.allowPing = true;
}