{
  fileSystems."/export/share" = {
    device = "/mnt/2tbhdd";
    fsType = "nfs";
    options = ["bind"];
  };
  services.nfs.server = {
    enable = true;
    # fixed rpc.statd port; for firewall
    lockdPort = 4001;
    mountdPort = 4002;
    statdPort = 4000;
    extraNfsdConfig = '''';
    exports = ''
      /export/share *(rw,sync,no_subtree_check,all_squash,insecure,anonuid=1000,anongid=100)
    '';
  };
  users.users.tulg = {
    createHome = false;
    shell = "/run/current-system/sw/bin/nologin";
  };
  networking.firewall = {
    enable = true;
    # for NFSv3; view with `rpcinfo -p`
    allowedTCPPorts = [111 2049 4000 4001 4002 20048 445];
    allowedUDPPorts = [111 2049 4000 4001 4002 20048];
  };
  services.samba = {
    enable = true;

    shares.share = {
      path = "/mnt/2tbhdd/smb/";
      browseable = "yes";
      writable = "yes";
      "guest ok" = "yes";
      "read only" = "no";
      "force user" = "nobody";
    };
  };
}