nixdots/modules/servers/per-host/overlord/share.nix

{
  fileSystems."/export/share" = {
    device = "/mnt/2tbhdd";
    fsType = "none";
    options = ["bind"];
  };
  services.nfs.server = {
    enable = true;
    # fixed rpc.statd port; for firewall
    lockdPort = 4001;
    mountdPort = 4002;
    statdPort = 4000;
    extraNfsdConfig = '''';
    exports = ''
      /export/share *(rw,sync,no_subtree_check)
    '';
  };
  networking.firewall = {
    enable = true;
    # for NFSv3; view with `rpcinfo -p`
    allowedTCPPorts = [111 2049 4000 4001 4002 20048 445];
    allowedUDPPorts = [111 2049 4000 4001 4002 20048];
  };
  services.samba = {
    enable = true;

    settings.share = {
      path = "/mnt/2tbhdd/nfs";
      browseable = "yes";
      writable = "yes";
      "guest ok" = "yes";
      "read only" = "no";
    };
  };
}