From 63902fcb46e2028beb522a5bbae2dd5b26baf754 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Mon, 16 May 2022 13:22:00 -0400
Subject: [PATCH] Require auth for public samba share

---
 common/pc/mount-samba.nix | 6 +++---
 common/server/samba.nix   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/common/pc/mount-samba.nix b/common/pc/mount-samba.nix
index 1fe15b7..7029f31 100644
--- a/common/pc/mount-samba.nix
+++ b/common/pc/mount-samba.nix
@@ -12,7 +12,7 @@ let
   auth_opts = "credentials=/run/agenix/smb-secrets";
   version_opts = "vers=2.1";
 
-  opts = "${network_opts},${user_opts},${version_opts}";
+  opts = "${network_opts},${user_opts},${version_opts},${auth_opts}";
 in {
   options.services.mount-samba = {
     enable = lib.mkEnableOption "enable mounting samba shares";
@@ -22,13 +22,13 @@ in {
     fileSystems."/mnt/public" = {
         device = "//s0.zt.neet.dev/public";
         fsType = "cifs";
-        options = ["guest,${opts}"];
+        options = [ opts ];
     };
 
     fileSystems."/mnt/private" = {
         device = "//s0.zt.neet.dev/googlebot";
         fsType = "cifs";
-        options = ["${auth_opts},${opts}"];
+        options = [ opts ];
     };
 
     age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age;
diff --git a/common/server/samba.nix b/common/server/samba.nix
index a0168f2..b51c0cd 100644
--- a/common/server/samba.nix
+++ b/common/server/samba.nix
@@ -35,7 +35,7 @@
           path = "/data/samba/Public";
           browseable = "yes";
           "read only" = "no";
-          "guest ok" = "yes";
+          "guest ok" = "no";
           "create mask" = "0644";
           "directory mask" = "0755";
           "force user" = "public_data";