{
  pkgs,
  flake,
  ...
}:
let
  inherit (flake.config.services)
    instances
    ;
  service = instances.samba;
in
{
  # If you ever need to start fresh, you need to add yourself to the Samba users database:
  # sudo smbpasswd -a username
  services = {
    samba = {
      package = pkgs.samba4Full;
      enable = true;
      openFirewall = true;
      settings = {
        global = {
          "workgroup" = "WORKGROUP";
          "server string" = "NixOS Samba Server";
          "netbios name" = "ceres";
          "security" = "user";
          "hosts allow" = "192.168.0. 127.0.0.1 localhost";
          "hosts deny" = "0.0.0.0/0";
          "guest account" = "nobody";
          "map to guest" = "bad user";
          "create mask" = "0664";
          "directory mask" = "0775";
          "force create mode" = "0664";
          "force directory mode" = "0775";
        };
        ${instances.jellyfin.name} = {
          path = instances.jellyfin.paths.path0;
          writable = "true";
          "valid users" = "%wheel";
          "force group" = "users";
          "create mask" = "0664";
          "directory mask" = "0775";
        };
        ${instances.audiobookshelf.name} = {
          path = instances.audiobookshelf.paths.path0;
          writable = "true";
          "valid users" = "%wheel";
          "force group" = "users";
          "create mask" = "0664";
          "directory mask" = "0775";
        };
        ${instances.comfyui.name} = {
          path = instances.comfyui.paths.path0;
          writable = "true";
          "valid users" = "%wheel";
          "force group" = "users";
          "create mask" = "0664";
          "directory mask" = "0775";
        };
      };
    };
  };

  networking = {
    firewall = {
      allowedTCPPorts = [
        service.ports.port0
      ];
    };
  };
}