| 1 Dec 2025 |
 Randy Eckenrode | I have acltype=posix and xattr=on. | 23:44:39 |
 xored | same | 23:44:53 |
| xored | hmmm | 23:44:56 |
| xored | you don't have map guest | 23:45:03 |
| Randy Eckenrode | I’ve been following the upstream issue regarding NFSv4-style ACLs. Those would map better to Darwin and Windows ACLs. | 23:45:08 |
| xored | let me get rid of that | 23:45:14 |
| * xored as it proceeds to unharden the world | 23:45:27 |
| xored | should I keep "guest account" = "nobody"? | 23:46:28 |
| Randy Eckenrode | I map all my users to actual users. I have a samba-guest user on the server. | 23:46:47 |
| Randy Eckenrode | That’s the guest user. | 23:47:01 |
| Randy Eckenrode | https://github.com/reckenrode/nixos-configs/blob/85d19ca2e51254f36f04bfdf8f932c596d18f7c4/hosts/meteion/samba.nix#L51-L61 | 23:47:23 |
| xored | hmm I'll consider it I don't see how the guest account could change anything given the bloody thing is connecting through my user | 23:48:13 |
| Randy Eckenrode | Guests have read-only access to one of the shares. Time Machine is authenticated. I use sops-nix for the credentials and have an activation script that sets up the Samba password DB. | 23:48:20 |
| xored | yeah that's what I'm saying if tm is authed I don't trust these options have any impact | 23:48:50 |
| Randy Eckenrode | Anything in the logs? | 23:48:59 |
| xored | well samba has been awfully quiet through all of this dance | 23:49:18 |
| xored | with log level 3 that is | 23:49:23 |
| Randy Eckenrode | There’s this, but I don’t think it’s related: https://discourse.nixos.org/t/nixos-25-11-broke-ssh-into-gcp-instance/72687 | 23:49:29 |
| xored | Time Machine logs are the ones that have shed any sort of light | 23:49:32 |
| Randy Eckenrode | Did 25.11 change any of your interface names? I saw you had a link-local address where it was listening. | 23:50:45 |
| xored | nope I can still see thunderbolt0 | 23:51:24 |
| xored | I had a systemd network link file for it so it will always be that | 23:52:21 |
| xored | im losing it ```nix
global = {
interfaces = "lo ${config.xored.ipv6.prefix}:28::${config.xored.hosts.nas.networking.interfaceId}/64 fe80::105f:89ff:fe1f:bc3%thunderbolt0/64";
"bind interfaces only" = "yes";
"disable netbios" = "yes";
"workgroup" = "HOMELAB";
"server string" = "fs";
"netbios name" = "fs";
"vfs objects" = "catia fruit streams_xattr";
"fruit:appl" = true;
"fruit:nfs_aces" = false;
"fruit:copyfile" = false;
};
"tm_share" = {
"path" = "/tank/backups/tm_share";
"valid users" = "xored";
"writeable" = true;
"fruit:time machine" = true;
"fruit:metadata" = "netatalk";
"fruit:resource" = "xattr";
"fruit:encoding" = "native";
};
| 23:55:18 |
| xored | arggg. formatting | 23:55:23 |
| xored | * im losing it global = { interfaces = "lo ${config.xored.ipv6.prefix}:28::${config.xored.hosts.nas.networking.interfaceId}/64 fe80::105f:89ff:fe1f:bc3%thunderbolt0/64"; "bind interfaces only" = "yes"; "disable netbios" = "yes"; "workgroup" = "HOMELAB"; "server string" = "fs"; "netbios name" = "fs"; "vfs objects" = "catia fruit streams\_xattr"; "fruit:appl" = true; "fruit:nfs\_aces" = false; "fruit:copyfile" = false; }; "tm\_share" = { "path" = "/tank/backups/tm\_share"; "valid users" = "xored"; "writeable" = true; "fruit:time machine" = true; "fruit:metadata" = "netatalk"; "fruit:resource" = "xattr"; "fruit:encoding" = "native"; }; | 23:55:41 |
| xored | * im losing it
global = {
interfaces = "lo ${config.xored.ipv6.prefix}:28::${config.xored.hosts.nas.networking.interfaceId}/64 fe80::105f:89ff:fe1f:bc3%thunderbolt0/64";
"bind interfaces only" = "yes";
"disable netbios" = "yes";
"workgroup" = "HOMELAB";
"server string" = "fs";
"netbios name" = "fs";
"vfs objects" = "catia fruit streams_xattr";
"fruit:appl" = true;
"fruit:nfs_aces" = false;
"fruit:copyfile" = false;
};
"tm_share" = {
"path" = "/tank/backups/tm_share";
"valid users" = "xored";
"writeable" = true;
"fruit:time machine" = true;
"fruit:metadata" = "netatalk";
"fruit:resource" = "xattr";
"fruit:encoding" = "native";
};
| 23:56:29 |
| xored | I have basically your config now | 23:56:51 |
| xored | and it doesn't work | 23:56:56 |
| xored | would you remember which perms do you have on the filesystem | 23:59:53 |
| 2 Dec 2025 |
| xored | even though its clearly writing .incomplete dirs over there | 00:00:15 |
