| 1 Dec 2025 |
 xored | but no force user | 23:28:55 |
 samasaur | and my nixpkgs rev was originally from October 22. I've updated more recently than that but im only like 99% sure it's still working | 23:29:14 |
| samasaur | i know for a fact it was in October | 23:29:24 |
| samasaur | and im still on macOS 15 fwiw | 23:29:33 |
| xored | I've been resetting my Time Machine locations between tries, so its possible that if you had an initial backup it would continue working | 23:30:02 |
| samasaur | In reply to @xoredg:matrix.org
oh boy you have all those fruit options I tried so many times in different combinations lmao i read the whole manual lol | 23:30:28 |
| xored | hmm it's definitely something user related | 23:33:23 |
 Randy Eckenrode | I create users for everything. My setup is still 25.05 though.
https://github.com/reckenrode/nixos-configs/blob/85d19ca2e51254f36f04bfdf8f932c596d18f7c4/modules/by-name/sa/samba/nixos-module.nix
https://github.com/reckenrode/nixos-configs/blob/85d19ca2e51254f36f04bfdf8f932c596d18f7c4/modules/by-name/ti/time-machine/nixos-module.nix
https://github.com/reckenrode/nixos-configs/blob/85d19ca2e51254f36f04bfdf8f932c596d18f7c4/hosts/meteion/samba.nix
| 23:35:26 |
| Randy Eckenrode | I also set up Time Machine via the CLI to use a FQDN, which was hard to do with encryption because it’s pretty much undocumented. | 23:37:46 |
| Randy Eckenrode | Avahi config, but it’s just firewall rules.
https://github.com/reckenrode/nixos-configs/blob/85d19ca2e51254f36f04bfdf8f932c596d18f7c4/modules/by-name/av/avahi/nixos-module.nix
| 23:40:57 |
| xored | did you do anything to your dataset, I had only do acltype=posix and xattr=sa | 23:42:27 |
| xored | which again works on 25.05 | 23:42:35 |
| Randy Eckenrode | I have acltype=posix and xattr=on. | 23:44:39 |
| xored | same | 23:44:53 |
| xored | hmmm | 23:44:56 |
| xored | you don't have map guest | 23:45:03 |
| Randy Eckenrode | I’ve been following the upstream issue regarding NFSv4-style ACLs. Those would map better to Darwin and Windows ACLs. | 23:45:08 |
| xored | let me get rid of that | 23:45:14 |
| * xored as it proceeds to unharden the world | 23:45:27 |
| xored | should I keep "guest account" = "nobody"? | 23:46:28 |
| Randy Eckenrode | I map all my users to actual users. I have a samba-guest user on the server. | 23:46:47 |
| Randy Eckenrode | That’s the guest user. | 23:47:01 |
| Randy Eckenrode | https://github.com/reckenrode/nixos-configs/blob/85d19ca2e51254f36f04bfdf8f932c596d18f7c4/hosts/meteion/samba.nix#L51-L61 | 23:47:23 |
| xored | hmm I'll consider it I don't see how the guest account could change anything given the bloody thing is connecting through my user | 23:48:13 |
| Randy Eckenrode | Guests have read-only access to one of the shares. Time Machine is authenticated. I use sops-nix for the credentials and have an activation script that sets up the Samba password DB. | 23:48:20 |
| xored | yeah that's what I'm saying if tm is authed I don't trust these options have any impact | 23:48:50 |
| Randy Eckenrode | Anything in the logs? | 23:48:59 |
| xored | well samba has been awfully quiet through all of this dance | 23:49:18 |
| xored | with log level 3 that is | 23:49:23 |
| Randy Eckenrode | There’s this, but I don’t think it’s related: https://discourse.nixos.org/t/nixos-25-11-broke-ssh-into-gcp-instance/72687 | 23:49:29 |
