diff --git a/hosts/storage-ng/default.nix b/hosts/storage-ng/default.nix
index ce1eaef2..5cd7af7a 100644
--- a/hosts/storage-ng/default.nix
+++ b/hosts/storage-ng/default.nix
@@ -82,14 +82,34 @@ in
     root = "/mnt/cephfs/c3d2/tftp";
   };
 
-  /* # Open ports in the firewall.
-    networking.firewall.allowedTCPPorts = [
-    23
-    ];
-    networking.firewall.allowedUDPPorts = [
-    69
-    ];
-  */
+  services.samba = {
+    enable = true;
+    enableNmbd = true;
+    extraConfig = ''
+      workgroup = HQ
+      server string = storage
+      netbios name = storage
+      hosts allow = 172.20.0.0/14 127.0.0.0/8 ::1/128 fe80::/64 fd23:42:c3d2:500::/56 2a00:8180:2c00:200::/56
+      hosts deny = 0.0.0.0/0
+      security = user
+      guest account = nobody
+      map to guest = bad user
+      smb encrypt = required
+      ntlm auth = yes
+      passdb backend = smbpasswd
+    '';
+    shares = {
+      c3d2 = {
+        path = "/mnt/cephfs/c3d2";
+        browseable = "yes";
+        writable = "yes";
+        "valid users" = "k-ot";
+        "guest ok" = "no";
+        "create mode" = "0666";
+        "directory mode" = "0777";
+      };
+    };
+  };
 
   networking.firewall.enable = false;