diff --git a/systems/palatine-hill/samba.nix b/systems/palatine-hill/samba.nix
new file mode 100644
index 0000000..339e2ef
--- /dev/null
+++ b/systems/palatine-hill/samba.nix
@@ -0,0 +1,37 @@
+{ ... }:
+{
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    settings = {
+      global = {
+        "workgroup" = "WORKGROUP";
+        "server string" = "palatine-hill";
+        "netbios name" = "palatine-hill";
+        "security" = "user";
+        #"use sendfile" = "yes";
+        #"max protocol" = "smb2";
+        # note: localhost is the ipv6 localhost ::1
+        "hosts allow" = "192.168.76. 127.0.0.1 localhost";
+        "hosts deny" = "0.0.0.0/0";
+        "guest account" = "nobody";
+        "map to guest" = "bad user";
+      };
+      zfs-primary-backups = {
+        path = "/ZFS/ZFS-primary/backups";
+
+        writeable = "yes";
+        browseable = "yes";
+      };
+    };
+  };
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+}