diff --git a/modules/nixos/samba.nix b/modules/nixos/samba.nix
index 986dd126..56ed625b 100644
--- a/modules/nixos/samba.nix
+++ b/modules/nixos/samba.nix
@@ -139,6 +139,9 @@ in {
         })
       ];
       settings = mkMerge ([
+        {
+          "use sendfile" = mkOptionDefault true;
+        }
         (mkIf (cfg.passdb.smbpasswd.path != null) {
           "passdb backend" = mkOptionDefault "smbpasswd:${cfg.passdb.smbpasswd.path}";
         })
@@ -163,7 +166,6 @@ in {
         (mkIf cfg.guest.enable {
           "map to guest" = mkOptionDefault "Bad User";
           "guest account" = mkOptionDefault cfg.guest.user;
-          "valid users" = [ cfg.guest.user ];
         })
       ] ++ mapAttrsToList (_: idmap: mapAttrs' (key: value: nameValuePair "idmap config ${idmap.domain} : ${key}" (mkOptionDefault value)) idmap.settings) cfg.idmap.domains);
       extraConfig = mkMerge (mapAttrsToList (key: value: ''${key} = ${settingValue value}'') cfg.settings);
diff --git a/nixos/kyuuto/samba.nix b/nixos/kyuuto/samba.nix
index 33d8628e..281a6266 100644
--- a/nixos/kyuuto/samba.nix
+++ b/nixos/kyuuto/samba.nix
@@ -4,7 +4,7 @@
   lib,
   ...
 }: let
-  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.modules) mkIf mkMerge mkDefault;
   inherit (lib.lists) optionals;
   inherit (config.networking.access) cidrForNetwork;
   inherit (config) kyuuto;
@@ -24,6 +24,10 @@ in {
         writeable = true;
         browseable = true;
         public = true;
+        "valid users" = mkMerge [
+          (mkIf cfg.guest.enable [ cfg.guest.user ])
+          [ "@peeps" ]
+        ];
         #"guest only" = true;
         "hosts allow" = localAddrs;
         "acl group control" = true;
@@ -37,6 +41,10 @@ in {
         writeable = false;
         browseable = true;
         public = true;
+        "valid users" = mkMerge [
+          (mkIf cfg.guest.enable [ cfg.guest.user ])
+          [ "@kyuuto-peeps" ]
+        ];
         "hosts allow" = localAddrs;
       };
       kyuuto-media = {
@@ -51,6 +59,15 @@ in {
         "force directory mode" = "3000";
         "directory mask" = "7775";
       };
+      ${cfg.usershare.templateShare} = mkIf cfg.usershare.enable {
+        writeable = true;
+        browseable = true;
+        public = false;
+        "valid users" = [ "@peeps" ];
+        "create mask" = "0664";
+        "force directory mode" = "5000";
+        "directory mask" = "7775";
+      };
     };
   };
 
diff --git a/nixos/samba.nix b/nixos/samba.nix
index d7bafff2..f8c4a45c 100644
--- a/nixos/samba.nix
+++ b/nixos/samba.nix
@@ -34,11 +34,17 @@ in {
       "winbind scan trusted domains" = false;
       "winbind use default domain" = true;
       "domain master" = false;
-      "valid users" = [ "@peeps" ];
       "remote announce" = mkIf hasIpv4 [
         "10.1.1.255/${cfg.settings.workgroup}"
       ];
     };
+    idmap.domains = mkIf (!cfg.ldap.enable) {
+      nss = {
+        backend = "nss";
+        domain = "*";
+        range.min = 8000;
+      };
+    };
   };
 
   services.samba-wsdd = {