l icarus.r: share prism in local network

2 files changed, 41 insertions, 0 deletions

diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 868d7508..06b1e736 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -18,6 +18,8 @@
     <stockholm/lass/2configs/wine.nix>
     <stockholm/lass/2configs/blue-host.nix>
     <stockholm/lass/2configs/syncthing.nix>
+    <stockholm/lass/2configs/nfs-dl.nix>
+    <stockholm/lass/2configs/prism-share.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix
new file mode 100644
index 00000000..70e616ec
--- /dev/null
+++ b/lass/2configs/prism-share.nix
@@ -0,0 +1,39 @@
+with import <stockholm/lib>;
+{ config, pkgs, ... }:
+
+{
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
+    { predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
+    { predicate = "-p udp --dport 137"; target = "ACCEPT"; }
+    { predicate = "-p udp --dport 138"; target = "ACCEPT"; }
+  ];
+  users.users.smbguest = {
+    name = "smbguest";
+    uid = config.ids.uids.smbguest;
+    description = "smb guest user";
+    home = "/home/share";
+    createHome = true;
+  };
+  services.samba = {
+    enable = true;
+    enableNmbd = true;
+    shares = {
+      incoming = {
+        path = "/mnt/prism";
+        "read only" = "no";
+        browseable = "yes";
+        "guest ok" = "yes";
+      };
+    };
+    extraConfig = ''
+      guest account = smbguest
+      map to guest = bad user
+      # disable printing
+      load printers = no
+      printing = bsd
+      printcap name = /dev/null
+      disable spoolss = yes
+    '';
+  };
+}