From 8f6dec66dcc7a9b7e88c8604653a61783d91d632 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 19 Aug 2021 22:49:09 +0200
Subject: mic92: add samba to prism

---
 lass/1systems/prism/config.nix | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index bc380754..1ef4637e 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -385,7 +385,44 @@ with import <stockholm/lib>;
         mountdPort = 4002;
         statdPort = 4000;
       };
+
+      services.samba = {
+        enable = true;
+        extraConfig = ''
+          workgroup = WORKGROUP
+          netbios name = PRISM
+          server string = PRISM
+          hosts allow = 42::/16
+          map to guest = Bad User
+          max log size = 50
+          dns proxy = no
+          security = user
+
+          [global]
+          syslog only = yes
+       '';
+        shares.public = {
+          comment = "Warez";
+          path = "/export";
+          public = "yes";
+          "only guest" = "yes";
+          "create mask" = "0644";
+          "directory mask" = "2777";
+          writable = "no";
+          printable = "no";
+        };
+      };
+
       krebs.iptables.tables.filter.INPUT.rules = [
+         # netbios
+         { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; }
+         # smbd
+         { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
+         # netbios-ns
+         { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; }
+         # nmbd
+         { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; }
+
          { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
          { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
          { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }
-- 
cgit v1.2.3