summaryrefslogtreecommitdiffstats
path: root/lass/2configs/prism-share.nix
blob: fb803dd77a40fb7f64cc8cecf30e88e1c1190c2a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
with import <stockholm/lib>;
{ config, pkgs, ... }:

{
  krebs.iptables.tables.filter.INPUT.rules = [
    { predicate = "-p tcp --dport 139"; target = "ACCEPT"; }
    { predicate = "-p tcp --dport 445"; target = "ACCEPT"; }
    { predicate = "-p udp --dport 137"; target = "ACCEPT"; }
    { predicate = "-p udp --dport 138"; target = "ACCEPT"; }
  ];
  users.users.smbguest = {
    name = "smbguest";
    uid = config.ids.uids.smbguest;
    description = "smb guest user";
    home = "/home/share";
    createHome = true;
    group = "share";
  };
  users.groups.share = {};

  services.samba = {
    enable = true;
    enableNmbd = true;
    shares = {
      incoming = {
        path = "/mnt/prism";
        "read only" = "yes";
        browseable = "yes";
        "guest ok" = "yes";
      };
    };
    extraConfig = ''
      guest account = smbguest
      map to guest = bad user
      # disable printing
      load printers = no
      printing = bsd
      printcap name = /dev/null
      disable spoolss = yes
    '';
  };
}