diff options
author | Jörg Thalheim <joerg@thalheim.io> | 2021-08-19 22:49:09 +0200 |
---|---|---|
committer | Jörg Thalheim <joerg@thalheim.io> | 2021-08-19 22:51:42 +0200 |
commit | 8f6dec66dcc7a9b7e88c8604653a61783d91d632 (patch) | |
tree | f0f8ef6488047c5145f458c0226b643de863c520 /lass/1systems | |
parent | 0d84e80619bee56591ac96ca1891169d4cbcd8a1 (diff) |
mic92: add samba to prism
Diffstat (limited to 'lass/1systems')
-rw-r--r-- | lass/1systems/prism/config.nix | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bc3807545..1ef4637e3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -385,7 +385,44 @@ with import <stockholm/lib>; mountdPort = 4002; statdPort = 4000; }; + + services.samba = { + enable = true; + extraConfig = '' + workgroup = WORKGROUP + netbios name = PRISM + server string = PRISM + hosts allow = 42::/16 + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/export"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + # netbios + { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + # netbios-ns + { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } + # nmbd + { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } |