diff options
-rw-r--r-- | lass/1systems/prism/config.nix | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bc3807545..1ef4637e3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -385,7 +385,44 @@ with import <stockholm/lib>; mountdPort = 4002; statdPort = 4000; }; + + services.samba = { + enable = true; + extraConfig = '' + workgroup = WORKGROUP + netbios name = PRISM + server string = PRISM + hosts allow = 42::/16 + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/export"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + # netbios + { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + # netbios-ns + { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } + # nmbd + { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } |