From 7d971fc78e35bbc0a84d51b45a5aaa18dfa65a59 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 7 Apr 2019 19:09:37 +0200 Subject: l icarus.r: share prism in local network --- lass/1systems/icarus/config.nix | 2 ++ lass/2configs/prism-share.nix | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) create mode 100644 lass/2configs/prism-share.nix diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix index 868d75083..06b1e7366 100644 --- a/lass/1systems/icarus/config.nix +++ b/lass/1systems/icarus/config.nix @@ -18,6 +18,8 @@ + + ]; krebs.build.host = config.krebs.hosts.icarus; diff --git a/lass/2configs/prism-share.nix b/lass/2configs/prism-share.nix new file mode 100644 index 000000000..70e616ec6 --- /dev/null +++ b/lass/2configs/prism-share.nix @@ -0,0 +1,39 @@ +with import ; +{ config, pkgs, ... }: + +{ + krebs.iptables.tables.filter.INPUT.rules = [ + { predicate = "-p tcp --dport 139"; target = "ACCEPT"; } + { predicate = "-p tcp --dport 445"; target = "ACCEPT"; } + { predicate = "-p udp --dport 137"; target = "ACCEPT"; } + { predicate = "-p udp --dport 138"; target = "ACCEPT"; } + ]; + users.users.smbguest = { + name = "smbguest"; + uid = config.ids.uids.smbguest; + description = "smb guest user"; + home = "/home/share"; + createHome = true; + }; + services.samba = { + enable = true; + enableNmbd = true; + shares = { + incoming = { + path = "/mnt/prism"; + "read only" = "no"; + browseable = "yes"; + "guest ok" = "yes"; + }; + }; + extraConfig = '' + guest account = smbguest + map to guest = bad user + # disable printing + load printers = no + printing = bsd + printcap name = /dev/null + disable spoolss = yes + ''; + }; +} -- cgit v1.2.3