with import <stockholm/lib>; { config, pkgs, ... }: { krebs.iptables.tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 139"; target = "ACCEPT"; } { predicate = "-p tcp --dport 445"; target = "ACCEPT"; } { predicate = "-p udp --dport 137"; target = "ACCEPT"; } { predicate = "-p udp --dport 138"; target = "ACCEPT"; } ]; users.users.smbguest = { name = "smbguest"; uid = config.ids.uids.smbguest; description = "smb guest user"; home = "/home/share"; createHome = true; }; services.samba = { enable = true; enableNmbd = true; shares = { incoming = { path = "/mnt/prism"; "read only" = "yes"; browseable = "yes"; "guest ok" = "yes"; }; }; extraConfig = '' guest account = smbguest map to guest = bad user # disable printing load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes ''; }; }