summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJörg Thalheim <joerg@thalheim.io>2021-08-19 22:49:09 +0200
committerJörg Thalheim <joerg@thalheim.io>2021-08-19 22:51:42 +0200
commit8f6dec66dcc7a9b7e88c8604653a61783d91d632 (patch)
treef0f8ef6488047c5145f458c0226b643de863c520
parent0d84e80619bee56591ac96ca1891169d4cbcd8a1 (diff)
mic92: add samba to prism
-rw-r--r--lass/1systems/prism/config.nix37
1 files changed, 37 insertions, 0 deletions
diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix
index bc3807545..1ef4637e3 100644
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@@ -385,7 +385,44 @@ with import <stockholm/lib>;
mountdPort = 4002;
statdPort = 4000;
};
+
+ services.samba = {
+ enable = true;
+ extraConfig = ''
+ workgroup = WORKGROUP
+ netbios name = PRISM
+ server string = PRISM
+ hosts allow = 42::/16
+ map to guest = Bad User
+ max log size = 50
+ dns proxy = no
+ security = user
+
+ [global]
+ syslog only = yes
+ '';
+ shares.public = {
+ comment = "Warez";
+ path = "/export";
+ public = "yes";
+ "only guest" = "yes";
+ "create mask" = "0644";
+ "directory mask" = "2777";
+ writable = "no";
+ printable = "no";
+ };
+ };
+
krebs.iptables.tables.filter.INPUT.rules = [
+ # netbios
+ { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; }
+ # smbd
+ { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; }
+ # netbios-ns
+ { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; }
+ # nmbd
+ { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; }
+
{ predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; }