From 0d84e80619bee56591ac96ca1891169d4cbcd8a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 15 Aug 2021 18:49:23 +0200 Subject: l: add flix.r alias --- lass/1systems/prism/config.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/1systems/prism/config.nix') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 89a386139..bc3807545 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -305,6 +305,12 @@ with import ; localAddress = "10.233.2.14"; }; + services.nginx.virtualHosts."flix.r" = { + locations."/".extraConfig = '' + proxy_pass http://10.233.2.14:80/; + proxy_set_header Accept-Encoding ""; + ''; + }; services.nginx.virtualHosts."lassul.us" = { locations."^~ /flix/".extraConfig = '' if ($scheme != "https") { -- cgit v1.2.3 From 8f6dec66dcc7a9b7e88c8604653a61783d91d632 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 19 Aug 2021 22:49:09 +0200 Subject: mic92: add samba to prism --- lass/1systems/prism/config.nix | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'lass/1systems/prism/config.nix') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index bc3807545..1ef4637e3 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -385,7 +385,44 @@ with import ; mountdPort = 4002; statdPort = 4000; }; + + services.samba = { + enable = true; + extraConfig = '' + workgroup = WORKGROUP + netbios name = PRISM + server string = PRISM + hosts allow = 42::/16 + map to guest = Bad User + max log size = 50 + dns proxy = no + security = user + + [global] + syslog only = yes + ''; + shares.public = { + comment = "Warez"; + path = "/export"; + public = "yes"; + "only guest" = "yes"; + "create mask" = "0644"; + "directory mask" = "2777"; + writable = "no"; + printable = "no"; + }; + }; + krebs.iptables.tables.filter.INPUT.rules = [ + # netbios + { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } + # smbd + { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } + # netbios-ns + { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } + # nmbd + { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } + { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 2049"; target = "ACCEPT"; } -- cgit v1.2.3 From d2026d3f433c409c8a479f31848cc6c51c8d54c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 20:13:36 +0200 Subject: mic92: allow ipv4 on prism/samba --- lass/1systems/prism/config.nix | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'lass/1systems/prism/config.nix') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index 1ef4637e3..cbaf127c8 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -391,8 +391,9 @@ with import ; extraConfig = '' workgroup = WORKGROUP netbios name = PRISM - server string = PRISM - hosts allow = 42::/16 + server string = prism + hosts allow = 42::/16 10.243.0.0/16 + interfaces = tinc.retiolum map to guest = Bad User max log size = 50 dns proxy = no @@ -414,14 +415,8 @@ with import ; }; krebs.iptables.tables.filter.INPUT.rules = [ - # netbios - { predicate = "-i retiolum -p tcp --dport 139"; target = "ACCEPT"; } # smbd { predicate = "-i retiolum -p tcp --dport 445"; target = "ACCEPT"; } - # netbios-ns - { predicate = "-i retiolum -p udp --dport 137"; target = "ACCEPT"; } - # nmbd - { predicate = "-i retiolum -p udp --dport 138"; target = "ACCEPT"; } { predicate = "-i retiolum -p tcp --dport 111"; target = "ACCEPT"; } { predicate = "-i retiolum -p udp --dport 111"; target = "ACCEPT"; } -- cgit v1.2.3 From 9e9d5d26d9e8ebe2b7c6308184c25c9de133714e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 21:21:48 +0200 Subject: mic92: samba perf options --- lass/1systems/prism/config.nix | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) (limited to 'lass/1systems/prism/config.nix') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index cbaf127c8..e3dba69e4 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -388,12 +388,37 @@ with import ; services.samba = { enable = true; + enableNmbd = false; extraConfig = '' workgroup = WORKGROUP netbios name = PRISM - server string = prism + server string = ${config.networking.hostName} + # only allow retiolum addresses hosts allow = 42::/16 10.243.0.0/16 + # Don't bind to the legacy 143 port + smb ports = 445 + # Bind only to allowed interfaces + bind interfaces only = true + # only bind to retiolum network interfaces = tinc.retiolum + + # Use sendfile() for performance gain + use sendfile = true + + # No NetBIOS is needed + disable netbios = true + + # Only mangle non-valid NTFS names, don't care about DOS support + mangled names = illegal + + # Performance optimizations + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 + + # Disable all printing + load printers = false + disable spoolss = true + printcap name = /dev/null + map to guest = Bad User max log size = 50 dns proxy = no @@ -401,7 +426,7 @@ with import ; [global] syslog only = yes - ''; + ''; shares.public = { comment = "Warez"; path = "/export"; -- cgit v1.2.3 From 1c0af4687cc3499b7cb8ce0799a662e1ce00ae22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Thu, 26 Aug 2021 21:38:53 +0200 Subject: mic92: remove breaking samba optoins --- lass/1systems/prism/config.nix | 6 ------ 1 file changed, 6 deletions(-) (limited to 'lass/1systems/prism/config.nix') diff --git a/lass/1systems/prism/config.nix b/lass/1systems/prism/config.nix index e3dba69e4..421afab2a 100644 --- a/lass/1systems/prism/config.nix +++ b/lass/1systems/prism/config.nix @@ -395,12 +395,6 @@ with import ; server string = ${config.networking.hostName} # only allow retiolum addresses hosts allow = 42::/16 10.243.0.0/16 - # Don't bind to the legacy 143 port - smb ports = 445 - # Bind only to allowed interfaces - bind interfaces only = true - # only bind to retiolum network - interfaces = tinc.retiolum # Use sendfile() for performance gain use sendfile = true -- cgit v1.2.3 [cgit] Unable to lock slot /tmp/cgit/72000000.lock: No such file or directory (2)