nas0: add samba

2024-03-31 01:20:49 -04:00 · 2024-03-31 01:20:49 -04:00 · e8c74efd70
commit e8c74efd70
parent af3c14f4af
1 changed files with 41 additions and 1 deletions
--- a/nixos/hosts/nas0/default.nix
+++ b/nixos/hosts/nas0/default.nix
@ -10,5 +10,45 @@
  system.stateVersion = "24.05";
  nixpkgs.hostPlatform = "x86_64-linux";

+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+  networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';

+  users.groups.data = {};
+  users.users.data = {
+    isNormalUser = true;
+    groups = "data";
+  };
+
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    openFirewall = true;
+    extraConfig = ''
+      workgroup = WORKGROUP
+      security = user
+      server string = nas0
+      netbios name = nas0
+      hosts allow = 10.0.0.0/8 100.64.0.0/10 127.0.0.1 localhost
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares."main" = {
+      path = "/mnt/storage/main";
+      browseable = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = "data";
+      "force group" = "data";
+    };
+  };
+
+  # Advertise to local Windows hosts
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
 }