summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-07-20 20:35:30 +0200
committermakefu <github@syntax-fehler.de>2016-07-20 20:35:30 +0200
commite03ae6d79d77e654bb586475b52c7e6aa24ac06f (patch)
tree30b65d3e4aa7425180fea6f1cabd0091f0529d41
parentdf7416dc319e6815e32fa5fb32ba00d41481d368 (diff)
m 1 wbob: add missing
-rw-r--r--makefu/1systems/wbob.nix14
-rw-r--r--makefu/2configs/temp/share-samba.nix36
2 files changed, 44 insertions, 6 deletions
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index 45b935af0..e8e0b091f 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -1,5 +1,7 @@
{ config, pkgs, ... }:
-{
+let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
+in {
+
makefu.awesome = {
modkey = "Mod1";
#TODO: integrate kiosk config into full config by templating the autostart
@@ -9,19 +11,19 @@
[ # Include the results of the hardware scan.
../.
../2configs/main-laptop.nix
+ ../2configs/virtualization.nix
+ ../2configs/tinc/retiolum.nix
];
krebs = {
enable = true;
- retiolum.enable = true;
build.host = config.krebs.hosts.wbob;
};
networking.firewall.allowedUDPPorts = [ 1655 ];
- networking.firewall.allowedTCPPorts = [ 1655 ];
+ networking.firewall.allowedTCPPorts = [ 1655 49152 ];
services.tinc.networks.siem = {
name = "display";
extraConfig = ''
ConnectTo = sjump
- Port = 1655
'';
};
@@ -35,12 +37,12 @@
# nuc hardware
- boot.loader.grub.device = "/dev/sda";
+ boot.loader.grub.device = rootdisk;
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
fileSystems."/" = {
- device = "/dev/sda1";
+ device = rootdisk + "-part1";
fsType = "ext4";
};
diff --git a/makefu/2configs/temp/share-samba.nix b/makefu/2configs/temp/share-samba.nix
new file mode 100644
index 000000000..c021e66c6
--- /dev/null
+++ b/makefu/2configs/temp/share-samba.nix
@@ -0,0 +1,36 @@
+{config, ... }:{
+ users.users.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 139 445 # samba
+ ];
+
+ networking.firewall.allowedUDPPorts = [
+ 137 138
+ ];
+ services.samba = {
+ enable = true;
+ shares = {
+ share-home = {
+ path = "/home/share/";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
+}