summaryrefslogtreecommitdiffstats
path: root/makefu/1systems/omo.nix
diff options
context:
space:
mode:
Diffstat (limited to 'makefu/1systems/omo.nix')
-rw-r--r--makefu/1systems/omo.nix49
1 files changed, 44 insertions, 5 deletions
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 552af4e4f..9162f2ed4 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -32,9 +32,35 @@ in {
../3modules
];
# services.openssh.allowSFTP = false;
- krebs.build.host = config.krebs.hosts.omo;
krebs.build.source.git.nixpkgs.rev = "d0e3cca04edd5d1b3d61f188b4a5f61f35cdf1ce";
+ # samba share /media/crypt1/share
+ users.extraUsers.smbguest = {
+ name = "smbguest";
+ uid = config.ids.uids.smbguest;
+ description = "smb guest user";
+ home = "/var/empty";
+ };
+ services.samba = {
+ enable = true;
+ shares = {
+ winshare = {
+ path = "/media/crypt1/share";
+ "read only" = "no";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
+ };
+ extraConfig = ''
+ guest account = smbguest
+ map to guest = bad user
+ # disable printing
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
+ '';
+ };
# copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
services.sabnzbd.enable = true;
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
@@ -97,9 +123,22 @@ in {
extraModulePackages = [ ];
};
- networking.firewall.allowedUDPPorts = [ 655 ];
- # 8080: sabnzbd
- networking.firewall.allowedTCPPorts = [ 80 655 8080 ];
+ networking.firewall.allowedUDPPorts = [
+ # tinc
+ 655
+ # samba
+ 137 138
+ ];
+ networking.firewall.allowedTCPPorts = [
+ # nginx
+ 80
+ # tinc
+ 655
+ # samba
+ 445 139
+ # sabnzbd
+ 8080
+ ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
@@ -107,5 +146,5 @@ in {
zramSwap.enable = true;
zramSwap.numDevices = 2;
-
+ krebs.build.host = config.krebs.hosts.omo;
}