diff options
| -rw-r--r-- | config/router.nix | 4 | ||||
| -rw-r--r-- | machines/dragon.nix | 20 | ||||
| -rw-r--r-- | modules/auto-update.nix | 1 | ||||
| -rw-r--r-- | modules/yubikey.nix | 12 |
4 files changed, 25 insertions, 12 deletions
diff --git a/config/router.nix b/config/router.nix index 75af4a8..7426235 100644 --- a/config/router.nix +++ b/config/router.nix @@ -125,6 +125,10 @@ in { # proto udp dport (5353 1900) ACCEPT; # proto tcp dport (8008 8009) ACCEPT; + # Samba + proto tcp dport (139 445) ACCEPT; + proto udp dport (137 138) ACCEPT; + # interface $DEV_LAN jump logdrop; } } diff --git a/machines/dragon.nix b/machines/dragon.nix index d7dc80e..740d308 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -28,6 +28,26 @@ in { orbekk.hledger-web.journalFile = "/var/lib/hledger-web/hledger/anniekj.journal"; + services.samba = { + enable = true; + extraConfig = '' + guest account = nobody + map to guest = bad user + ''; + shares = { + public = { + path = "/storage/upload"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "readonly"; + "force group" = "readonly"; + }; + }; + }; + # virtualisation.lxd.enable = true; boot = { diff --git a/modules/auto-update.nix b/modules/auto-update.nix index 996ff81..9260f4a 100644 --- a/modules/auto-update.nix +++ b/modules/auto-update.nix @@ -3,6 +3,7 @@ system.autoUpgrade = { enable = true; dates = "04:40"; + flags = "--tarball-ttl 5" flake = if config.networking.hostName == "dragon" then "git+file:///storage/projects/nixos-config.git" diff --git a/modules/yubikey.nix b/modules/yubikey.nix index 1e6aa22..b171408 100644 --- a/modules/yubikey.nix +++ b/modules/yubikey.nix @@ -44,17 +44,5 @@ in commands = [ { command = "${pkgs.systemd}/bin/systemctl restart pcscd"; options = [ "NOPASSWD" ]; } ]; } ]; - - systemd.user.services.restart-pcscd = { - description = "Restart pcscd on startup"; - wantedBy = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - serviceConfig = { - ExecStart = '' - sudo systemctl restart pcscd - ''; - Type = "oneshot"; - }; - }; }; } |